Step 1

The options, honestly compared

There is no single "secure phone". But there are clear differences. Here are the realistic paths – from the least effort to the strongest solution.

At a glance

Rated from the perspective of security and privacy. "Effort" covers both setup and everyday use.

Please put this in context: The following ratings are my personal, current assessment (as of 2026) – not an objective ranking. Security and privacy depend heavily on the device, configuration and usage, and can change with new findings or software versions. When in doubt, the official documentation of each project always takes precedence.

How I rate the three columns

🛡️

Security

Protection against attackers – malware, theft, targeted attacks. Factors: exploit protection & hardening, verified boot, app sandboxing, security chip, plus the speed and longevity of updates.

Scale: Very high › High › Medium › Low. Higher = better.

🕵️

Privacy

Data minimisation out of the box: how little flows automatically to the manufacturer, OS vendor and pre-installed apps? Factors: telemetry, forced accounts, tracking, degree of de-Googling.

Scale: Very high › High › Medium › Low. Higher = better.

🛠️

Effort

The work involved in setup and everyday use: installation/flashing, learning curve, app availability, compromises in daily use.

Scale: Low › Medium › High. Here "Low" = good.

Option Security Privacy Effort Who it's for
iPhone (iOS) Very high Medium–high Low A closed but well-secured system with no effort
Stock Android High Low–medium Low Enough for most people, but heavy Google integration
/e/OS (Murena) Medium High Medium Beginners who want to avoid Google
Volla Phone EU hardware Medium High Low A ready-made device without Google/Apple
Ubuntu Touch Linux Low–medium High Medium Linux enthusiasts & tinkerers
CalyxOS High High Medium Pixel users focused on everyday use + privacy
GrapheneOS Recommended Very high Very high Medium Maximum security & privacy (Pixel required)
Security is not the same as privacy. Both are rated separately here because they are different things: security = protection against attackers, malware and exploits; privacy = how little data flows off to manufacturers and services. A system can be strong on one and weaker on the other – /e/OS, for instance, offers high privacy but less hardening than GrapheneOS, which leads on both.
The hardware matters too. The best operating system is of little use on a weak hardware foundation. Google Pixels, with their Titan security chip and very fast updates, offer the strongest basis – other devices are often weaker here, regardless of the system installed.
For clarity: Most of the entries are operating systems installed on compatible hardware – not necessarily a specific device. GrapheneOS is developed exclusively for Google Pixels, CalyxOS mainly for Pixels and a few other models, while /e/OS and Ubuntu Touch run on a wider range of compatible smartphones. The iPhone and the Volla Phone, by contrast, are specific device families that already ship with their system (iOS, or Volla OS / Ubuntu Touch respectively).

The options one by one

iPhone / iOS Solid, but closed

  • Very good baseline security, long update support, Lockdown Mode.
  • Zero setup effort.
  • You have to fully trust Apple – no insight, no control.
  • Apple collects data itself; many services can't be turned off.
  • No real separation between multiple identities.

Stock Android Solid, but Google-leaning

  • Works right away, huge app selection.
  • Current devices – especially Pixels – are solid security-wise and get fast updates.
  • Google Play Services run with system privileges – a lot of data collection.
  • Privacy depends heavily on the manufacturer (Pixel cleaner, Samsung/Xiaomi more trackers & bloatware).
  • Update speed varies greatly depending on the manufacturer.

/e/OS (Murena) Convenient privacy

  • Google-free with built-in microG – very beginner-friendly.
  • Ready-made cloud and app ecosystem solution.
  • Security hardening weaker than GrapheneOS/CalyxOS.
  • microG requires system signature spoofing – a compromise.
  • Updates sometimes slower.

CalyxOS Solid alternative

  • Good privacy, microG optional, Pixel-focused.
  • Datura firewall, thoughtful default settings.
  • Relies in part on microG instead of the sandbox – less hardening than GrapheneOS.
  • Smaller team, slower to react to new Pixels.
Note the status (as of 2026): CalyxOS was on a development hiatus from August 2025 (after the departure of its founder and tech lead) and has been recovering since – with delayed updates at times. To make matters worse, Google is releasing AOSP less frequently going forward and partly Pixel-exclusively, which slows timely security updates for all custom ROMs. Nothing is compromised, but check the current project status before relying on it at calyxos.org/news.

GrapheneOS My clear recommendation

GrapheneOS is a consistently hardened, open-source Android with no Google components at its core – only for Google Pixel devices, because their hardware security (Titan security chip, verified boot, modern memory-protection features like MTE) forms the foundation.

  • Strongest exploit protection and hardened memory management.
  • Google Play optionally as a normal app in the sandbox – without system privileges.
  • Multiple user profiles with genuine data separation.
  • Per-app permissions for network and sensors.
  • Very fast security updates.
  • Requires a Google Pixel (ironic, but technically justified).
  • A bit of a learning curve – but that's exactly what this site is for.
Read the switching guide now →

Another path: European hardware & Linux

Not everyone wants to buy a Google Pixel or flash a system themselves. If you value European hardware, a Linux system or maximum independence, here are two interesting alternatives. Security-wise they don't reach the hardening level of GrapheneOS – but they are an honest, self-contained path.

Volla Phone Made in Germany

Smartphones from Volla GmbH in Remscheid, shipped ready to use without Google. At purchase you choose the system: Volla OS (Google-free Android, minimalist) or Ubuntu Touch – with multi-boot you can even run both side by side. Current models include the Volla Phone Quintus and Plinius.

  • Pre-installed & no tinkering – no need to flash anything yourself.
  • German manufacturer, no Google/Apple account required.
  • Minimalist, low-distraction interface.
  • Hardware security & verified boot not at Pixel/GrapheneOS level.
  • Slower updates, smaller community than the major ROMs.

Ubuntu Touch (UBports) Real Linux

An open-source mobile Linux system maintained by the UBports community (now based on Ubuntu 24.04 LTS). The highlight is convergence: docked to a monitor, the phone becomes a desktop. It runs on Volla devices among others, and works best on the Fairphone 5.

  • Completely Google/Apple-free, app confinement via AppArmor.
  • Desktop mode, fully open source, a European-rooted project.
  • No lock-in to a manufacturer's ecosystem.
  • Its own app world – many familiar Android apps (e.g. banking) are missing.
  • Exploit protection & hardening below that of GrapheneOS.
  • Limited device selection, maturity varies by model.
In short: Volla & Ubuntu Touch are the right choice if independence and European hardware matter more to you than the last degree of technical hardening. If your priority is maximum security, GrapheneOS on a Pixel remains the stronger option.

Why a Pixel of all things?

The most common surprise: "A Google phone for more privacy?" Yes – and for good reason.

Best hardware security

Pixels are one of very few devices that offer both an unlockable bootloader and a dedicated security chip with verified boot implemented correctly.

Bootloader can be re-locked

After installation you can lock the bootloader again with your own system – which protects against tampering. Possible with almost no other manufacturer.

Google still sees nothing

With GrapheneOS, none of Google's components are active at the core. The hardware is excellent – the software is replaced.