With the ever-growing surveilling presence of advertisement giants like Google and Facebook on your personal devices (including smartphones), it is time you do something about it.
One of the most effective ways to do that is by installing a privacy/security-focused Android ROM.
You might be wondering why should you install a different Android-based OS on your phone than what is already included. Let me give you a few reasons:
- Your phone manufacturer partners with entities like Facebook to pre-install the apps on your phone, and simply uninstalling these apps may not get rid of them (they tend to get reinstalled when there is a new OS update).
- Usually, Android device manufacturers provide three-four years of updates. Most of which is limited to irregular security patches, and a few Android upgrades. With a custom ROM, you can extend the longevity of your devices by receiving updates for more than that.
- Since these off the shelf Android ROMs don’t bundle anything apart from what is necessary, your phone can feel more responsive due to the less bloat.
- Less pre-installed software also means fewer services run in background, resulting in a potential performance uplift and increased battery life.
- A lot of customization options.
- Easy to rollback updates (because previous versions are available on the website of ROM).
With the important information out of the way, we suggest you always try it on a spare device if you want to experiment.
In addition to that, there are a few more pointers that you should keep in mind:
- Installing a custom Android ROM may enhance the security out-of-the-box. But, you will have to make sure that you take necessary measures yourself.
- All the hardware features that work on your phone may not work on custom ROMs.
- Unlocking the bootloader is a necessary step, and doing so can pose security issues.
This list specifically focuses only on Android custom ROMs. We have a separate list of open source mobile operating systems that include options such as Ubuntu Touch and PureOS.
Note: The list is in no particular order of ranking. You should choose to explore more about the options mentioned and decide what’s best for you.
LineageOS is arguably one of the most popular Android ROM, which is a fork of the very popular [but dead since 2016] CyanogenMod. Due to the popularity of LineageOS, you may find more devices supporting the OS.
In other words, you can expect support for newer devices sooner, along with a wide range of old devices, when compared to other custom Android ROMs.
LineageOS even supports Nvidia Shield TV and Jetson Nano (one of the best single board computers for AI and Deep Learning projects), in case you have one.
- Excellent first party and third-party documentation
- Timely updates for supported devices
- LineageOS follows the AOSP tree very closely (for people who want the most stock Android experience)
- Less “preinstalled bloatware” compared to your stock factory firmware
- The LineageOS project is a community effort, so not all hardware features of your phone may work right out of the box
- Does not offer a lot of security/privacy features out of the box
CalyOS is rather an interesting custom ROM based on the Android Open Source Project (AOSP). Instead of not shipping the Google Mobile Services (GMS) and leaving users to figure stuff out by themselves (flashing gapps etc), CalyxOS ships with microG. However, you can choose to enable/disable it, thus, giving you total control.
CalyxOS is backed by the Calyx Institute, which is a non-profit organization to promotes individual rights like free speech, privacy rights, etc.
It comes baked in with some privacy-focused applications like Signal, Tor Browser, and more. Even though the support for CalyxOS is limited to Pixel phones, for the most part, it provides plenty of out-of-the-box privacy features for a user to get a head start with a degoogled android phone.
- Uses microG
- Ships with F-Droid and the Aurora Store
- Datura Firewall allows you to block internet access per app
- Uses Mozilla Location Services instead of Google’s Location Services
- Monthly over-the-air security updates
- Has verified boot for increased security
- Security-focused apps and features out of the box
- Only available on Pixel phones (but there is a good reason behind this)
GrapheneOS is yet another custom ROM focusing on security and privacy. Although, one may argue that their efforts have been more towards increasing security, and doing so also benefits your privacy.
If you want to install a custom ROM that comes with exceptional security tweaks out of the box, GrapheneOS should be a good pick.
Unlike some other custom ROMs, they do not include the ability to enable/disable microG, which happens to provide better support for apps that depend on Google Play Services. However, GrapheneOS can sandbox Google’s Play Services, which should let you make some features work. But, as of now, it’s still something experimental.
- Provides stronger and hardened app sandboxing than AOSP
- Uses its own hardened malloc (memory allocator with hardened security)
- The Linux kernel is hardened for better security
- Provides on time security updates
- Ships with Full-Disk Encryption (critical for a mobile device)
- Doesn’t include any Google apps or Google services
- Limited hardware support; Only available for Google Pixels as of now
- Security-focused tweaks may not translate to a noob-friendly user experience
You may think that /e/OS is yet another Android Operating System. You would be partially right. Don’t dismiss this Android ROM just yet. It packs so much more than any off the shelf Android based Operating System.
Like any privacy-respecting Android ROM, /e/OS replaces every single Google-related module or app with a FOSS alternative.
While it is a de-googled operating system, it offers all the usable replacements baked right in. So, it can be a suitable candidate for new users who are looking for an easy replacement.
Side note: The eFoundation also sells phones with /e/OS pre-installed. Check it out here.
- The App store on /e/OS rates apps based on how many permissions they need and privacy-friendliness
- Provides an ecloud account (with a @e.email; 1GB in free tier) as a synchronization account
- Ships with microG framework
- Google DNS servers (184.108.40.206 and 220.127.116.11) are replaced with Quad9 DNS servers
- DuckDuckGo is the default search engine, replacing Google
- Uses location services provided by Mozilla
- Limited devices support with Easy Installer
- Roll-out of new features from Android takes a while
CopperheadOS is another interesting Android ROM. It was developed by a team of just two people.
Unlike other options, CopperheadOS is not an open-source project, and you probably cannot get your hands on it.
It is geared towards enterprise deployment. So, if you are someone who wants to purchase Android devices for your employees with security tuned in, this can be worth consideration.
- Good documentation, compared to any other Android ROM documentation
- CopperheadOS has had many of the security oriented features before AOSP itself
- Uses Cloudfare DNS (18.104.22.168 and 22.214.171.124) instead of Google’s DNS (126.96.36.199 and 188.8.131.52)
- Includes a internet firewall for per-app permission
- Uses Open Source apps instead of obsolete AOSP apps (Calendar, SMS, Gallery etc)
- Includes F-Droid and the Aurora App Store
- Questionable claims about the security of CopperheadOS after the main dev went different ways
- Only available with phones pre-loaded with CopperheadOS
- No indication of SafetyNet working on CopperheadOS
Honourable mention: LineageOS for microG
The LineageOS for microG project is a fork of the official LineageOS with microG and Google Apps (GApps) included by default. This project takes care of making sure that microG works flawlessly on your phone (which can be a complicated process for a beginner).
- Enabling signature spoofing to enable microG support can be an attack vector from a security POV
- Even though this ROM is based on LineageOS, as of writing this, not all of the LineageOS devices are supported
- Includes Google Apps (GApps) instead of providing Open Source alternatives
- No confirmation if Google’s SafetyNet is working or not
You may be wondering why some of the interesting Android based ROMs (CalyxOS, GrapheneOS etc) are only restricted to supporting Google’s Phones. Isn’t that ironic?
Well, that is because most phones support unlocking a bootloader, but only Google Pixels support locking the bootloader again. This is a consideration when you are developing an Android based ROM for privacy and/or security-focused crowd. If the bootloader is unlocked, it is an attack vector that you haven’t patched yet.
Another reason for this irony is that, only Google makes their phones’ Device Tree and Kernel Source Code available for the public in a timely manner. You cannot develop a ROM for said phone without its Device Tree and Kernel Source Code.
I would also recommend the following FOSS apps regardless of your ROM choice. They will prove to be a nice addition to your privacy friendly app toolkit.
In my opinion, if you have a Google Pixel phone, I recommend giving a try to either CalyxOS or GrapheneOS or CopperheadOS. These Android ROMs have excellent features to help you keep your phone out of Google’s spying eyes while also keeping your phone [arguably] more secure.
If you do not have a Google Pixel, you can still give LineageOS for microG a try. It is a good community effort to bring Google’s proprietary features without invading your privacy, to the masses.
If your phone isn’t supported by either of the operating systems mentioned above, LineageOS is your friend. Due to the wide range of support for phones, yours will undoubtedly supported at any capacity, be it officially or unofficially.