Yeah, Graphene does updates, GP sandboxing, and direct configuration type stuff that is next level better than a typical swap ROM. The entire reason why Graphene uses the pixel is not because of the hardware but because of the (trusted protection module) TPM chip on pixels. It is the same chip as secure boot on a PC.

The basics of TPM is that it is like a microcontroller that generates and stores encryption keys. It can generate a key internally that can never be extracted or accessed through communication with the TPM chip. You can send it a hash to verify a match with a key it owns and it will verify any encryption. Graphene is using this feature to create keys and a secure system that can be verified and can get OTA updates all the time securely. You can use an old device to confirm that your device is secure too using a provided authorization app.

Custom ROMs often are terrible about security and how Android actually works. Things like adding root to a device or any of the packages that are capable of modifying the kernel are super sketchy dangerous. You’re a user just like every developer for every app you use on Android. This is how it just works while knowing about networking and securing an operating system is not required. The entire model is designed to fail safe. The moment you start changing packages available in the kernel there can be problems.

Graphene handles this by only giving root access over USB. Vanadium is also quite outstanding and far more than just a browser. At first you’re likely to try to use a ton of apps like you may be accustomed to doing. After a few years with Graphene, you are more likely to greatly limit your apps and only use vanadium for everything. With my setup on a 2 year old device, I still get over 2 whole days of battery life; nearly the same as when new. I’m not using anything from Google and have around a dozen apps total. I’m also primarily on a network that blocks all undesired connections on a whole different level than adblock.

Graphene is technically more secure than Lineage, because you can re-lock the bootloader.

But wait, the latest versions of Lineage you can re-lock the bootloader on Pixel devices (or is it with DivestOS, a Lineage fork, on Pixels? I forget). Either way, both can be re-locked on Pixel (I know, I’ve done it).

At that point there’s little difference in my opinion, if you aren’t using any kind of Google services.

Once you go to use Google services (either sandboxed on Graphene, or microG on Lineage), it can be argued that Graphene is more secure. Though Lineage and Divest install microG as user apps, so you could install them to a second profile and isolate it there.

But if you’re going to run some form of Google services, you’re kind of negating the advantages of Graphene at that point (though some would argue it’s still more secure, again, depending on your threat model - if a state actor is after you, don’t go putting Google stuff on your phone).

Really it all comes down to your threat model. I’m currently running DivestOS on a Pixel with microG, because there were a few apps I still needed. My next reset (in about 3 months) that will be gone, and I’ll no longer need anything Google. But I’ll probably stick with DivestOS, as there’s no clear advantage for me to switch to Graphene.

I really wish there was a way to run microG with graphene. I don’t want google binaries on my pixel at all if I can avoid it.

Till then, Calyxos with microG is privacy respecting but likely won’t resist feds trying to get at your data. If you’re just looking for strongly improved privacy and some moderately improved security, Calyx is pretty nice.