GrapheneOS
Only Google Pixel devices are supported, new models are recommended. Source .
6 private alternatives, vetted against our public criteria.
Android is open source, but the Google layer riding on top is not, and it phones home no matter which privacy toggles you set. The background telemetry and the advertising ID are baked into a default setup, with your location history feeding the same profile. A de-Googled build keeps the same hardware and app compatibility while cutting that reporting at the source.
Only Google Pixel devices are supported, new models are recommended. Source .
Only Google Pixel devices and Xiaomi Mi A2 are supported. Source .
De-Googled Android-based mobile OS using microG, developed by the e Foundation and sold pre-installed on Murena phones.
Apple's mobile OS. More locked down by default than stock Android, but closed.
Why settings won’t fix Android. The components that report to Google live inside Google Play Services, a closed framework you cannot uninstall and whose data flows continue no matter how many settings you change. It sits below your apps and runs with system-level reach, so trimming app permissions limits the symptoms rather than the source. The advertising ID, the location history, and the connectivity checks all originate there, beneath the toggles you are given. Even a signed-out phone announces itself through services tied to your hardware. There is no master switch labelled “stop reporting,” because the company that writes the OS layer also lives on the data it collects. The only real fix is a build that removes those components or sandboxes them so they cannot run with system privileges, which is exactly what GrapheneOS and CalyxOS are designed to do.
What actually matters in a mobile OS. Lead with the security model, because a private phone that is easy to compromise is not actually private. It needs verified boot to make tampering detectable, plus security patches that arrive promptly and keep arriving for years. Just as important is Google Play Services either removed or run inside a sandbox where it cannot reach the rest of the system. After that comes the practical layer: no carrier or manufacturer bloat, plus a clean way to install apps without a Google account and the option to relock the bootloader once you are set up. Builds like /e/OS and LineageOS trade differently between maximum hardening and broad device support, so weigh which one your phone and your habits favour. A build that nails privacy but stops getting patches has quietly become the bigger threat.
How to switch. Start with a supported phone, because the hardware decides what is possible, then back up your data and follow the project’s official install guide, which walks through unlocking the bootloader and flashing. Reinstall your apps from an open store and keep a sandboxed Google layer only if a must-have app demands it, then relock the bootloader afterward to restore verified boot. Budget an afternoon for the move and the setup that follows. The honest trade-off is that a small set of apps expecting an unmodified Google environment may misbehave, so confirm your essentials before you wipe the old phone. If Google’s phone is only the start, the de-Google playbook covers the rest of the ecosystem your phone used to feed, including the Google Play alternatives that replace the store itself.