I dont want to start a fight or anything like that, I have to decide between these 2 and cant figure out which is the best and why, mostly because if you ask on X they just start swearing to each other without giving any real explanation, can anyone help a person who want to embrace privacy and anonimity?
GrapheneOS is unmatched when it comes to security features including hardening. Don’t get me wrong calyx is great and when you like to use microG then it’s there. With graphene you can also install google play and framework (if you wish so) but in a different approach. It’s like a normal app. So you can do it with network access given or not even etc… it’s worth to test out also the profiles and separate your life into profiles… you can have on one google service on one not etc… and all getting push notifications. Most banking apps work (to be honest very had any issues.)
With calyx like I say it’s a privacy but not security hardened approach. And calyx been back in security updates what been pushed from google sometimes for months. For me it’s a clear choice but it’s your call…
I still dont understand how the graphene sandboxing is better than microG that is a randomized ID more or less, why I should install feds apps on my phone? even if they’re sandoboxed
its down to your threat model, microg runs as root, sandboxed play runs as a normal app.
There is one philosophy that says the less privileges the better, the smaller the risk surface
oooh ok, now its all clear, thats why people blame microG for security stuff, thats right didnt thought about that at all, damn dumb me fr, thanks man, thanks for the help
You can choose not to use it at all. My main profile does not and all work fine. Non privacy respecting/ goggle dependent apps I keep in a separate profile.
You can’t do that on calyx.
Since play on GOS is toothless , while microG is a hacked up job yea it’s better. Microg is ofc amazing , but still a have issues.
Both are good solutions however if you’re on a supported phone I would pick GrapheneOS every single day.
CalyxOS (and the supported devices) expose you to a classic “evil maid attack” applied to phones. There’s also other privacy implications of mishandled stuff in CalyxOS.
If you want a detailed explanation read this https://lemmy.world/comment/4962467 and my comments bellow it:
As usual if you’re looking to have any security (Verified boot) GrapheneOS + Pixel phone is the only options. I really don’t get it how come people(…) are okay with having a phone with all their personal data and logins without verified boot. Stolen / lost phone and game over.
Doesn’t Android have file based encryption by default since a while now??
if someone can compromise your bootloader in an hotel or some other public place then they’ll get to your data either way once you turn on the phone. This is one very small and very important detail that all those tech youtubers pro-privacy, security and whatnot love to ignore as it is the really hard one that makes all the difference. Secure boot is a complex subject and it requires a lot of work and checks to make sure nobody tempered with your device and Graphene / Pixel are the ones that really give a shit about that (except for Apple that wants to block jailbreaking and pirated Chinese app stores at all costs).
switching to another ROM on a phone with non re-lockable bootloader is a downgrade from the stock ROM?
It depends on your goal. If you plan to have any kind of boot / data security and the device can’t be re-locked with an alternative ROM you’re essentially better with the stock ROM in a locked state. Now that’s kind of personal choice, I believe the instant damage done by someone stealing your phone and getting your data (because your bootloader was unlocked) is considerably larger than the privacy implications of running the stock / vendor Android. For what’s worth if you can root your stock Android and firewall everything that seems suspicious it might be better than running an alternative ROM without a secure boot. Even with an alternative ROM you can run into privacy issues, take for example here CalyxOS running on Qualcomm CPUs. What’s interesting here is that this issue doesn’t happen in Graphene because they’re actually better.
Not sure because I rooted my calyx spare, and it was a while back since I used it… I thought calyx also had locked bootloader?
perfect I’ll take a look thanks
Just copied over the most relevant parts of the discussion with other users.
I use calyx on a spare phone, graphene on my regular. Graphene is better security wise, and better privacy wise.
If your device can run graphene is go for it.
Graphene for example are using a sandbox Google play that’s not have any special privileges. Which you can choose to use or not. Or use in a separate profile. Calyx comes with microg from the start. Which still uses proprietary stuff. Just the hardened malloc and other stuff under the hood on graphene makes it a better option
what about battery life? I heard that calyx can stay on for a long time without any issues because there are no actual background apps but I didnt heard anything about that for graphene, can you confirm that since you use it as daily drive?
Amazing battery life , comparing a new install of calyx and graphene it’s a ton of difference. Calyx looks bloated in comparison with graphene. There’s basically like 5 apps on a new graphene install. Just running microg takes a lot of stuff to run.
perfect, thanks for the help.
