Phones

Privacy and security advice for mobile phones.

Last edited: September 10, 2025.

This article aims to educate people about the privacy and security of mobile phones. It is somewhat opinionated, although I try to be as objective as possible. I will also not be taking any threat models into account — the advice is based on what I believe most people should be using.

# Hardware

An up-to-date Google Pixel, with GrapheneOS, is currently the only recommended phone. Google Pixels are the only devices with proper security features as listed by GrapheneOS, and there simply is no competition. Ventral Digital may be able to add to this. According to GrapheneOS, the next best thing would be to use an Apple iPhone in Lockdown Mode with Advanced Data Protection, but it still would not be as private and secure as a Google Pixel with GrapheneOS. You can read more about the hardware security of iPhones on Apple's Platform Security page.

For more information about GrapheneOS, see "Operating systems".

❗ Important: Make sure to buy a Google Pixel that is carrier-unlocked, otherwise you will not be able to install GrapheneOS.
ℹ️ Note: GrapheneOS is collaborating with an OEM in order to produce official GrapheneOS supported devices. GrapheneOS expects these devices to be available around 2026 or 2027 if things go smoothly.

| Specific models

The Pixel 'a' series are recommended, unless you need the better hardware. The 'a' series are cheaper and have longer update support. Please also read "Which devices are recommended?" and "Which Pixel to choose?".

If you are planning on buying an iPhone, you should know that these are not made equally either. Newer iPhones of course have longer update support when compared to previous models, but they also profit from more secure hardware. For example, the A14 Bionic chip and above supports memory tagging, the A15 Bionic chip and above supports JITBox and the newest A18 chip supports Secure Indicator Light (SIL). [source] Apple also has their own overview on their SoC security. You can compare iPhones on Apple's official site.

# Software

| Operating systems

As mentioned earlier, GrapheneOS is the only recommended operating system. GrapheneOS is by far the most usable and hardened custom operating system available for Google Pixels — others only make things worse when compared to stock Android. GrapheneOS has a lot of added security features compared to AOSP, has existed for 11 years with a really good track record, releases (security) updates as soon as possible and is overall made by very skilled developers. The best thing is that it is free and open source and has nearly no downsides compared to stock Android. It is truely the best operating system at the moment.

For those who are afraid of bricking their device while flashing GrapheneOS, do not worry. It is almost impossible to brick your device when using the web installer. Here is a high quality video from "Side of Burritos" that shows this.

| App stores (Android)

Recommended app stores are the GrapheneOS App Store, Accrescent (available through the GrapheneOS App Store) and the (sandboxed) Google Play Store. Accrescent is the most private and secure option for third-party applications, but it is sadly still in alpha and does not offer a lot of apps. Please be patient.

Other options, including F-Droid and Aurora Store, are all problematic and simply are not worth using over the options stated above. Obtainium + AppVerifier is fine, but it will not secure the initial download beyond the HTTPS connection security, unlike a proper app store.

❗ Important: Accrescent needs funding. If you can, please donate!

| Messengers

Use Signal / Molly, preferably with a burner or VoIP number, or SimpleX Chat. Here is a high quality comparison between messengers.

Molly is only recommended if you are planning on using your device without Google Play Services or if you use one of its added features, as it requires trusting another party and might suffer from delayed (security) updates. Generally, it is recommended to use Signal over Molly.

| Browsers

Use Vanadium with Tor or a trusted VPN or Safari with iCloud Private Relay for GrapheneOS and iOS, respectively. It is recommended to stay away from extensions, as they can make you stand out more and increase your attack surface. Avoid Firefox, Firefox-based and WebView-based browsers.

For more information about VPNs, see "VPNs" below.

| VPNs

A VPN is an important tool to hide your IP address, blend in with other users and work around MITM attacks. Be aware that you are simply shifting trust from your ISP to your VPN provider, so please use a trusted VPN provider like Mullvad VPN (and make sure to pay anonymously). Tor VPN is a replacement of the insecure Orbot and will hopefully also be a good option in the future, but it is still experimental software. Please use your VPN provided DNS so you will blend in with other users.

| Settings

# General

# Physical protections

# (Extras)

| Backups

It is recommended to follow the 3-2-1-1-0 backup strategy:

3 - Keep at least 3 copies of any important file: 1 primary (the original) and 2 backups.

2 - Keep the files on at least 2 different media types (e.g., disk and cloud).

1 - Store at least 1 copy off-site (to survive local disasters).

1 - Store at least 1 copy air-gapped (disconnected from your network) or immutably (so malware cannot modifiy it).

0 - Verify backups regularly so they complete with 0 errors and are recoverable.

If you are going to make use of cloud storage, please encrypt your data with software such as Cryptomator.

| Battery


Back