I used my Huawei Mate 20 Pro from 2018 till it died in and then bought a used Pixel 8 Pro to run Graphene OS on, genuinely good decision to live without all the BS of Apple and Google and just have a functioning, secure and private smartphone that coppers can not get into and I can safely cross borders with.
this post was submitted on 05 Sep 2025
40 points (100.0% liked)
Privacy
2415 readers
101 users here now
Icon base by Lorc under CC BY 3.0 with modifications to add a gradient
founded 2 years ago
MODERATORS
The tradeoff of buying an old pixel is that their batteries are smaller than budget phones of 2024-25.
The tradeoff of buying Motorola is that their bootloaders are not readily unlockable and you risk not being able to do this if you buy too old.
I think a nice middle option is Nothing Phone, with bootloaders unlockable without requesting codes and average support in custom ROMs (Lineage only supports the 1 and 2, iodé and /e/ I believe support the 2a, 3 series and the CMF Phone)
I categorically avoid everything Google, so the choice is easy for me.
I hope that GrapheneOS or something like it will support non-Google hardware one day, but until then, it's LineageOS and never leaving my phone unattended near a potential adversary.
I've just switched my OnePlus 8T over to LineageOS without GApps and it's very useable, the only thing missing for me is contactless payments.
I've not used GrapheneOS but I can't imagine it's really all that different to Lineage right?
Graphene is supported on only Pixel devices. That's going to be your first hangup.
If you have a Pixel - Graphene is much more hardened than Lineage with far more aggressive sandboxing, and you can re-lock the bootloader with custom signing keys (also why only Pixels are supported).
Definitely GrapheneOS. It's the best Android experience you can have right now, hands down. Better than stock Android, and it may not be around forever. Take advantage while you can. $500 is a small price to pay for the peace of mind.
Something to note about GrapheneOS and its leadership (my personal opinion):
The main guy (I forget his name) can be rather hostile in his communications with other people - more hostile than even Louis Rossmann (which says a lot) - and seems to be incredibly paranoid. From what I've seen in all his communications I've come across, he seems to have a particularly nasty case of "if you're not with us, then you're against us". With everyone. Once he thinks that you might have any qualms with him or his product, he will become hostile and defend his position until you either leave or he bans you from any community he has control over. I've been down that road a couple times.
That said - Graphene is a solid ROM for those concerned about security, especially so if you relock the bootloader. I don't think you'll find a more secure ROM, and I think his paranoia lends to that aspect a lot.
It’s the best Android experience you can have right now, hands down
Best secure Android experience. Certainly not the best from a usability standpoint, but I digress. If security is what you're looking for, Graphene is definitely the way to go. Just proceed with caution.
he will become hostile and defend his position until you either leave or he bans you from any community he has control over. I’ve been down that road a couple times.
Just proceed with caution.
So you hold a grudge because they banned you for something, and now you're passive-aggressively spreading FUD, even as you recognize its superior security. What do you even mean by proceeding with caution? Be careful you don't get banned from a chat server, or something more vague and nefarious? This kind of petty mud slinging is the bane of open source software's existence everywhere.
Best secure Android experience. Certainly not the best from a usability standpoint, but I digress
Unrelated to the above, but what do you mean by this? Graphene is by far the most usable custom ROM I have ever used. Everything just works out of the box, including Google Play and banking apps (at least the ones I use) without compromising on privacy or security. The only times I've encountered a broken app, I could always fix them by disabling the hardened allocator for that app in the app info dialog, which does technically compromise security a little, but is a low risk trade off in most cases.
EDIT: I came to these conclusions on my own without any outside influence - only personal observations and experiences with Graphene and it's devs.
So you hold a grudge because they banned you for something,
No grudges held, and I, personally, wasn't banned from anything. I've had conversations with him a couple times, and observed many of his comments in threads where he gets extremely defensive or outright hostile over very little.
and now you’re passive-aggressively spreading FUD,
Hardly. You wanna bring up FUD? There's a thread on Graphene's own forum regarding the situation with Calyx OS where the dude absolutely trashes Calyx based completely on speculation and his past experiences with CopperheadOS. One of the people who recently left Calyx eventually came into that thread and gave some context. Hell, Louis Rossman, an infamous asshole in his own right, even got fed up with this dude and tried to set the record straight TWO YEARS AGO.
In Louis' video, the Graphene dude had the balls to claim "autism" as a defense to his attitude, which, as a father to a few kids on the spectrum, is 100% bullshit and a straight slap in the face. You cannot be an absolute ass to people as a grown ass adult, and then claim "but autism".
even as you recognize its superior security.
Well, yeah - this is one of those cases where one can easily separate the art from the artist, so to speak. The "art" is objectively good, as it's pretty clear the guy puts in a lot of work to make it that way. I recommended it to a friend just yesterday who almost got suckered into some proprietary "privacy" garbage.
What do you even mean by proceeding with caution? Be careful you don’t get banned from a chat server, or something more vague and nefarious?
He's an absolute ass when it comes to criticism of any sort, validity be damned.
This kind of petty mud slinging is the bane of open source software’s existence everywhere.
Dude clearly hasn't gotten that message, given his own complete trashing of Calyx's situation.
It's one thing to be critical of a person's attitude on a public forum, especially when that person heads a well-known project. It is a completely different thing to absolutely trash an entire project on a public forum simply because you don't agree with some of their methods.
I encourage you (and anyone else seeing this) to actually go and watch Techlore's Graphene OS videos that the dude constantly drags through the mud as well. I think you'll be surprised. The dude needs to seek help, and I mean that in the most legitimately concerned way possible.
Unrelated to the above, but what do you mean by this? Graphene is by far the most usable custom ROM I have ever used. Everything just works out of the box, including Google Play and banking apps (at least the ones I use) without compromising on privacy or security. The only times I’ve encountered a broken app, I could always fix them by disabling the hardened allocator for that app in the app info dialog, which does technically compromise security a little, but is a low risk trade off in most cases.
I think that just comes down to what the typical custom ROM user expects. The aggressive sandboxing and other security measures can break things like notifications, banking apps, and whatnot, which the typical custom ROM user might have issues with. But like you said, fixing it is trivial, albeit with some compromises in the security model of Graphene OS itself.
It all depends on their security and privacy posture requirements. The reason there exists as many options as there are, is because there is not one solution for everyone.
I second getting a used pixel a gen or two behind. That way you aren't supporting google in any meaningful way, it's still a great phone, and saves money. Unless you need the marginal performance gains of the newest phone, it's really not worth it
This is what I did with my Pixel 7 and I third it! As long as you go through a well-established refurbisher there is little risk and the phone will often come with a warranty/30 day return window. If you are US-based I used backmarket.com, where a P7 is currently $183 and a P8 is $298. Reasonable price, no money goes to Google directly, and I have been very happy with GrapheneOS.
Yeah I've had pretty good luck in eBay for my phones. I think the p6 I'm running now was 150? I debate on upgrading to the p8 for a newer battery mine struggles and I can keep the p6 for playing with mobile Linux or something
I just got a refurbed 8 pro. It was around 500 and this way the money do not goes to google.
A 500$ pixel 9a gets support for 7 years
Those cheap phones get updates for 2 years max
Also, they are actually usable, unlike the cheap budget phones
Eh, budget phones in 2025 aren't like those in 2015, they are quite usable these days
Even flagships from 10 years ago are still decent. I still have my OG Pixel XL from 2016, which is still officially supported by Lineage OS. I pulled it out the other day to test the "fully de-googled" experience on LOS22. Wiped it clean, installed TWRP, LOS22, and Magisk (because it's fucking mine).
Outside of the battery being complete garbage (dies completely at ~40%, I plan on replacing it at some point), it's still perfectly usable:
- Very little lag in the animations, which can be fixed by either speeding them up or turning them off completely
- Rear fingerprint sensor is snappy and really convenient
- The AMOLED display, considering its age, is still crisp, bright, and responsive. Mine has definitely seen better days, but I have no real complaints.
- Thermal throttling hasn't been an issue. The 810 in the preceding Nexus 6P was infamous for this (I have one of those, too), but the 821 in this device is snappy and willing to perform.
I don't think pixel getting 7 years of support would be relevant here. Op is already going to install a custom rom on it. Why would it matter here?
Op is already going to install a custom rom on it
unless Linaege is somehow managing to reverse Engeneer the Firmware for the SOC, it is pretty relevant regarding Updates. And thats something not even the GrapheneOS team is dreaming of, hence they themselves say their extended Security Updates are only a temporary solution
The Firmware on these Phones determines what Android Version is Supported, and also fixes many Security Vulnerabilities that cant be fixed using Android ROMs. So while yes, you can just somehow backport the newest Security Bulletin for Android 9, since the Firmware is so outdated, there will be so many zero click RCEs, your Phone can be compromised by a 12 year old with a flipper zero.
For Proof, please see the SOC for the Fairphone 3, which should be still supported until this day, which has 7 whole HIGH SEVERITY CVEs
My current phone is about to kick the bucket, so I'm kinda in the same boat. I was stuck between the two options you're considering, but I recently decided that my next phone's probably gonna be a Fairphone because I have yet to hear any negative reviews about them
Well, you are gonna hear the first one then
They don't offer security updates. Like at all.
They are a month behind, if not multiple. And that is if they don't just discontinue support, like for the fp5 which is running an extremely eol kernel
My plan was to put Lineage on it, would that change your mind?
Lineage OS updates aren't going to fix firmware vulnerabilities, which would need to be developed for each phone individually. That's why guaranteed security updates from the OEM are so important, because they're usually the only ones equipped to provide them. If you don't care about security that much though, it's a good way to save money and prevent the device from going to a landfill. At the very least, it could be used for gaming or some other low risk utility. I have an ancient LG G5 with LineageOS connected to a TV, which I only use for streaming video. I even blocked it from accessing the rest of my LAN just in case.
Oh, I see. I was misunderstanding what you were getting at. I've never been someone who's glued to their phone, so its mostly a reluctant device I keep for emergency and remote access to my server. Considering most of my phone time is spent VPN-free web browsing or using selfhosted services, I think I don't need to be overly concerned with security like that, right? Every phone I've ever bought has been several years old anyway
(I'm not the guy you original replied to btw)
I think I don’t need to be overly concerned with security like that, right?
There's no way to know for sure, as each vulnerability is different. There could be bug that allows remote code execution, or something crazy like that. If you have ssh keys on your phone for accessing your personal infrastructure, I wouldn't risk it. Even if you're not someone worth targeting individually, bad actors try to exploit vulns en-mass to see what sticks. I'm sure you're no stranger to random bots hitting your webservers looking for wp-admin endpoints 24/7.
I'm a software dev, not a security researcher, but my perspective gives me insight into how sloppy and irresponsibly most software is written these days. I sure as hell don't trust 's throwaway code written for yearly e-waste device #15
That's a great point, well put
Open box / refurb pixels can be around 200-300 and you can find sellers that specify the unit has unlockable bootloader which is important as some do not, like ATT / Verizon sourced ones
So after I wake up from the dream that google cares about not being evil, I sat down and defined for myself what a phone is. What do I want from that sort of device? I need to send short messages to my family (SMS) and sometimes call them. The device need's to last long so it needs to be rugged and sturdy plus having a good battery life. A good flashlight would be good. I don't take pictures so that doesn't matter. It has to be able to be used as a presentation remote (this one is not as essential need as the others but still fun). So I just bought a dumb phone which has Bluetooth 2 support. and I wrote a script so that the Linux machines listens to incoming files over Bluetooth into the downloads directory and if a file with special name comes it will first remove the file and then perform some action. for example if I share a file named "slide next" from my dumb phone to Linux device it will remove the file and then emulate the "Page Down" key press. the "discoverable" and "pairable" Bluetooth options are off so no one can mess with system. The dumb phone model is "hope k19" it's a Chinese dumb phone. You can't find much information about manufacturer online. I'm sort of happy with it. What sold it out to me was the fact that the phone had a power bank feature so it could be used to charge other phones. Well.... the power bank feature is pretty stupid to sell the phone to stupids like me. The phone can last up to 16 days depending on your use of flashlight (it has a powerful one). Although the phone is not bad, if I went back in time I'd search more to find a more rugged dumb phone. And I'd add waterproof to the wants list.
Well, we have different views I guess...
To me, a phone is more of a computer to use on-the-go.
I want an encrypted Standard Notes
A gateway to the free internet (Tor Browser)
Media player, Ebook Reader
100GB Offline Wikipedia "jusr in case" I need it somehow (I have an archivist mindset so I'm just obsessed with having information on hand, you never know if you need it)
Photos, Videos. Sometimes when racist karens harass you, or cops being bastards, you need video evidence to back you up.
Or if the normal roads get blocked and you need a detour
Or if your normal bus/subway route is closed for some reason and you need alternatives
Or if you need to get somewhere and reluctantly have to get a Uber/Lyft (I dislike those companies, but sometimes life happens)
Going to a "dumb phone" in response to the sideloading restrictions is the complete antithesis of what I want.