GrapheneOS on a Pixel 7 is one of the best decisions I ever made. You can sandbox the shit out of all apps and granularly control the permissions in addition to outright cutting off network access to apps that would otherwise be doing background telemetry garbage all the time.
If you're terminally online and just can't imagine life without all the first party Google apps, you'll disagree with me. But otherwise it is a great decision. F-droid and Aurora Store are awesome. (You can still manually install and use stuff like the Google camera app, Maps and others. Just never sign in to first party G Apps, be careful with your permissions etc. and you'll retain 90% of the functionality while not having the privacy downsides.)
I've been using LineageOS+MicroG with very little google software (only maps) and it's been working great. Any reason I should switch to Graphene? I noticed the main dev seemed to have some disputes and interesting personality characteristics, so I was a bit hesitant to adopt. I also had an irrational "I wouldn't be surprised if 3 letter agencies are involved" vibe about Graphene, but nothing concrete.
The main dev that you are referring to is Daniel Micay, who has been former dev since the chad himself Louis Rossmann called him out for his toxicity back in May. I see GrapheneOS as the most secure, most private (without sandboxed google play), and the most usable privacy focused ROM. However, I should state in the rare instance where MicroG gets by enough and you don't need actual play services, a ROM like LineageOS or CalyxOS running MicroG will be more private, albeit less secure, than GrapheneOS with sandboxed Google Play.
Pick your poison.
They are all solid in my opinion just depends on your use case. But overall I would put GrapheneOS on top.
That's quite a statement, are you sure about that? The Graphene team has done a considerable amount of work sandboxing the environment of Google Play, both in memory, permission structure, and IO access that MicroG completely blows past. Given how the Graphene sandboxing works, I actually can't think of a scenario where the statement that MicroG is more private than Graphene sandboxed Google Play. In either scenario you don't have to log in, so I'd much rather have an environment that has been isolated than tooling that still has tendrils reaching into the main OS itself (MicroG).
Yeah one important key is not logging in. If you use Aurora store to install apps, and don't log into any Google apps, Google can't be certain of your identity enough to tie it to your previous Google account. I guess they could probabilistically match you based on stuff like your location in Maps app vs. a previous normie device known to be "you".
One thing I'd like to test is the implications if you log into Gmail on the hardened Vanadium browser and then log out. I would think it would still be pretty safe on Graphene because Google would have no access to other apps activities on the device and even location requests don't get routed to Googles geolocation service unless the user specifically turns that back on.