That's a value judgement, and it's a fair one. It does throw an additional constraint in the works though.
FWIW, I've been looking at the mobile / portable computing space fairly intensively for a month or so. I share your quite dim view of Google.
GrapheneOS does seem to be one of the most attractive Android alternatives.
There are also Lineage (based on CyanogenMod), AOSP, KaiOS (based on AOSP, via Firefox OS), LightOS (by Lightphone, AOSP), AphyOS (used by Punkt. mp03, also based on AOSP). These tend to be minimal, used on feature phones / dumbphones / minimalist phones. And there are /e/OS and iodéOS.
Among Linux-based non-Android options are Sailfish OS (Jolla), Ubuntu Touch (Ubuntu), PineOS (Pinephone), and PureOS (Purism), Tizen, Mobian (based on Debian), postMarketOS (based on Alpine Linux). These tend to be maximalist, offering a fuller experience than Android, with support for native Linux applications and configurations.
There are some non-Linux OSes, of which I'm aware of System 30+ (a/k/a S30+, Nokia), OpenHarmony (by Huawei), and ... something described as "realtime OS" or "RTOS" which actually had a name, for a Japanese flip phone, but which has slipped my mind (probably something reviewed by Jose Briones on his YouTube channel).
And of course there's iOS.
Briones by the way is an absolutely excellent resource: <https://josebriones.org/>. He's also one of the mods of /r/dumbphones at Reddit.
There are trade-offs, and what you choose depends on what you value, in the marketplace, in capabilities, in your own peace of mind.
If you want a full-featured device with wide acceptance, few limitations, and want nothing to do with Google, look at iOS devices.
If you want (nearly) full Android capabilities, but without Google's prying eyes and ears, GrapheneOS or LineageOS are probably your best bets. Whilst Graphene currently only works on Google Pixel devices, there's been a partnership announced with Motorola, there may be others in future (my speculation, with no other basis). And ironic as it seems, Graphene + Pixel actually does get you further from Google in many ways, though I still understand your position.
If you want full freedom / maximal privacy, and are prepared to make compromises on capabilities and battery life, look at one of the Linux-based, non-Android options. I've heard of quite a few bugs with these.
If you're looking for specific hardware capabilities (e-ink, folding / candybar, keyboard (T-9, qwerty, ...), small, large, tablet, headphone jack, etc., etc., or specific software capabilities, you're going to further refine your search. (Briones has a Dumbphone Finder at his website which does this pretty well.)
If you want modularity or repairability, there are devices such as Fairphone or Keyphone with (some) replaceable components.
If you want minimalism, look at an AOSP-based device, or perhaps S30+. These will give you feature phones capable of calls, texts, and a few apps, but not much else. For more complete computing you'll need either a desktop or a laptop.
There are more extreme options. I'm considering, for example, whether or not a roving SIP WiFi-only phone might be an option, and if so, what would be necessary to make that work. It would rely on a WiFi network provider (public or non-public network, or a cellular modem), and wouldn't function everywhere but should function in many locations sufficiently to be useful.
Most non-smartphone options I've looked at, and in particular the usual "dumbphone" suspects (Light Phone, Punkt.) tend to run an AOSP-based OS, with Nokia being the principle exception.
Briones FWIW uses the Light Phone III as his daily driver. That's somewhat spendy, and quite minimal, but he has his reasons, discussed at length at his blog and YT channel.
I'm leaning fairly strongly toward an option now, though my main hesitation is that KaiOS devices have very limited phone/SMS spam and/or traffic management. I'd prefer known-contacts-only could reach the device, that doesn't seem to be possible (KaiOS has only specific-caller blocking, and apparently a limited API for enabling more robust phone blocking). On the flipside, the device can be powered off, and/or battery removed.... I'm also looking at some VOIP/SIP options.
Among other mobile OSes I've run across: CloudOS and ThreadX, the latter used on some AGM models. Proprietary, non-Linux/non-Android.
This probably falls under "capabilities", but another consideration worth strong consideration is mobile network support. With the past phase-outs of 2G/GSM, ongoing 3G phase out, converstion to LTE and VoLTE, and expansion of 5G networks, as well as differing network and frequency standards around the world, finding a device which will work with your preferred mobile provider(s) is a challenge.
This is one of my strikes against the Punkt mp02: it doesn't work with most of my carrier options. I was hoping that either that device's capabilities would be extended, or its replacement would follow a similar ethic and expand bandwidth / protocols, but neither occurred. Further reading on Punkt's offerings has further cooled my interest (bugs, fragile HW, spendy).
RCS and group chat support seems to be another sticker, though with a small-form-factor laptop or tablet you should be able to work around that.
The other sticker for me (mentioned in my original post) is voice/SMS/messaging filtering options. The increase in spam / unsolicited contacts across the comms spectrum is immensely frustrating, and few devices / OSs / apps really address the situation adequately and in a privacy-respecting manner. That's still giving me a lot of hesitency on what really ought not to be this complex a decision, though for now I'm thinking it's a good thing to spend the time.
If you want full freedom / maximal privacy, and are prepared to make compromises on capabilities and battery life, look at one of the Linux-based, non-Android options. I've heard of quite a few bugs with these.
Most of them also have really bad security, for various reasons, including:
- Since virtually no hardware vendor (outside Jolla) supports non-Android phones, they typically use phones that were made by their ODMs as Android phones and rely on kernel/firmware/device trees made available for those Android builds. Sadly, nobody outside Google (PixelOS) and Samsung really cares about giving their kernels and firmware timely updates. So usually the kernel and firmware are full of known holes (Qualcomm and others do monthly bulletins).
- For many reasons, Linux systems have never really focused on proper security isolation and sandboxing. So most of these phones have really poor isolation and you are only one browser/image parsing/... vulnerability away from full phone compromise.
- Unlocked bootloaders or otherwise compromised boot chain. So, it's easy for persistent malware to compromise a phone and there is no way to attest that the system runs unmodified binaries (as you can e.g. can with GrapheneOS' auditor or Android phones with fully verified boot and Strongbox).
Let's say, if I was a bank, I can understand why I would want to block such devices.
> Let's say, if I was a bank, I can understand why I would want to block such devices.
So as a bank, you would be forcing your customers into the duopoly of the American megacorps. Thankfully, there are banks that do not do this.
Nice strawmanning!
Obviously I want banks to support alternatives, but I can understand if they only want to support secure OSes. Some banks support GrapheneOS remote attestation besides Google Play Integrity at the strong level.
By your reasoning, 99.9% of people use awfully insecure OSes on desktop and servers. And yet, the world hasn't collapsed. My bank account is not hacked regularly, too (actually, not at all).
This is a personal anecdote and you are making up an absurd conclusion. No one said things would collapse. Security can be evaluated objectively, and the better the security, leads to fewer instances of exploitation. I'm certain the actual data around InfoSec would support that idea.