I wanted to ask the forum what they think about GrapheneOS and CalyxOS. What are their differences and what are the things the one or the other does better privacy or security wise?
from my novice point of view about both Operating System:
CalyxOS is using the AOSP Security without improvements to it. instead of Google services you have the option to install MicroG a OpenSource implementation of the Google services. To Note: MicroG gets system level access as far as I understood.
GrapheneOS greatly improves to the AOSP Security model and does not use MicroG. You have the Option to Install the original Google Services in a Sandbox. Basicly Google Services do not get System level Access.
Both are an improvement to a standard Google Android System in terms of Security and Privacy.
Which to choose depends on your Thread Model, use case, preference and what you want from your Phone and Phone OS.
GrapheneOS only Supports Pixel Phones, CalyxOS also supports one or two other Phone models besides Pixels.
The Websites of both Projects have really good Documentation and I recommend to read them both for a better picture.
Also on YouTube you can find a lot of videos about both OS
Personally I am going to get GrapheneOS on my next Phone as I find the concept of removing the system level access from Google services better than exchanging the system level access to an alternative that still communicates with google.
Hey thanks for your input!
I have read both documentations specifically on microG and sandboxed Google Services and in my understanding both solutions would send the same amount of data to google. With microG only the needed data is sent and with sandboxed Google Services the sent data is limited because of how unprivileged Google Services are. So if we are talking about the compatibility tools they are on the same level privacy wise but not on the same level security wise because sandboxed Google Services are much better isolated than microG.
Is my assumption correct?
The sandboxed Google Services also do not get access to your Hardware identifiers like IMEI and SIM id number.
About security: I do not know that, but I assume that sandboxed google services are more secure and they are the original google services and google is really really good with data security.
I think that if you’re looking to improve your privacy and want to go further, CalyxOS or GrapheneOS will both cover most people. If Stock Android is the baseline, I would say that Calyx goes one step further for privacy and Graphene goes one step further than Calyx.
Though I do wonder if that’s still the case. I know it’s conventional wisdom, but also technology and teams change so that doesn’t necessarily mean it will always be in this order.
Also curious about this faceoff. For me, features of either seem sufficient so it comes down to which project I think is more stable and supported going forward.
I kind of hate the drama associated with GrapheneOS but following both on Twitter I can’t deny they seem more agile than CalyxOS unless there’s an update channel I’m not seeing. GrapheneOS has been on top of Android 13 with constant updates to the community and software released, CalyxOS has been silent.
It kind of flipped my initial instinct to go with CalyxOS, now I’m leaning toward Graphene unless/until the drama actually spills over into affecting the software.
I think my comment from two months ago still stands.
Regarding the drama, I think that unless it’s something that factors into your threat model, you’re probably fine going with the ROM that works best for you.
Interesting to hear that Graphene is leading the charge on Android 13. That’s something I’m watching for a potential switch to a custom ROM from stock Android.
Hi . Personally, I think both GrapheneOS and CalyxOS are great options. I have been using CalyxOS for the last 6 months and have found it to be a stable well maintained experience. I am aware that GrapheneOS is also a reputable project, although I haven’t used it so will allow others to comment on stability/usability. Also a thing to note is most of my apps are open source and self-hosted (like Nextcloud), so that may affect stability.
I’m using GrapheneOS right now, but I have used CalyxOS in the past and just want to say that they are both much better options than stock Android.
I might be biased since I’ve used it for longer, but GrapheneOS is slightly better in my opinion since it has some amazing security features that CalyxOS doesn’t.
CalyxOS is for those looking for a privacy friendly OS that doesnt break any apps and runs fast and well. GrapheneOS is for those that want additional security (privacy-wise there isnt a difference between the two) but that comes at the cost of speed.
I chose CalyxOS because I dont need the extra security of GrapheneOS but wanted the compatibility, the speed, the battery life of CalyxOS.
This actually isn’t true on modern hardware, and was only was noticeable on ancient Pixel 3/3XL series using eMMC and was related to a feature called “Secure Exec Spawning”, essentially default Android tries to re-use old processes rather than spawning new ones, and this can be used by attackers to exploit vulnerable code.
Graphene has a number of important differences. It’s also worth mentioning they’ve also got other features such as storage scopes that CalyxOS does not have. The network permission toggle is much more robust than a stateful network firewall for denying/allowing internet access to apps.
There is not really anything that CalyxOS does that you can’t do with GrapheneOS. CalyxOS is basically AOSP with some bundled apps.
I think they both are pretty good. Personally I use Havoc and it seems to work without any problems.
About sandboxed Google Play Services: The point of a degoogled phone is that it doesnt send data to Google, right? So then, why would I want sandboxed Play Services that do send data to Google (or did I misunderstand this part)? Whereas with MicroG, no data is sent to Google (unless Google Device Registration is turned on).
After reading your post, my statement still stands. Both are equally as private. If you are after security, by all means, go with GrapheneOS.
The amount of data that is sent to Google is actually quite minimal. All MicroG does is shift your location provider, which you can change on GrapheneOS anyway.
The main reason why sandboxed play services is better is because it is confined by the
untrusted_app SELinux policy as opposed to having the far less restrictive
system_app policy. Sandboxed play services can also be run in a specific profile, which is restricted, and only allowed to run at certain times or do certain things with the device.
When a newer version of Android comes out, it won’t hold you back on an old release, and is less likely to have compatibility issues.
As for services like Privileged eSIM Activation, this is disabled by default on GrapheneOS. The app has the
READ_PRIVILEGED_PHONE_STATE permission which gives Google access to your IMEI. On CalyxOS this is enabled by default, whether you use MicroG or not. This means Google still has access to your hardware identifiers regardless of whether or not you need eSIM activation and can be accessed persistently. It’s also worth noting a device running CalyxOS still talks to Google plenty.
In just one plain sentence:
Calyx is less secure and less private than GOS and has a different skin.
The full list of differences is far too long to write down here, but a few hardening examples of GOS that are better than on Calyx:
- Better usage of profiles
- A better hardened default browser (Calyx’ version of Chromium uses 20 of the 87 security patches GOS uses for Vanadium)
- A more hardened kernel (Calyx uses basically the same as stock Android, GOS takes a lot from the hardened Linux Kernel and KSPP)
- A more hardened memory allocator
- Secure Exec spawning (fresh processes. Calys uses the less secure Zygote model)
- GOS has more hardening possibilities in the settings (e.g. storage scope)
There is probably hundreds of more differences where GOS is more secure. As security is also privacy, you should expect GOS to be much more private as well.
Unless you have a very specific use case that works better on Calyx than GOS with sandboxed GAPPS, there is no reason to use Calyx instead of GOS.