What phone is currently ideal for GrapheneOS?
We have had a few OEMs who have wanted to work with us but so far none has been able nor willing to follow through on what we want with security requirements. We aren't going to support a device that is less secure than what we support already and if something were to go wrong on that device we will get the blame for their incompetence or lack of ability to provide such security that we were able to use elsewhere.
https://grapheneos.org/faq#future-devices
Other sane OEMs do anticonsumer practices, like Samsung with having an eFuse that breaks security features (and the camera in some models) when you want to use another OS. This shouldn't be a thing, but sadly it is.
We still want more devices and are still looking for OEMs. Buying a device secondhand will stop you giving money to Google as another means. DivestOS is an option for non-Pixel devices who use a small amount but not all of our enhancements, but it's mainly used for harm-reduction for insecure end of life devices.
Discussion
Pixel 8 and later due to the support of hardware memory tagging. This is a humongous security benefit the other phones do not have. We use MTE throughout the OS and the Vanadium web browser.