A secure and privacy-friendly phone: pros and cons of different options

When I started looking for a phone that offers more security and privacy than “regular” Android or iOS phones, I soon ended up in all kinds of online groups that were all very sure that “their” option was the best. I have used stock Android phones from different brands, and phones with custom ROMs such as LineageOS, Pixels with GrapheneOS, and iPhones, all with different settings and options. I realized that security and privacy are very important to me, but not at all costs. I wrote down a number of criteria that I consider important in addition to security and privacy, and these helped me choose the device that suits me best. I hope others will find this useful too, because I think the overview helps to make a balanced choice. I ultimately ended up with an iPhone, but the scores on the various criteria change over time, and so will my preferences, so I may change again in a while. Here are the criteria:

Security: this concerns protection against hacks. Phones with a secure operating system (OS) that receive security updates quickly and have options that make it difficult for hackers who have access to your phone (such as restricting the use of the USB port and resisting repeated password entries) score highest in this category. Examples include recent iPhones and Pixels with the stock OS or Pixels with GrapheneOS. Other custom OSs usually only run with an unlocked bootloader, which poses a security risk. Custom OSs are also often created by a few developers and may suddenly stop releasing updates (such as DivestOS and CalyxOS recently). Alternative operating systems, such as Ubuntu Touch, are less secure than iOS and Android. Downloading apps from the iOS App Store or Google Play is safer than most alternatives. Stock Android phones usually have many apps per-installed, but the fewer apps, the smaller the attack surface.

Privacy: this concerns the unwanted sharing of data on your phone or about your phone usage with other parties. Phones with open source software and a focus on security and privacy, such as GrapheneOS, score best in this regard. Android phones with the manufacturer’s OS, such as Samsung’s OneUI, share your data with both Google (e.g., via Google Play Services and the Play Store) and the manufacturer (e.g., via the browser). iPhones also share data with Apple, but iOS offers more options to prevent data exchange than Android. Privacy-friendly de-Googled operating systems (e.g. /e/OS and LineageOS) also do this to a certain extent, but do not always receive timely or complete security updates, which sometimes calls into question the privacy claims of these options: “without security, there is no privacy.”

Autonomy: this refers to the ability to decide for yourself which apps you can install, disable, or delete, whether you can unlock the bootloader, and whether you can install other operating systems. For example, Pixels and Fairphones offer the option to unlock the bootloader and install a different operating system. Stock Android phones almost always come with apps from Google and the manufacturer, which you cannot remove or disable. Almost all apps that are pre-installed on iPhones can be deleted or replaced with an alternative.

Ecosystem: this refers to sharing settings, apps, data, and images with other devices. Apple and Samsung are particularly good at this, but it is often unclear what happens to your data. With many phones, it is easy to transfer data to another phone, but with GraphenOS, for example, this does not always work well. Switching is easier if you make limited use of the ecosystem: this made it easy for me to switch from a Pixel to an iPhone, also because I use a password manager and authenticator that run on both platforms.

Customizability: this refers to the options for adjusting your settings and home screen. With iOS, the latter is much more limited than with Android. Operating systems from certain manufacturers (Samsung, Xiaomi) and some custom operating systems offer many configuration options, while GrapheneOS offers few.

Ease of use: this concerns functionality, bugs, payment options, use in the car, and the look and feel. In this regard, iOS and stock Android are usually much better than other options. Paying with your phone and some banking apps do not work with custom OSs or GrapheneOS, and neither does Android Auto (or only in a buggy way). The most privacy-friendly mode in GrapheneOS and LineageOS, without Google Play Services, requires quite a bit of knowledge and skills, and comes at the expense of ease of use: think notifications, installing apps, making backups.

Hardware: if you have specific requirements for camera quality, sound, or screen, or for size, weight, battery life, or cost, devices that score high on security and privacy are not always available. For example, a Fairphone is quite large and its cameras are not great.

Price: Mid-range and budget phones often have shorter (full) security updates. Pixels are usually expensive and are made by Google. Second-hand Pixels from the ‘a’ series (8a, 9a) are relatively cheap and score well on security and privacy, provided that you install GrapheneOS on them. New iPhones are expensive, but retain their value longer than Android phones.

Last edited by @M1chiel 2025-09-25T14:22:15Z

At this point I think we should reiterate into iOS with Lockdown Mode and MIE vs GrapheneOS when it comes to security and privacy with a proper comparison rather than all of this sentence.

and depending on the threat model either you have to pick GrapheneOS or otherwise you can just use iOS (with Tweaks) or GrapheneOS

There are quite a lot of recommendations depending on the scenario.

• Cheap anti-forensics/burner phone: Pixel 8a and 9a with Graphene OS.
• Great all-rounder: iPhones. iPhone 17 series and after gets bonus points because of MTE.
• Best Security and Privacy: Pixel 8 and 9 series with Graphene OS (because of MTE)
• Stock-ish android experience with less bloatware but limited update frequency: Sony and Motorola
• Anti-Big Tech/Maximum repairability but no care for the latest security or OS updates: Fairphones with either e/os or stock.

Obviously the newer iPhone and Pixel series are the best in privacy and security. However there are a lot more categories besides those two.

so so, like that!
different categories, threat models etc.

Huge plus for the iPhone from a security standpoint. I feel safe with my family using iPhones in this regard.

My personal stance against iPhones are purely the lack of interoperability (walled garden) which hurts usability and limits options for privacy respecting alternatives. My ethical qualms with Apple are slightly lowered in their two most recent phones, as I’ll discuss below, but I’m still quite skeptical if this will stick or not.

On recent high notes, Apple recently moved to support right-to-repair in various key states and seems to have actually followed through so far with recent models of iPhones having trended towards being more repairable. On a side note, the Pixel 9 sadly got a little more cumbersome to fix than the Pixel 8a, but is still repairable without doing permanent damage to the phone. Apple has also has self-reported that they have developed the iPhone 17 models with 100% recycled cobalt. I’d like a third-party supply chain evaluation like the one they did in 2022 before I believe that statistic as they are currently facing a greenwashing lawsuit (but may not be as damning given most of the plantiffs are Apple competitors). Assuming the 100% recycled cobalt claim is true, this removes a lot of blood from their hands from the nefarious cobalt mining still growing due to consumer EVs and solar battery storage.

However, Apple is still covertly pushing lobbyists against right-to-repair to support their business model requiring sales of newer model phones every two to three years. This makes it clear that their right-to-repair movements is less of a culture shift in management and more business strategy as usual. These types of market-led changes are brittle and are often retracted if the market becomes complacent (hopefully this never happens but could).

The more menacing issue with Apple though is its walled garden and intentional lack of compatibility with other devices and third party markets. Cell phones are the core areas of our life where we can leak the most information through usage of convenient apps. I recently was trying to help a friend with using Tor on iOS and they got intimidated as they needed to download two apps (Orbot and OnionBrowser) just to search the web. We in the privacy community may be tempted to blame the user, but to me, this walled gardening is no longer just an annoyance, it can be a barrier given the way Apple enforces their version or no version policies. And for the privacy developers who maintain an app, must pay money to keep it in there, and users often have to pay for it. There’s already a lot of fatigue with the subscription service models and so this provides yet another barrier to privacy that just doesn’t exist in the android ecosystem. This adds barriers to entry for open source solutions to develop in communities without capital resources.

So good on Apple for doing better with privacy hardware and ethical circular recycling programs. It really is just so close. But there’s still that bad taste in my mouth that severely limits options if Apple is the solutions that people move to. I can’t wait for the day everything is just on god damn Linux and cooperates to standards. What’s sad is that if Apple removes this last piece, they likely couldn’t support their privacy and green incentives with the same profit margins. I just don’t see a world yet where I trust or believe that the Apple ecosystem is the way to go as it requires it’s services to remove options for consumers and keep them trapped.

Just my two cents.