P PrivacyPhones
Guide

GrapheneOS vs /e/OS: Which Privacy Phone OS Should You Choose?

An in-depth comparison of GrapheneOS and /e/OS — the two leading privacy-focused mobile operating systems. We compare security, usability, device support, ecosystem, and pricing to help you decide.

TL;DR: GrapheneOS is the gold standard for mobile security — it hardens Android at every level but only runs on Pixel phones. /e/OS prioritizes de-Googling and ease of use, supporting 250+ devices with built-in cloud services and an app store. Choose GrapheneOS if security is paramount; choose /e/OS if you want a Google-free experience on diverse hardware with minimal technical effort.

GrapheneOS vs /e/OS: Which Privacy Phone OS Should You Choose?

The privacy phone landscape has narrowed. With CalyxOS entering an indefinite hiatus in August 2025 — its founder and lead developer both departing, the project recommending users uninstall due to stalled security patches — the realistic choices for a privacy-focused Android have consolidated into a two-horse race: GrapheneOS and /e/OS.

Both share the goal of giving users control over their data, but they approach the problem from fundamentally different angles. GrapheneOS is a security-hardened fortress. /e/OS is a user-friendly escape hatch from Google’s ecosystem. Understanding which philosophy matches your needs is the key to choosing well.

Overview: What Are These Operating Systems?

GrapheneOS

GrapheneOS is a privacy and security-focused mobile operating system built on the Android Open Source Project (AOSP). Led by security researcher Daniel Micay, the project has been in active development since 2014 under a nonprofit foundation.

Its philosophy is simple: security is the foundation of privacy. You cannot have meaningful privacy without strong security, and every design decision flows from that principle. The OS strips out Google services by default but offers them as an optional, sandboxed installation — a pragmatic acknowledgment that many users need app compatibility without compromising the security model.

GrapheneOS currently runs exclusively on Google Pixel devices, chosen because Pixels offer the hardware security features (verified boot, Titan M security chip, relockable bootloader) the project requires.

/e/OS

/e/OS (pronounced “ee-oh-ess”) is a de-Googled mobile operating system created by Gaël Duval, the founder of Mandrake Linux. (If you’re choosing between the two, you may also want our GrapheneOS beginner’s guide and our best privacy phones buyer’s guide.) Launched in 2018 through the e Foundation (a nonprofit based in Paris), /e/OS is forked from LineageOS and strips out every Google service and tracker baked into stock Android.

The project’s philosophy centers on digital freedom and accessibility. Where GrapheneOS asks, “How do we make Android maximally secure?”, /e/OS asks, “How do we make a Google-free phone that anyone can use?” The OS ships with its own cloud services, a unified app store, and a polished interface designed to feel familiar to mainstream smartphone users.

/e/OS is closely tied to Murena, a commercial company that sells phones with /e/OS pre-installed — offering a true out-of-the-box de-Googled experience for people who don’t want to flash firmware themselves.

Security Comparison

This is where the two operating systems diverge most sharply. GrapheneOS is, by a significant margin, the more secure option.

Verified Boot

GrapheneOS fully supports Android Verified Boot (AVB) with a custom signing key. When you install GrapheneOS on a Pixel and re-lock the bootloader, the device verifies the integrity of the entire OS on every boot. If the OS has been tampered with, the device refuses to start. This is the same level of boot integrity that stock Pixel devices offer — but with GrapheneOS’s hardened OS instead of Google’s.

/e/OS supports verified boot on a limited number of devices (mainly recent Pixels and some Fairphones), but the majority of its 250+ supported devices run with unlocked bootloaders. An unlocked bootloader means a physically compromised device can have its OS modified without detection — a meaningful security gap.

Update Speed

GrapheneOS ships security patches with remarkable speed. The project has OEM-level access to Android security patches under embargo, meaning its Security Preview channel often delivers fixes before most phone manufacturers. The stable channel typically receives full monthly Android Security Bulletin patches within days of release.

/e/OS is based on LineageOS, which introduces an additional layer of dependency. Security patches must first be integrated into LineageOS, then into /e/OS. This can result in delays of weeks to a couple of months, depending on the device. The /e/OS 3.2 release, for instance, shipped with October 2025 security patches. While the team has been improving turnaround times, the structural delay remains.

Hardening and Sandboxing

GrapheneOS implements extensive hardening that goes well beyond AOSP:

  • Hardened memory allocator (hardened_malloc): Defends against heap exploitation, a common attack vector.
  • Stricter SELinux policies: Tighter sandboxing for all apps and system processes.
  • Per-connection MAC randomization: Prevents network-level tracking across Wi-Fi connections.
  • Hardened kernel: Additional exploit mitigations applied to the Linux kernel.
  • Network permission toggle: Apps can be denied network access entirely — a feature stock Android doesn’t offer.
  • Storage scopes: Fine-grained control over which files an app can access.
  • Contact scopes: Share only selected contacts with specific apps.
  • Sensor permissions: Control access to accelerometer, gyroscope, and other sensors.
  • Auto-reboot timer: Automatically reboots the device after a configurable period of inactivity, clearing encryption keys from memory and returning the device to a “Before First Unlock” state.
  • Duress PIN/password: A separate PIN that, when entered, triggers a full device wipe — a last resort for high-threat scenarios.

/e/OS offers its Advanced Privacy feature, which provides tracker blocking, IP address masking, and the ability to feed fake location data to apps. These are useful privacy tools, but they operate at the application layer rather than hardening the OS itself. /e/OS does not implement a hardened allocator, does not add kernel hardening beyond what LineageOS provides, and does not offer the same depth of sandboxing controls.

The Verdict on Security

If your threat model involves sophisticated adversaries — state actors, targeted attacks, forensic extraction — GrapheneOS is the clear choice. It is widely regarded, including by security researchers and organizations like Privacy Guides, as the most secure mobile operating system available to consumers.

If your primary concern is keeping your data away from Google and ad-tech companies, /e/OS’s privacy features are more than adequate for that use case.

Usability Comparison

Setup Experience

GrapheneOS can be installed via a web-based installer at grapheneos.org. Connect a Pixel via USB, follow the browser prompts, and the OS is flashed and the bootloader re-locked within minutes. Surprisingly painless — but you need a compatible Pixel. (For the full walkthrough, use our step-by-step setup guide.)

/e/OS offers multiple paths. Murena sells phones with /e/OS pre-installed — plug in your SIM and go. For DIY installation, the Easy Installer (Windows, Linux, macOS) guides users through flashing step by step. There’s also a command-line option for advanced users.

Daily Use

GrapheneOS looks and feels like stock Android — clean, minimal, fast. The Vanadium browser (based on Chromium with privacy hardening) is included. The OS ships without Google services, but you can optionally install Sandboxed Google Play — the real Google Play Services running in a standard app sandbox without special privileges. This means most apps, including banking apps and those requiring Google Play, work normally. It’s an elegant solution: full compatibility without giving Google system-level access.

/e/OS ships with a customized launcher, its own suite of default apps (mail, calendar, notes, file manager), and microG — an open-source reimplementation of Google Play Services. microG handles push notifications and basic Play Services API calls, allowing many Google Play apps to function. However, microG’s compatibility isn’t perfect; some apps that rely on deeper Play Services integration (certain banking apps, Google-dependent fitness trackers, some games with anti-cheat) may not work correctly.

/e/OS also includes Murena Search (a privacy-respecting meta-search engine) and integrates with Murena’s cloud services out of the box.

App Compatibility

GrapheneOS with Sandboxed Google Play offers near-complete app compatibility. Banking apps, ride-sharing apps, and even most apps with SafetyNet/Play Integrity checks work because they’re running against the real (but sandboxed) Google Play Services. The GrapheneOS team actively works on compatibility.

/e/OS with microG covers the vast majority of apps — estimated at 90%+ for typical use. But the remaining fraction can be frustrating if it includes an app you depend on. The App Lounge store, which aggregates apps from both F-Droid (open source) and the Google Play catalog (accessed anonymously), makes finding and installing apps easy. Each app listing shows a privacy score based on tracker analysis.

Device Support

GrapheneOS

GrapheneOS currently supports Google Pixel phones only:

  • Pixel 6 / 6 Pro / 6a
  • Pixel 7 / 7 Pro / 7a
  • Pixel Fold
  • Pixel 8 / 8 Pro / 8a
  • Pixel 9 / 9 Pro / 9 Pro XL / 9 Pro Fold
  • Pixel 10 / 10 Pro / 10 Pro XL (added with Android 16)

This Pixel exclusivity is a deliberate technical choice — Pixel hardware meets the project’s strict requirements for verified boot, a relockable bootloader, and timely firmware updates. However, this is about to change. In October 2025, GrapheneOS confirmed a partnership with a major Android OEM to bring the OS to Snapdragon-powered flagship devices, with the first supported hardware expected in 2027. The team has expressed interest in the Snapdragon 8 Elite Gen 5 platform. This expansion could significantly broaden GrapheneOS’s appeal.

/e/OS

/e/OS supports over 250 devices across many manufacturers:

  • Google Pixel (Pixel 3 through Pixel 9 series)
  • Samsung Galaxy (wide range of S, A, and Note series)
  • Fairphone (4, 5, and 6 — a natural partner for the sustainability-conscious)
  • OnePlus (various models)
  • Xiaomi / Poco / Redmi (selected models)
  • Shift (Shiftphone 8)
  • Gigaset, Teracube, CMF phones
  • And many more via community builds

This breadth is a major advantage. You can often give new life to an older device by installing /e/OS, and Murena offers pre-installed options for those who want zero setup effort. The tradeoff is that not all devices receive the same quality of support — flagship Pixels and Fairphones get priority, while older or more obscure devices may see slower updates.

Ecosystem: Cloud Services, App Stores, and Bundled Apps

GrapheneOS

GrapheneOS takes a minimalist approach to the ecosystem:

  • GrapheneOS App Store: Provides GrapheneOS-specific apps, system updates, and a mirror of core Google Play apps for easy Sandboxed Google Play installation.
  • No bundled cloud services: GrapheneOS doesn’t push you toward any cloud provider. You choose your own email, storage, and sync solutions.
  • Vanadium browser: A hardened Chromium-based browser included by default.
  • Auditor app: Allows hardware-based verification of OS integrity between devices.
  • No default app suite: You build your own app stack. This appeals to power users but may feel bare for newcomers.

/e/OS

/e/OS provides a much richer out-of-the-box ecosystem:

  • Murena Workspace (murena.io): A Nextcloud-based cloud platform offering email, contacts, calendar, notes, file storage, and office documents — all synced to your device. Free tier available, paid plans for more storage.
  • App Lounge: A unified app store combining F-Droid’s open-source catalog with anonymized access to the Google Play catalog. Apps are labeled with privacy scores based on tracker and permission analysis.
  • Bundled apps: Mail, calendar, notes, file manager, gallery, weather, and more — all pre-installed and integrated with Murena’s cloud.
  • Advanced Privacy dashboard: A centralized view of which apps are using trackers, with controls to block tracking, mask your IP, and spoof location.
  • Murena Search: A privacy-friendly search engine aggregating results without user profiling.

If you want a “just works” experience that replaces the entire Google ecosystem — Gmail, Google Drive, Google Calendar, Google Photos — /e/OS with Murena is far ahead of GrapheneOS in providing a ready-made alternative.

Privacy Approach: Two Different Philosophies

Understanding the philosophical difference between these projects is crucial for choosing the right one.

GrapheneOS: Security as the Foundation of Privacy

GrapheneOS believes that privacy without security is an illusion. If an attacker can compromise your device, no amount of de-Googling will protect your data. Therefore, GrapheneOS focuses first on hardening the OS against exploitation, then gives users granular controls to limit data exposure. Google services are treated as “just another app” — sandboxed, permissioned, and unable to access anything you don’t explicitly grant.

This means GrapheneOS doesn’t remove Google as a concept. Instead, it neutralizes Google’s special privileges. You can run Google apps if you choose — they just can’t do anything a regular app can’t do.

/e/OS: De-Googling as the Path to Privacy

/e/OS believes that Google is the primary privacy threat for most smartphone users. By removing every Google service, tracker, and default at the system level and replacing them with privacy-respecting alternatives, /e/OS addresses the single biggest source of data collection for ordinary users.

This philosophy prioritizes the practical privacy experience over theoretical security hardening. For the average person who isn’t targeted by state-level adversaries but doesn’t want Google tracking their location, reading their emails, and profiling their behavior, /e/OS provides an immediate, comprehensive solution.

Neither approach is wrong. They serve different threat models and different users.

Pricing

GrapheneOS

GrapheneOS itself is completely free — open source, no subscriptions, no strings attached. Your cost is the Pixel hardware:

  • A new Pixel 8a (the budget-friendly option) runs roughly $350–$450 USD.
  • Flagship models like the Pixel 9 Pro range from $800–$1,100 USD.
  • Used Pixels (Pixel 7 or 8 series) can be found for $200–$350, offering an excellent entry point.

There are no ongoing fees. The project is funded by donations.

/e/OS

/e/OS is also free to download and install on your own device. If you want a pre-configured device, Murena sells phones with /e/OS pre-installed:

  • Murena Fairphone 5: Starting around €630 / $680 USD.
  • Murena Fairphone 6: Around €599 / $749 USD (reduced from initial pricing).
  • Murena Shiftphone 8: Around €580 / $630 USD.
  • Refurbished Samsung devices with /e/OS are available for €250–€400.

Murena also offers Murena Workspace cloud services — a free tier with limited storage, and paid plans starting at a few euros per month for additional capacity.

The Murena premium (typically €30–€50 above the bare phone’s retail price) supports the e Foundation and guarantees a working /e/OS installation out of the box.

Comparison Table

FeatureGrapheneOS/e/OS
BaseAOSP (direct)LineageOS (AOSP fork)
PhilosophySecurity-firstDe-Google-first
Supported devicesPixel only (expanding 2026–2027)250+ devices (Samsung, Pixel, Fairphone, OnePlus, Xiaomi, etc.)
Verified boot✅ Full (with re-locked bootloader)⚠️ Limited (Pixels, some Fairphones)
Security patch speedSame-day to daysWeeks to months
Kernel hardening✅ Extensive❌ Minimal (LineageOS baseline)
Hardened malloc✅ Yes❌ No
Google Play compatibilitySandboxed Google Play (real, full compat)microG (open-source, ~90% compat)
App storeGrapheneOS App Store + optional Play StoreApp Lounge (F-Droid + anonymized Play)
Built-in cloud services❌ None (choose your own)✅ Murena Workspace (email, storage, calendar)
Tracker blockingPer-app network permission togglesAdvanced Privacy dashboard
Auto-reboot✅ Configurable timer❌ No
Duress wipe✅ Duress PIN/password❌ No
Pre-installed devices❌ No (flash yourself)✅ Murena phones (buy ready to go)
Ease of setupWeb installer (USB + Pixel required)Easy Installer GUI or pre-installed
CostFree (bring a Pixel)Free (bring a phone) or buy Murena device
Target userSecurity-conscious, technicalPrivacy-conscious, mainstream
OrganizationGrapheneOS Foundation (nonprofit)e Foundation (nonprofit) + Murena (commercial)

Who Should Choose What?

Choose GrapheneOS if…

  • Security is your top priority. You want the most hardened mobile OS available to consumers, full stop.
  • You’re comfortable with a Pixel. You either already own one or don’t mind buying one.
  • You want real Google Play compatibility without giving Google system-level access. Sandboxed Google Play is the best solution for running banking and mainstream apps on a de-Googled device.
  • You need fast security patches. Your threat model demands staying current with the latest fixes.
  • You value minimalism. You prefer building your own app and services stack rather than using pre-selected defaults.
  • You have a high-risk threat model. Journalists, activists, whistleblowers, and anyone facing targeted surveillance should strongly consider GrapheneOS. Features like the auto-reboot timer and duress PIN were designed with real-world adversarial scenarios in mind.
  • You can wait for OEM expansion. If you love the GrapheneOS model but don’t want a Pixel, the upcoming Snapdragon partnership (expected Q4 2026 / Q1 2027) will open new hardware options.

Choose /e/OS if…

  • De-Googling is your main goal. You want to stop sending data to Google without rebuilding your entire digital life from scratch.
  • You want a complete ecosystem out of the box. Murena Workspace replaces Gmail, Google Drive, Google Calendar, and Google Contacts with a single, integrated alternative.
  • You prefer a ready-made experience. Buy a Murena phone, insert your SIM, and you’re done. No flashing, no command line, no bootloader to re-lock.
  • You have a non-Pixel phone you’d like to convert. /e/OS’s massive device list means your Samsung, Fairphone, OnePlus, or Xiaomi might already be supported.
  • You value sustainability. The partnership between /e/OS and Fairphone is a natural fit for people who care about both digital privacy and environmental impact. Give your old phone a new, Google-free life.
  • You’re setting up a phone for a family member who isn’t technical. /e/OS is designed to feel familiar — the learning curve is gentle, and the App Lounge makes finding apps intuitive.
  • Your threat model is corporate surveillance, not state actors. If your concern is ad-tech tracking and data harvesting rather than targeted exploitation, /e/OS’s approach is well-suited to your needs.

The Bottom Line

GrapheneOS and /e/OS are both excellent projects deserving of support. They aren’t truly competitors so much as complementary responses to different aspects of the same problem.

GrapheneOS answers: “How do I make my phone as secure as technically possible?” /e/OS answers: “How do I stop Google from knowing everything about me?”

With CalyxOS out of the picture, these are the two serious options for privacy-conscious Android users in 2026. And with GrapheneOS’s upcoming OEM expansion, the landscape is only going to get more interesting.

Our recommendation? If you can run GrapheneOS, run GrapheneOS. Its security advantages are substantial. But if GrapheneOS doesn’t fit your device, budget, or comfort level, /e/OS is a genuinely good alternative that will meaningfully improve your privacy compared to stock Android.

Privacy isn’t one-size-fits-all. The best privacy OS is the one you’ll actually use.