In a market dominated by Android and iOS, a few mobile operating systems are daring to do something different. Graphene offers increased security for high-risk individuals and organizations, while \/e\/ wants to make privacy accessible to everyone. The two OSes are fighting against surveillance and surveillance capitalism, protecting consumers from the prying eyes of both nation-states and data-hungry companies.The first, GrapheneOS is gaining traction within the cybersecurity community, where it\u2019s praised for being stable and reliable. The open-source mobile OS with hardened security was created by Daniel Micay, a meticulous developer who cares about \u201cadvancing the state of the art\u201d in security. He built Graphene from the ground up, saying that it was the only way to achieve his desired level of privacy, security and robustness.While Micay is creating a mobile OS for high-risk users, another entrepreneur is taking a different path. Ga\u00ebl Duval, the mastermind behind Mandrake Linux, is building a privacy-focused OS that\u2019s easy to use. Customers can buy refurbished phones with \/e\/OS preinstalled, which work straight out of the box, just like any other Android device, but don\u2019t send piles of data to Google.\/e\/ and Graphene are part of a new wave of operating systems that are slowly building an audience. \u201cConsumers are seeking innovative, more secure, and more private alternatives to the Google and Apple smartphone duopoly,\u201d says Sean O\u2019Brien, founder of Yale Privacy Lab. \u201cI've tried nearly every smartphone operating system currently available. In many ways, options like Graphene and \/e\/ are more feasible, intuitive and functional than the defaults shipped by big OEMs.\u201dGrapheneOS: Hardened security and impressive battery lifeGrapheneOS is mostly a one-person show. It\u2019s the brainchild of Toronto-based security researcher Micay, who also worked on CopperheadOS but is no longer part of the project.With GrapheneOS, he did most of the work. \u201cI created 99% of what exists at this point,\u201d he says. This tight control allowed him to develop a mobile OS that matches his ambitions and his desired level of hardened security. \u201cThere isn\u2019t another project like it at all,\u201d Micay argues. \u201cI don\u2019t think it has competition.\u201dThe OS was designed in a way that eliminates several classes of vulnerabilities, the grapheneos.org website reads. \u201cIt has a hardened kernel, libc, malloc and compiler toolchain with many low-level improvements.\u201dAt first glance, Graphene looks just like stock Android. You need to manually install it on one of the officially supported phones: Pixel 2, 2 XL, 3, 3 XL, 3a, and 3a XL. (Graphene\u2019s support for the Pixel 4 and 4XL is under development, but there isn\u2019t a timeline.)The OS has a Spartan feel, with few things bundled into it. Given its private and secure nature, it doesn\u2019t use Google Play services, and it doesn\u2019t include the Google Play store. Only a few apps are directly available, such as Vanadium, a hardened variant of the open-source Chromium browser. Users who want a wider range of tools can download the F-Droid app store, which has free and open-source apps.At some point, Micay hopes to have his own store. Although he plans to create just a small repository, he says the task is time consuming: \u201cWe can rarely find high-quality open-source apps [that don\u2019t use Google Play services] so we\u2019ll either need to develop them ourselves or inspire others to do it.\u201dStarting an app on Graphene could take a few milliseconds longer than stock Android, and it might use more memory because of increased security. However, after the app starts, there's no noticeable lag.GrapheneOS a fit for some threat modelsMost security researchers who have used Graphene speak highly of it. Baptiste Robert, known for uncovering holes on Android, argues that GrapheneOS is \u201cthe best candidate\u201d for some security-focused threat models. \u201cDaniel did a fantastic job by creating this hardened version of Android,\u201d Robert says, adding that he has \u201chuge respect for his skills and his work.\u201dCostin Raiu, the director of Kaspersky\u2019s Global Research and Analysis Team, has found Graphene to be \u201cextremely stable.\u201d He says that a reasonably capable IT department can set up and manage devices running this OS without too much disruption.\u201cThe installation, monthly upgrade and general maintenance was very smooth and completely without any problems,\u201d Raiu says. \u201cIt can be a good companion, a secure phone that high-risk organizations could deploy to their people, coupled with a secure messenger such as Threema.\u201dGrapheneOS is not just secure and stable. It\u2019s also energy efficient, because many battery-draining background processes normally found on Android devices are cut out. Most researchers say that the battery lasts two or three days on a single charge. With minor usage such as checking news from time to time and browsing, it can last for up to 10 days, Raiu says.This OS could help government employees, politicians, intelligence officials, security researchers (notably those looking into state-sponsored cyberattacks), journalists, privacy advocates, and human rights activists, in addition to companies doing sensitive work, according to Raiu.\u201cTo be safe, stack a few security layers together,\u201d he says. Depending on the situation, one can use a GrapheneOS phone without a SIM card, for an enhanced degree of anonymity. The device could also connect to \u201ca small Raspberry Pi-style router, broadcasting a WiFi network over TOR or a VPN,\u201d Raiu suggests.One more exciting thing about Graphene, users say, is Daniel Micay\u2019s determination to push the boundaries of security. The OS has already led to improvements across the board, including in the Android Open Source Project (AOSP). To achieve more, Micay says he needs passionate developers willing to help.While Micay is working on his project meant to help the more tech-savvy community, French entrepreneur Ga\u00ebl Duval tries to unGoogle everyone\u2019s lives.\/e\/OS: Privacy for everyoneIn the late 1990s, when installing Linux was a laborious process and running it often required command line wizardry, Ga\u00ebl Duval shifted the paradigm. He wanted everyone to use Linux, not only techies, so he created Mandrake, the first user-friendly distribution. Soon, his product reached millions.\u201cWith \/e\/, I\u2019m in the same state of mind as with Mandrake,\u201d Duval says. \u201cEngineers who make great products that are complicated to use say \u2018People just need to learn or read the f***** manual.\u2019 But the truth is that they just don't like to build mainstream user interfaces.\u201dDuval launched the privacy-focused \/e\/OS at the end of 2017 with a Kickstarter campaign that raised more than $110,000. It was enough money for the French entrepreneur to do a Google-free fork of LineageOS. (Lineage, a free and open-source mobile operating system based on Android, is the descendant of CyanogenMod.)Later on, an Indiegogo fundraiser allowed Duval to get an additional $120,000 to create a product that\u2019s easy to use, yet privacy friendly. He says \/e\/ is more focused on privacy than LineageOS. \u201cThey offer Google search by default, use Google servers for connectivity check\u2026 they don\u2019t have any plans for deGoogling as far as I know.\u201d Duval has replaced the Google services with microG, a free and open-source implementation of Google libraries.In fact, most of the apps included are open-source, although the phone gives the user a genuine Android experience. The web browser is an unGoogled fork of Chromium, the mail app is a fork from K9, the search engine is based on Searx, while the camera app is a fork of OpenCamera. Duval also chose MagicEarth for maps, and a fork of GoodWeather as his weather app. Users can also download apps via F-Droid.\u201cThe most important thing I learned from the Mandrake Linux experience is that you can have the best operating system on the planet, people use applications first,\u201d Duval says. He believes that a variety of apps is instrumental in succeeding on the market. He also wants those apps to be fair to customers and not collect mountains of information like big tech products do.\u201cIf you use an iPhone, about 5MB of personal data goes to Google servers per day,\u201d Duval says. \u201cFor Android, that's even worse: about 12MB per day. Many people are not comfortable with this situation.\u201dIt\u2019s not just Google that collects data. London-based researcher Gabriel C\u00eerlig recently showed that phone manufacturers also accumulate an ocean of personal data. He analyzed a Xiaomi Redmi Note 8 device and found that it was sending 1.5MB of personal data a day to remote servers in Singapore and Russia. This was pure personal data the user could not opt out of, and it included the music they listened to and the folders they had.The magnitude of the data collection issue is something that bothers Duval. \u201cThe purpose of \/e\/ is to offer people a choice,\u201d he says. He targets a broad audience. Users can install the ROM on their device free of charge, but if that\u2019s too much trouble, they can also buy a refurbished phone that\u2019s already set up for them for as little as \u20ac250. The \/e\/ online store mostly offers Samsung Galaxy devices, but a new Fairphone 3, built with minimal environmental impact, can also be purchased.Like any project, \/e\/OS has its critics. The operating system has \u201call of the same security issues as LineageOS,\u201d a researcher who goes by the name of madaidan argues. \u201cIt disables verified boot, which is used to make sure that the firmware, bootloader, OS, etc. are not tampered with.\u201d He argues that most custom ROMs use userdebug builds (which add extra debugging attack surface), allow root access via adb, don\u2019t include firmware updates, and weaken SELinux policies.\u201c\/e\/OS is not about hardened security, at least for now,\u201d Duval says. \u201cIt's not for people who can be targeted by governments, intelligence services or illegal organizations. We are making a mobile phone ecosystem that lets users escape the permanent and industrial harvesting of their personal data.\u201d\u00a0In the short run, Duval hopes to add new privacy features, and to further improve the user experience. \u201cIn the long run, our goal is to become the de facto standard mobile ecosystem for users who want more privacy, and generally, a more ethical mobile environment,\u201d he says.Can Graphene and \/e\/ build an audience?Thriving on the mobile OS market where Apple and Google have 99% marketshare is challenging. \u201cIf [Graphene and \/e\/] expect to sell millions of devices, they are delusional,\u201d says Francisco Jeronimo, associate vice president of devices for IDC EMEA. He argues that better privacy and security might not be enough to reach a decent market share. \u201cEveryone claims to be interested in security and privacy, but the majority of consumers, despite being aware of the risks, will continue to use their normal phone.\u201dStill, Jeronimo believes GrapheneOS and \/e\/OS can make some money, if they do everything right: \u201cThere is a small niche of users and companies who strongly care about security and confidentiality, and don\u2019t want to be surveilled.\u201dTo Yale Privacy Lab\u2019s O\u2019Brien, this small niche is worth defending despite all the difficulties. He says that people who want better privacy and security should be able to get it. \u201cOn a planet filled with spy sensors under the purview of the US, China, and smaller powerful states, the outlook for privacy, autonomy, and liberty looks grim,\u201d he says. \u201cThose who have dedicated their lives to replacing big tech know the barriers are huge but fight anyway.\u201dO\u2019Brien argues that the COVID-19 pandemic and the protests around the globe \u201cmay have already tilted the scales of control into the hands of government,\u201d and that having options might be the only way of preserving digital freedom for those who need it the most.