GrapheneOS vs CalyxOS (In-depth-ish), which should I choose?

Greetings fellow privacy fans! I know that this topic has been discussed to death, but I feel as though this can add to the overall discussion. This also may hopefully end up a being a decent summary of both ROMs.
With the Pixel 6a coming out soon, I am looking to flash either CalyxOS or GrapheneOS. I would like to choose the correct OS for me before I get the phone, as once I flash one or the other, I do not see myself changing it.

My threat model does not require the greatest security of all time, but something that could at least prevent someone from getting into the phone if it sat unattended for short periods of time. I would prefer as much privacy as reasonably possible. (Being anonymous is unimportant for my threat model.)

Recommendations from a few privacy centered people.
Techlore: On the resource page Techlore recommends CalyxOS. (If I remember correctly Techlore used to recommend GrapheneOS first before trying CalyxOS, not sure anymore due to the drama.)
The New Oil: Seems to recommend GrapheneOS (Recommends CalyxOS too, but leans more towards GrapheneOS)
The Hated One: Recommends GrapheneOS (Seems to be for more extreme threat models.)
Mental Outlaw: Recommends CalyxOS (He believes good operation security to be the key to privacy.)
Privacy Guides: Recommends GrapheneOS on Pixel 6 devices. (Only recommends CalyxOS for OnePlus phones and Fairphones. Not sure why they only recommend GrapheneOS otherwise.)
(These sources are certainly not exhaustive, but I believe these are certainly some of the most trusted.)

(Corrections encouraged, its why I posted.)
Both can be completely de-googled, but that is impractical so both ROMs have a solution. CalyxOS’s solution is micro-G. It runs with important permissions (not sure on the official terminology) but sends less data back to google than regular google play services. Graphene’s solution is sand-boxed google play services. This sends less data too and be can be tuned to what permissions it has, and therefore what data it can send (please correct me if I am wrong about sand-boxed google play.) It also runs with less permissions.
If possible I would like to choose which apps get to use or not use micro-G or sand-boxed google play services. I know this can be done with user profiles, but at this time, it disables notifications on the user profile not in use, which is not a feasible option for my use case.
Do work profiles solve this issue? And if so, would this put CalyxOS in a slightly better position as they have built in work profiles and do not rely on a third party app to create a work profile?
A final privacy note is with E-sims. CalyxOS still sends phone information to google with E-sims. (I believe the specific information sent is listed on the Privacy Guides website.) Which I assume to only be an issue with phones that support E-sims. But is this even an issue if someone decides to just not use E-sims? Can this be disabled? Or is this just something CalyxOS needs to improve?
(Final note, on privacy I will not be typing anything about location as I plan to keep anything to do with location off.)

From my simple understanding, GrapheneOS improves upon the default AOSP security standards and CalyxOS maintains it. I have only partially read the GrapheneOS website on what improvements GrapheneOS makes to security, and while some of the improvements sound like they would be cool to have, I am not sure that I actually need any of them. Anything that is practical let me know.
(Passwords for example, GrapheneOS extends the allowed length past 16 characters. But I cannot use something like KeePassDX to access my phone so I have to physically type the characters, typing 16 for me already takes a long time so is it really worth it to have more? Is there a better way that avoids bio-metrics?)

CalyxOS performs the same if not better than default AOSP. GrapheneOS due to hardening is slower than default AOSP. This is my understanding from Techlore’s comparison video (Which seems to have been taken down due to age if I am not mistaken.) My main question being, is this still the case? Or due to the Pixel 6 having physical hardware improvements, do the two ROMs have similar performance speed? Or is performance speed completely different from what I have described here?

The people behind each custom ROM.
GrapheneOS I believe has a small team of at least two members to my knowledge. The leader seems to have intentionally gotten into drama. While this may have in no way affected GrapheneOS as a ROM, it does not inspire confidence. CalyxOS is made by the Calyx Institute which to my knowledge (again), is also a small team. I thought I saw somewhere the Calyx Institute got into some drama? This may just have been from someone who is trying to insight a privacy scare. But I would still like to verify anyway, as it may or may not affect my final decision.

Before I close, I have one final concern, support. If you couldn’t tell, I am waiting for the 6a to save money, as it is basically a cheaper version of the 6. I have heard that CalyxOS supports phones a bit longer than GrapheneOS. I am aware that google themselves have to provide security updates to the pixel, but I would like to not have to buy another phone for as long as possible. And if CalyxOS does support what they can for just a tiny bit longer, it may sway my decision.

Well that was long. Looking forward to replies!

(There is a good summary of questions in the replies.) (Also why did I get a thumbs down? I am confused.)

1 Like

Hi :slight_smile:

both GrapheneOS and CalyxOS are very good options for Private and Secure Phones :slight_smile:

you already mentioned the biggest differences between the two.

for choosing which to use: that depends on your thread model, your use case and which OS you like better and or feel better with :slight_smile:

The Reason why Graphene has a shorter support time for hardware is: they only Support a Pixel as long as its getting Security patches from Google. Not getting Security Patches for the Hardware from the manufacturer makes a phone increasingly insecure with time as bugs and exploits do not get patched anymore.

As for why Graphene only Supports Pixels: Because they allow flashing of 3rd party Operating Systems with their own keys for Secure Boot so after the installation the Boot loader can be re-locked and the Android Security Model can be preserved and the Pixel Phones have one of most Secure hardware Architecture of modern Phones.

this Thread: How private is using the sandboxed Google Play Services?

and this Thread: GrapheneOS vs CalyxOS

also go into the differences of Graphene and Calyx where you can also find some additional input :slight_smile:

I hope it helps. just know either Operating System will greatly increase the Security and Privacy of your Phone compared to the the Operating System Phones that come preinstalled on Phones.

1 Like

Thank you for your reply!
I have actually read GrapheneOS’s reason for only using pixels and why GrapheneOS only supports as long as google gives security patches and it makes sense. I have also looked into both of those threads. I am mainly looking for the answer of these questions from the main topic. (Hopefully this reply makes this more clear.)

Are any of the sources I mentioned untrustworthy?
Do work profiles solve the issue I mentioned previously?
Is there a way or method solve the E-sim issue with CalyxOS?
Is there something major from GrapheneOS that I am missing security-wise?
Is performance of both ROMs similar to what was shown in one of Techlore’s unlisted videos?
Was there any drama only involving CalyxOS, or have I been lied too?
And finally does CalyxOS give updates longer than google provides firmware updates?

E-Sims: On GrapheneOS you first need to install Google Services to be able to partition new eSIMS. already installed eSims keep working. No google needed. I do not know how it works on Calyx I asume it works with MicroG.
On Graphene you can install Google Services (no need to log into the Google Services) in a separate profil, partition an eSIM and then delete the profile and the other Profiles can keep using the eSIM without the need to install google services on them.

Work profiles: I dont exactly know if they isolate google services on calyx, but on graphene Cross Profile notifications are currently in develpment (it will not helping now, but in the future)

About the Drama: I dont know any details (I avoid Drama online, life is too short and there is too much drama online )
without taking any sides: Strong Opinions by Strong personalities (I hope its the right term, english is my 2nd language so sometimes meanings are lost in translation) as mentioned above, I dont know enough about it to form an informed opinion

The Sources: Honestly I am too new to the Privacy online community to tell you which source is trustworthy or untrustworthy as I am still in the process learning stuff and I only know half of the ones you listed.

Performance: On a Pixel 6 they should perform very similar. About the Video I cant say as I dont know it as its unlisted.

Updates: I do not know.

I hope my limited answers could help you somehow :slight_smile:

Regardless which Operating System you choose, they will greatly increase the Privacy and Security of your Phone compared to stock :slight_smile:

When it comes to how to interpret drama in an open source project that’s security related, I don’t have a ton of experience but here are my thoughts. You would need to look into what exactly are the claims being made by people and if they hold up. The privacy-conscious community is small, and the number of people who make software for us is smaller still. It only takes a few people to make a stink.

Now, does that mean that a project is not secure? Not necessarily. Because it’s open source it can all be verified. Both ROMs are still recommended by the broader community. However, if you’re trying to include drama as part of your decision making criteria, look at recent examples of FOSS projects that were intentionally sabotaged by their developers. If you see behavior in a project’s community that is in the threat model you are trying to protect against, like harassment, consider whether you are fine with that community providing a given tool for you.

I could be speaking from inexperience here. I know we can all get passionate sometimes so I think we can be gracious in this area.

Yep. Note: Graphene OS is fully de-googled by default and lets you completely remove sandboxed play services if you installed them. On Calyx OS you get to choose on first startup whether you want to install microG or not. If you choose to install microG you can’t fully remove but disable it (similar on how to on stock android).

microG uses signature spoofing so apps think that microG is signed by google and this way is also valid. This requires microG to have some high privileges and being installed as a system app. This means that microG becomes a higher target because it’s less sandboxed than other apps. On GrapheneOS sandboxed play services are on the same level as any other apps. It doesn’t have access to anything on the system level and can only have as many permissions as you grant it as a user. I think both solutions send approximately the same amount of data to google. MicroG sends less while sandboxed play services limits what can be sent.

read this: Usage guide | GrapheneOS
You probably talk about the time apps take to boot.
It’s a security feature and it’s mostly noticeable on older pixel devices but if you would rather have faster app spawning you can disable this in the settings.

Calyx and Graphene can only update as long as Google provides updates for the devices. Calyx goes a bit further and continues support for the open components of a phone. Here is a quote from their website:

[…] are no longer being updated by Google, so the CalyxOS releases for these devices only contain the fixes to the open source components, such as the OS code and the Linux kernel. Proprietary components such as the bootloader, modem firmware, and other firmware no longer get updates.

Personally I think I would go with GrapheneOS since it seems to do most of the stuff Calyx does but better.