I used CyanogenMod/LineageOS for the better part of a decade and switched to GrapheneOS a couple years ago and haven't looked back.
When it comes to security (and privacy), GrapheneOS blows LineageOS out of the water in pretty much every way, e.g.:
- Arbitrary-length encryption passphrases
- General security hardening: Memory hardening, sandbox hardening etc.
- Non-rooted (i.e. much higher security barriers for malicious apps to take over control over your phone)
- No userdebug mode (LineageOS ROMs are often development builds which weaken the security of the OS, see e.g. https://github.com/GrapheneOS/os-issue-tracker/issues/284#issuecomment-690417436 )
- Fully secured boot chain (in other words: A thief won't be able to do much with your phone)
- Sandboxing of Google services (*if* you want to use them), i.e. Google no longer has admin access to your phone
- Being able to restrict internet access for certain apps (that's a huge one in my book)
- Being able to grant apps access only to select contacts from your contact list (contact scopes), and only select files/folders (storage scopes)
Now that I'm thinking about it, some of the above features have become so natural to me, that I find it wild that other AOSP-based ROMs (including Google's) don't have them. Moving away from GrapheneOS would be incredibly painful for me.
Depends on where you stand. I could always build GrapheneOS myself and enable root again but I just don't have any need for it and prefer the stronger security guarantees disabling root comes with.
When it comes to security (and privacy), GrapheneOS blows LineageOS out of the water in pretty much every way, e.g.:
See https://grapheneos.org/features for a much longer list.Now that I'm thinking about it, some of the above features have become so natural to me, that I find it wild that other AOSP-based ROMs (including Google's) don't have them. Moving away from GrapheneOS would be incredibly painful for me.