Tried-and-tested building blocks that make any smartphone more private – even without GrapheneOS: an encrypted DNS with ad blocking, privacy-friendly email providers, good apps and the custom ROM landscape. Clearly explained, with further sources.
The simplest lever with the biggest impact: an encrypted DNS resolver that blocks ads, trackers and malware right at the name level – system-wide, in all apps and in the browser. Our recommendation: dnsforge.de (servers in Germany, no logging, DNSSEC).
Works on any Android (even without GrapheneOS), without any app:
Settings → Network & internet → Private DNSdnsforge.de, save – done.Add it as a custom entry under "DNS over HTTPS" / "Secure DNS":
https://dnsforge.de/dns-query
On iOS you download a configuration profile from dnsforge.de and activate it under "VPN & Device Management".
| Variant | Private DNS hostname | Additionally blocks | For whom |
|---|---|---|---|
| Normal Default | dnsforge.de | Ads, trackers, malware | The right choice for almost everyone |
| Clean | clean.dnsforge.de | + child protection & SafeSearch | Family/children's devices |
| Hard | hard.dnsforge.de | very strict lists, no exceptions | Maximum protection, occasional broken features acceptable |
| Blank | blank.dnsforge.de | no filtering – encryption only | Pure DoH/DoT without blocking |
Gmail & co. fund themselves with your data. These providers focus on privacy, an EU location and fair paid models. A curated selection – Kuketz maintains the detailed, continuously updated list here.
German provider, very feature-rich (calendar, cloud, custom domains), encryption options via PGP. Location & jurisdiction: Germany.
DE · from ~€1/monthConsistently sustainable & can be registered anonymously, no ads, PGP & mailbox encryption. No custom domain hosting.
DE · €1/monthEnd-to-end encrypted by default, its own format, open-source apps. No classic IMAP – but very tightly secured.
DE · free tierSwiss provider, end-to-end encryption, a large ecosystem (VPN, Drive, calendar). Open-source apps.
CH · free tierFrench provider with good privacy, family plans and an EU location.
FR · free tierInfomaniak (CH, very data-minimal) and Disroot (non-profit, NL) are solid alternatives for different needs.
CH / NLYou'll already find a compact selection of proven, privacy-friendly apps on my Software page. For the broadest, categorized and constantly updated list, it's worth checking the Kuketz recommendation corner.
Messengers, browsers, password managers, maps, mail & media – with the best source noted for each (F-Droid, Obtainium, Aurora).
The extensive reference list sorted by category, with reasoning. Ideal for browsing and looking things up.
GrapheneOS is my clear recommendation – but not everyone has a Pixel. Here are the most important alternatives, honestly classified.
| ROM | Devices | Focus | Assessment |
|---|---|---|---|
| GrapheneOS Top | Google Pixel only | Maximum hardening + privacy | Best choice if a Pixel is an option |
| CalyxOS Check status | Pixel (among others) | Privacy with a microG option | Solid, but development paused in 2025/26 & delayed updates* |
| /e/OS (Murena) | Many devices | Convenience, Google-free, own cloud | Beginner-friendly, weaker hardening |
| LineageOS | Very many devices | Long update support for old devices | Good against e-waste, but no security focus |
| Volla OS EU hardware | Volla Phone (DE) | Google-free, minimalist, preinstalled | Ready-made German hardware, weaker hardening |
| Ubuntu Touch Linux | Volla, Fairphone 5 and others | Linux OS with convergence/desktop mode | Maximum independence, a different app world |
| iodéOS / DivestOS* | Various | Tracker blocker / hardening | Niche; check project status before use |