I want to install and use Graphene OS on my Nexus 5x. I want to unlock the bootloader and install it as a custom ROM, but I have a question here. If I install it on my Nexus 5x, is it safe to use? Can I still use it without compromising security (especially WebView and sandbox)?
You can’t install GrapheneOS on your Nexus 5X because Nexus 5X devices are not supported. Read here: https://grapheneos.org/faq#device-support
It needs special hardware only present in certain Pixel models
Which is more secure, Grapheneos or android 10 , LineageOS on Nexus5x?
As always, it depends on your threat model and use cases.
You have to consider:
- Updates for the operating system
- Updates for firmware of the smartphone
- Future update support
- Pre-installed software on the device
- Default configuration of the device
- Interfaces of the device
- Services on the device
Then, there are many different things that can be considered relevant for security like password strength, file-based encryption, authentication standards that are supported, and many more.
For your nexus, I think, going for lineage OS with microG would probably be your safest bet.
As for the most secure you could get with it.
I am not a xda-dev however my guess would be pure AOSP build rom with all tracking removed,
and no gapps, neither microG, only install from f-droid.
Also keep a minimum amount of apps for each task you might have because the more apps, the more potential of one of them getting an exploit or vulnerability.
(increases attack surface).
Keep in mind that LineageOS isn’t 100% Google-free; even without GApps. Just a friendly reminder since some people assume that LineageOS is completely Google-free. However, using LOS vs. your stock ROM is more like using a Chromium fork vs. Chrome. LOS is still Android/AOSP.
Furthermore, the vast majority of LineageOS builds comes without any updates for the firmware of the device since the firmware is oftentimes proprietary. So, even a current LOS on your device doesn’t fix the security vulnerabilities in the firmware of your device. To make this more obvious, Google introduced to different patch level indicators for some devices. Some people run a current Android, but the firmware patch level is ancient.