After being an iPhone user for the last seven years, in 2026 I pulled the trigger and bought a Google Pixel 10a to finally try GrapheneOS and double-check for myself: do I really need a flagship smartphone? In this post I will share how the transition from iOS to GrapheneOS and from a flagship iPhone to a mid-range Pixel went.

If you are here only to see a software experience - what worked, what didn’t, and which Android replacements I chose for iOS apps and services (including iCloud services) - scroll down.

History

My last four phones were the Pro versions of iPhones: 11 Pro Max 512 GB, 13 Pro 256 GB, 15 Pro Max 512 GB, 17 Pro 1 TB. Each and every one of them was "the best iPhone ever" according to Apple's announcements. Hard to disagree. Each featured an amazing camera for its time, solid connectivity, build quality, and so on. But what really got me, a Linux user allergic to proprietary cloud services and vendor lock-in, into the Apple ecosystem (aka the enclave of vendor lock) was security. No other smartphone manufacturer offered that many years of software updates, end-to-end encryption for cloud services, and full-disk encryption for the smartphone itself, and so on back in the day. Android smartphones with seven years of support don't surprise anyone today, but in 2019, when I got my first iPhone, a huge chunk of sold Android devices never received a single software update.

I didn't have any illusions about Apple back then, and I don't have any today (nor do I like a walled-garden model of iOS). But in my system of coordinates, stock iOS was a better, less evil option than stock Android with Google Play Services, because Google Play Services can bypass the app sandbox and have privileged access. I never considered LineageOS or other custom ROMs either, since they lack some security features and require a permanently unlocked bootloader or, like /e/OS, come with preinstalled microG (microG still needs privileged access). With all due respect to popular custom ROMs, I don't want an OS that lacks essential security features on my phone - a device that is almost an extension of my brain and memory that I carry with me every day. Needless to say, phones supported by custom ROMs usually don't receive firmware updates anymore, as their SoCs are already EOL.

I don't remember when I first heard about GrapheneOS, but I remember it immediately rang a bell. It's an open-source project focused on privacy and security, with the flexibility of Android, verified boot, and an optional installation of sandboxed Google Play services so they no longer have special privileges, and it works on relevant Google Pixel models. Isn't that very cool? It is. But a family in iCloud, a set of Apple devices I already own (iPhone, iPad, Apple TV, AirPods), a lack of free time, and, most importantly, a fully functional smartphone (iPhone) in my pocket didn't motivate me to make a move. It took me years, but eventually I did, and my only regret is that I should have done it earlier.

Mid-range smartphone

I chose the Pixel 10a 128 GB because I had a strong gut feeling that I don't need a flagship model anymore. Seven years ago, the gap was huge, and the picture quality of the iPhone 11 Pro Max's camera was mind-blowing compared to mid-range smartphones. I didn't need to be a Pro user to take advantage of the Pro model. But my assumption was that technology had developed so much that a few years ago we already reached a point where I had "enough" computing power, charging speed, cameras, and photo quality. Luckily, the assumption was correct. Don't get me wrong: I can see a difference between photos and videos made on the iPhone 17 Pro and the Pixel 10a, but the Pixel 10a is good enough for me that I am not bothered by FOMO over a better camera. In exchange for the "camera downgrade", I got a camera that doesn't have a bump - the back of the smartphone is completely flat, it doesn't need a case, and it lies comfortably in the hand. Outside of the camera, I don't notice any downgrades. I know that, spec-wise, the iPhone 17 Pro is much stronger, but in day-to-day use I just don't see or feel a downgrade, the system and the apps I use are as responsive if not even better than iOS and apps I used on the iPhone.

A separate note on 128 GB: this is not for everyone - I get it - but it's enough for me. I have unlimited traffic on my phone subscription in Finland and a very generous package when traveling in the EU, so I stream almost everything from my home server: music, podcasts, audiobooks, and so on. Photos I take are uploaded to Ente Photos. I keep only recent photos on the smartphone, and everything else is in Ente or on my home server. If I eventually need music offline, I have a HiFi player loaded with all my favorite LPs and a pair of great headphones in my backpack. I don't download TV shows, movies, etc., onto my phone. Everything else doesn't consume that much space. Thus, yes, 128 GB is enough, but I totally understand why others might need more space, for example for video recording.

What didn't work

What didn't work makes a pretty short list:

• Authy and IKEA Smart Home apps from Google Play - both failed the integrity check
• A Finnish version of the Kivra app is not available in Google Play for me
• Google Pay (has an alternative that works)
• Apple Find My (doesn't have an alternative)

That's it.

I had a few legacy accounts in Authy from old days, that I was too lazy to migrate to other MFA apps. IKEA Smart Home was only needed long ago to activate and add a smart bulb to Apple Home; now it works through Matter in Home Assistant without issues. And Kivra has a mobile-friendly web version. Not the end of the world, as you can see. I will comment on Google Pay and Apple Find My later in the post.

Everything else worked fine, including banking apps, wallet, contactless payments (without Google Pay), messengers, and so on, though I had to find replacements for some apps I used on iOS that were not cross-platform.

What is my GrapheneOS setup

I didn't set out to degoogle my life because I hadn't used Google apps other than Waze and YouTube for many years. I watch YouTube through a web browser without an account, or through alternative frontends, due to a very unfortunate lack of alternatives. I stopped using Waze while I was still using an iPhone - not because of Google, but to decrease my dependency on navigation apps and better memorize the city I live in. If I recall correctly, I ditched Gmail around 2015 and haven't used Mail, Calendar, Drive, Search, etc., from Google since then. That being said, I don't mind a minor presence of Google on my phone in a controlled form of sandboxed Google Play, where Google Play doesn't have special privileges and works on the same grounds as any other app.

I know that many privacy enthusiasts prefer Aurora Store over sandboxed Google Play for privacy reasons, but I value security over privacy here and accept a compromise. Aurora is a middleman you have to trust; it's more vulnerable to MITM, and verification of APKs you get from Aurora is an ongoing concern too. Plus, I want push notifications in all apps (and don't mind Firebase being involved), and I use Android Auto, which sees only apps installed from Google Play.

Note: I use Google Play with a burner account. I didn't give any PII, such as my name, phone number, backup email, or similar, to Google. All it got from me was a disposable email alias to register an account; as a result, this Google account doesn't even have a Gmail address. Neither Google Play nor Google Play Services has access to location. Both have permissions for network and sensors only; everything else is restricted. So Google technically can get my approximate location through geo-IP when my phone doesn't route all traffic through a VPN, and I accept that. Android Auto doesn't have network permissions. I will come back to Google and tracking a bit later, but I want to talk about profiles and spaces first.

GrapheneOS offers a lot of flexibility in how you organize installed apps: profiles (users), private spaces, and work profiles. Before I moved to GrapheneOS, I read user stories on forums where people said they had two to five profiles. The Owner profile is an app pusher; some other profiles have Google Play services, others don't. Profiles are split by trust in developers or by other criteria. It's easy to get overwhelmed by all of this. I don't use that fancy structure, and I personally believe the Owner profile is enough for the vast majority of users (you do you, of course, if your threat model needs separate profiles or you seek an adventure).

I use the Owner profile with sandboxed Google Play and Android Auto. And I use a private space without Google Play services inside the Owner profile. That's it.

• Owner profile: all of my apps are installed here, but a few are disabled. All were installed from Google Play or with Obtanium (if I don't count apps from the built-in GrapheneOS App Store). I have F-Droid and Accrescent, but I don't install apps from them; instead, I use them for app discovery.
• Private space: I pushed disabled apps from the Owner profile here; they are work-related apps (for example, Slack). I also keep a second instance of some apps here if they don't natively support logging into multiple accounts. I guess if I needed to install untrustworthy apps, they would go here too, but so far I manage without them and will do so only if I must; i.e., if a PWA is not an option, installing on other devices is not an option, and so on. I wish I could have two private spaces within the Owner profile: one for work-related apps, the other for "second instances," but one private space is already good. I don't use the Work profile for work-related apps on purpose; I don't want to grant extensive permissions to, or put my ultimate trust in, a third party app like Shelter, which is a mandatory condition for operating the Work profile.

Now let's quickly circle back to Google and tracking. I don't have Google apps apart from sandboxed Google Play and Android Auto, which I got from the GrapheneOS App Store. But if I did, they would probably be able to leak data. All apps within a profile can see each other. If apps have established mutual consent, they can communicate over IPC. Assuming that Google apps do have mutual consent with each other, in theory, if I installed, for example, Pixel Camera in the Owner profile and granted it access to precise location but not to the network, it might have given location to Google Play over IPC, and because Google Play has network permission, location data could have been sent to Google over the internet. Don't quote me, though; this is my understanding, and I might be mistaken.

An easy solution is to avoid installing apps from Google. If you need to install something from Google, install it from Google Play and don't grant network permission. Don't open the app; navigate to the app settings (Settings - Apps) and disable it. After that, push the app to a private space without Google Play Services and Google apps that have network permissions. For example, I did this when I wanted to test Pixel Camera versus the default camera app of GrapheneOS. After I tested Pixel Camera in the private space, I uninstalled it (bet you can already guess the results of the test, lol). It's worth noting that it's unclear if some apps from other developers have consent for sharing with Google apps. Apart from banking and work apps (which are in the private space without Google), I mostly use open-source apps and apps from privacy-respecting indie developers; therefore, I accepted a theoretical privacy risk and keep almost everything in the Owner profile.

Before I jump into software experiences - what apps did and didn't need replacements on Android versus what I used to use on iOS - I need to clarify that I have been running a home server and self-hosting services for more than a decade now. Many of the apps I used on iOS were frontends and clients for self-hosted services, for example, Nextcloud. Depending on how many proprietary cloud services or services syncing your data with iCloud you use, your migration may vary greatly.

Apps

I tested more apps than I actually use daily. For example, I don't use retail apps that implement a club card and a browser of available deals and goods for a store chain, but I tested a few to get a better picture of what works and what doesn't in GrapheneOS. I admit that after intensive testing, Authy, IKEA Smart Home, and (Finnish) Kivra are the only apps I couldn't get to work. Everything else seems to work just fine.

Finnish apps

First things first - banking and money apps work fine: Revolut, OP.fi, MobilePay. So do apps that are relevant for citizens and residents of Finland: Suomi.fi, OmaPosti, Klarna, OmaTelia, OmaMehiläinen, etc. The only app I couldn't get to work from this category was Kivra. For some reason, Google Play offers me Swedish Kivra instead of Finnish Kivra. It's not a big deal since Kivra works fine in a mobile web browser. Car-related apps work: Virta, EasyPark, gas station apps (yes, this is how many of us pay for gas in Finland - in a mobile app). Retail apps also work: K-Ruoka, Lidl, and so on. The Finnair app works. So you won't lose access to the typical set of apps you can find on a smartphone in Finland.

Banking apps

You can find a community-maintained list of banking apps compatible with GrapheneOS at this link. As I wrote above, OP.fi and Revolut work well in my setup.

Contactless payments and wallet

Google Pay doesn't work on GrapheneOS because it forbids non-stock mobile OSes. I would assume, though, that a large portion of GrapheneOS users, myself included, would not have used Google Pay even if it had worked.

I tested contactless payments with Curve Pay - it works. Function-wise, this is probably the closest alternative to Apple Pay (and Google Pay) you can get on GrapheneOS as of late April 2026. I didn't play much with the app; I just added one of my Revolut cards to Curve Pay and tried it in a couple of convenience stores - tap-to-pay worked as expected. I am adding an FYI here that I am not planning to keep using Curve Pay. I already give a lot of data to Revolut and traditional banks, and I don't need yet another middleman money app, but you do you.

Other available options:

• PayPal has its own tap-to-pay implementation available in some countries
• Some European banking apps have their own tap-to-pay implementations too
• MobilePay. We use it a lot in the Nordics as the default app for sending and receiving money with cards from any local bank. If I'm not mistaken, some payment terminals also support paying with MobilePay by scanning a QR code or similar, though I haven't used this feature since 2021-don't quote me on that. Also, MobilePay has its own tap-to-pay implementation, but it only works with cards from three specific banks.
• Revolut Pay. If you have a Revolut account and app, and a store has a Revolut terminal, scan QR code on the terminal screen and confirm a purchase in the app.

Maybe Walt will become the wallet app we're looking for in 2026-2027. According to their roadmap, they aim to deliver Android and iOS apps in 2026, but we will see.

In my case, because I have a Garmin watch that supports Garmin Pay (which I also used when I had an iPhone), I will keep using my Garmin for contactless payments, as it works well. As for a wallet app that stores boarding passes, loyalty cards, and so on, I settled with FossWallet. And if you are in Nordics, Klarna also works.

I don't yet know whether there is a solution for transit cards, for example the Octopus card in Hong Kong or Clipper in San Francisco. I used to be a frequent traveler until my baby was born, so it was neat that Apple Pay supported transit cards in many countries. I guess I will explore this topic more when traveling rejoins my hobby list in the future.

Android Auto

Android Auto works in GrapheneOS but requires sandboxed Google Play. I didn't experience any issues with it in my setup: I installed it from the App Store, only granted permissions for wired connections and rerouting audio from device to the car, and that's it. Navigation apps, music, audiobooks, and similar apps work fine as long as they are installed from Google Play, even though I didn't give location, network, or other permissions to Android Auto. Also, while I did allow background usage, I didn't set it to unrestricted, and I didn't install any of the "recommended" (by Google) apps (Google app, Google Maps, etc.).

I have never used Android Auto on stock Android, so I don't know what the stock experience is, but I have to say that Android Auto in GrapheneOS is nice and I prefer it to Apple CarPlay.

Navigation

If you are looking for a drop-in replacement for Google Maps or Waze, there is none. Mass surveillance and community crowd-sourcing (police, crashes, potholes and other reports) make them great at routing in city traffic. A privacy-respecting alternative to Waze is an oxymoron. You have to choose what you value more: up-to-date information about speed traps and traffic or your privacy.

Most of the time I drive without navigation. Luckily, we don't have traffic in the Helsinki metropolitan area (by the standards of LA, NY, London, and other megacities). If you know a good route, it's the best route, with very rare exceptions, such as a car crash blocking the road. When I do need a navigation app, I use Organic Maps.

I find OpenStreetMap provides the best coverage and the most accurate information about roads (including speed limits), trails, and residential buildings (a bit better than Google Maps and light years ahead of Apple Maps). It is not as good as Google Maps for information about businesses, such as opening hours, but it's okay most of the time. It usually doesn't give wrong information about opening hours; rather, it lacks information for some businesses. Luckily, since it is a map database maintained by a community, you can always fix it yourself.

As I mentioned above, Organic Maps (free) is my choice. Some people prefer a fork of Organic Maps, CoMaps (also free), after some drama among the community and developers. There is also OsmAnd (requires a paid subscription for Android Auto). I don't recommend Magic Earth (requires a paid subscription for Android Auto); it's a miserable, very unstable experience.

Also, I don't recommend HERE WeGo. It's often praised as a "European alternative" to Google Maps. I care more about the accuracy of map data than about where a headquarters is registered. I tested it. It showed me wrong speed limits on virtually every road near where I live. I think it might negatively impact routing. Maybe Organic Maps and other offline navigation apps powered by OpenStreetMap data don't have live traffic, but at least they don't try to mislead me.

Remember: whatever you choose has to be installed from Google Play if you want to use it with Android Auto.

We have HSL in the Helsinki metropolitan area for public transport, which I also used on iPhone. So I kept using it on GrapheneOS.

Find My and Airtags

Similar to a "privacy-respecting" navigation app with live traffic, a privacy-respecting, independent alternative to the Apple Find My network and Apple AirTags is an oxymoron. The wide coverage of Apple devices and the fact that they broadcast their location even when powered off, along with the locations of nearby Apple devices, make AirTags a perfect tool for finding lost keys (as well as tracing a car or stalking someone). If we forget the privacy and independence aspects, there simply is no other network big enough to compete with Apple Find My, nor is there a way to effectively track the location of your phone for a few hours after its battery dies.

I accepted that this part was gone after I moved to GrapheneOS and Pixel. You can try OwnTracks, PhoneTrack for Nextcloud, or FMD, but they won't help if your phone is not online. The latter also needs a lot of permissions to do its thing: send messages, take photos, and record video (to capture surroundings), and so on. It's your call if you want to put that much trust into a third party, but either way it won't help you if the phone is powered off, and I assume that would be the first thing a thief does after they steal a phone from you.

Contacts, calendars, reminders

You don't have to abandon iCloud completely, because contacts and calendars from iCloud can be used on Android, but not reminders.

I use KashCal calendar app. It supports local and CalDav calendars, including iCloud and Nextcloud. Because my wife uses an iPhone, we just keep using the same shared iCloud calendar.

Another solution is DAVx⁵. It can bring your contacts and calendars from iCloud to Android. I don't use it for iCloud stuff, but I tested it with iCloud - it works. Instead, I use DAVx⁵ to sync my contacts and private calendars with my self-hosted Nextcloud. I exported a vCard with contacts from iCloud Contacts on the web (it can be done even if you have Advanced Data Protection in iCloud, because it doesn't extend end-to-end encryption to Calendar, Contacts, and Mail) and imported it to Nextcloud Contacts.

Apple Reminders are not working through CalDav, they cannot be accessed from Android. I replaced Apple Reminders with Tasks.org (client) and Nextcloud Tasks (backend).

If you are using Proton, keep in mind that while you can import your contacts from the device to the Proton Mail app, Proton won't sync them across on-device contact books. And Proton Calendar doesn't integrate into on-device calendar. If, for example, your work calendar is Outlook or Google, your shared family calendar is iCloud, your personal calendar is Proton, and you want to see personal, family, and work calendars in one app to better plan your day, it's not possible. Technically, you can subscribe to external calendars in Proton Calendar, but it requires publishing your external calendar as public, which is often not a good idea. And, last but not least, Proton Calendar doesn't have tasks. So, as of late April 2026, Proton is no help to me with contacts and calendars. Therefore, I use Nextcloud.

If you don't want to self-host, EteSync offers a hosted, end-to-end encrypted solution for just $2/month. Also, Tuta integrates with on-device contacts and syncs them, though the calendar and tasks issues are similar to Proton.

Smart home

There is no way to access Apple Home from Android in a convenient way. I migrated to Home Assistant.

Because I don't have a single Apple HomeKit-certified device except an IKEA smart bulb, I used Homebridge to add smart devices to Apple Home and Scrypted with the HomeKit plugin to expose RTSP cameras to Apple Home. I replaced Apple Home and Homebridge with Home Assistant and integrated Scrypted into Home Assistant. I should have done it a long time ago; it's a far better experience than Apple Home. My wife also happily uses Home Assistant from her iPhone nowadays.

If you are considering a migration, here are a few hints

• Scrypted has a custom component for Home Assistant, but it doesn't expose device entities (sensors). Use the custom component to add camera live cards and controls to Home Assistant dashboards, and MQTT to expose status, motion, and audio sensors from Scrypted to Home Assistant. It all works really well together; just invest a little time.
• If you have a TRÅDFRI hub from IKEA - the IKEA TRÅDFRI integration is way to go, if you have a Dirigera hub from IKEA - the Matter integration.

Music and audiobooks

Deezer works. Plexamp works. Plex works.

What I didn't expect to become a problem was audiobooks. I used Prologue on iPhone to listen to audiobooks stored in Plex. The only free replacement on Android is Chronicle Epilogue. It's not bad, but it's not at the Prologue level either. So I moved audiobooks from Plex to Audiobookshelf. Shortly after that, just books (PDF, and so on) and podcasts also went to Audiobookshelf. So far, it's been an amazing experience.

Garmin

I easily moved all my Garmin gear from Garmin Connect on my iPhone to Garmin Connect on Pixel. I unpaired them on the iPhone first, then paired them on the Pixel. It was as simple as it sounds for the watch and HRM‑Pro Plus. The Index Sleep Band also had to be plugged in for re-pairing.

Opensource and proprietary privacy respecting apps

I will keep it short and just say that anything you can think of in this category works fine on GrapheneOS: Brave, Firefox, Nextcloud, Proton apps, Kagi apps, Ente apps, Standard Notes, Lunatask, Bitwarden, Syncthing, XMPP clients, and so on.

The only caveat is Signal. It works perfectly well on Android, but it doesn't support a direct migration from iOS to Android or vice versa. You can re-register your phone on a new device, but you cannot natively transfer message history. So I had to install Molly, an unofficial client for Signal, first. Then I added Pixel as a linked device to my Signal account, kept Signal on the iPhone, made an on-device encrypted backup of message history, re-registered my phone number on GrapheneOS using an official Signal client, imported message history from the backup, and, after that, Pixel became my main device for Signal and I was able to safely remove Signal from the iPhone.

Of course you can keep using Molly after re-registering the phone number if it works for you and you are willing to trust a third party.

WireGuard

I prefer not to expose services to the internet unless it's absolutely necessary; therefore I use a VPN to connect to my intranet (the VPN gateway is physically outside my home network on a rented server). On my iPhone I use the official WireGuard app. WireGuard for iOS has a neat feature: on-demand VPN with inclusion and exclusion of SSIDs by name. I don't need a VPN connection to reach my home server when I am home. I connect to all my services using domain names. But I connect to the VPN immediately (and automatically) when I leave home and the phone switches to mobile broadband. The DNS resolver understands from which subnetwork a query has come and returns the LAN or VPN address of the home server, respectively.

There isn't that much added overhead (not enough to always notice) if I were to keep the VPN connection 24/7; streaming 4K still works over VPN, but why would I accept any overhead and battery drain when I can avoid it? Besides, I use TLS in the intranet, so connection to, for example, Nextcloud in the LAN is still encrypted. Thus, I don't need to secure a connection between peers with WireGuard if both peers are in the home LAN.

The thing is WireGuard for Android doesn't have the same feature. It doesn't support on-demand VPN activation and deactivation, so I had to look for an alternative. For now I settled on WG Tunnel, though I usually avoid third parties. It's a WireGuard client that supports many nice features, including on-demand VPN (auto-tunneling, in the terminology of the app). It does need permission to track precise device location because Wi‑Fi SSID is precise location information on Android. Apart from constantly checking my "location", which is followed by a little blue dot in the top right corner of the screen, I don't have anything to add. The app does what it promises to do.

Alternatives would be:

• Official WireGuard app and exclusion of LAN IPs (but it will be applied to any Wi-Fi SSID, not just mine; thus I didn't go this way)
• ZeroTier or Tailscale. As they prioritize peer-to-peer connections, the client will connect to the home server directly when the Pixel is home. Yet there will still be minor overhead from encryption and possible brief connections to the overlay networks and supernodes.

So far WG Tunnel doesn't drain the battery and gets the job done, so I don't really need to change it.

Camera

GrapheneOS comes with its own default camera app. It's fairly simple.

Many GrapheneOS and other Android users praise Pixel Camera for its image-processing algorithms. Maybe it's a side effect after a while with the iPhone 17 Pro, but both GrapheneOS Camera and Pixel Camera output a quality that is a clear downgrade compared with the iPhone 17 Pro (which is expected), and thus neither camera app impresses me. In good light, both camera apps are somewhat okay. In a dark environment, neither is good, but I see noise created by Pixel Camera's algorithms on top of a meh photo quality. So I don't really have any reason to use Pixel Camera; I stick to the GrapheneOS Camera app. I'm sure Pixel Pro would excel with Pixel Camera; it just doesn't seem to be the case with Pixel a.

Epilogue

Oh wow. This blog post is wildly long. I totally understand if you fed it to something like Summarizer from Kagi. And if you did read it yourself, thank you. I hope this helps someone decide whether it's a good idea for them to switch from an iPhone to a smartphone with GrapheneOS. In March 2026, Motorola and the GrapheneOS Foundation announced a partnership, and this post gives me a lot of hope. GrapheneOS on something like the Motorola Razr Ultra (flip phone) would be my dream come true, so maybe we won't be limited by Google Pixels in the foreseeable future, but let's see.

It will initially be flagships similar to the current generation Motorola Signature, Motorola razr fold and Motorola razr ultra since those will be the 2027 devices meeting our requirements including the expected updates and hardware memory tagging but it can expand over time.

So far it's been a great ride. GrapheneOS and the Pixel 10a don't disappoint and set a new baseline for me for how a smartphone should look and feel in today's world. Big kudos to the GrapheneOS team and all the amazing people behind the software that I use daily - not just the OS, but everything from the Linux kernel to the note-taking app I'm using right now. You are real legends, and unlike big tech, you truly make the world a better place.

Thanks for reading,
Oleg