Now, don’t get me wrong, I like the premise of GrapheneOS. The security features it offers are great. However, you’re sacrificing useful hardware features by using it.
Currently, the only phones that support GrapheneOS are Pixels, which lack the microSD card slot, dual sims, and a HEADPHONE JACK! To me, those features are not worth sacrificing for a little extra privacy.
Compared to LineageOS, however, they support a broad range of devices, even pixels. I can look through their supported devices and find one that has a headphone jack, microSD card slot, dual sims, etc. Yes, it’s less private than GrapheneOS, but it’s still more private than stock android or any of those other OEM roms (OneUI for example).
You can still keep some privacy using LineageOS while preserving functionality with projects like MicroG.
Overall, I think for the time being, unless you are really paranoid or live in a anti-privacy area, LineageOS is the better OS to use than GrapheneOS due to still gaining some level of privacy while preserving useful hardware festures. Once GrapheneOS branches out from Pixel phones, I might change my opinion.
It all depends on your threat model.
As far as I’m aware, LineageOS still doesn’t support verified boot, meaning the system remains unencrypted and is more at risk of tampering. GrapheneOS does encrypt many parts of the system, as well as implementing other security and privacy features. This means if your phone was to be taken by police at a protest, or stolen by a thief with some technical knowledge, the LineageOS phone could be easily broken into, whereas the GrapheneOS one wouldn’t.
GrapheneOS adds many additional features to prevent apps from exploiting your system, allows you to disable app network access the moment it’s installed rather than digging around settings menus or using ADB like LineageOS can need, and it’s considered essentially the most secure and private, yet feature complete Android ROM you can get nowadays.
Pixels simply have many more hardware security features than essentially every other OEM, and supporting only Pixels means Graphene’s team can focus on making those work the best. By contrast, LineageOS essentially has to support most phone models, which means sacrificing some stability and security improvements.
From the perspective of privacy, irrespective of security, GrapheneOS will still be better. It’s an OS built with the purpose being privacy at its core, with everything built around that. LineageOS is primarily built to extend the lifetime of devices, with the added benefit that Google Play isn’t pre-installed and given full privileged access by default.
If your threat model is just to reduce data being collected about you by large corporations, LineageOS will probably do an okay job at that. If you want to maximize the amount of your privacy that you protect from both corporations, and any given actor, whether that be someone shoulder surfing to get your pin, or police cracking your phone with a Cellebrite machine, GrapheneOS will always be a better bet, even if it’s just you trying to protect your data from corporate entities.
I will point out, while Pixels don’t have expandable storage, you can always use a dual-port adapter for your phone’s USB-C port to get both charging and audio jack ports at the same time, and you can add multiple SIMs, as long as it’s an eSIM. I’ve had 2 eSIMs on my GrapheneOS-flashed Pixel phones at the same time, and it’s worked fine so far.
In the end, I’d just say, if you just want Google to have less data on you, and you just want less bloatware, and you refuse to get a Pixel because of the aforementioned tradeoffs for you, then just use LineageOS. It’s better than stock. If you care about your privacy all around, and want more hardware and software security features, faster security patches, and more assurances of your privacy, go with GrapheneOS.