With the ever-growing surveilling presence of advertisement giants like Google and Facebook on your personal devices (including smartphones), it is time you do something about it.
One of the most effective ways to do that is by installing a privacy/security-focused Android ROM.
You might wonder why you should install a different Android-based OS on your phone than what is already included. Let me give you a few reasons:
- Your phone manufacturer partners with entities like Facebook to pre-install the apps on your phone, and simply uninstalling these apps may not get rid of them (they tend to get reinstalled when there is a new OS update).
- Usually, Android device manufacturers provide three-four years of updates (with flagship devices). If it is not a flagship phone, you get limited updates. With a custom ROM, you can extend the longevity of your devices by receiving more updates.
- Since these off-the-shelf Android ROMs don’t bundle anything apart from what is necessary, your phone can feel more responsive due to less bloat.
- Less pre-installed software means fewer services run in the background, resulting in a potential performance uplift and increased battery life.
- A lot of customization options.
- Easy to roll back updates (because previous versions are available on the website of ROM).
With the critical information out of the way, we suggest you always try it on a spare device if you want to experiment.
In addition to that, there are a few more pointers that you should keep in mind:
- Installing a custom Android ROM may enhance security out of the box. But, you will have to ensure you take the necessary measures yourself.
- All the hardware features on your phone may not work on custom ROMs.
- Some apps may not work well with custom ROMs.
- Unlocking the bootloader is a necessary step, and doing so can pose security issues.
This list focuses explicitly only on Android custom ROMs. We have a separate list of open source mobile operating systems that include options such as Ubuntu Touch and PureOS.
LineageOS is arguably one of the most popular Android ROM, a fork of the very popular [but dead since 2016] CyanogenMod. Due to the popularity of LineageOS, you may find more devices supporting the OS.
In other words, you can expect support for newer devices sooner, along with a wide range of old devices, when compared to other custom Android ROMs.
LineageOS even supports Nvidia Shield TV and Jetson Nano (one of the best single board computers for AI and Deep Learning projects), if you have one.
- Good first-party and third-party documentation
- Timely updates for supported devices
- LineageOS follows the AOSP tree very closely (for people who want the most stock Android experience)
- Less “preinstalled bloatware” compared to your stock factory firmware
- The LineageOS project is a community effort, so not all hardware features of your phone may work right out of the box
- It does not offer a lot of security/privacy features out of the box
CalyOS is a rather interesting custom ROM based on the Android Open Source Project (AOSP). Instead of not shipping the Google Mobile Services (GMS) and leaving users to figure stuff out by themselves (flashing gapps etc), CalyxOS ships with microG. However, you can choose to enable/disable it, thus, giving you total control.
CalyxOS is backed by the Calyx Institute, a non-profit organization promoting individual rights like free speech, privacy rights, etc.
It comes with privacy-focused applications like Signal, Tor Browser, and more. Even though the support for CalyxOS is limited to Pixel phones, for the most part, it provides plenty of out-of-the-box privacy features for a user to get a head start with a degoogled android phone.
- Uses microG
- Ships with F-Droid and the Aurora Store
- Datura Firewall allows you to block internet access per app
- Uses Mozilla Location Services instead of Google’s Location Services
- Monthly over-the-air security updates
- Has verified boot for increased security
- Security-focused apps and features out of the box
- Only available on Pixel phones (but there is a good reason behind this)
Suggested Read 📖
You may think that /e/OS is yet another Android Operating System. You would be partially correct. Don’t dismiss this Android ROM just yet. It packs so much more than any off-the-shelf Android-based Operating System.
Like any privacy-respecting Android ROM, /e/OS replaces every Google-related module or app with a FOSS alternative.
While it is a de-googled operating system, it offers all the usable replacements baked right in. So, it can be a suitable candidate for new users looking for an easy replacement.
- The App store on /e/OS rates apps based on how many permissions they need and privacy-friendliness
- Provides an ecloud account (with a @e.email; 1GB in free tier) as a synchronization account
- Ships with microG framework
- Google DNS servers (184.108.40.206 and 220.127.116.11) are replaced with Quad9 DNS servers
- DuckDuckGo is the default search engine, replacing Google
- Uses location services provided by Mozilla
- Limited devices support with Easy Installer
- Roll-out of new features from Android takes a while
CopperheadOS is another interesting Android ROM. A team of just two people developed it.
CopperheadOS is not an open-source project, unlike other options, and you probably cannot get your hands on it.
It is geared towards enterprise deployment. So, if you want to purchase Android devices for your employees with security tuned in, this can be worth considering.
- Good documentation, compared to any other Android ROM documentation
- CopperheadOS has had many of the security-oriented features before AOSP itself
- Uses Cloudflare DNS (18.104.22.168 and 22.214.171.124) instead of Google’s DNS (126.96.36.199 and 188.8.131.52)
- Includes an internet firewall for per-app permission
- Uses Open Source apps instead of obsolete AOSP apps (Calendar, SMS, Gallery etc)
- Includes F-Droid and the Aurora App Store
- Questionable claims about the security of CopperheadOS after the main dev went different ways
- Only available with phones pre-loaded with CopperheadOS
- No indication of SafetyNet working on CopperheadOS
iodé is an open-source Android-based operating system that gets rid of Google trackers.
In addition, it offers a feature to analyze real-time data requests from your apps. So, you can keep track of the apps that want to collect your data and get control if you allow/prevent them from tracking your data.
They also offer new and refurbished phones (including Fairphone, Pixel refurbished, and more) that come loaded with iodé OS.
- Easy-to-use OS that provides access to privacy insights
- The company promotes eco-friendly tech by selling a variety of refurbished phones powered by the OS
- Nothing extraordinary about the OS for users who want more in terms of control and customization
Suggested Read 📖
Honourable mention: LineageOS for microG
The LineageOS for microG project is a fork of the official LineageOS with microG and Google Apps (GApps) included by default. This project ensures that microG works flawlessly on your phone (which can be a complicated process for a beginner).
- Provides the microG implementation of GMS without any inconveniences
- It comes with F-Droid as the default App Store
- Provides weekly/monthly over-the-air updates
- Has option to use location service provided by either Mozilla, or by Nominatim
- Enabling signature spoofing to enable microG support can be an attack vector from a security POV
- Even though this ROM is based on LineageOS, as of writing this, not all of the LineageOS devices are supported
- Includes Google Apps (GApps) instead of providing Open Source alternatives
- No confirmation if Google’s SafetyNet is working or not
Here's Something Interesting...
You may be wondering why some of the interesting Android-based ROMs (CalyxOS etc.) are only restricted to supporting Google’s Phones.
Isn’t that ironic?
Well, that is because most phones support unlocking a bootloader, but only Google Pixels support locking the bootloader again. This is a consideration when developing an Android-based ROM for privacy and security-focused crowd. If the bootloader is unlocked, it is an attack vector you haven’t patched yet.
Another reason for this irony is that only Google makes their phones’ Device Tree and Kernel Source Code available to the public on time. You cannot develop a ROM for the said phone without its Device Tree and Kernel Source Code.
To complement your choice of an operating system, you can also check out some of the best open source Android apps to get started.
In my opinion, if you have a Google Pixel phone, I recommend giving a try to either CalyxOS, CopperheadOS or Lineage. These Android ROMs have excellent features to help you keep your phone out of Google’s spying eyes while also keeping your phone [arguably] more secure.
If you do not have a Google Pixel, you can still try LineageOS for microG. It is a reasonable community effort to bring Google’s proprietary features without invading your privacy to the masses.
If your phone isn’t supported by either of the operating systems mentioned above, LineageOS is your friend. Due to the wide range of supported phones, yours will undoubtedly be supported in any capacity, officially or unofficially.