GrapheneOS

@andreabont @informapirata @morrolinux @gnulinuxitalia We only recommend that apps already using the Play Integrity API and unwilling to remove it move to using this instead. This enables them to support arbitrary other devices and operating systems. Other attestation roots can be supported along with arbitrary alternate operating systems via allowing their verified boot keys. That’s much better than the Play Integrity API. We’d prefer if apps didn’t check the device/OS but they insist on it.

@shiva @informatica @informapirata We don’t think these are good recommendations for users who care about privacy and security. There’s a lot more to privacy than simply avoiding Google apps/services.

We recommend https://eylenburg.github.io/android/_comparison.htm for a high quality comparison between Android-based operating systems. The other OSes listed there do not keep up with privacy/security patches which is the bare minimum. CalyxOS updates have also recently been discontinued as a whole (https://calyxos.org/news/2025/08/01/a-letter-to-our-community/).

deleted by creator

@brahms @mox @manualoverride

OEM support for the device is needed because an alternate OS cannot provide firmware updates otherwise. In practice, driver updates also come from the OEM. Providing the Android Open Source Project backports is nowhere close to full security patches. It’s unfortunate that most alternate operating systems mislead users about this by setting an inaccurate Android security patch level field, not being honest about what’s missing and downplaying the importance of it.