1) any currently-supported device is good, but i'd say go for minimum pixel 8a if you can
it ships with Memory Tagging Extensions (armv9 security feature) and two more years of support than previous generations; pixel 7 might be eol in oct 2027 https://grapheneos.org/faq#device-lifetime
official recommendation page: https://grapheneos.org/faq#recommended-devices
2) there is no real graphene alternative for other devices. I would say DivestOS at least made sane compromises to support less secure devices, but it's unfortunately defunct now. Yes lineage is still around and still the go-to clean 'ROM' but far from security focused. just avoid stuff like /e/ os
Thanks! (And thanks to the others responding here too.)
What are the reasons to avoid /e/, according to you? (And not according to the GrapheneOS maintainer).
Because why would you trust an operating system of which the companies CEO says that security hardening is only for criminals and spies?
Besides doing many other shady things, like putting a proxy between their App Louge and F-Droid (cleanapk.org), while simultaneously not wanting to reveal who owns/controls that proxy? Remember that Android relies on trust on first use. Or running Google proprietary DroidGuard blobs in a privileged process for Play Integrity/SafetyNet? Or giving certain Google Apps elevated privileges when you install them?
I could go on for a while.
(I made the mistake of installing /e/OS on a phone once and then started poking around and it really has many security issues, questionable choices, etc.)
>I could go on for a while
Well I am genuinely interested so I am all for continuing that discussions in details. I am happy to finally meet someone who had a real look and isn't just repeating things read online. So if you have time to share the result of your investigation I'm super interested. But here is not the good place I imagine, where can we continue that discussion?