Note, GrapheneOS seems to have been able to secure partner access to Android early security releases, but this comes with the cost that the source used to make these special "01" builds is private until general availability. This might not be a tradeoff that LineageOS is willing to take; GrapheneOS has provided the option on a recommended opt-in basis.
The bad thing in general is the dependence on Google policy for all AOSP distros. Joining those programs might long term worsen the situation.
IMHO, it could be worth the fight if GrapheneOS could win their (rather legal/lobbying) battle to obtain play integrity certification by following security closely (which is a joke IMHO because EOL phones with not updates for years also get integrity). Google releasing easily diffable security only bytecode sets, seems like a security nightmare for everyone else.
All of those distros suffer from the reliance of Google to release anything, so they in one way or the other they play the game. Particularly Lineage heavily does 'self-censoring' to comply without much benefit IMHO. We really would need e.g. does not even include the keys for providing alternative web views or the ability to switch the location provider. While google has those capabilities, they only support services sending data to their own servers.
I used lineage as my daily driver since the CyanogenMod days and the HTC desire, but switched to a Google Pixel a few month back, because I felt I had lost the play integrity fight and although my great Redmi Note 10 Pro was running other like a charm thanks to lineage and the device maintainers (Daniel and Aryan), I personally could not invest time and cognitive capacity anymore.
More and more device manufacturers are locking down their bootloaders again. I hope someone can break the momentum and finds a way to break the OS duopoly.
We have the sources for the patches which is how they get applied the source tree. We have both the regular releases and security preview releases so it's easy to see what was changed since it's a small amount of code: currently 59 security patches for Android 16, similar to the size of typical Android security patches, although 1 was already public elsewhere so we applied to the regular release.
> does not even include the keys for providing alternative web views or the ability to switch the location provider.
Trusting third parties with this is a privacy and security risk. GrapheneOS uses our Vanadium fork of Chromium for the WebView and LineageOS has their own builds of Chromium for it. We provide our own network location implementation using a semi-offline approach based on Apple's location service. We plan to add fully offline support for both Wi-Fi and cell tower network location via downloading regional databases. SUPL is essentially obsolete for GrapheneOS since all supported devices have PSDS and the network location service is already used to help accelerate GNSS when enabled, so we could just remove that instead of making our own SUPL service based on the same data.
We're making progress in fighting the Play Integrity API but governments and regulators move slowly. Courts also move slowly but we haven't brought it to a court yet and would prefer not having to do that. We would greatly prefer if Google worked it out with us and other AOSP-based operating systems but it doesn't appear there's much chance of that ever happening. It's strange since we were never hostile towards them, earned them a lot of money via hardware sales and made substantial upstream contributions.
A major Android OEM is working with us because unlike Google, they're able to see the significant benefits of working with us and selling a lot of devices based on it once they have official GrapheneOS support. Google could have worked with us and others instead of the path they're taking. They could have sold a lot more Pixels by opening up the devices more and improving them. Instead, they'll sell a lot fewer Pixels than they could have as one of the main reasons people buy them goes away. A lot of people who bought them and used the stock OS still bought them because they knew they could get first class support for another OS. They're shooting themselves in the foot. Our userbase will be buying devices from another OEM instead once they meet our requirements.
>> All of those distros suffer from the reliance of Google to release anything, so they in one way or the other they play the game. Particularly Lineage heavily does 'self-censoring' to comply without much benefit IMHO. We really would need e.g. does not even include the keys for providing alternative web views or the ability to switch the location provider. While google has those capabilities, they only support services sending data to their own servers.
> Trusting third parties with this is a privacy and security risk.
> Trusting third parties with this is a privacy and security risk.
I sure trust more LineageOS webview and the guy running BeaconDB than google or apple fwiw.
I understand Graphene goal isn't freedom but "security", just a hardwareless OEM eventually complying with whatever Google will want.
The preview patches are source code patches we're applying to the source tree used for the regular GrapheneOS releases. We have the sources for the patches, but we need to wait to the embargo end date to publish the security preview patches as source code. We keep the patches in a dedicated Git repository with a script for applying them to the source tree from the regular release. Each security preview release is tagged there, so we can release the sources which were used as soon as the embargo date is reached.
No, GrapheneOS is partnered with a major Android OEM and has security partner access through them. Our security preview releases are in full compliance with the terms set by Google. It's permitted to ship the patches early with delayed source releases for the patches on the dates the embargoes end. The current patches are from the November 2025, December 2025 and January 2026 bulletins. We've shipped the full set of currently available patches for those 3 months.
I don't know the exact terminology, but they described what they currently have as security partner access or at least advanced access to security patches. To my knowledge they are still working on full partner access that would grant them timely access to the AOSP source code.
I'd love to see a hybrid phone with an embedded stock android for banking, pay and government apps and a regular LinageOS or Linux OS that runs on a separate partition/hw/vm.
Like "gluing" two phones together - just better ;)
It would be great to run an open OS but having to carry a separate phone for banking/paying is not really a viable option.
This is on point and it's sickening what Google is allowed to get away with. Even with the recent crackdowns on Google by various governments, they are steadily locking down Android, so even if you paid for your phone, whatever apps that you want to put on it will need their seal of approval.
The excuse of "security" or "it's for the children" is complete BS, because it's about "them" having unwanted and total control.
They were both budget brands with niche offerings. For most people, the source of the OS is immaterial. There's very little competitive advantage to selling a forked OS, and a rather large downside in terms of support costs.
I'm mostly happy with my GrapheneOS device - but it is absolutely not suitable for mass market.
> I'm mostly happy with my GrapheneOS device - but it is absolutely not suitable for mass market.
What makes you say that? I run GrapheneOS on a Pixel and had to go through the relative simple flashing process, but if GOS came preinstalled on a device anybody familiar with Android (or even iOS) would be able to use it. Compatibility with Android apps is great too.
"Find My Device" means the location of your device is constantly sent to and stored on someone else's computer (the "cloud"), and it is something that shouldn't exist unless that someone else's computer happens to be yours.
I am not ordering anything. I was merely explaining that "Find My Phone" is not a feature -- it is an anti-feature that enables surveillance by a third party. The lack of such an anti-feature should be viewed as an advantage of Graphene, rather than a disadvantage.
Most banking apps work on GrapheneOS. Around 10% ban using any alternate OS, but a small subset of those specifically permit GrapheneOS now in addition to Google certified devices with the stock OS.
It's nearly the same permission model as Android 16 beyond having Storage Scopes and Contact Scopes as easy to use alternatives with fine-grained control along with Sensors and Network toggles. It's otherwise the same.
If you're talking about the exploit protection features with toggles, that's not part of the permission model and the defaults don't break any apps without serious bugs. Apps with memory corruption bugs can be broken by the defaults, which only requires turning on the compatibility toggle for the app. People don't need to understand the finer grained settings.
The default 4x5 icon grid has the same icon sizes as the stock Pixel OS, which can't be adjusted there either.
The vast majority of issues people have with GrapheneOS are issues with Android and Android apps which are not specific to GrapheneOS.
What is the issue with the permission model. It's basically the AOSP permission model. The changes made by GrapheneOS is the user-facing toggle for the INTERNET permission, and the sensors permission.
If people do not want to interface with those features, they can simply skip them, and the permission model will be the exact same as it is on Android.
GrapheneOS is partnered with a major Android OEM and working towards some of their future devices meeting our requirements and providing official GrapheneOS support. It won't be the main operating system, but it will be an officially supported option. Their current devices don't meet our requirements, but they're working towards meeting those for future devices.
Where are you from? I live in Germany. I use ING and DKB as my banks. Both of the banks require a Play Integrity-checked app as their default 2FA.In the past I used Sparkasse and Commerzbank. They too required a PI-approved app.
As an alternative you can order a code generator but for DKB that requires a paid debit-card. ING disables the phone app if you use a code generator. You cannot have multiple 2FA.
EU Nations who are familiar with computers like Sweden and Estonia did.
Germany likes to think that they belong to cabinets and powered with internal combustion engines. Internet was a new land in 2013. So every user-friendly feature has to be shoved into Germany's throat by EU (especially banks and insurance). The usual reaction from German companies is to wait until the last moment and then hire a law / consultancy firm to implement required changes as badly as possible.
All my banking apps works fine under lineage. The only app that does not work is McDonald. I have not investigated very far, maybe it is possible to make it work.
It's great to see Android TV mentioned. Has anyone managed to build a freedom-respecting TV box with Lineage? This is a much needed alternative to "smart" TVs and streaming boxes filled with spyware and arbitrary restrictions.
Looks like LineageOS supports various iterations of the Nvidia Shield device. What I'm wondering is whether this new Catapult launcher is compatible with Android TV that comes with off the shelf Smart TVs. I've grown accustomed to the default screen on my current TV's in-built Google TV (not Android TV, although I'm not totally sure of the difference), but it does enforce at least one additional click to get to the actual functions I, and the family, use it for.
Gonna check out Catapult right now.
Edited to add note: It looks as if the latest Nvidia Shield device requires soldering a USB port onto the mainboard of the device[0]. That probably excludes a decent percentage of people who may otherwise be happy software hacking a device.
Nate Johnson, one of the devs at LineageOS, maintains some official and unofficial builds. You could go from scratch using a Radxa SBC, or try to get an older streaming device (like one of the previous versions of the Chromecast). Some of these older devices even got Widevine DRM still working after installing LineageOS, if you want to use a streaming service.
I'd be curious to see how that works out. One of the main advantages of the Pi is that it supports HDMI-CEC. However, I am seen reports that it struggles with 4K playback at more than 30fps. Even 60Hz isn't great if you have a modern TV and want to use SteamLink to play Steam games running on your PC from your couch.
You don't "streaming services" when you can open a Web browser and stream from the high seas, or download NewPipe from F-Droid, or download Jellyfin and stream local content.
Does it work well with the Google tv remote for example? Last time I used NewPipe on the tv, the ui was completely unsuited for remotes. I can't imagine using streaming services on the browser to be any better.
Libreelec is comically limited. Last time I checked the Youtube integration needed an API key tied to a Google account. No thanks. On Android, there is NewPipe and it's far better. Also no browser, so you can't stream from the high seas. Libreelec sucks for anything that isn't local playback. It's much better to run Kodi inside Android or Linux for that.
Over recent user privacy (and security) crackdowns from Google, these OS upgrades seem to be becoming more appealing. Can anyone comment on what differs Lineage from something like GrapheneOS?
That is not to say you have no freedom or extra features with Graphene, or no security with Lineage, it’s just what either project has very clearly as main target.
I do miss some features since switching to GrapheneOS (customizable on screen nav, volume rocker for cursor control), but I’m very happy with stuff like sandboxed google play services.
GrapheneOS provides a lot of features not available in LineageOS. Our focus for is privacy, security and replacing Google apps/services. The features we add aren't only privacy and security features. We provide our own network location and geocoding support. Local text-to-speech and speech-to-text are being developed. It also provides a bunch of assorted features such as forcing the availability of VoLTE, VoNR, VoWiFi and 5G.
https://grapheneos.org/features is an overview of what's provided compared to AOSP but doesn't cover everything yet, especially recent additions.
Graphene is probably better on the devices that support both (Pixels), but since hardware support is so (intentionally) limited, it kind of a moot point. Also the Graphene community is kind of obsessed with "security" and does not seem to place much emphasis on freedom/hackability.
Why the scare quotes? Graphene’s focus on security is legitimate and well founded. They are the only phone OS that is consistently safe from hacking by the likes of Cellebrite long after all other androids have fallen.
Let's define "more secure" as "preventing a particular behavior that is against the device owner's conscious or unconscious wishes".
It would be "more secure" to have a per-application firewall that blocks particular apps from outbound traffic over certain networks or to certain destinations. This prevents a malicious app from consuming roaming data.
LineageOS can have that, at the owner's preference. Graphene explicitly forbids it.
It would be "more secure" to allow backing up apps and all their data. This would mitigate the damage of ransomware. Graphene, again, forbids it (following google guidelines prioritizing the wishes of an app's developer over the device owner).
There are many such examples. Lineage is philosophically owned by the person who installed it onto the phone. Graphene is owned by the Graphene devs, NOT the phone owner. Sometimes the Graphene devs purposefully choose to let software on the device restrict the valid owner of that device.
>It would be "more secure" to have a per-application firewall that blocks particular apps from outbound traffic over certain networks or to certain destinations. This prevents a malicious app from consuming roaming data.
LineageOS can have that, at the owner's preference. Graphene explicitly forbids it.
Not sure what is meant by forbidding it? GrapheneOS provides per-app network access control via a user-controllable Network permission which is not implemented in AOSP or LineageOS afaik. They do not forbid using local firewall/filtering apps like RethinkDNS (to enforce mobile data only or Wi-Fi only iirc) and InviZible. They only warn that 'blocks particular apps from outbound traffic ..to certain destinations' cannot be enforced once an app has network access which makes sense to me.
>It would be "more secure" to allow backing up apps and all their data. This would mitigate the damage of ransomware. Graphene, again, forbids it (following google guidelines prioritizing the wishes of an app's developer over the device owner).
Contact scopes, storage scopes, the sensors permission and the network permission are examples that show precisely the opposite (GrapheneOS prioritises the device owner over the application developers). To my understanding, the backup app built-in to GrapheneOS even 'simulates' a device-to-device transfer mode to get around apps not being comfortable with data being exfiltrated to Google Drive. That being said, I understand they have plans to completely revamp the backup experience once they have the resources to do so.
They're referring to the leaky network toggles in LineageOS for different kinds of networks. GrapheneOS won't include that because it doesn't work correctly and gives people the false impression that it's going to stop apps communicating over those networks when it only stops most (not all) direct connections.
LineageOS has the same Seedvault backup system with the same limitations. There are few limitations left since Android 12's API level stopped apps opting out of all backups by redefining it as an opt-out of cloud backups and similarly redefined the file exclusions as only being for cloud backups. The new system supports very explicitly omitting files from device-to-device backups but it has to be explicitly specified that way and few apps do it. The problems with apps opting out of backups due to not wanting cloud backups for space, bandwidth or privacy reasons has been solved for several years now. It doesn't mean all app data is portable between devices, such as Signal encrypting their database with a hardware keystore key making it fundamentally impossible to do backups at a file level for it rather than using their own backup system.
No, I'm specifically referring to iptables-based firewalls (like AFWall), which Graphene does not allow the user to create and Lineage does (via root access).
These are not an android VPN provider and allow blocking traffic based on the combination of source app AND DESTINATION SERVER ADDRESS.
> LineageOS can have that, at the owner's preference. Graphene explicitly forbids it.
That's not true.
You can use apps like RethinkDNS providing local monitoring and filtering of connections while still supporting using a VPN on either LineageOS or GrapheneOS. GrapheneOS fixes 5 different kinds of outbound VPN leaks which are still present on LineageOS, which is quite relevant to this. There are no known outbound VPN leaks remaining for GrapheneOS as long as Private DNS is set to Off.
The reason GrapheneOS doesn't include the finer grained network toggles LineageOS does is because they're leaky and do not work correctly. Our Network toggle doesn't have those kinds of leaks. We do plan to split up the Network toggle a bit but doing that correctly is much harder and comes with some limitations since it still has to block generic INTERNET permission access if anything is disabled and only permit cases which are specially handled.
GrapheneOS has Storage Scopes, Contact Scopes, a Network toggle and a Sensors toggle not available on LineageOS along with other app sandbox and permission model improvements. Users have much more control of their apps and data on GrapheneOS.
LineageOS provides privileged access for Google apps while we take a different approach.
> It would be "more secure" to allow backing up apps and all their data. This would mitigate the damage of ransomware. Graphene, again, forbids it (following google guidelines prioritizing the wishes of an app's developer over the device owner).
That's also not true. LineageOS has the same limitations and backup system.
Both GrapheneOS and LineageOS use Seedvault with the same kind of integration. Since the Android 12 API level, apps can only opt-out of cloud backups and existing exclusion files only apply to cloud backups. There's a new exclusion system which can be used to explicitly omit files from device-to-device backups such as Google's device transfer system, but that's rarely used and it exists for good reason due to device-specific data that's not portable.
> There are many such examples. Lineage is philosophically owned by the person who installed it onto the phone. Graphene is owned by the Graphene devs, NOT the phone owner. Sometimes the Graphene devs purposefully choose to let software on the device restrict the valid owner of that device.
You haven't raised any examples of GrapheneOS restricting what can be done in a way that's not done by LineageOS. All you did is bring up a feature approached differently by both operating systems where the most flexible solutions such as RethinkDNS are available for both. If people want to modify either GrapheneOS or LineageOS, they can do it for each. We provide very good build documentation for production releases with proper signing. We strongly recommend against using Magisk but people do modify GrapheneOS with that projects and use it. Our recommendations are not restrictions on what people can do.
I'm using Graphene but honestly the biggest thing is that Lineage devs wouldn't care if you root, while Graphene devs obviously do because it screws the whole point of Graphene
As an example of something lineage allows me to do which graphene forbids: Lineage allows me, the owner of my phone, to use an app of my choice to serve as a location provider.
Graphene requires that I use google services (sandboxed) and does not PERMIT me, the owner of the device, to choose otherwise without compiling my own fork.
I just read that they changed their stance, but for a long time, they were against implementing RCS and said users should be using another tool like Signal. That ignores real world scenarios where users ended up using SMS rather than RCS, which was encrypted with Google messages. Of course, there's more nuance to the discussion, but I found myself a few years ago having gone from encrypted messaging on an iPhone by default to encrypted messaging on stock Android with RCS to unencrypted messaging on GrapheneOS. I thought that was certainly less secure for myself and likely the average user.
But they did share valid concerns about their reasoning and most other aspects of the OS certainly have a great focus on security.
GrapheneOS never had a stance against implementing RCS and has supported RCS at an OS level for years. The issue was that the only available RCS app in practice is Google Messages and it requires privileged access for Google Play services, which goes against the sandboxed Google Play approach. We worked around it by making it so that the access granted to Google Messages when it's set as the SMS/MMS/RCS app also applies to Google Play services where part of the implementation is done.
iOS does not currently implement end-to-end encryption for RCS. End-to-end encryption for RCS is exclusive to conversations between Google Messages users. Apple has said they'll implement the new MLS end-to-end encryption for RCS but has not done it and has provided no timeline for doing it. It took them a very long time to implement basic RCS support and this will likely take a long time too. Google Messages has not yet moved to the new MLS encryption, but it will need to do that too in order for iOS implementing it to provide end-to-end encryption across them.
I appreciate the response and how you're proactive about following things! That's great to know RCS is now possible on GrapheneOS. That's very pragmatic.
For now, I have switched back to iOS due to a significant majority of my contacts using iMessage, so I'm back to encrypted chats again. Hopefully the future of RCS changes things while America struggles with using a unified messenger. I dream of using a dumb phone with RCS.
And having security focused settings by default. For instance, the https://localmess.github.io tracking attempt was prevented on Vanadium (a browser maintained by GOS). Another serious vulnerability from top of my mind was TapTrap (https://taptrap.click/), which was fixed by GOS [1] few months ago. Android is still vulnerable to it!
I have used both, and I can personally use my smartphone properly with both.
GrapheneOS is more strict about security, making it more secure but less accessible (at the moment you can only run GrapheneOS on Pixel phones).
I am happy with GrapheneOS' policy: that's exactly why I use GrapheneOS, to the point where I bought a Pixel just for GrapheneOS. Many people complain about GrapheneOS not supporting other phones. IMO it's the other way round: the other Android manufacturers do not support GrapheneOS.
If you really want GrapheneOS to lower their security in order to run on another phone, what you want is actually LineageOS.
GrapheneOS is partnered with a major Android OEM we're working with towards their next generation devices supporting GrapheneOS. The devices will meet all of our official requirements listed at https://grapheneos.org/faq#future-devices rather than lowering these standards. We kept the minimum support time at 5 years since we know providing 7 is difficult but all the rest should be possible to provide via a Snapdragon 8 Elite Gen 5.
There is little point in fortifying the front-door when the backdoor is wide open.
The hardware itself should never be trusted when being produced by a vendor like Google and cannot be verified on the component level. Their business model completely revolves in reducing your private sphere and sell it to others.
Never use google hardware if you are serious about security.
You have it backwards. It's smartphones other than iPhones and Pixels with the front door open due to lack of basic security patches and protections. You're making unsubstantiated claims about backdoors not backed by any evidence. Those claims can be made about ANY available hardware. Using devices without basic privacy/security patches for firmware/drivers, an end-of-life Linux kernel and lack of important hardware-based security features is the opposite of being serious about security.
The reason GrapheneOS has an OEM partner we're working with towards their at least one of their upcoming devices meeting our requirements is because Pixels are the only currently viable options. If other OEMs were making reasonably secure devices with support for using another OS on their own, we wouldn't need OEM partnerships. The currently available devices from our OEM partner don't meet our security features or update requirements, but a subset of their future devices will. GrapheneOS will be officially supported so it will be easier to provide a fully production quality OS and we'll be able to do lower level privacy and security improvements at a hardware, firmware and driver level.
All mobile computing and connectivity hardware is unverifiable in reality and by design. It's not some property exclusive to Google Pixels.
Their business model also does not involve selling data afaik, it's selling access to their adspaces [1] all over the internet including the ability to target people (based on information Google jealously hoard). They stand to lose just as much as most other OEMs if they did suspicious things in hardware just like Apple, Samsung etc.
If you're serious about security you will avoid using OEMs that have unfortunate patch gaps which leave device owners at the mercy to *known vulnerabilities* [1][2][3][4] as well as unknown threats which is fortunately one of GrapheneOS's many reasonable device support requirements.
That is incorrect. There are more reasons for a major US-government contractor to implant spyware on their hardware to hand our privacy on a plate to alphabet agencies than a generic cheap android without a known brand.
This doesn't mean the cheap device arrives without spyware, likely the difference is the spyware being monitored by chinese rather than US agencies so pick your poison. I'll pick mine.
Open schematics for a PCB don't make it any harder to hide a backdoor. You're talking about devices which still have an entirely closed source SoC with all of the real complexity. The products you're repeatedly marketing here use a bunch of low end components with very poor security including lacking ongoing patches for vulnerabilities and basic standard security protections. They're falsely marketed as open but are actually closed source hardware with closed source firmware. A closed source SoC, Wi-Fi, Bluetooth, cellular, NFC, SSD, touchscreen, camera, etc. attached to a PCB with open schematics is not open hardware.
They're talking about devices known to be extraordinarily insecure, which are still closed source hardware with closed source firmware. Having schematics for the board does not avoid trusting the hardware. It's still a closed source SoC and the same for the other components such as the SSD, Wi-Fi, Bluetooth, cellular, etc. but those components are much less secure without proper updates and security protections. The whole point of an SoC is that it has the complexity of a traditional CPU, GPU, motherboard and other components merged into a single chip, and that's entirely closed source with closed source firmware on those devices.
So you are just attacking another FLOSS community with false [0] claims. This is suspicious.
[0] You can't say "extraordinary insecure" without specifying a threat model. For some threat models, GrapheneOS is less secure, e.g., https://news.ycombinator.com/item?id=45556788
Also, if I explicitly don't trust Google with anything, GOS is extraordinarily insecure for me until a new vendor appears.
A few years ago, Lineage was just a customizable tinkerer friendly AOSP. It served as a base for a lot more Android distros. It was just a smoother Android variant with features like double tap on the notification bar to sleep, better integrated root support, more built in theming options.
Graphene OS was only available for a few Pixel Devices whose source was fully available and mainly focused on security features like improved permissions and more anti tracking features.
To give an example, a company I worked for shipped it's phones with a Lineage OS base with a few patches from Graphene OS to replace default ntp and connectivity check servers.
GrapheneOS is a privacy and security hardened OS. The third party comparison table at https://eylenburg.github.io/android_comparison.htm focused on privacy and security provides a good overview. The GrapheneOS features page at https://grapheneos.org/features provides an overview of many of the changes it makes compared to standard Android.
That's only because Pixels are the only devices meeting the hardware security and update requirements. GrapheneOS has an OEM partner working on meeting our requirements for some of their future devices. That's how GrapheneOS is able to provide our security preview releases with security patches from 3 months of upcoming Android Security Bulletins.
If you want to check supported devices together with some sustainability criteria and other ROMs, I just updated https://www.sustaphones.com/ to reflect that LOS update.
Well, this looks nice. Tons more devices than Graphene or Postmarket supported.
Which hardware should one get to run this? Which hardware is reasonably ethical? Perhaps the Fairphone 5? There are lots of choices from Motorola and OnePlus but I know nothing about them. (Well I remember the old Moto up to Y2k.) Not sure where to buy them.
With reasonable ethical you indeed might want to look into the Fairphones. The Fairphone 6 was reviewed as being a nice improvement over the 5. I'd expect LineageOS to land on that device some time in the future, after all the prior three models are supported. You could wait for that, or settle for the 5.
If you want something cheap and easy instead of the Fairphone, the Motorola moto g 5G (2024) looks good. Supported by LineageOS 23.0 and also on the list of calyx devices, https://calyxos.org/docs/guide/device-support/#modern-device..., with vendor security updates till 2027 (though calyx is on pause, that's me only hoping the device list will still apply afterwards, would be an interesting additional option). Not available in my market though, or just hard to find with that name given the other similarly named motorola phones.
OnePlus 12R is one of the newest phones that is supported, and will get vendor updates until 2028. No headphone jack and no sd card slot though.
Ethical does not describe the OnePlus and Motorola phones. But anything used could be judged as such, since you then at least did not add to the garbage pile of unrepairable devices directly - but they are a bit new for that maybe. On the other hand, vendor security updates don't exist for many of the older devices (especially those from Motorola, they churn out new devices by the dozens and almost immediately abandon them), and the new EU regulations that force vendors to provide security updates only apply to new devices.
The LineageOS port for the FP6 is already well-underway and close to daily-drivable AFAIK. Support for iodéOS has also been announced as planned within 2025, which seems like a good alternative to Calyx.
Right, afaik the Murena offer is the one option to get the Fairphone 6 in the US. I would be very surprised if the bootloader is not unlockable. Bootloader locked is likely meant as something positive: They installed /e/ and then were able to relock the bootloader. You should be able to do the same - but yeah, I would double check that with them before buying, given the price...
Lineage has no account system. /e/ does, optionally.
The reason GrapheneOS doesn't support these additional devices is because they don't provide proper privacy/security patches or security features. Pixels are currently the only devices with proper alternate OS support with a reasonable level of security. That's why we have an OEM partner we're working with towards their future devices meeting our requirements. The hardware requirements are listed at https://grapheneos.org/faq#future-devices. Pixels provide 7 years of proper updates while other devices do not.
Fairphone 4 and Pixel 6 were released in October 2021. Fairphone 4 is on the soon to be end-of-life Android 13 and already end-of-life Linux 4.19 kernel branch. Pixel 6 is on Android 16 QPR1 and the Linux 6.1 kernel branch since it moved to it from Linux 5.10. Fairphone has 1-2 month delays for partial security backports to older releases and years of delays for major OS updates. This does impact another OS supporting the hardware. Fairphone 5 is using the Linux 5.4 kernel that's end-of-life in December 2025 with no plans to migrate to a new kernel. Fairphone devices are missing the security features required by GrapheneOS too including but not limited to MTE (hardware memory tagging) which is the basis for Apple's recent launch of Memory Integrity Enforcement but has been more heavily used by GrapheneOS since October 2023.
GrapheneOS is a much different kind of project than LineageOS and other AOSP-based operating systems. The privacy and security focused comparison table at https://eylenburg.github.io/android_comparison.htm shows that quite clearly.
Yes, I run Waydroid (LineageOS in a Linux container) in an Ubuntu x86_64 VM on my home PC using their default installation method, plus libhoudini via https://github.com/casualsnek/waydroid_script to be able to run arm64-only apps, and waypipe the UI to my (Linux) phone that is connected to my home LAN via Wireguard.
I used to run Waydroid directly on the phone, but the phone has terrible specs and Waydroid had become frustrating in the last few months, when it updated its LineageOS image to a new Android version. It would frequently crash or pop up an infinite series of "app is not responding" dialog boxes, even though whatever app it was was responding just fine. With my new VM + waypipe setup, Waydroid launches in ~10s instead of ~3 minutes, and everything is reasonably snappy despite now traveling over the network, so I'm happy.
The requirements are monstrous: 300GB storage, 32GB RAM. My everyday working laptop has a 240GB SSD. I've build the kernel, Firefox, and the heaviest packages which I use from sources with a fraction of those resources.
I can't even fathom what the build system is doing in order to require this amount of storage.
> I can't even fathom what the build system is doing in order to require this amount of storage.
A large number of 17 year old repositories, prebuilt toolchains, and the fact that you otherwise have every little bit of source code, intermediary results, and output to create a full operating system all in the same place.
As for the memory, the very first step (that basically already is the benchmark for the most memory usage) is loading the entire build tree and generating build steps. Yes, that takes 32GB of RAM, if not 64GB nowadays.
Waydroid runs Lineage, so it's certainly possible, but I don't know how easy it is on something like QEMU.
That being said buying a phone compatible with Lineage or Graphene (only Pixels for the latter) is well worth it. This will probably become even more important in the future if Google bans sideloading or complies with idiotic laws such client-side scanning of messages in some markets.
With Titanium Backup unmaintained, Neo Backup [1] works pretty well. It has some potential issues with restoring wifi/bluetooth/sms as those were still experimental, last I used it. But sms at least worked. I'd suggest a 2nd backup app of those, just in case.
Every version of Lineage has rooted ADB accessible in the developer options. If you want root for apps, you must load Magisk. If root is important to you, this is your OS.
Lineage puts out all the patches that they can, every month, unlike OEMs. If current patches are important to you, this is your OS.
Lineage allows you to run it without any Google closed source code.
These are some serious advantages, depending upon what you are trying to do.
I use LineageOS on all my devices (it's actually my main criteria when buying a phone) to mainly install apps from F-Droid without relying on the Google Play Store.
It has the same familiar look and feel on all devices and by experience is way snappier than the original ROM.
Curve Pay is a viable option last I checked. I am unaware of any payment options on Amex UK app. Amex expects you to link your card with Google Wallet.
>What does not work? An LG app to control an air conditioner.
I use GrapheneOS. Thankfully I've had few things not work. Google Pay being one of them, the other is the garage door (Liftmaster)[1].
I genuinely find it disgusting. Thankfully I rent the apartment (and attached garage) so I've never given them any money. At the end of the day there's literally zero justification for a garage door opening app to brick itself if it's run on a unapproved platform. The official[2] statement states:
"Our customers rely on us to make access simple without sacrificing quality and reliability. Unauthorized app integrations, stemming from only 0.2% of myQ users, previously accounted for more than half of the traffic to and from the myQ system, and at times constituted a substantial DDOS event that consumed high quantities of resources."
AKA "we are incapable of implementing a basic ratelimit. faulty third-party clients made our AWS bill go up a bit so we are going to go on an irrational crusade against third-party integrations of any kind and expend more resources doing this than would be spent by giving users a simple API to use"
Banking apps that do not require Google Play services, such as Bank of America, run just fine. Besides, you can always open a browser and use the web version. Losing banking apps and "tap to pay" is a small price to pay for avoiding having your data constantly siphoned by Google.
Got a Xperia Z1 in 2013. Sony stopped updating it at some point in 2014-2015, which is stupid, but the hardware was still like new (which is the great thing about Sony phones) so I rooted it and managed to install it. Can't remember if it was already named "LineageOS" or "CyanogenMod" at the time. However, it lasted with me until nov. 2020 when I dropped and the screen cracked, made it to be changed but the replacement was kinda bad so used it as an excuse to get a 1ii.
I did the same with this "new" phone, that is going to be 5 years with me - since also got that only-two-years-of-updates thing, threw LineageOS on it and it's going as new.
So as I said the last time I saw a post about it in here, thanks to LineageOS I can use a phone for way more than they are set out to be forgotten. It's a great project and it's really sad Google are making things harder for them for the sake of "security".
I immediately put Lineage on all my devices. In fact, I only buy Android devices that Lineage supports. It's a uniform, degoogled Android experience that just works.
If your phone is more than a few years old it likely doesn't get updates from the manufacturer anymore. LineageOS will get you to the latest Android with security patches. Same sort of deal as with OpenWRT for a router really, you get all the features and security patches but at the loss of the firmware that the device came with and its propriety enhancements.
I have a Samsung Tablet and Samsung's version for said tablet is a giant mountain of crap, full of bloatware, so I installed LineageOS on it. Also my old phone and my old old phone run LineageOS because I'm just logged in to Google on my {current_phone}.
I ran LineageOS on my Moto X4 for many years. It was much faster without the OEM Moto and carrier apps, and was faster again when I installed it without Google Play Services. Same thing with an old Kindle Fire tablet, finally made it fast enough to practically use.
It's worth mentioning that newer Samsung phones and tablets have an eFuse that is blown when you unlock them. This permanently disables some functionality of their separate secure element (IIRC). If you are planning to run LineageOS forever, it would probably not be a big issue, but if you just want to try a third-party OS or ever resell the device, it could be an issue.
Also note that latest Samsung models like Z Flip 7, along with recent models such as S25 who's gonna get the OneUI 8 update will not allow unlocking anymore.
I haven't used custom roms in ages, but I used Lineage back when it was called Cyanogen. It had this cool thing where you could adjust brightness by swiping the top edge of the screen. (This was back in the day when you could reach that part easily!)
My personal take is that most Android devices no longer get updates pretty soon after the release (where pretty soon means 2-3 years). Google promises 7 years of support for their newer devices, but most vendors don't.
LineageOS is, besides the fact hat it is more open for non google stuff, providing Android Updates for older devices. While this does not necessarily provide better security (rooted devices are often not considered as secure), you still get the newer Androids security patches and FEATURES. Furthermore you are more open to do what you want.
Not shipping an update in months when there aren't patches isn't a broken promise. They officially extended the Pixel 6 and Pixel 7 major updates from 3 to 5 years but didn't say they'd provide a release in months with no security patches.
Most OEMs don't provide the privacy and security patches properly from day one. Fairphone lags behind 1-2 months on partial backports to older releases and multiple years for major updates with the full patches. Fairphone 4 and Pixel 6 both released in October 2021, but the Fairphone 4 is on the initial release of Android 13 (not Android 13 QPR3) with an end-of-life Linux 4.19 kernel branch. Android 13 is approaching end-of-life too, but still receives partial backports for now. Pixel 6 is on Android 16 QPR1 and moved from the Linux 5.10 branch to Linux 6.1. Pixels get the security patches in the month they're released vs. 1-2 month delays for the Fairphone 4.
You are the expert, but do we know? Isn't it possible with the new three month embargo that they did ship some of the December patches, but don't list them in the notes because they'll only be released publicly and in AOSP in December?
There were no Android or Pixel security patches for either July or October. It's not a break of any promise. https://news.ycombinator.com/item?id=45562792 provides links to the bulletins and a comparison to a device marketed as supposedly providing long support.
To not have Google built into all alspects of your life too much. Although it still uses some essential Google services, it does take out most unnecessary stuff, which you often can optionally add later in a possibly more secure form, but sometimes can't, which will cause very specific apps using these services not to function, or these features of those apps.
And if Chat Control will be implemented in Google Android, then LineageOS also offers you a way out of that, which is a huge plus of course if you ask me.
QFT. Lineage and Graphene are the last bastions of freedom on mobile phones. Linux phones aren't quite there yet in terms of usability, and sacrifice compatibility with thousands of great apps (including many great FOSS apps) available on Android.
If you want to escape Google's monopoly, you can use LineageOS without google apps, as opposed to the malware and spyware-ridden trash that usually comes preinstalled on your phone.
Yes, that's unfortunate. But it is "easily" patchable (and a world of difference from actually running google play services with root privileges on your phone).
To a normie non-tech person, buying a several hundred dollar Google phone, only to delete Google from it sounds stupid, like you've set your money on fire.
It makes perfect sense to use it if you even remotely care about better performance, battery life and privacy. Google ships it's bloated apps which not only tracks everything and runs on privileged mode but degrades your battery life to a great extent
And it's a decently recent version with more-or-less official Nvidia Tegra drivers, too. For the variety of weird-but-ubiquitous devices that have a bootloader hack, LineageOS is the route to a working smart device that anyone can pick up and use.
> And I heard that Google stopped pushing Pixel source?
> Yes, Google has pulled back here too. Pixel kernels are now only offered as history-stripped tarballs, available privately on request, with no device trees, HALs, or configs. Thanks to projects like CalyxOS, Pixels will likely remain well supported, but they’re no longer guaranteed “day one” devices for LineageOS. Pixel devices are now effectively no easier to support than any other OEM’s devices. In short, this just makes things harder, not impossible.
These fucking bastards. How far we have fallen in ~10 years of smartphone ubiquity. I have zero hopes that this monopolising trend will ever be reversed without top-down regulation from a big bloc like the EU.
If you look at EU and its inaction over Microsoft privacy shenanigans with Win10 and 11. How it spins around Apple and cannot enforce them to fully open their mobile operating system then I sadly have little hopes they can do anything regarding Google and their recent decisions around Play store and 3rd party apps.
I wish something could be done but sadly feels like regular people have to climb mountains to protect themselves while corporations just come in by front door with lucrative deals in order to protect their status-quo
At the risk of sounding knee-jerk libertarian (though there are worse ways to sound), it seems to me that top-down, big bloc regulation is a non-trivial piece of what has gotten into this mess.
The entrenchment via regulatory capture at the baseband level, with enormous state interplay with TSMC and Qualcomm (both economic and regulatory, both publicly known and classified), makes it impossible for a seriously independent actor to enter the market, exception _maybe_ an ubercapitalist like Musk or something.
I'm much more interested to see what happens when we achieve sufficient peace that industrial complexes are no longer the primary pillar of support for chip engineering and fabrication. I suspect that this will unlock the open development, up to the kernel and beyond, that we all hope for.
What would baseband usage look like in a deregulated world?
I’m skeptical, but the question is honest. Without the (quite corrupt) allotment of frequencies and broadcast radio tech by the FCC and government, I’m having trouble envisioning a future that doesn’t end up back at the bcm/qcm/etc. near-monopoly … just via market collusion rather than state orchestration. Is there a better future there that I’m missing?
You can't blame the EU for Google pulling developer support for devices or holding back security patches.
There are pros and cons to "big bloc regulation". You can go and start a phone company since so many things are standarised but the main constraint will be who you source a modem from and the lack of choice will be because of patents (see Apple vs Qualcomm).
It has a Mediatek soc, custom roms for these chips are scarce. If you look at the supported devices on the Lineage wiki, you’ll see only 2 out of 550 devices have a Mediatek soc[0], most of them are Qualcomm.
And iirc from the xda forums, even for Xiaomi phones with a Qualcomm soc it isn’t certain anyone will try to make a custom rom. Xiaomi just releases too many devices to have support for all of them.
Note, GrapheneOS seems to have been able to secure partner access to Android early security releases, but this comes with the cost that the source used to make these special "01" builds is private until general availability. This might not be a tradeoff that LineageOS is willing to take; GrapheneOS has provided the option on a recommended opt-in basis.
https://discuss.grapheneos.org/d/27068-grapheneos-security-p...
The bad thing in general is the dependence on Google policy for all AOSP distros. Joining those programs might long term worsen the situation.
IMHO, it could be worth the fight if GrapheneOS could win their (rather legal/lobbying) battle to obtain play integrity certification by following security closely (which is a joke IMHO because EOL phones with not updates for years also get integrity). Google releasing easily diffable security only bytecode sets, seems like a security nightmare for everyone else.
All of those distros suffer from the reliance of Google to release anything, so they in one way or the other they play the game. Particularly Lineage heavily does 'self-censoring' to comply without much benefit IMHO. We really would need e.g. does not even include the keys for providing alternative web views or the ability to switch the location provider. While google has those capabilities, they only support services sending data to their own servers.
I used lineage as my daily driver since the CyanogenMod days and the HTC desire, but switched to a Google Pixel a few month back, because I felt I had lost the play integrity fight and although my great Redmi Note 10 Pro was running other like a charm thanks to lineage and the device maintainers (Daniel and Aryan), I personally could not invest time and cognitive capacity anymore.
More and more device manufacturers are locking down their bootloaders again. I hope someone can break the momentum and finds a way to break the OS duopoly.
We have the sources for the patches which is how they get applied the source tree. We have both the regular releases and security preview releases so it's easy to see what was changed since it's a small amount of code: currently 59 security patches for Android 16, similar to the size of typical Android security patches, although 1 was already public elsewhere so we applied to the regular release.
> does not even include the keys for providing alternative web views or the ability to switch the location provider.
Trusting third parties with this is a privacy and security risk. GrapheneOS uses our Vanadium fork of Chromium for the WebView and LineageOS has their own builds of Chromium for it. We provide our own network location implementation using a semi-offline approach based on Apple's location service. We plan to add fully offline support for both Wi-Fi and cell tower network location via downloading regional databases. SUPL is essentially obsolete for GrapheneOS since all supported devices have PSDS and the network location service is already used to help accelerate GNSS when enabled, so we could just remove that instead of making our own SUPL service based on the same data.
We're making progress in fighting the Play Integrity API but governments and regulators move slowly. Courts also move slowly but we haven't brought it to a court yet and would prefer not having to do that. We would greatly prefer if Google worked it out with us and other AOSP-based operating systems but it doesn't appear there's much chance of that ever happening. It's strange since we were never hostile towards them, earned them a lot of money via hardware sales and made substantial upstream contributions.
A major Android OEM is working with us because unlike Google, they're able to see the significant benefits of working with us and selling a lot of devices based on it once they have official GrapheneOS support. Google could have worked with us and others instead of the path they're taking. They could have sold a lot more Pixels by opening up the devices more and improving them. Instead, they'll sell a lot fewer Pixels than they could have as one of the main reasons people buy them goes away. A lot of people who bought them and used the stock OS still bought them because they knew they could get first class support for another OS. They're shooting themselves in the foot. Our userbase will be buying devices from another OEM instead once they meet our requirements.
>> All of those distros suffer from the reliance of Google to release anything, so they in one way or the other they play the game. Particularly Lineage heavily does 'self-censoring' to comply without much benefit IMHO. We really would need e.g. does not even include the keys for providing alternative web views or the ability to switch the location provider. While google has those capabilities, they only support services sending data to their own servers.
> Trusting third parties with this is a privacy and security risk.
Trusting Google with this is a privacy risk.
> Trusting third parties with this is a privacy and security risk. I sure trust more LineageOS webview and the guy running BeaconDB than google or apple fwiw. I understand Graphene goal isn't freedom but "security", just a hardwareless OEM eventually complying with whatever Google will want.
Yeah, yesterday I got a pop-up post-update that explained the situation and asked me if I wanted the closed source blobs.
The preview patches are source code patches we're applying to the source tree used for the regular GrapheneOS releases. We have the sources for the patches, but we need to wait to the embargo end date to publish the security preview patches as source code. We keep the patches in a dedicated Git repository with a script for applying them to the source tree from the regular release. Each security preview release is tagged there, so we can release the sources which were used as soon as the embargo date is reached.
As far as I have heard they have not actually secured partner access for themselves, they just got someone who has access to break their NDA.
No, GrapheneOS is partnered with a major Android OEM and has security partner access through them. Our security preview releases are in full compliance with the terms set by Google. It's permitted to ship the patches early with delayed source releases for the patches on the dates the embargoes end. The current patches are from the November 2025, December 2025 and January 2026 bulletins. We've shipped the full set of currently available patches for those 3 months.
See https://discuss.grapheneos.org/d/24134-devices-lacking-stand... for a more detailed explanation.
The access comes from GrapheneOS' OEM partner who isn't breaking any kind of NDA.
I don't know the exact terminology, but they described what they currently have as security partner access or at least advanced access to security patches. To my knowledge they are still working on full partner access that would grant them timely access to the AOSP source code.
I'd love to see a hybrid phone with an embedded stock android for banking, pay and government apps and a regular LinageOS or Linux OS that runs on a separate partition/hw/vm.
Like "gluing" two phones together - just better ;)
It would be great to run an open OS but having to carry a separate phone for banking/paying is not really a viable option.
There's 0 reason why bank/pay/gov apps can't be ran on a regular OS. The goal is to force users into the Google world at the excuse of "security"
This is on point and it's sickening what Google is allowed to get away with. Even with the recent crackdowns on Google by various governments, they are steadily locking down Android, so even if you paid for your phone, whatever apps that you want to put on it will need their seal of approval.
The excuse of "security" or "it's for the children" is complete BS, because it's about "them" having unwanted and total control.
I would be happy if any of the big phone makers will starting adopting LineageOS or GrapheneOS as the main operating system for some of their models.
Or just leave the possibility of easy unlock the phone and publish sources.
BQ tried that with Cyanogen (the precursor to Lineage) https://www.trustedreviews.com/reviews/bq-aquaris-x5
As did WileyFox - https://www.xda-developers.com/wileyfox-to-issue-update-to-m...
They were both budget brands with niche offerings. For most people, the source of the OS is immaterial. There's very little competitive advantage to selling a forked OS, and a rather large downside in terms of support costs.
I'm mostly happy with my GrapheneOS device - but it is absolutely not suitable for mass market.
> I'm mostly happy with my GrapheneOS device - but it is absolutely not suitable for mass market.
What makes you say that? I run GrapheneOS on a Pixel and had to go through the relative simple flashing process, but if GOS came preinstalled on a device anybody familiar with Android (or even iOS) would be able to use it. Compatibility with Android apps is great too.
Off the top of my head:
Lots of banking apps don't work.
RCS has only just started working.
No "Find My Device" support.
Permissions model is difficult to understand - even I struggle with it.
Standard launcher has tiny icons which can't be adjusted.
Pop on to https://discuss.grapheneos.org/ and see the struggles which users have.
> No "Find My Device" support.
"Find My Device" means the location of your device is constantly sent to and stored on someone else's computer (the "cloud"), and it is something that shouldn't exist unless that someone else's computer happens to be yours.
You ordering the rest of the world which features should exist isn't how anything works.
I am not ordering anything. I was merely explaining that "Find My Phone" is not a feature -- it is an anti-feature that enables surveillance by a third party. The lack of such an anti-feature should be viewed as an advantage of Graphene, rather than a disadvantage.
Most banking apps work on GrapheneOS. Around 10% ban using any alternate OS, but a small subset of those specifically permit GrapheneOS now in addition to Google certified devices with the stock OS.
It's nearly the same permission model as Android 16 beyond having Storage Scopes and Contact Scopes as easy to use alternatives with fine-grained control along with Sensors and Network toggles. It's otherwise the same.
If you're talking about the exploit protection features with toggles, that's not part of the permission model and the defaults don't break any apps without serious bugs. Apps with memory corruption bugs can be broken by the defaults, which only requires turning on the compatibility toggle for the app. People don't need to understand the finer grained settings.
The default 4x5 icon grid has the same icon sizes as the stock Pixel OS, which can't be adjusted there either.
The vast majority of issues people have with GrapheneOS are issues with Android and Android apps which are not specific to GrapheneOS.
What is the issue with the permission model. It's basically the AOSP permission model. The changes made by GrapheneOS is the user-facing toggle for the INTERNET permission, and the sensors permission.
If people do not want to interface with those features, they can simply skip them, and the permission model will be the exact same as it is on Android.
> No "Find My Device" support.
I don't have any issues with it
OnePlus also shipped Cyanogen in their early days. They're still around, but they've long since pivoted to their own proprietary Android distro.
Given that Cyanogenmod was discontinued shortly after the OnePlus One released, it's hard to blame them.
I had that phone, too bad it died.
GrapheneOS is partnered with a major Android OEM and working towards some of their future devices meeting our requirements and providing official GrapheneOS support. It won't be the main operating system, but it will be an officially supported option. Their current devices don't meet our requirements, but they're working towards meeting those for future devices.
Banking, pay and government apps should be a website and work on any device with a web browser.
Lots of them are, in fact. It's not that hard, maybe even easier. What's wrong with the rest of them that require a phone?
NFC pay in browser? Does that exist?
Ok, less so NFC, but my bank and all the governments I have to deal with have reasonably functional websites. It's clearly possible.
Where are you from? I live in Germany. I use ING and DKB as my banks. Both of the banks require a Play Integrity-checked app as their default 2FA.In the past I used Sparkasse and Commerzbank. They too required a PI-approved app.
As an alternative you can order a code generator but for DKB that requires a paid debit-card. ING disables the phone app if you use a code generator. You cannot have multiple 2FA.
Try Targobank, it works for me.
US, Virginia. Funny, I tend to assume Europe has this stuff better figured out.
EU Nations who are familiar with computers like Sweden and Estonia did.
Germany likes to think that they belong to cabinets and powered with internal combustion engines. Internet was a new land in 2013. So every user-friendly feature has to be shoved into Germany's throat by EU (especially banks and insurance). The usual reaction from German companies is to wait until the last moment and then hire a law / consultancy firm to implement required changes as badly as possible.
I don't believe it does, but it should.
My bank (Commbank) and my government (myID), both require apps to access the website.
All my banking apps works fine under lineage. The only app that does not work is McDonald. I have not investigated very far, maybe it is possible to make it work.
The only app I use that actually cares is Craigslist of all things. The app doesn't do anything that the mobile website doesn't.
For the love of God, why does McD's of all people require device attestation? I assume it's some downline package they are including?
It's great to see Android TV mentioned. Has anyone managed to build a freedom-respecting TV box with Lineage? This is a much needed alternative to "smart" TVs and streaming boxes filled with spyware and arbitrary restrictions.
This!
Looks like LineageOS supports various iterations of the Nvidia Shield device. What I'm wondering is whether this new Catapult launcher is compatible with Android TV that comes with off the shelf Smart TVs. I've grown accustomed to the default screen on my current TV's in-built Google TV (not Android TV, although I'm not totally sure of the difference), but it does enforce at least one additional click to get to the actual functions I, and the family, use it for.
Gonna check out Catapult right now.
Edited to add note: It looks as if the latest Nvidia Shield device requires soldering a USB port onto the mainboard of the device[0]. That probably excludes a decent percentage of people who may otherwise be happy software hacking a device.
[0]: https://wiki.lineageos.org/devices/sif/install/#usb-port-ins...
This is it for the non-Pro models only since they come with 3 USB-A ports
Nate Johnson, one of the devs at LineageOS, maintains some official and unofficial builds. You could go from scratch using a Radxa SBC, or try to get an older streaming device (like one of the previous versions of the Chromecast). Some of these older devices even got Widevine DRM still working after installing LineageOS, if you want to use a streaming service.
https://xdaforums.com/t/official-lineageos-22-for-amlogic-gx...
Most of the hardware mentioned, like the 2021 edition of the Walmart Onn, isn't available for purchase anymore, so that's a rather limited list.
I think that a generic mini-PC would make more sense overall, but can Lineage be build for x86 at all?
There's a build for RPi5, I didn't try it yet but intend to do it soonish.
https://konstakang.com/devices/rpi5/
I'd be curious to see how that works out. One of the main advantages of the Pi is that it supports HDMI-CEC. However, I am seen reports that it struggles with 4K playback at more than 30fps. Even 60Hz isn't great if you have a modern TV and want to use SteamLink to play Steam games running on your PC from your couch.
My usecase is watching movies from my couch, so I guess it's more than OK.
Almost all major streaming services will refuse to work on unapproved devices.
You don't "streaming services" when you can open a Web browser and stream from the high seas, or download NewPipe from F-Droid, or download Jellyfin and stream local content.
Does it work well with the Google tv remote for example? Last time I used NewPipe on the tv, the ui was completely unsuited for remotes. I can't imagine using streaming services on the browser to be any better.
In that case just go with Libreelec.
Libreelec is comically limited. Last time I checked the Youtube integration needed an API key tied to a Google account. No thanks. On Android, there is NewPipe and it's far better. Also no browser, so you can't stream from the high seas. Libreelec sucks for anything that isn't local playback. It's much better to run Kodi inside Android or Linux for that.
You can always Magisk your device to workaround this.
Over recent user privacy (and security) crackdowns from Google, these OS upgrades seem to be becoming more appealing. Can anyone comment on what differs Lineage from something like GrapheneOS?
Security & Privacy: GrapheneOS
Freedom & Features: LineageOS
That is not to say you have no freedom or extra features with Graphene, or no security with Lineage, it’s just what either project has very clearly as main target.
I do miss some features since switching to GrapheneOS (customizable on screen nav, volume rocker for cursor control), but I’m very happy with stuff like sandboxed google play services.
GrapheneOS provides a lot of features not available in LineageOS. Our focus for is privacy, security and replacing Google apps/services. The features we add aren't only privacy and security features. We provide our own network location and geocoding support. Local text-to-speech and speech-to-text are being developed. It also provides a bunch of assorted features such as forcing the availability of VoLTE, VoNR, VoWiFi and 5G.
https://grapheneos.org/features is an overview of what's provided compared to AOSP but doesn't cover everything yet, especially recent additions.
Graphene is probably better on the devices that support both (Pixels), but since hardware support is so (intentionally) limited, it kind of a moot point. Also the Graphene community is kind of obsessed with "security" and does not seem to place much emphasis on freedom/hackability.
Why the scare quotes? Graphene’s focus on security is legitimate and well founded. They are the only phone OS that is consistently safe from hacking by the likes of Cellebrite long after all other androids have fallen.
Let's define "more secure" as "preventing a particular behavior that is against the device owner's conscious or unconscious wishes".
It would be "more secure" to have a per-application firewall that blocks particular apps from outbound traffic over certain networks or to certain destinations. This prevents a malicious app from consuming roaming data.
LineageOS can have that, at the owner's preference. Graphene explicitly forbids it.
It would be "more secure" to allow backing up apps and all their data. This would mitigate the damage of ransomware. Graphene, again, forbids it (following google guidelines prioritizing the wishes of an app's developer over the device owner).
There are many such examples. Lineage is philosophically owned by the person who installed it onto the phone. Graphene is owned by the Graphene devs, NOT the phone owner. Sometimes the Graphene devs purposefully choose to let software on the device restrict the valid owner of that device.
>It would be "more secure" to have a per-application firewall that blocks particular apps from outbound traffic over certain networks or to certain destinations. This prevents a malicious app from consuming roaming data.
LineageOS can have that, at the owner's preference. Graphene explicitly forbids it.
Not sure what is meant by forbidding it? GrapheneOS provides per-app network access control via a user-controllable Network permission which is not implemented in AOSP or LineageOS afaik. They do not forbid using local firewall/filtering apps like RethinkDNS (to enforce mobile data only or Wi-Fi only iirc) and InviZible. They only warn that 'blocks particular apps from outbound traffic ..to certain destinations' cannot be enforced once an app has network access which makes sense to me.
>It would be "more secure" to allow backing up apps and all their data. This would mitigate the damage of ransomware. Graphene, again, forbids it (following google guidelines prioritizing the wishes of an app's developer over the device owner).
Contact scopes, storage scopes, the sensors permission and the network permission are examples that show precisely the opposite (GrapheneOS prioritises the device owner over the application developers). To my understanding, the backup app built-in to GrapheneOS even 'simulates' a device-to-device transfer mode to get around apps not being comfortable with data being exfiltrated to Google Drive. That being said, I understand they have plans to completely revamp the backup experience once they have the resources to do so.
They're referring to the leaky network toggles in LineageOS for different kinds of networks. GrapheneOS won't include that because it doesn't work correctly and gives people the false impression that it's going to stop apps communicating over those networks when it only stops most (not all) direct connections.
LineageOS has the same Seedvault backup system with the same limitations. There are few limitations left since Android 12's API level stopped apps opting out of all backups by redefining it as an opt-out of cloud backups and similarly redefined the file exclusions as only being for cloud backups. The new system supports very explicitly omitting files from device-to-device backups but it has to be explicitly specified that way and few apps do it. The problems with apps opting out of backups due to not wanting cloud backups for space, bandwidth or privacy reasons has been solved for several years now. It doesn't mean all app data is portable between devices, such as Signal encrypting their database with a hardware keystore key making it fundamentally impossible to do backups at a file level for it rather than using their own backup system.
See https://news.ycombinator.com/item?id=45562664 for a response to the rest of it.
No, I'm specifically referring to iptables-based firewalls (like AFWall), which Graphene does not allow the user to create and Lineage does (via root access).
These are not an android VPN provider and allow blocking traffic based on the combination of source app AND DESTINATION SERVER ADDRESS.
> LineageOS can have that, at the owner's preference. Graphene explicitly forbids it.
That's not true.
You can use apps like RethinkDNS providing local monitoring and filtering of connections while still supporting using a VPN on either LineageOS or GrapheneOS. GrapheneOS fixes 5 different kinds of outbound VPN leaks which are still present on LineageOS, which is quite relevant to this. There are no known outbound VPN leaks remaining for GrapheneOS as long as Private DNS is set to Off.
The reason GrapheneOS doesn't include the finer grained network toggles LineageOS does is because they're leaky and do not work correctly. Our Network toggle doesn't have those kinds of leaks. We do plan to split up the Network toggle a bit but doing that correctly is much harder and comes with some limitations since it still has to block generic INTERNET permission access if anything is disabled and only permit cases which are specially handled.
GrapheneOS has Storage Scopes, Contact Scopes, a Network toggle and a Sensors toggle not available on LineageOS along with other app sandbox and permission model improvements. Users have much more control of their apps and data on GrapheneOS.
LineageOS provides privileged access for Google apps while we take a different approach.
> It would be "more secure" to allow backing up apps and all their data. This would mitigate the damage of ransomware. Graphene, again, forbids it (following google guidelines prioritizing the wishes of an app's developer over the device owner).
That's also not true. LineageOS has the same limitations and backup system.
Both GrapheneOS and LineageOS use Seedvault with the same kind of integration. Since the Android 12 API level, apps can only opt-out of cloud backups and existing exclusion files only apply to cloud backups. There's a new exclusion system which can be used to explicitly omit files from device-to-device backups such as Google's device transfer system, but that's rarely used and it exists for good reason due to device-specific data that's not portable.
> There are many such examples. Lineage is philosophically owned by the person who installed it onto the phone. Graphene is owned by the Graphene devs, NOT the phone owner. Sometimes the Graphene devs purposefully choose to let software on the device restrict the valid owner of that device.
You haven't raised any examples of GrapheneOS restricting what can be done in a way that's not done by LineageOS. All you did is bring up a feature approached differently by both operating systems where the most flexible solutions such as RethinkDNS are available for both. If people want to modify either GrapheneOS or LineageOS, they can do it for each. We provide very good build documentation for production releases with proper signing. We strongly recommend against using Magisk but people do modify GrapheneOS with that projects and use it. Our recommendations are not restrictions on what people can do.
I'm using Graphene but honestly the biggest thing is that Lineage devs wouldn't care if you root, while Graphene devs obviously do because it screws the whole point of Graphene
As an example of something lineage allows me to do which graphene forbids: Lineage allows me, the owner of my phone, to use an app of my choice to serve as a location provider.
Graphene requires that I use google services (sandboxed) and does not PERMIT me, the owner of the device, to choose otherwise without compiling my own fork.
I just read that they changed their stance, but for a long time, they were against implementing RCS and said users should be using another tool like Signal. That ignores real world scenarios where users ended up using SMS rather than RCS, which was encrypted with Google messages. Of course, there's more nuance to the discussion, but I found myself a few years ago having gone from encrypted messaging on an iPhone by default to encrypted messaging on stock Android with RCS to unencrypted messaging on GrapheneOS. I thought that was certainly less secure for myself and likely the average user.
But they did share valid concerns about their reasoning and most other aspects of the OS certainly have a great focus on security.
GrapheneOS never had a stance against implementing RCS and has supported RCS at an OS level for years. The issue was that the only available RCS app in practice is Google Messages and it requires privileged access for Google Play services, which goes against the sandboxed Google Play approach. We worked around it by making it so that the access granted to Google Messages when it's set as the SMS/MMS/RCS app also applies to Google Play services where part of the implementation is done.
iOS does not currently implement end-to-end encryption for RCS. End-to-end encryption for RCS is exclusive to conversations between Google Messages users. Apple has said they'll implement the new MLS end-to-end encryption for RCS but has not done it and has provided no timeline for doing it. It took them a very long time to implement basic RCS support and this will likely take a long time too. Google Messages has not yet moved to the new MLS encryption, but it will need to do that too in order for iOS implementing it to provide end-to-end encryption across them.
I appreciate the response and how you're proactive about following things! That's great to know RCS is now possible on GrapheneOS. That's very pragmatic.
For now, I have switched back to iOS due to a significant majority of my contacts using iMessage, so I'm back to encrypted chats again. Hopefully the future of RCS changes things while America struggles with using a unified messenger. I dream of using a dumb phone with RCS.
And having security focused settings by default. For instance, the https://localmess.github.io tracking attempt was prevented on Vanadium (a browser maintained by GOS). Another serious vulnerability from top of my mind was TapTrap (https://taptrap.click/), which was fixed by GOS [1] few months ago. Android is still vulnerable to it!
[1] - https://grapheneos.org/releases#2025070700:~:text=only%20per...
I have used both, and I can personally use my smartphone properly with both.
GrapheneOS is more strict about security, making it more secure but less accessible (at the moment you can only run GrapheneOS on Pixel phones).
I am happy with GrapheneOS' policy: that's exactly why I use GrapheneOS, to the point where I bought a Pixel just for GrapheneOS. Many people complain about GrapheneOS not supporting other phones. IMO it's the other way round: the other Android manufacturers do not support GrapheneOS.
If you really want GrapheneOS to lower their security in order to run on another phone, what you want is actually LineageOS.
GrapheneOS is partnered with a major Android OEM we're working with towards their next generation devices supporting GrapheneOS. The devices will meet all of our official requirements listed at https://grapheneos.org/faq#future-devices rather than lowering these standards. We kept the minimum support time at 5 years since we know providing 7 is difficult but all the rest should be possible to provide via a Snapdragon 8 Elite Gen 5.
There is little point in fortifying the front-door when the backdoor is wide open.
The hardware itself should never be trusted when being produced by a vendor like Google and cannot be verified on the component level. Their business model completely revolves in reducing your private sphere and sell it to others.
Never use google hardware if you are serious about security.
You have it backwards. It's smartphones other than iPhones and Pixels with the front door open due to lack of basic security patches and protections. You're making unsubstantiated claims about backdoors not backed by any evidence. Those claims can be made about ANY available hardware. Using devices without basic privacy/security patches for firmware/drivers, an end-of-life Linux kernel and lack of important hardware-based security features is the opposite of being serious about security.
The reason GrapheneOS has an OEM partner we're working with towards their at least one of their upcoming devices meeting our requirements is because Pixels are the only currently viable options. If other OEMs were making reasonably secure devices with support for using another OS on their own, we wouldn't need OEM partnerships. The currently available devices from our OEM partner don't meet our security features or update requirements, but a subset of their future devices will. GrapheneOS will be officially supported so it will be easier to provide a fully production quality OS and we'll be able to do lower level privacy and security improvements at a hardware, firmware and driver level.
All mobile computing and connectivity hardware is unverifiable in reality and by design. It's not some property exclusive to Google Pixels.
Their business model also does not involve selling data afaik, it's selling access to their adspaces [1] all over the internet including the ability to target people (based on information Google jealously hoard). They stand to lose just as much as most other OEMs if they did suspicious things in hardware just like Apple, Samsung etc.
If you're serious about security you will avoid using OEMs that have unfortunate patch gaps which leave device owners at the mercy to *known vulnerabilities* [1][2][3][4] as well as unknown threats which is fortunately one of GrapheneOS's many reasonable device support requirements.
[1] https://blog.google/products/ads-commerce/more-effective-med...
[2] https://srlabs.de/blog/android-patch-gap
[3] https://srlabs.de/blog/android-patch-gap-2020
[4] https://www.android-device-security.org/talks/
[5] https://techcommunity.microsoft.com/blog/vulnerability-manag...
This is nonsense.
If your threat model is that you cannot trust the Pixel hardware, then you cannot trust any smartphone or computer at all, period.
That is incorrect. There are more reasons for a major US-government contractor to implant spyware on their hardware to hand our privacy on a plate to alphabet agencies than a generic cheap android without a known brand.
This doesn't mean the cheap device arrives without spyware, likely the difference is the spyware being monitored by chinese rather than US agencies so pick your poison. I'll pick mine.
I trust smartphones with open schematics. Not because it's impossible to hide a backdoor but because it's harder.
Open schematics for a PCB don't make it any harder to hide a backdoor. You're talking about devices which still have an entirely closed source SoC with all of the real complexity. The products you're repeatedly marketing here use a bunch of low end components with very poor security including lacking ongoing patches for vulnerabilities and basic standard security protections. They're falsely marketed as open but are actually closed source hardware with closed source firmware. A closed source SoC, Wi-Fi, Bluetooth, cellular, NFC, SSD, touchscreen, camera, etc. attached to a PCB with open schematics is not open hardware.
> They're falsely marketed as open but are actually closed source hardware
This is just a strawman: Nobody claimed they were open hardware.
> Open schematics for a PCB don't make it any harder to hide a backdoor.
This is like saying that FLOSS doesn't make it harder to hide a backdoor. Of course it does.
The backdoor would be in the firmware and open schematics for a PCB don't say anything about open firmware right....
You're not wrong. I only claim that there are fewer places to hide a backdoor when the schematics is open (just like with FLOSS software).
Exactly.
They're talking about devices known to be extraordinarily insecure, which are still closed source hardware with closed source firmware. Having schematics for the board does not avoid trusting the hardware. It's still a closed source SoC and the same for the other components such as the SSD, Wi-Fi, Bluetooth, cellular, etc. but those components are much less secure without proper updates and security protections. The whole point of an SoC is that it has the complexity of a traditional CPU, GPU, motherboard and other components merged into a single chip, and that's entirely closed source with closed source firmware on those devices.
> extraordinarily insecure
So you are just attacking another FLOSS community with false [0] claims. This is suspicious.
[0] You can't say "extraordinary insecure" without specifying a threat model. For some threat models, GrapheneOS is less secure, e.g., https://news.ycombinator.com/item?id=45556788
Also, if I explicitly don't trust Google with anything, GOS is extraordinarily insecure for me until a new vendor appears.
A few years ago, Lineage was just a customizable tinkerer friendly AOSP. It served as a base for a lot more Android distros. It was just a smoother Android variant with features like double tap on the notification bar to sleep, better integrated root support, more built in theming options.
Graphene OS was only available for a few Pixel Devices whose source was fully available and mainly focused on security features like improved permissions and more anti tracking features.
To give an example, a company I worked for shipped it's phones with a Lineage OS base with a few patches from Graphene OS to replace default ntp and connectivity check servers.
GrapheneOS is a privacy and security hardened OS. The third party comparison table at https://eylenburg.github.io/android_comparison.htm focused on privacy and security provides a good overview. The GrapheneOS features page at https://grapheneos.org/features provides an overview of many of the changes it makes compared to standard Android.
GOS only works on Google phones
That's only because Pixels are the only devices meeting the hardware security and update requirements. GrapheneOS has an OEM partner working on meeting our requirements for some of their future devices. That's how GrapheneOS is able to provide our security preview releases with security patches from 3 months of upcoming Android Security Bulletins.
If you want to check supported devices together with some sustainability criteria and other ROMs, I just updated https://www.sustaphones.com/ to reflect that LOS update.
Well, this looks nice. Tons more devices than Graphene or Postmarket supported.
Which hardware should one get to run this? Which hardware is reasonably ethical? Perhaps the Fairphone 5? There are lots of choices from Motorola and OnePlus but I know nothing about them. (Well I remember the old Moto up to Y2k.) Not sure where to buy them.
With reasonable ethical you indeed might want to look into the Fairphones. The Fairphone 6 was reviewed as being a nice improvement over the 5. I'd expect LineageOS to land on that device some time in the future, after all the prior three models are supported. You could wait for that, or settle for the 5.
If you want something cheap and easy instead of the Fairphone, the Motorola moto g 5G (2024) looks good. Supported by LineageOS 23.0 and also on the list of calyx devices, https://calyxos.org/docs/guide/device-support/#modern-device..., with vendor security updates till 2027 (though calyx is on pause, that's me only hoping the device list will still apply afterwards, would be an interesting additional option). Not available in my market though, or just hard to find with that name given the other similarly named motorola phones.
OnePlus 12R is one of the newest phones that is supported, and will get vendor updates until 2028. No headphone jack and no sd card slot though.
Ethical does not describe the OnePlus and Motorola phones. But anything used could be judged as such, since you then at least did not add to the garbage pile of unrepairable devices directly - but they are a bit new for that maybe. On the other hand, vendor security updates don't exist for many of the older devices (especially those from Motorola, they churn out new devices by the dozens and almost immediately abandon them), and the new EU regulations that force vendors to provide security updates only apply to new devices.
The LineageOS port for the FP6 is already well-underway and close to daily-drivable AFAIK. Support for iodéOS has also been announced as planned within 2025, which seems like a good alternative to Calyx.
Thanks! Oh, I forgot to ask about the hardware working in the US? Also, does Lineage force you to make an account somewhere?
I see the Murena, which I think is the same hardware. But their page says the bootloader is locked. Hmm, think that's a no-go. https://murena.com/america/shop/smartphones/brand-new/murena...
Right, afaik the Murena offer is the one option to get the Fairphone 6 in the US. I would be very surprised if the bootloader is not unlockable. Bootloader locked is likely meant as something positive: They installed /e/ and then were able to relock the bootloader. You should be able to do the same - but yeah, I would double check that with them before buying, given the price...
Lineage has no account system. /e/ does, optionally.
The reason GrapheneOS doesn't support these additional devices is because they don't provide proper privacy/security patches or security features. Pixels are currently the only devices with proper alternate OS support with a reasonable level of security. That's why we have an OEM partner we're working with towards their future devices meeting our requirements. The hardware requirements are listed at https://grapheneos.org/faq#future-devices. Pixels provide 7 years of proper updates while other devices do not.
Fairphone 4 and Pixel 6 were released in October 2021. Fairphone 4 is on the soon to be end-of-life Android 13 and already end-of-life Linux 4.19 kernel branch. Pixel 6 is on Android 16 QPR1 and the Linux 6.1 kernel branch since it moved to it from Linux 5.10. Fairphone has 1-2 month delays for partial security backports to older releases and years of delays for major OS updates. This does impact another OS supporting the hardware. Fairphone 5 is using the Linux 5.4 kernel that's end-of-life in December 2025 with no plans to migrate to a new kernel. Fairphone devices are missing the security features required by GrapheneOS too including but not limited to MTE (hardware memory tagging) which is the basis for Apple's recent launch of Memory Integrity Enforcement but has been more heavily used by GrapheneOS since October 2023.
GrapheneOS is a much different kind of project than LineageOS and other AOSP-based operating systems. The privacy and security focused comparison table at https://eylenburg.github.io/android_comparison.htm shows that quite clearly.
Any way to get this to run in a VM? Or should I give up and buy a phone that can handle it and use it through remote desktop tools?
Yes, I run Waydroid (LineageOS in a Linux container) in an Ubuntu x86_64 VM on my home PC using their default installation method, plus libhoudini via https://github.com/casualsnek/waydroid_script to be able to run arm64-only apps, and waypipe the UI to my (Linux) phone that is connected to my home LAN via Wireguard.
I used to run Waydroid directly on the phone, but the phone has terrible specs and Waydroid had become frustrating in the last few months, when it updated its LineageOS image to a new Android version. It would frequently crash or pop up an infinite series of "app is not responding" dialog boxes, even though whatever app it was was responding just fine. With my new VM + waypipe setup, Waydroid launches in ~10s instead of ~3 minutes, and everything is reasonably snappy despite now traveling over the network, so I'm happy.
There is a guide on how to set up LineageOS for libvirt (i.e. QEMU) [1], but there exist no prebuilt images at this point in time.
[1] https://wiki.lineageos.org/libvirt-qemu
The requirements are monstrous: 300GB storage, 32GB RAM. My everyday working laptop has a 240GB SSD. I've build the kernel, Firefox, and the heaviest packages which I use from sources with a fraction of those resources.
I can't even fathom what the build system is doing in order to require this amount of storage.
> I can't even fathom what the build system is doing in order to require this amount of storage.
A large number of 17 year old repositories, prebuilt toolchains, and the fact that you otherwise have every little bit of source code, intermediary results, and output to create a full operating system all in the same place.
As for the memory, the very first step (that basically already is the benchmark for the most memory usage) is loading the entire build tree and generating build steps. Yes, that takes 32GB of RAM, if not 64GB nowadays.
Okay, but I'm pretty sure Gentoo can compile an entire OS in way less disk+RAM than that, and I know NetBSD can.
The article to which you're commenting has two whole paragraphs on the newly introduced support for virtualisation and qemu.
Waydroid runs Lineage, so it's certainly possible, but I don't know how easy it is on something like QEMU.
That being said buying a phone compatible with Lineage or Graphene (only Pixels for the latter) is well worth it. This will probably become even more important in the future if Google bans sideloading or complies with idiotic laws such client-side scanning of messages in some markets.
How do backups/restores work when using LineageOS and moving to a new phone?
With Titanium Backup unmaintained, Neo Backup [1] works pretty well. It has some potential issues with restoring wifi/bluetooth/sms as those were still experimental, last I used it. But sms at least worked. I'd suggest a 2nd backup app of those, just in case.
[1] https://github.com/NeoApplications/Neo-Backup
LineageOS includes Seedvault for backup and restore. It's not 100% reliably across devices apparently, but should typically work: https://github.com/seedvault-app/seedvault/discussions/331#d...
This requires both phones to use Seedvault though, so it's not an option when moving from the stock OS to LineageOS.
They're seamless. Any phone that allows you true `root` can do nandroid style backups which work very similar to how iOS does backups.
LineageOS is an open source android distribution. Can anyone comment on who might use LineageOS and why?
Every version of Lineage has rooted ADB accessible in the developer options. If you want root for apps, you must load Magisk. If root is important to you, this is your OS.
Lineage puts out all the patches that they can, every month, unlike OEMs. If current patches are important to you, this is your OS.
Lineage allows you to run it without any Google closed source code.
These are some serious advantages, depending upon what you are trying to do.
I use LineageOS on all my devices (it's actually my main criteria when buying a phone) to mainly install apps from F-Droid without relying on the Google Play Store.
It has the same familiar look and feel on all devices and by experience is way snappier than the original ROM.
are you able to do any banking your phone?
(Lineage user here) I've had no trouble with Schwab, USAA, Discover, Amex, Mercury, PayPal, Venmo, or Stripe.
Phone is rooted with Magisk Hide and MicroG for spoofing google play services. Google Wallet does not work.
Google Wallet also doesn't work on Graphene OS.
I just looked into this and in the US there's basically no technical answer that I'd expect to be reliable.
You've got a few choices:
* magsafe wallet (~$10) without nfc shield with a physical card
* "purewrist" prepaid debit card (would be good for a kid maybe)
* garmin smartwatch that gets linked properly like Google Pay would
If you're in the EU there are a ton more options, specifically "Curve Pay" and possibly "Amex UK".
Very annoying.
Curve Pay is a viable option last I checked. I am unaware of any payment options on Amex UK app. Amex expects you to link your card with Google Wallet.
Most everything banking related works for me. 2 different credit unions, roboinvesting, paypal & paypal-alikes, credit card, car insurance, etc.
What does not work? An LG app to control an air conditioner.
Also I have to hide root from the roku app, which I use for the headphone because it works better than the headphone on the remote.
Super important stuff, no wonder they lock that down so much.
Ok I did skip one real thing for the sake of the funny. I can't do google tap to pay. That's about it.
This is all the same on a rooted standard rom as on Lineage.
>What does not work? An LG app to control an air conditioner.
I use GrapheneOS. Thankfully I've had few things not work. Google Pay being one of them, the other is the garage door (Liftmaster)[1].
I genuinely find it disgusting. Thankfully I rent the apartment (and attached garage) so I've never given them any money. At the end of the day there's literally zero justification for a garage door opening app to brick itself if it's run on a unapproved platform. The official[2] statement states:
"Our customers rely on us to make access simple without sacrificing quality and reliability. Unauthorized app integrations, stemming from only 0.2% of myQ users, previously accounted for more than half of the traffic to and from the myQ system, and at times constituted a substantial DDOS event that consumed high quantities of resources."
AKA "we are incapable of implementing a basic ratelimit. faulty third-party clients made our AWS bill go up a bit so we are going to go on an irrational crusade against third-party integrations of any kind and expend more resources doing this than would be spent by giving users a simple API to use"
[1]: https://xdaforums.com/t/root-detection-for-myq-apps.3858887/ [2]: https://chamberlaingroup.com/press/a-message-about-our-decis...
Banking apps that do not require Google Play services, such as Bank of America, run just fine. Besides, you can always open a browser and use the web version. Losing banking apps and "tap to pay" is a small price to pay for avoiding having your data constantly siphoned by Google.
> Besides, you can always open a browser and use the web version.
Not possible in many parts of the world where banks force you to use their app for basic banking functionality.
3 banking apps running fine, until revolut decided to pull a douche move. i've ended my contract with them.
2 banking apps running fine.
I use chrome and the web version.
[dead]
Got a Xperia Z1 in 2013. Sony stopped updating it at some point in 2014-2015, which is stupid, but the hardware was still like new (which is the great thing about Sony phones) so I rooted it and managed to install it. Can't remember if it was already named "LineageOS" or "CyanogenMod" at the time. However, it lasted with me until nov. 2020 when I dropped and the screen cracked, made it to be changed but the replacement was kinda bad so used it as an excuse to get a 1ii.
I did the same with this "new" phone, that is going to be 5 years with me - since also got that only-two-years-of-updates thing, threw LineageOS on it and it's going as new.
So as I said the last time I saw a post about it in here, thanks to LineageOS I can use a phone for way more than they are set out to be forgotten. It's a great project and it's really sad Google are making things harder for them for the sake of "security".
I immediately put Lineage on all my devices. In fact, I only buy Android devices that Lineage supports. It's a uniform, degoogled Android experience that just works.
What devices do you use Lineage on may I ask?
I use moto devices, my current one is a g45. But I have also setup a second hand g30.
Pixel 7 Pro, OnePlus 9, OnePlus 6, Minimal Phone MP01 (unofficial ROM), Samsung Gakaxy Tab S5e. Formerly: Xperia X Compact
If your phone is more than a few years old it likely doesn't get updates from the manufacturer anymore. LineageOS will get you to the latest Android with security patches. Same sort of deal as with OpenWRT for a router really, you get all the features and security patches but at the loss of the firmware that the device came with and its propriety enhancements.
I have a Samsung Tablet and Samsung's version for said tablet is a giant mountain of crap, full of bloatware, so I installed LineageOS on it. Also my old phone and my old old phone run LineageOS because I'm just logged in to Google on my {current_phone}.
I ran LineageOS on my Moto X4 for many years. It was much faster without the OEM Moto and carrier apps, and was faster again when I installed it without Google Play Services. Same thing with an old Kindle Fire tablet, finally made it fast enough to practically use.
It's worth mentioning that newer Samsung phones and tablets have an eFuse that is blown when you unlock them. This permanently disables some functionality of their separate secure element (IIRC). If you are planning to run LineageOS forever, it would probably not be a big issue, but if you just want to try a third-party OS or ever resell the device, it could be an issue.
Also note that latest Samsung models like Z Flip 7, along with recent models such as S25 who's gonna get the OneUI 8 update will not allow unlocking anymore.
Can you tell which tablet is that? I'm lurking around and wondering if I should pick Samsung one once iPad battery dies out
Tab A7, old and not worth it even for a low price, too sluggish even with LineageOS but definitely better than stock of course.
I haven't used custom roms in ages, but I used Lineage back when it was called Cyanogen. It had this cool thing where you could adjust brightness by swiping the top edge of the screen. (This was back in the day when you could reach that part easily!)
My personal take is that most Android devices no longer get updates pretty soon after the release (where pretty soon means 2-3 years). Google promises 7 years of support for their newer devices, but most vendors don't.
LineageOS is, besides the fact hat it is more open for non google stuff, providing Android Updates for older devices. While this does not necessarily provide better security (rooted devices are often not considered as secure), you still get the newer Androids security patches and FEATURES. Furthermore you are more open to do what you want.
However LineageOS does to my knowledge not support bootloader re-locking on most devices, which might be a security risk (see https://grapheneos.org/install/web#locking-the-bootloader).
Google promises 7 years of support for their newer devices, but most vendors don't.
Unless you have a Pixel 6 and your security update goes missing?
(Didn't get the July security update and the October update is still missing? https://www.reddit.com/r/GooglePixel/comments/1o2bhur/where_... )
There were no Android or Pixel security patches for either July or October.
Android July 2025: https://source.android.com/docs/security/bulletin/2025-07-01
Pixel July 2025: https://source.android.com/docs/security/bulletin/pixel/2025...
Android October 2025: https://source.android.com/docs/security/bulletin/2025-10-01
Pixel October 2025: https://source.android.com/docs/security/bulletin/pixel/2025...
Not shipping an update in months when there aren't patches isn't a broken promise. They officially extended the Pixel 6 and Pixel 7 major updates from 3 to 5 years but didn't say they'd provide a release in months with no security patches.
Most OEMs don't provide the privacy and security patches properly from day one. Fairphone lags behind 1-2 months on partial backports to older releases and multiple years for major updates with the full patches. Fairphone 4 and Pixel 6 both released in October 2021, but the Fairphone 4 is on the initial release of Android 13 (not Android 13 QPR3) with an end-of-life Linux 4.19 kernel branch. Android 13 is approaching end-of-life too, but still receives partial backports for now. Pixel 6 is on Android 16 QPR1 and moved from the Linux 5.10 branch to Linux 6.1. Pixels get the security patches in the month they're released vs. 1-2 month delays for the Fairphone 4.
You are the expert, but do we know? Isn't it possible with the new three month embargo that they did ship some of the December patches, but don't list them in the notes because they'll only be released publicly and in AOSP in December?
Promises... I tend to not trust promises as long as there is another Option.
And I'm a happy graphene OS user.
There were no Android or Pixel security patches for either July or October. It's not a break of any promise. https://news.ycombinator.com/item?id=45562792 provides links to the bulletins and a comparison to a device marketed as supposedly providing long support.
To not have Google built into all alspects of your life too much. Although it still uses some essential Google services, it does take out most unnecessary stuff, which you often can optionally add later in a possibly more secure form, but sometimes can't, which will cause very specific apps using these services not to function, or these features of those apps.
And if Chat Control will be implemented in Google Android, then LineageOS also offers you a way out of that, which is a huge plus of course if you ask me.
I want to use an OS that isn't loaded with spyware, so non-FOSS Android just doesn't fit the bill for me.
QFT. Lineage and Graphene are the last bastions of freedom on mobile phones. Linux phones aren't quite there yet in terms of usability, and sacrifice compatibility with thousands of great apps (including many great FOSS apps) available on Android.
for some certain models it offers updated android versions (while the company doesn't)
You might remember them by their old name, Cyanogenmod
Because aosp is basically useless on your phone - it lacks a ton of apps
If you want to escape Google's monopoly, you can use LineageOS without google apps, as opposed to the malware and spyware-ridden trash that usually comes preinstalled on your phone.
Even if you run LineageOS without Google, LineageOS still phones home to Google for DNS and captive portal checks.
https://eylenburg.github.io/android_comparison.htm
Yes, that's unfortunate. But it is "easily" patchable (and a world of difference from actually running google play services with root privileges on your phone).
That can be easily patched. If you want a full "de-google" experience, GOS is the only perfect option
Funny how the fully "de-googled" experience starts with buying a Google device.
To a normie non-tech person, buying a several hundred dollar Google phone, only to delete Google from it sounds stupid, like you've set your money on fire.
Yes, I have a Pixel with GrapheneOS.
That is going to change soon enough. GOS is working towards having their own device. It's going to take a few years at least
It makes perfect sense to use it if you even remotely care about better performance, battery life and privacy. Google ships it's bloated apps which not only tracks everything and runs on privileged mode but degrades your battery life to a great extent
You can run LineageOS on the Nintendo Switch if you want: https://wiki.lineageos.org/devices/nx/variant1/
And it's a decently recent version with more-or-less official Nvidia Tegra drivers, too. For the variety of weird-but-ubiquitous devices that have a bootloader hack, LineageOS is the route to a working smart device that anyone can pick up and use.
Somewhat related:
I could never get adb in my M1 Air (Tahoe and Sonoma too) to detect any android devices.
I have an OnePlus Nord CE 2 Lite 5G.
Same cable and everything works fine on Ubuntu and Windows machines.
The phone is not getting detected in the "System Information" either.
Tried MTP, PTP, USB Debugging, OTG everything.
Anyone faced this issue?
I have an M1 Air too and adb works fine for me. I used homebrew to install it ("brew install android-platform-tools").
I used the same command
ADB starts correctly but can't detect the phone
Your Chrome-based browser might be blocking the port that adb uses.
adb is able to start successfully and listens on its port
I'll have to do the update through my computer with ADB.
As long as it'll be the case, Lineage will never be more popular.
But thanks for the great fork. It's already enormous.
Anyone setup a Rabbit R1 with lineage?
> And I heard that Google stopped pushing Pixel source?
> Yes, Google has pulled back here too. Pixel kernels are now only offered as history-stripped tarballs, available privately on request, with no device trees, HALs, or configs. Thanks to projects like CalyxOS, Pixels will likely remain well supported, but they’re no longer guaranteed “day one” devices for LineageOS. Pixel devices are now effectively no easier to support than any other OEM’s devices. In short, this just makes things harder, not impossible.
These fucking bastards. How far we have fallen in ~10 years of smartphone ubiquity. I have zero hopes that this monopolising trend will ever be reversed without top-down regulation from a big bloc like the EU.
If you look at EU and its inaction over Microsoft privacy shenanigans with Win10 and 11. How it spins around Apple and cannot enforce them to fully open their mobile operating system then I sadly have little hopes they can do anything regarding Google and their recent decisions around Play store and 3rd party apps.
I wish something could be done but sadly feels like regular people have to climb mountains to protect themselves while corporations just come in by front door with lucrative deals in order to protect their status-quo
At the risk of sounding knee-jerk libertarian (though there are worse ways to sound), it seems to me that top-down, big bloc regulation is a non-trivial piece of what has gotten into this mess.
The entrenchment via regulatory capture at the baseband level, with enormous state interplay with TSMC and Qualcomm (both economic and regulatory, both publicly known and classified), makes it impossible for a seriously independent actor to enter the market, exception _maybe_ an ubercapitalist like Musk or something.
I'm much more interested to see what happens when we achieve sufficient peace that industrial complexes are no longer the primary pillar of support for chip engineering and fabrication. I suspect that this will unlock the open development, up to the kernel and beyond, that we all hope for.
What would baseband usage look like in a deregulated world?
I’m skeptical, but the question is honest. Without the (quite corrupt) allotment of frequencies and broadcast radio tech by the FCC and government, I’m having trouble envisioning a future that doesn’t end up back at the bcm/qcm/etc. near-monopoly … just via market collusion rather than state orchestration. Is there a better future there that I’m missing?
You can't blame the EU for Google pulling developer support for devices or holding back security patches.
There are pros and cons to "big bloc regulation". You can go and start a phone company since so many things are standarised but the main constraint will be who you source a modem from and the lack of choice will be because of patents (see Apple vs Qualcomm).
Aren't there are a few modem vendors? MediaTek, Intel, and a bunch of Chinese players?
No? Especially since you mentioned Intel, who sold their modem business to Apple.
Care to elaborate? Intel might have been sold, but there is still Mediatek, Samsung, and the aforementioned Chinese vendors?
:^)
^^
I just want something, anything at all, for my Redmi 14C. No luck so far.
It has a Mediatek soc, custom roms for these chips are scarce. If you look at the supported devices on the Lineage wiki, you’ll see only 2 out of 550 devices have a Mediatek soc[0], most of them are Qualcomm.
And iirc from the xda forums, even for Xiaomi phones with a Qualcomm soc it isn’t certain anyone will try to make a custom rom. Xiaomi just releases too many devices to have support for all of them.
[0] https://wiki.lineageos.org/devices/
Well, waiting for the eBPF backport then.. still more likely to be released than AOSP 16 QPR1 :)