GrapheneOS is a privacy and security hardened OS. It preserves the standard privacy and security of the Android Open Source Project (AOSP) along with keeping up with the updates. It builds major privacy and security improvements on top of that. /e/ is the direct opposite and reduces privacy and especially security compared to AOSP. /e/ doesn't keep up with updates, has huge delays for important privacy and security patches along with reducing privacy and especially security in many other ways. GrapheneOS is a much more widely used OS with much more testing and provides much broader app compatibility. Unlike /e/, GrapheneOS only connects to GrapheneOS services by default and provides a high level of control over it. /e/ still uses a bunch of Google services by default and gives extensive privilege access to Google apps/services. Our approach is that Google apps/services are an optional thing people can install which do not receive any special access and can't do more than other regular apps since they're installed as regular sandboxed apps on GrapheneOS via our Sandboxed Google Play compatibility layer.

A common misconception is that people believe GrapheneOS is less usable than much less private and far less secure options but it's the other way around. GrapheneOS provides nearly perfect app compatibility when taking into account the per-app exploit protection compatibility toggle and sandboxed Google Play. Nearly the only apps not working on GrapheneOS are ones banning any alternate OS and a larger number of those work on GrapheneOS than elsewhere due to a subset specifically permitting GrapheneOS due to far higher rather than weaker security. Apps have legitimate reasons for being concerned about the poor security of many alternate operating systems but they're wrongly grouping it all together as if GrapheneOS.

/e/ lags weeks, months and even years behind on providing updates for drivers, firmware, the Linux kernel and more. They miss a large portion of the monthly Android security bulletins which are a limited subset of the patches in the first place but then claim to provide the latest patch level despite many of the required patches being missing.

/e/ has a supposedly private speech-to-text sends data to OpenAI and their own servers without obtaining explicit user consent to share sensitive data with a third party.

https://community.e.foundation/t/voice-to-text-feature-using...

They say the data is anonymized based on passing it through their own servers before OpenAI but OpenAI is receiving all of the user speech data under their usual terms of service enabling them to store and leverage it.

Fairphone lags significantly behind on OS updates and patches with only a small subset of what should be provided being shipped. Their hardware omits important security protections required by GrapheneOS which it uses to protect users against widespread commercial exploit tools. Fairphone doesn't provide upstream Linux kernel updates in practice which is a massive omission for their updates. Fairphone 4 has an end-of-life 4.19 kernel branch and the Fairphone 5 despite not being very old already has an end-of-life 5.4 kernel branch. Neither was providing the LTS revisions prior to end-of-life so from their perspective nothing really changed but it means it's a huge task for an alternative OS to provide basic updates since they'd need to port everything to a newer kernel branch.

/e/ does not provide similar privacy features to GrapheneOS such as Contact Scopes, Storage Scopes, Sensors toggle and much more. It focuses on bundling things which can be provided with apps such as RethinkDNS on GrapheneOS with a higher quality implementation. GrapheneOS delegates as much as it can to apps while focused on the core OS. If a feature can be done better with an open source app, we'd rather leave it up to that app and many provide privacy and security protections which apps cannot. For the most part, apps can't improve OS privacy and security. Enumerating badness via blocklists which cannot block anything that's dual purpose functionality is also a very weak approach to privacy which is increasingly less useful. The most privacy invasive behavior of apps is nearly all done through their own services which also provide their functionality. Among other things, /e/ uses this system for labeling app tracking and permissions which is incorrect and misleading as shown by this example:

https://reports.exodus-privacy.eu.org/en/reports/com.faceboo...

Facebook clearly doesn't have no tracking but rather this system only detects a small number of specific third party libraries they've decided are trackers. Those choices are often very questionable such as portraying even opt-in crash reporting as tracking because it used a third party library on their list. Meanwhile, Facebook's lite app supposedly has no trackers. The permissions list is thoroughly inaccurate and not how Android permissions work. The core permissions are opt-in with apps having to request them so listing those as if they're granted on install and mandatory due to being possible to grant is incorrect. Most of the rest have special access toggles which are opt-in for the sensitive ones or other toggles such as the battery optimization mode where Restricted stops apps starting themselves and delays those things until it's run by another app or the user.

Privacy requires providing privacy patches and strong privacy protections. It also depends on security which means providing security patches and strong security protections. GrapheneOS is heavily focused on all of that rather than simply treating not having bundled Google apps and services as meaning a private OS. There are also worse things for privacy than Google apps and services. /e/ sending speech data to OpenAI vs. Apple doing the processing locally as we've it implemented for GrapheneOS is a good example. Google at least has partial local speech-to-text support and a better privacy policy than OpenAI for the cloud portion. Avoiding Google apps/services is not the same thing as providing strong privacy.