'%3e%3crect%20x='109.185'%20y='253.397'%20width='350.859'%20height='857.656'%20fill='white'/%3e%3cpath%20d='M274.77%20708.572H233.194V888.205H286.632C302.651%20888.205%20314.635%20883.711%20322.461%20875.088C330.287%20866.465%20334.322%20851.404%20334.322%20830.149V779.138C334.322%20752.539%20329.797%20734.2%20320.382%20723.997C310.966%20713.795%20295.681%20708.451%20274.77%20708.451V708.572Z'%20fill='%23FF5C00'/%3e%3cpath%20d='M310.966%20610.558C320.015%20601.206%20324.539%20585.295%20324.539%20563.19V530.518C324.539%20490.559%20308.887%20470.519%20277.705%20470.033H232.949V624.768H269.512C287.977%20624.768%20302.039%20619.91%20311.088%20610.436L310.966%20610.558Z'%20fill='%23FF5C00'/%3e%3cpath%20d='M277.582%200C124.362%200%200%20123.399%200%20275.704V1069.3C0%201221.48%20124.239%201345%20277.582%201345C430.803%201345%20555.165%201221.6%20555.165%201069.3V275.704C555.165%20123.52%20430.926%200%20277.582%200ZM426.523%20833.064C426.523%20878.367%20414.539%20912.739%20390.817%20936.423C375.898%20951.241%20356.7%20961.322%20333.221%20966.909V987.677C333.221%201002.5%20320.993%201014.64%20306.075%201014.64C291.156%201014.64%20278.805%201002.5%20278.805%20987.677V971.888H232.949V987.677C232.949%201002.5%20220.721%201014.64%20205.803%201014.64C190.884%201014.64%20178.655%201002.5%20178.655%20987.677V971.888H170.218C150.53%20971.888%20140.625%20962.05%20140.625%20942.496V415.743C140.625%20396.188%20150.53%20386.35%20170.218%20386.35H178.655V357.201C178.655%20342.383%20190.884%20330.238%20205.803%20330.238C220.721%20330.238%20232.949%20342.383%20232.949%20357.201V386.35H278.805V357.201C278.805%20342.383%20291.034%20330.238%20306.075%20330.238C321.115%20330.238%20333.221%20342.383%20333.221%20357.201V388.78C333.221%20389.994%20332.977%20391.087%20332.855%20392.18C354.499%20397.524%20371.863%20406.512%20384.703%20419.386C406.469%20441.491%20417.597%20475.377%20417.597%20521.045V544.364C417.597%20604.363%20397.42%20642.743%20357.556%20659.14V660.719C403.656%20676.265%20426.646%20717.074%20426.646%20782.782V833.064H426.523Z'%20fill='%23FF5C00'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_1_174'%3e%3crect%20width='555'%20height='1345'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
- Android: From open-source to Google control
- IOS: high security, but a closed system
- Open-source alternatives with Android
- Which smartphone OS for which use?
So far, we've focused mainly on securing and using your computer. However, for the majority of people, the smartphone is now the most used digital device in daily life.
Unlike computers, mobile phones generally operate on closed systems, that are tightly controlled by their manufacturers. Therefore, in this section, I propose that we explore the specific challenges related to mobile operating systems.
Android: From open-source to Google control
A brief history of Android
Android now dominates the global smartphone market, with around 72% of devices in circulation. Its development began in 2003 with the creation of Android Inc. by Andy Rubin, Rich Miner, Nick Sears and Chris White. Their original goal was to design an operating system for digital cameras.
After several rejections from investors, Android Inc. decided to reorient its project towards the creation of a mobile operating system. To set the scene, in 2003-2004, the cell phone market was booming, largely dominated by manufacturers such as Nokia, Motorola, Sony Ericsson and Samsung. The majority of devices were "nature phones", equipped with physical keyboards, small color screens, and sometimes a basic camera. Smartphones already existed, but were mainly aimed at professionals, and carried by brands such as BlackBerry.
Google bought Android Inc. in 2005 for around $50 million. Between 2005 and 2007, the company developed its operating system internally, without making a public version. During this period, there were rumors that Google was preparing a mobile device, possibly taking inspiration from the BlackBerry, which was then rapidly gaining popularity.
But in January 2007, an event marked a major turning point in the history of the smartphone: Steve Jobs unveiled the first-generation iPhone. The general belief that a physical keyboard was indispensable was shattered. The iPhone introduced a device designed for fully touch based use, that single-handedly redefined market expectations.
Faced with this revolution, Google was forced to completely rethink the direction of its Android project in order to make it compatible with a touch-sensitive interface. Later in 2007, Google officially launched Android as an open-source project based on a modified Linux kernel, under the name Android open-source Project (AOSP).
The first Android-powered device to reach the market, the HTC Dream, was released in 2008. It offered an environment that was still rudimentary, but entirely open: manufacturers and operators could freely adapt the system to their needs, while developers were able to create and distribute applications without prior validation. This approach quickly won over an active community and contributed to the widespread adoption of Android by many manufacturers.
Source : By Akela NDE - Own work, CC BY-SA 3.0
However, this initial openness will gradually be limited by Google. Alongside the AOSP open-source code, the company is developing a suite of proprietary applications and APIs, grouped together under the name Google Mobile Services (GMS). These will progressively include the Play Store, Google Maps, YouTube, Google Play Services, Gmail, Chrome and Voice Assistant. To be able to pre-install the Play Store, manufacturers must now sign a licensing agreement with Google and guarantee their devices' compatibility with GMS standards, which severely restricts their scope for customization.
Android experienced a rapid rise: it overtook iOS in market share as early as July 2011, and became the dominant mobile operating system in June 2012, following the sudden collapse of SymbianOS after Nokia abandoned it in favor of Windows Phone. Android has since remained the undisputed leader of the mobile market, and today forms a duopoly with iOS.
Open-source vs. Google
The Android project is based on a structural duality. On the one hand, the AOSP (Android open-source Project) represents the system's open-source base: it includes the Linux kernel, the system software stack, a minimal interface graphics and a set of APIs. This base is published under the Apache 2.0 license, and remains accessible to all. On the other hand, the environment actually used by the majority of Android users relies almost entirely on proprietary components developed by Google: Google Mobile Services (GMS).
These components are not open-source: they can neither be freely audited by the community, nor easily replaced. In order to legally pre-install them on their devices, manufacturers must sign licensing agreements with Google and submit to strict technical and commercial requirements. These requirements include:
- mandatory integration of several Google applications as uninstallable system applications
- visual highlighting of certain applications (Google Search, Play Store, Gemini, etc.) on the home screen
- exclusive use of Google APIs for important functions such as synchronization, push notifications and geolocation
This is gradually creating a structural dependency for smartphone manufacturers, and making the transmission of personal data to Google's servers almost inevitable for the end user. These services aim to guarantee a smooth, consistent user experience, but also centralize sensitive functions such as automatic data backup, passive geolocation, or permanent authentication via a Google account (often required to fully exploit one's device).
Although Android remains, in theory, an open-source system at its core, the majority of Android smartphones sold worldwide run on a version modified and enhanced by Google. In this version, the open-source layer is largely hidden beneath a proprietary, locked-down and intrusive overlay.
To really regain control, it's therefore necessary to turn to alternatives such as free ROMs (GrapheneOS, CalyxOS, etc.), which we'll look at later in this course.
iOS: high security, but a closed system
A brief history of iOS
iOS is the operating system developed by Apple for its smartphones, introduced with the first iPhone in 2007 (then called "iPhone OS"). From the outset, Apple has adopted a strategy of complete vertical integration: hardware, software, operating system, online services and application store are all designed, controlled and maintained by Apple. Initially, native applications not produced by Apple were not even supported. This approach contrasts sharply with Android, whose ecosystem was much more fragmented from the start, and still is today.
iOS was initially based on the operating system used by the Mac: OS X. It uses a hybrid kernel derived from Darwin, itself derived from BSD Unix and the Mach microkernel. This technical foundation enables iOS to inherit a number of robustness and stability properties specific to Unix systems. The system is therefore designed around strict security principles, including:
- complete sandboxing of applications, preventing one app from accessing another's data or processes
- mandatory signature of application code, guaranteeing the integrity of binaries and their origin (App Store only)
- hardware data encryption right on the chip, via the Secure Enclave, a cryptographic coprocessor isolated from the rest of the system
- rapid security updates, deployed directly by Apple on all devices, with no intermediaries
This closed architecture enables Apple to guarantee a fluid and secure user experience. Centralized development also facilitates hardware-software optimization, with little variability between models, unlike Android. iOS is thus considered one of the most secure systems against computer attacks.
Disadvantages of closing iOS
However, this security relies on a strict lockdown of the end-user, who has virtually no technical control over his or her device. It is impossible to install applications other than via the App Store, except by means of a jailbreak, a complex, risky and often unstable operation that voids the warranty and compromises system security. This principle also underpins Apple's business model, which charges a commission on transactions carried out in third-party applications.
Customization is also very limited. It's not possible to profoundly modify system behavior, freely change the runtime environment, or directly access system files. So, in practice, the smartphone remains Apple's property, even after purchase, since you don't have full control over it.
What's more, the mandatory integration of iCloud into the majority of services (backups, messaging, photos, location, Siri...) exposes users to a massive centralization of their personal data. Although Apple claims to have a privacy-focused model (and, unlike Google, its business model is not based on the exploitation of personal data), several limitations remain:
- some elements (such as connection metadata, Siri requests or error logs) still pass through Apple servers
- behavioral analysis mechanisms for contextual suggestions, App Store updates or message filtering use non-auditable proprietary models
- using services like iCloud implies implicit trust in Apple's infrastructure, with no control over where or how long data is stored
Finally, in terms of digital sovereignty, iOS represents a closed environment: no external authority (neither user nor independent organization) can verify or modify its operation. Users are therefore forced to trust Apple at every level: hardware, software, network...
open-source alternatives with Android
As we've just seen, the standard Android ecosystem, dominated by Google, is based on an open-source version of the system (AOSP) with proprietary components (GMS). Several open-source projects are taking advantage of AOSP to offer alternative operating systems that are more respectful of privacy, without intrusive overlays, and with better user control. These alternatives are installed to replace the original system, in the form of customized ROMs. They allow you to regain control over the software, but also require minimal hardware control, as they are compatible with only a few devices.
Hardware requirements and warnings
Before installing, it's important to check your smartphone's compatibility with the chosen ROM. Most of these projects support a restricted list of models. Most of the time, you'll need to use the Google Pixel phones, because of their unlockable bootloader support and public drivers.
Installation requires unlocking the bootloader, an operation which allows a new system image to be written, but which completely erases the contents of the original device. Additional services, such as F-Droid or Aurora Store for apps, will also have to be installed manually.
Some manufacturers prohibit or complicate this operation, or even deactivate certain functions (camera, sensors, etc.) when changing systems. So it's important to choose a compatible phone (often a Google Pixel).
GrapheneOS
GrapheneOS is an enhanced AOSP ROM, designed to offer a higher level of security than standard Android. It is developed by an independent team and audited by experts. Graphene implements advanced security mechanisms, including:
- drastic reduction of the attack surface: default disabling of many functions (NFC, Bluetooth, etc.), locking of USB ports when the device is inactive, advanced control of pogo pins, etc.
- a stronger Android sandbox
- advanced memory protection
- granular permission control
- hardware encryption independent of Google
- etc.
GrapheneOS integrates no proprietary components. You are free to add Google services or not, but these are strictly isolated (sandboxed in dedicated profiles). This makes the system extremely resistant to local attacks and the exploitation of system vulnerabilities.
Graphene is only compatible with recent Google Pixels (Pixel 6, 7, 8 and 9).
CalyxOS
CalyxOS is an intermediate system that aims to reconcile privacy, security and compatibility with everyday use. It is also based on AOSP, with security enhancements. Its special feature is the optional integration of MicroG, a free reimplementation of Google services. This makes it possible to run most Android applications dependent on Google services, without having to go through official proprietary binaries.
CalyxOS also offers pre-installed applications (Signal, F-Droid, Aurora Store, integrated VPN...), and a neat interface. It's easy to install via a graphical tool for Pixel users. Calyx is mainly compatible with Google Pixels, but also some Fairphone and Motorola models.
LineageOS
LineageOS, successor to CyanogenMod, is the most widely compatible alternative ROM. It supports several hundred models, thanks to a large community of contributors. Based on AOSP, it emphasizes customization, simplicity and freedom of use.
LineageOS gives you an Android system with no manufacturer overlays, no bloatware, full permissions management, easy updating and a streamlined interface. You can add Google services or opt for 100% free use.
On the security front, however, LineageOS does not integrate certain hardware protections or memory reinforcements found in GrapheneOS and CalyxOS. Its update system also depends on the community, which can introduce delays in security patches.
Which smartphone OS for which use?
When choosing your smartphone operating system, you need to be aware of the trade-offs between security, privacy, ease of use and application compatibility. Each solution has specific technical features that will directly influence your day-to-day experience, your control capabilities, and your exposure to commercial surveillance or vulnerabilities.
Standard Android (with GMS) remains the most widespread solution today. It offers full compatibility with all Android applications, ease of use and immediate access to popular services (Play Store, Maps, Gmail...). However, this ease of use relies on a strong integration of Google's proprietary services, with systematic data collection: GPS position, browsing history, call metadata, advertising preferences... So it's a poor choice if you're concerned about your digital sovereignty or privacy.
Apple's iOS system boasts a high level of security. However, this security is accompanied by extreme closure of the environment: The user cannot install applications outside the App Store (except in marginal cases), cannot modify system behaviors, and is entirely dependent on Apple for management of hardware, cloud storage and synchronization. It's an efficient and robust environment, but one that sacrifices any form of personalization or independence.
GrapheneOS is aimed at the most demanding profiles in terms of security and confidentiality. Its level of security does, however, impose some constraints: few compatible devices (only recent Google Pixel models), no automatic integration of third-party application services, and the need to manually configure alternative tools for updates, the store or notifications. If privacy and security are your priorities, this is clearly the best choice.
CalyxOS offers an interesting balance. The user experience remains close to standard Android, but without Google's direct oversight. It supports a reasonable number of models (notably the Google Pixel), and can be installed without advanced technical knowledge. For users who want a high level of security without sacrificing software compatibility, CalyxOS is a practical, well-balanced solution.
Finally, LineageOS is an AOSP distribution for users who want flexibility and control. It is compatible with a large number of devices, even older ones, allows complete customization of the system, and offers a lightweight alternative to OEM overlays. However, it doesn't natively integrate the advanced security enhancements found in GrapheneOS or CalyxOS, and doesn't always benefit from regular updates for all models. LineageOS therefore requires a certain amount of user discipline to remain secure over time.
| System | Security | Privacy | Compatibility | Customization |
| Android | 🟡 | 🔴 | 🟢 | 🟢 |
| iOS | 🟢 | 🟡 | 🟡 | 🔴 |
| GrapheneOS | 🟢 | 🟢 | 🟡 | 🟡 |
| CalyxOS | 🟡 | 🟢 | 🟡 | 🟡 |
| LineageOS | 🟡 | 🟡 | 🟢 | 🟢 |
Regardless of your choice of mobile operating system, in the next chapter we'll look at the best practices you can adopt to effectively secure your phone and maintain a healthy digital environment.
Quiz
Quiz1/5
scu2025.1
What is MicroG, integrated into CalyxOS?