[HN Gopher] CalyxOS - De-Googled Android Alternative
___________________________________________________________________
CalyxOS - De-Googled Android Alternative
Author : ssklash
Score : 434 points
Date : 2021-08-06 17:07 UTC (5 hours ago)
(HTM) web link (calyxos.org)
(TXT) w3m dump (calyxos.org)
| joecool1029 wrote:
| > microG replaces some functions of Google Play Services while
| maintaining much more anonymity and privacy.
|
| I've said it before and saying it again on here for those that
| don't know: microG breaks the security model on android and adds
| in package signature spoofing. It's the only way to add a fake
| Google Play Services without needing to pull Google blobs. This
| is why projects like LineageOS are against using this method, it
| weakens overall package security.
|
| However, it is still possible for the tinfoil hat crew to not use
| Google play services with OS like LineageOS. This will of course
| break some functionality (apps will have to poll instead of
| relying on push) but it will not break the security model.
|
| I'd like a different, better set of options to choose from but we
| don't have it at this time. Most users should probably choose a
| minimal Google Play distribution if they value things like
| battery life and working apps while still maintaining protections
| against spoofed apps.
| josh_today wrote:
| Funny that you're using "tin foil hat crew" the day after Apple
| announced snooping on everyone's pictures
| genewitch wrote:
| Also google has never ever used users' data to turn a buck or
| anything.
| collsni wrote:
| Yeah more like a "baseball cap crew" these days.. lol i dont
| trust corporations.
| cdesai wrote:
| I've said this in another comment, but I'll duplicate here:
|
| The microG creator goes into more detail about signature
| spoofing at
| https://github.com/microg/GmsCore/issues/1467#issuecomment-8...
| The concerns usually raised against that are due to the
| "default" patch included in their repository, which has a
| specific purpose.
|
| We don't use that, https://calyxos.org/about/tech/microg/ are
| the precautions we take to try and prevent "weakening overall
| package security"
|
| In addition, microG is optional and can be disabled on first
| install, see https://calyxos.org/features/microg/#1-microg-
| disabled
| chias wrote:
| > see http://127.0.0.1:4000/features/microg/#1-microg-
| disabled
|
| As someone who also accidentally pastes my local dev URLs
| from time to time, I feel your pain ;)
|
| For everyone else: that's
| https://calyxos.org/features/microg/#1-microg-disabled
| cdesai wrote:
| I edited the comment to fix it, thank you!
| joecool1029 wrote:
| Making it system-only still isn't ideal. It then requires a
| full OS update to push updates to microg/playservices, cannot
| just update the app components if vulnerabilities are found
| in the wild.
|
| I would like if there was stronger privacy laws or antitrust
| orders that force Google to open their service provider API's
| so people can choose alternative location/push providers, but
| this doesn't seem like it will exist soon.
|
| For many users, it's going to be the best usability
| compromise to use minimal play services and use apps that
| don't send content over the push networks (signal is like
| this, element can be configured this way).
| phendrenad2 wrote:
| If signature spoofing is confined to apps that I designate as
| spoofed (such as microg), then I'm okay with it. No security
| problem as far as I'm concerned.
|
| I'd like to see people make their own apps that don't rely on
| Google services (or faked Google services) of course, like the
| Linux ecosystem.
| cdesai wrote:
| On CalyxOS only microG can signature spoof, no other app can.
| gnufx wrote:
| But I don't want Google Play stuff. I'm just using microG for
| location services in /e/.
| flas9sd wrote:
| Calyx made an effort to sponsor and integrate the backup tool
| Seedvault (https://calyxinstitute.org/projects/seedvault-
| encrypted-back...) into their ROM - and other AOSP distributions
| benefit from this effort. Handhelds are tethered devices, its
| essential to have contacts and precious photos stored at a second
| place (online or offline) and easily restored or used when
| changing devices. A user friendly full backup solution not
| requiring root access of some sort was missing to date.
| cdesai wrote:
| Thank you for bringing this up.
|
| We're continuing to fund work on it, both ourselves and also
| through applying for external funding.
|
| Full Storage backup support (Files / Photos) was recently added
| thanks to a grant from NLnet -
| https://nlnet.nl/project/Seedvault/index.html
|
| https://github.com/seedvault-app/seedvault Contributions
| welcome!
| alfiedotwtf wrote:
| Does Seed Vault backup the _whole_ device? Last time I used
| it, I found out that apps can opt-out of being backed up,
| along with their settings. In other words, every app i
| installed didnt get backed up :(
| summm wrote:
| As if an app should have any say about if it can be
| backupped or not. 'Muhh security model'. If your security
| model includes letting apps randomly deprives me as a user
| of backups of my _own_ phone , it 's just another creepy
| google-bigbrother-wannabe.
| summm wrote:
| https://github.com/seedvault-app/seedvault/issues/165
| this is the issue, and it seems they are working on it.
| Good. What I didn't understand is why one would need to
| fake some Device2Device transfer, when one could just as
| well patch the root cause. It's open source after all.
| johnnyApplePRNG wrote:
| I made the mistake of purchasing a DOOGEE phone a few months
| back.
|
| Won't touch it now that I realize the OS is completely hijacked
| by whatever chinese company produced this not-half-bad phone. (It
| goes so far as adding a watermark of the company logo to every
| photo I take! Sure I can disable it but I just don't feel right
| putting anything of value on there.)
|
| What would happen if I tried installing CalyxOS on it? Or another
| android compatible operating system?
|
| It's not listed as compatible on any alternative android OS that
| I can see at least.
| sparaker wrote:
| I don't know if they have this, but a good feature a privacy
| centric android experience would be, to have a simple accessible
| log of what app accessed what using which permission.
| fragileone wrote:
| You're looking for Privacy Dashboard, which is available as a
| 3rd-party FOSS standalone app[1] or built into Android 12.
|
| [1] https://github.com/RushikeshKamewar/PrivacyDashboard
| cdesai wrote:
| We do, https://calyxos.org/features/ (Look for "Trusted Agent"
| to see a screenshot)
|
| The code for this was already present in AOSP, Google simply
| had it disabled / reverted in their builds. We just bring it
| back like many other Android ROMs.
| dasyatidprime wrote:
| I'd worry that translating this to an end-user-relevant concept
| of security would lead to a lot of scares, though.
|
| Probe all the files in a directory to see which ones are
| "yours": "What? Why is it accessing _all_ the files? So
| suspicious!"
|
| Require a specific name pattern or something: "I never have to
| remember to do this on the other apps..."
|
| There's a lot of these tradeoffs that in human life are
| resolved through reference to all sorts of subtle human things
| that the machine knows not of. We're at this liminal point
| where "app" software is given a bare form of "agency" from a
| social perspective as an extension of its developer, but it
| doesn't have the intelligence to negotiate over it much (and I
| think that's behind some of the model-simplification pressure
| that's encouraged heavy vertical integration).
| izacus wrote:
| This is being added to Android 12 as a feature, so most new
| builds should have it.
| bishoprook2 wrote:
| So where is my OpenBSD phone?
| cdnsteve wrote:
| I like this, along with membership enrollment so I can help pay
| to keep the project alive. Will have to test this out.
| buzzy_hacker wrote:
| Are there any resources summarizing the differences between...
|
| - CalyxOS
|
| - Purism, Librem
|
| - microG
|
| - /e/
|
| - LineageOS
|
| - LineageOS for microG
|
| - GrapheneOS
|
| And I'm sure many other Android open source/degooglers?
| phh wrote:
| It doesn't answer your real question, but still, I'll try to
| make a summary:
|
| All of CalyxOS, LineageOS, LineageOS for microG, GrapheneOS and
| /e/ are Android distributions (based on the open-source part of
| Android, with some modifications and additions)
|
| Purism (brand name) Librem 5 (model name) is an opensource
| smartphones that reduces black boxes to closed areas, while on
| most smartphones black boxes like modem share RAM access, using
| a brand new GNU/Linux (so not Android) smartphone OS.
|
| microG is fundamentally simply an opensource Android app, that
| replaces some small parts of Google Services (which are very
| big unauditable closed-source Android apps), so apps requiring
| Google Services may have a chance to work without Google
| services. However microG requires a bit more permissions than a
| standard app, that's why there needs to be a "LineageOS for
| miroG" to support microG.
|
| Now, between CalyxOS, /e/, LineageOS, and GrapheneOS:
|
| - LineageOS targets devices support. LineageOS supports many
| devices officially, and provides infrastructure to support many
| more unofficially. They also include many features, but it
| doesn't feel like they have a specific orientation, and they
| are happy to integrate with Google apps. They are the very core
| of Android community original development.
|
| - GrapheneOS is security first and foremost, no matter the cost
| to usability (their philosophy there does seem to evolve to
| open to more users recently). They do (great) security original
| development.
|
| - /e/ is market first. They focus on having the best experience
| to the user, and try to reach as many users as possible. They
| have very little original development, their value is mostly in
| communication, and providing a "cloud" account.
|
| - CalyxOS is targeting a good private user-experience. This
| goes both by having good usable defaults, and filling gaps.
| They have nice original developments in making Google-less more
| usable.
| gnufx wrote:
| Purism's Librem runs GNU/Linux, not Android; microG is a free
| replacement for Google bits in Android (Google "services",
| including location services from other sources); LineageOS is a
| non-privacy focussed, somewhat de-Googled Android; /e/ is a
| privacy and free software focussed derivative of LineageOS with
| a larger set of supported hardware; GrapheneOS is a security-
| focussed (not privacy-focussed) version of Android with rather
| limited hardware support. It's not clear to me what the
| fundamental difference is between CalyxOS and /e/ other than
| hardware support and what's built-in.
| m12k wrote:
| As someone who knows quite little about Android (currently in the
| Apple ecosystem, but considering jumping ship): When you use
| these privacy-focused Android versions without Google Play, is
| there a consistent way to get apps from the Play store to run on
| there? (e.g. download the APK from somewhere and sideload it).
| I'd really like an OS that doesn't spy on me, but there's e.g.
| some goverment ID apps, transit apps and so on, that I'd really
| not like to have to give up.
| simonmales wrote:
| In short yes.
| godelski wrote:
| You are always able to add playstore in. But of course this
| comes with some cost to privacy.
|
| There's also other app stores like f-Droid. Usually these are
| populated with the same apps but often there are ones you are
| going to have a harder time getting.
|
| Does anyone know if there's a way to do a sandboxed playstore?
| Like you can use it to download the apps and update (assuming
| this won't be automatic) but that it is contained otherwise?
| dstryr wrote:
| - Install Shelter from F-Droid
|
| - Install the Aurora store apk inside of Shelter
|
| - Open Aurora store in Shelter's work profile and use like a
| normal play store and all apps installed within Aurora remain
| sandboxed
| cdesai wrote:
| There is also a built-in Work Profile feature now, under
| Settings -> System -> Multiple Users.
|
| It basically does the same thing under the hood.
| Mikkel-T wrote:
| There is an app store called Aurora Store that Calyx comes
| preinstalled with.
| https://f-droid.org/en/packages/com.aurora.store/
| grawprog wrote:
| There's places like APK mirror or Aurora which will download
| .apk's from the play store.
|
| The problem with degoogled phones isn't not accessing the
| google play store, it's not having the confusingly named google
| play services.
|
| https://en.m.wikipedia.org/wiki/Google_Play_Services
|
| A lot of apps rely on google play services. It mostly depends
| on how much of google play services an app requires as to
| whether it'll work on a degoogled phone or not.
| calvinmorrison wrote:
| I use f-droid for most of my standard apps (note-taking,
| calendar, etc) - and since I am not using gmail, those suite of
| apps are useless to me. I use firefox for my browser, and use
| the client provided by my email provider.
|
| The worst thing is basically not having Google Maps because
| while fdroid does work, it is not condusive to 'just looking
| things up real quick'. It's more of a 90's GPS where you pull
| over, take 5 minutes to look up what you want and navigate
| there.
|
| The other issue I have is I don't get push notifications from
| CalyxOS, and I don't know why. Messages are received, but my
| phone won't show me unless i unlock the screen - and then I get
| alll the notifications at once. If I don't interact with the
| notification, it will do it again the next time I use my phone.
|
| otherwise it's been fine. I am using a google pixel 3.
| commoner wrote:
| > The worst thing is basically not having Google Maps because
| while fdroid does work, it is not condusive to 'just looking
| things up real quick'.
|
| If you're okay with a closed source navigation app, Magic
| Earth strikes a balance between Google Maps and FOSS apps
| such as Organic Maps. Magic Earth uses OpenStreetMap data but
| layers its own address search on top of it to cover addresses
| and landmarks that are not available on OSM.
|
| https://www.magicearth.com
|
| Google Maps does work on CalyxOS and so does its most fully-
| featured proprietary competitor, HERE WeGo. But if you only
| want to use free and open source software, I understand.
|
| > Messages are received, but my phone won't show me unless i
| unlock the screen - and then I get alll the notifications at
| once.
|
| Is your device configured to hide notifications when locked?
| See "Control how notifications show on your lock screen":
|
| https://support.google.com/android/answer/9079661
| calvinmorrison wrote:
| > Is your device configured to hide notifications when
| locked? See "Control how notifications show on your lock
| screen".
|
| Yeah it's a bug with push notifications I think. I don't
| care - I think it's a great feature because if I don't hear
| the buzz, I won't look until my brain decides to check my
| phone, which can be a long time.
|
| I am looking to move towards a Punkt MP-02 for my next
| device, but the fact that it's not an open source device
| that I trust... I hesitate.
| tn1 wrote:
| There are sites like APKPure that mirror the Play store. That
| particular site also has an app of their own that functions as
| an app store, which will install from their catalog.
|
| Of course, you're just moving your trust from Google to this
| other third party, it's up to you if you consider that wise.
| 0x416c6578 wrote:
| There are third-party clients for the Play Store (Aurora store
| being a good example). Aurora store uses anonymous accounts to
| download the APKs directly from Google. That being said, just
| because you can install the application doesn't mean it will
| actually work without Play Services installed. I've had quite a
| bit of luck with random applications I've installed
| (interestingly most Google apps like Gboard, Photos and GCam
| work fine offline and without Play Services), however YMMV.
| google234123 wrote:
| That's a piracy site.
| LanternLight83 wrote:
| Nah, Aurora only works for snagging free apps from the play
| store via a proxy account- you're thinking of another well-
| known APK download site starting with an A, one which
| allows users to create their own 'app stores' (ie.
| repositories) and is rampant with piracy. I'm sure it comes
| in handy for kids with more tech--savy-ness (enough to
| avoid the malware!) than literal cents.
| commoner wrote:
| > you're thinking of another well-known APK download site
| starting with an A
|
| Aptoide. I have seen pirated paid apps on Aptoide, but
| any app marked as "verified" is not pirated (as in, it's
| available free of charge elsewhere) and the app's
| signature is checked with the app's signature on Google
| Play. Everything in the main "apps" repository and some
| apps in other repos are verified.
|
| Aptoide is useful for downloading older versions of
| Android apps, especially when APKMirror doesn't have an
| entry for the app.
|
| Fun fact: Aptoide is open source and F-Droid is actually
| a fork of Aptoide.
|
| - GitHub: https://github.com/Aptoide/aptoide-client-v8
|
| - Wikipedia: https://en.wikipedia.org/wiki/Aptoide
| fragileone wrote:
| Aurora Store is not a piracy site. It's a FOSS app that
| gives you access to the official Google Play Store
| directly.
| rOOb85 wrote:
| To add:
|
| Aurora store does NOT let you download paid apps. If you
| have paid for a app, you can sign into that account in
| aurora store and download the app you bought. However,
| the paid app will most likely not work as most apps use a
| SDK provided by google for verifying purchases in a app.
| This SDK heavily relies on google play services. And
| secondly, using a 3rd party store like aurora does
| violate googles use agreement which means google could
| ban your account if you sign into it from aurora. I would
| highly advise to not use a google account you care about
| with aurora.
| mackrevinack wrote:
| ive been trying that it the last while with an old phone where
| i didn't bother logging into google when i reset it. i just use
| tasker on my main phone to extract the apk for the current app
| and save it into to my syncthing folder and sync it across that
| way. but there are other apps that will let you extract the
| apk's as well.
|
| so far only one or two have worked unfortunately but most do
| spinax wrote:
| One of the most popular ways is to use the F-Droid
| repositories, which if you know a little Linux concepts it's
| like plugging in another software repository to the same
| package manager. (see f-droid.org) It can be confusing though
| because F-Droid is both an app, _and_ the name of the primary
| software repo which is pure FOSS software (no ads, no
| trackers).
|
| The F-Droid _app_ supports adding more repositories (think like
| apt /yum/dnf on Linux) easily, so you can source software from
| anywhere which runs their own repository. One of the most
| popular "other" repos is Izzy (apt.izzysoft.de/fdroid), and
| there is an alternate project called "microG" which can allow
| you to use Google Play store apps (microg.org/fdroid.html).
| microG is how you will get your Google Play apps onto the
| device, usually (there are other solutions besides microG out
| there however).
|
| The CalyxOS install ROM includes F-Droid (app and repos) and
| offers to install microG for you on your first boot (as well as
| some other opt-in stuff). Calyx runs their own F-Droid repo
| which is pre-added to the app so you get updates from them as
| well (think the built-in apps most smartphones have).
| alfiedotwtf wrote:
| Just note that there's a tonne of apps on F-Droid that
| haven't had updates in _years_
| commoner wrote:
| That's true, but the date of the most recent release is
| clearly shown, and it's easy to avoid the unmaintained
| ones. Also, F-Droid most likely has newer alternatives for
| the kind of app you're looking for.
| jefftk wrote:
| _> pure FOSS software (no ads, no trackers)_
|
| Nit: something can be FOSS while having ads and/or tracking
| (telemetry)
| spinax wrote:
| Nit rebuttal: I was referring to the F-Droid repository
| which I thought was clear from context. These elements are
| scanned for and apps called out (tagged) should they
| contain something not-free, even connecting to network
| services like Reddit or Twitter. The are referred to as
| Anti-Features: https://f-droid.org/en/docs/Anti-Features/
| jefftk wrote:
| Sorry! I understood you to be saying that the definition
| of FOSS includes no ads or trackers, and I wanted to make
| sure no one was misled by that.
|
| Additionally, as you say, the F-droid repository does
| contain apps with those properties; they're labeled, not
| excluded.
| spinax wrote:
| Trivia: by default (unless it has changed upstream), the
| F-Droid app defaults to "Include anti-feature apps: Off"
| in the Settings. The user must go in there and manually
| opt-in to see all the anti-feature apps on the mobile
| client.
| fragileone wrote:
| Use the Aurora Store app (you can keep this updated via the
| F-Droid app), it's a client for the Google Play Store so it'll
| allow you to update those apps through it.
| dopu wrote:
| It used to be that iOS was the recommended phone OS if you were
| looking for the best combination of privacy and security. Even
| Daniel Micay (the lead developer of GrapheneOS) thought so, 2
| years ago [0]. But these ROMs are looking much more mature these
| days. Anyone have thoughts on how CalyxOS and GrapheneOS compare
| to iOS in the present day?
|
| [0]:
| https://www.reddit.com/r/GrapheneOS/comments/bddq5u/os_secur...
| fitblipper wrote:
| The thing which always makes me hesitant about these projects is
| that they don't receive frequent security audits and not having
| an expensive brand behind them makes them more at risk to being
| willing to trash their name at the cost of my privacy and
| security. I consider these to be a fairly critical part of any
| project which claims superior privacy and security.
|
| I think about it this way: Should I trust
|
| A. The company which has thousands of developers working on it
| and wants to avoid their brand being dirtied by failures in
| security and privacy.
|
| B. The small group of people who have formed an organization
| which may or may not be another Anom like FBI controlled
| software.
|
| Don't get me wrong, I absolutely want to pick B, but I consider
| it much more risky since there are a lot more unknowns around
| that. At least with A I know what I'm getting (basically a free
| flow of my info to whichever government asks for it, but cross my
| fingers they don't ask for it or that A doesn't want too broad of
| a breach of trust).
| minsc__and__boo wrote:
| There was a time I would have gone with B), but I've been
| burned by too many "companies" with almost nothing to lose
| suddenly becoming malware or some other exploitive.
|
| This new wave of privacy branding, without 3P verification,
| open sourcing, or even means of recourse seems to be the new
| frontier for these used car salesman "trust me, it's private"
| pitches.
| corebuffer wrote:
| IMO the free software group at least is auditable.
|
| I wish Replicant was able to catch up. Having blobs at the
| baseband is awful, but having the baseband accessing all RAM is
| just game over for privacy. There isn't what to trust in that
| setting.
| zozbot234 wrote:
| This is why I see projects like postmarketOS, Mobian and Debian
| Mobile as having a lot more potential. Let's be clear about
| this, these projects are _not_ practically usable right now in
| a "daily driver" sense, even compared to a simple AOSP-based
| custom ROM. But they have the right goal in place - sharing a
| _single_ , unified code base across our mainstream and mobile
| OS's.
| [deleted]
| mycall wrote:
| Google has thousands of Android developers? Interesting.
| bubblethink wrote:
| Man, stuff like this is so depressing to read. Like this is
| supposed to be a forum for showcasing new tech, projects, etc.
| What's the point of having this if people in the industry are
| going to say, "I don't like it because it's not backed by a
| trillion dollar company". What will change ?
| Kaytaro wrote:
| OP didn't say he doesn't like it, just pointing out the
| reality. But yes, the reality is depressing.
| [deleted]
| fragmede wrote:
| In offering only two choices, when the reality is far more
| complex than that, GP sets the tone for the rest of the
| discussion. There are more options, and a far deeper lake
| of information to use for drawing conclusions, so the
| simplification is also insulting, on top of being
| depressing.
| nerbert wrote:
| OP is just saying that audits would be nice, which is
| true.
| VortexDream wrote:
| If you have other options or other things that should be
| considered, then add them. As it is, you seem to be
| dismissing his absolutely valid concerns without any
| reason as to why you think they're invalid. I have the
| same concerns as he does and it's the same reason I don't
| use custom ROMs. I have no way to know how security
| conscious the developers actually are.
| taf2 wrote:
| Simple answer to a drepressing reality is to say "fuck it".
| Build it anyway. If you build it they will come. When
| Amazon was getting started selling books online - barnes
| and noble was pretty scary big who would trust paying for
| something like a book online?? The reality of software is
| the playing field is always up for grabs. Googles still a
| great company but how many great engineers are still there?
| Lot of them have left- still many remain . End rant
| ajklsdhfniuwehf wrote:
| all those phones need closed source binary blob drives to
| even power on.
|
| that's why each project is focused on a single device at a
| time.
|
| THis is all toxic to open source!
|
| The only wining move is NOT to play. If you go out of your
| way to buy the phone that some unkwown party managed to hack
| the binary blob(s) out of the official image into the custom
| one, you are losing because the quality will be worse than
| the closed source offering, always. From actual security to
| usability. And it will be driving engagement away from actual
| solutions to the problem (such as pine phone etc, which are
| also lagging, but are not as this egregiously bad)
| oh_sigh wrote:
| Many people run their entire lives off of their phones. Being
| concerned about security is prudent, not depressing.
| VoodooJuJu wrote:
| >Many people run their entire lives off of their phones
|
| This is the real problem, not the lack of security audits.
| posguy wrote:
| How far off of AOSP is CalyxOS though? Given that most
| Android users are running unaudited carrier & OEM modified
| ROMs that rarely see updates, a ROM that is very close to
| upstream AOSP is apt to be much more secure.
|
| Nevermind that many of the apps that Google ships as part
| of Google Play are not receiving security audits outside of
| Google, Google is not committing to regularly audit their
| apps or publish the results, and these apps function as
| black boxes on your phone, with privileges that most other
| apps do not have.
| chrisco255 wrote:
| Open source software has a better security track record
| than closed source software run by billion dollar corps.
| OJFord wrote:
| That's not really the point though is it? It's more like 'I
| do like it.. is it sensible to use it?' At least, that's how
| I read it, and how I feel about such things.
|
| I'd very much like my next phone to run Linux (i.e. be a
| Pinephone) though.
| thinkloop wrote:
| > I'd very much like my next phone to run Linux
|
| Why? Android is already free and open source and Linux
| doesn't have good answers for the proprietary goodies
| zozbot234 wrote:
| > Linux doesn't have good answers for the proprietary
| goodies
|
| It doesn't need to. The feasible short-term target is
| feature parity with de-googled AOSP roms, which would
| still make it plenty useful in a "daily driver" scenario.
| OJFord wrote:
| I like the level of control and ease of reproducible
| setup that I have on my desktop, and find my (Android)
| phone frustrating to use in part because it lacks it.
|
| It's not without trying either, I've worked on and off on
| a terraform provider for Android - currently apps only
| but with some vague intention to try to manage as much of
| settings as possible (not much, AIUI). It's just not
| meant to be used like that though, of course, and I wish
| Linux was a viable enough option that, at least among
| nerds already using Linux for work if nothing else, it
| didn't need to be justified for use on phones.
| shadowgovt wrote:
| I got a Pinephone.
|
| I like the idea, but it's a deeply frustrating experience
| right now. Basic table-stakes features I have come to
| assume from both Android and iOS platforms just aren't
| there yet.
|
| It's a frustrating chicken egg problem... I want the thing
| to succeed, but my smartphone is so critical to my day-to-
| day that I can either wait for it to get better or invest
| the time into having it suck on toast while I improve it.
| zozbot234 wrote:
| Yup, the PinePhone is still being worked on and quite far
| from being usable as a daily driver. To be fair, the
| Pine64 folks are also very clear about this.
| OJFord wrote:
| Oh I get that, hence 'would very much like my next to be'
| vs. rushing 'out' to buy one.
|
| I'd also have to figure out some more specifically
| personal stuff like alternatives or Matrix bridges for
| apps I 'need to' use to communicate with certain people.
| atatatat wrote:
| Disagree.
|
| The reputation of Nick Calyx (worth a look his Wikipedia page),
| or GrapheneOS team, etc, is so much easier lost than that of,
| say, Google's Android team.....or iOS security team.
|
| Having said that: Calyx shouldn't be considered much more
| secure than Android Open Source Project (AOSP). That's where
| GrapheneOS shines.
|
| Calyx should, however, be considered more private than AOSP,
| less dodgy & exploitable than Samsung etc Android
| "enhancements", aka UI/UX bloatware.
| nextos wrote:
| How does CalyxOS compare to GrapheneOS?
| GekkePrutser wrote:
| Calyx has more focus on functionality and privacy rather
| than security. On Graphene, security is always priority #1.
|
| For example: Calyx provides MicroG. This means you can talk
| to Google Play services, though in a better, more privacy-
| conscious way. MicroG is an open implentation of Google
| Play Services.
|
| However, MicroG requires signature spoofing: You need to
| install a fake Google certificate so that it can trick
| official apps into thinking they're talking to Google Play
| Services directly. This could technically be abused, though
| Calyx takes lots of precautions to prevent that. GrapheneOS
| with their security-first approach don't deem this worth
| the risk. So with apps requiring play services you don't
| get push messages and network-based location checks, among
| others.
|
| So, do you want an allround phone to use everyday (and use
| things like Uber, Facebook, etc) but more private and
| secure than AOSP, take Calyx. Do you want security over
| everything and are willing to compromise a bit on
| functionality and app compatibility (some apps will refuse
| to run without google play), pick Graphene.
|
| Either way you'll need a Google Pixel by the way.
| cdesai wrote:
| The microG creator goes into more detail about signature
| spoofing at https://github.com/microg/GmsCore/issues/1467
| #issuecomment-8...
|
| The concerns usually raised against that are due to the
| "default" patch included in their repository, which has a
| specific purpose.
|
| We don't use that, https://calyxos.org/about/tech/microg/
| are the precautions we take to try and prevent abuse.
|
| I made it a privileged permission because that's a
| standard Android thing to gate things (such as reading of
| IMEI) - My thought process being that if you somehow
| managed to get around privileged permissions, we have
| much bigger problems than signature spoofing.
| GekkePrutser wrote:
| Yeah I agree, it's a good compromise and I definitely use
| MicroG despite that (though not on Calyx but Lineage for
| MicroG, as I don't have a Pixel phone). I think the Calyx
| precautions are more than adequate. And better than
| Lineage's.
|
| I just wanted to highlight the difference in focus,
| GrapheneOS will always pick the security side when a
| compromise needs to be made. Another example is the "We
| don't lie about security features" stance about
| SafetyNet. Even though a GrapheneOS phone is arguably
| more secure than a random manufacturer-modified Android
| rom. I agree that signature spoofing has an unnecessarily
| bad name. Probably because some mainstream roms like
| Lineage eschewing it. Personally I think it's a great
| tradeoff between privacy and functionality.
| throwaway888abc wrote:
| > you don't get push messages and network-based location
| checks, among others.
|
| This should be advertised as major feature.
| kelnos wrote:
| This is the trade off that I hate having to make, and I'm
| glad to see something like Calyx here.
|
| I want a phone that respects my privacy and is secure,
| but I also want to use apps like Google Photos (my
| favorite app that I use more than anything, aside from
| Firefox), Lyft, Netflix, Slack, banking apps, airline
| apps, and, critically, Google Pay.
|
| I get that using many of those apps might increase my
| exposure to tracking and privacy leaks, but I just want
| an OS behind them that I know I can trust in isolation,
| and that may have measures in place that at least try to
| mitigate some of the worst privacy abuses from the apps.
| (And if it can't always succeed at that, that's fine,
| I'll live.)
|
| Meanwhile, my only real choices are stock Android, which
| I know I can't trust to protect my privacy (since
| Google's business model depends on that), and iOS, which
| will treat me like a child and not let me do what I want
| with my phone unless Apple approves. (I'm also really
| concerned about the privacy implications of Apple's plan
| to do client-side scanning for CSAM material, assuming
| that's true.)
|
| So I just don't feel like there's anything out there
| right now that will let me run the apps I want, that is
| built in top of an OS that I feel I can trust. Calyx
| seems to be one of the few I've seen that looks like
| they're actually trying to be that.
| GekkePrutser wrote:
| I agree, this is my stance as well,. Though I don't think
| Calyx tries to limit tracking on installed apps. I would
| recommend using something like TrackerControl to limit
| those.
| ignoramous wrote:
| TrackerControl doesn't encrypt your DNS queries, though.
| You'd need to proxy DNS requests to another app like
| http://github.com/ch4t4r/Nebulo which supports DoT / DoH3
| / DoH for that.
|
| (disclosure: I co-develop a FOSS TrackerControl
| alternative)
| dyndos wrote:
| Note that the GrapheneOS developer has indicated they are
| working on getting the Google Play Services apps to run
| sandboxed like normal apps, without extensive system
| permissions. This could be quite promising.
| commoner wrote:
| This is very interesting. Do you have a link to the post
| or discussion?
| dyndos wrote:
| Should have included this from the get go :)
| https://twitter.com/GrapheneOS/status/1422117365957922818
| commoner wrote:
| Thank you!
| GekkePrutser wrote:
| Yeah GrapheneOS is security over privacy, Calyx is privacy
| over security (and has a bit more mainstream appeal with
| MicroG, supporting push messaging and location services etc).
|
| GrapheneOS has also pioneered a lot of security measures, a
| lot of which have been added to Android proper (if you see
| their feature log, a lot of it says "removed because it was
| introduced in Android"). I wonder if that wouldn't have been
| the case without them pioneering it.
|
| Finally, the big guys make a lot of mistakes too. Remember
| the time when you could sudo on macOS with a blank password
| :) Or that other time when they showed your _actual password_
| instead of the password hint. AFAIK, Graphene and Calyx have
| never made any mistakes even close to that severity.
| ineedasername wrote:
| _Remember the time when you could sudo on macOS with a
| blank password :)_
|
| Apple paid out a lot of free sandwiches on that one [0]
| Internationalization on that command was a mess though.
| Defaults were based on OS settings and the flags to
| override were based on a combination of country & postal
| code rather than the localized name of the ingredient.
|
| So, if I didn't want the default of an American cheese
| sandwich on white bread with mayo, I had to research each
| bread, meats, and cheese lineage to get, for example,
| provolone using the switches _-c IT -r 26100_. It got worse
| if you wanted multiple cheese types.
|
| In the end I just aliased a bunch of options. My favorite
| was meatloaf w/ swiss cheese... I have no idea where Apple
| sources their meatloaf for the US region, but I haven't had
| anything like it since. The cafeteria staff at Apple HQ
| have stopped taking my calls.
|
| [0] https://xkcd.com/149/
| Koshkin wrote:
| Don't privacy and security go hand in hand?
| aryamaan wrote:
| They don't go hand in hand in real life. Can imagine that
| happening in digital world too.
| valiant-comma wrote:
| Another way of looking at it:
|
| Privacy is what about you're trying to protect, security
| is about how you are protecting it.
| natpalmer1776 wrote:
| I think the distinction is such that with a private (but
| not secure) application, the only person getting my data
| is a malicious actor.
|
| With a secure (but not private) application, the only
| person getting my data is the owner of the code & anyone
| _they_ are willing to share it with (Governments, Ad-
| tech, etc.)
|
| So if your hard requirement is 'nobody can know anything
| about what I do with this software' you are correct.
| However in-practice, security requirements often exist
| somewhere between the above two scenarios.
| grifball wrote:
| Yeah. Mostly, the difference is whether you're protecting
| against big tech or smaller hackers.
|
| The only other difference is that computer _security_
| also protects your computer as a resource say against
| mining trojans.
| Saris wrote:
| I see it as:
|
| Private = not sending data out of my device unless I want
| it to.
|
| Secure = resistant to someone trying to get into my
| device.
|
| They do overlap a bit, to be private a device needs some
| base level of security. But a device can be very secure
| and still not be private as it's sending data out for
| analytics, tracking, etc.
| corty wrote:
| No. First, there are security measures that wreck
| privacy, e.g. sending all your data to some company's
| servers for virus scanning. Routing all your traffic
| through some filtering VPN provider. That kind of stuff.
| There are privacy measures that wreck security, e.g. not
| using personalized user accounts for certain things.
|
| Security is also mostly up to definition, a secure
| computer system is a system that only does what it is
| defined to do. What this definition entails is up to the
| vendor, which isn't necessarily the same definition a
| user might want for security or privacy.
|
| But generally, there is a large overlap between privacy
| and security.
| chme wrote:
| > No. First, there are security measures that wreck
| privacy, e.g. sending all your data to some company's
| servers for virus scanning. Routing all your traffic
| through some filtering VPN provider. That kind of stuff.
| There are privacy measures that wreck security, e.g. not
| using personalized user accounts for certain things.
|
| Aren't those examples more examples of bad security by
| introducing single points of failure?
| corty wrote:
| Maybe, but there are more examples along those lines that
| don't introduce single points of failure.
|
| E.g. very all-encompassing logging is generally good for
| security, and if the logs are stored in a secure fashion,
| there is also no security problem created. However,
| privacy suffers because one might log things one
| shouldn't log.
|
| In the other direction, file and traffic encryption is
| good for privacy, and the less "permeable" you make it,
| i.e. the less readable for admins, system task, scanners,
| the better for privacy. However, for security, encrypting
| just for the user's eyes is a huge problem, because you
| cannot do malware scanning, you cannot do exfiltration
| prevention. Having users bring their own device into a
| work network is good for privacy, because those devices
| don't have central admin access, but bad for security,
| because same reason.
| vngzs wrote:
| GrapheneOS, lacking MicroG in the default install, is
| therefore more private than CalyxOS. Keeping Google out of
| the loop entirely is necessary for true privacy.
| cdesai wrote:
| On CalyxOS you do get an option to disable microG when
| setting it up for the first time, see
| https://calyxos.org/features/microg/#1-microg-disabled
|
| microG being disabled but present is still enough for
| some apps to work, which makes sense given that you can
| disable Google Play Services on the stock OS.
| LukeShu wrote:
| _> Nick Calyx (worth a look his Wikipedia page)_
|
| For those struggling to do this: "Nicholas Merrill" is the
| name you'll need to look up on Wikipedia.
| sildur wrote:
| B, of course. The FBI may or may not control that specific
| group of people. But you can bet it controls that company with
| thousands of developers.
| cdesai wrote:
| A. While it is hard to say something about A having thousands
| of developers (just having more eyes on everything they're
| doing), it's not infallible, nor does it strictly mean they
| want to 'avoid their brand being dirtied'
|
| B. CalyxOS is a project of the non-profit Calyx Institute,
| founded by https://en.wikipedia.org/wiki/Nicholas_Merrill
| securitypunk wrote:
| Anyone who has managed a product security program will tell you
| that's it's impossible for small groups to keep up with the
| complexity and attack surface of products like android.
|
| From a consumer perspective, going with A and trusting the
| company is by far the safest option.
| scns wrote:
| Sorry to be a pedantic but: Two People created CopperheadOS,
| one of them now works on GrapheneOS. The security mitigations
| developed for those were incorporated upstream into Android,
| decreasing the attack surface.
| runawaybottle wrote:
| I can appreciate that but option A actors are now in full
| dictator mode with respect to how they are willing to breach
| privacy and monetize their users.
|
| How did Linux keep up with security updates?
| vngzs wrote:
| You have an army of volunteers backporting patches, in the
| case of Debian. It's been done, but it takes a certain
| amount of support.
| trulyme wrote:
| Meh. Given the option of a secure but adversarial OS and less
| secure but open one, I will always pick the latter. Then at
| least there is a fighting chance my data stays mine.
| peakaboo wrote:
| That attitude will lead to you being a slave for Apple or
| Microsoft or Google for your entire life. They won't change
| their ways. You won't have privacy there.
| codegladiator wrote:
| > The thing which always makes me hesitant about these projects
| is that they don't receive frequent security audits and not
| having an expensive brand behind them makes them more at risk
|
| Why are you looking for alternatives ? or are you even
| bbarnett wrote:
| To be fair, Samsung is a bloated hell of their own spyware,
| with endless phone homes for the keyboard, and all their apps.
|
| Google endlessly spies on everyone.
|
| I really don't think anyone could be worse, than a big corp.
| scrps wrote:
| I trust people with money as their motive about as much as I'd
| trust a serious alcoholic to hold on to a bottle of booze for
| me without taking a sip. Might not be a popular opinion but it
| is my 2 cents to spend.
|
| Could a someone at an open source project slip in an obfuscated
| backdoor in some esoteric area of the OS? Of course. But the
| risks of being found out are so much higher, after the fact
| that all changes at an open source project are logged, diffed,
| and public (normally), even if only 10% of the userbase looks
| at the code, runs packet capture or an SSL bump on the network
| traffic, etc, that is 10% more than for products by Microsoft,
| Apple, Google, and unlike an insider with access who discovers
| something highly questionable at a massively powerful
| corporation, an open source project has almost no leverage to
| compel them to keep their mouth shut, meanwhile the risk for
| developers of an open source project that does something like
| that (even if they aren't in the know) is total loss of trust,
| forever.
|
| Couple all of that with targeting a highly technical audience
| (drug kingpins looking for secure comms are more c-suite than
| engineers, they are still caught up on a good sales pitch more
| than hard technical details e.g. Anom ) and you'd be fairly
| stupid to try to pull the wool over their eyes and expect it to
| not eventually get discovered.
| shadowgovt wrote:
| The alcoholic will definitely take a sip.
|
| ... But they are also heavily incentivized to know where your
| booze is, care for your booze, and make sure it doesn't get
| stolen or poisoned. Because if something happens to you,
| where are they going to get the sip?
| heavyset_go wrote:
| > _... But they are also heavily incentivized to know where
| your booze is, care for your booze, and make sure it doesn
| 't get stolen or poisoned. Because if something happens to
| you, where are they going to get the sip?_
|
| Where else are customers going to go? All phones in stores
| right now run OSes from either Apple or Google. Both
| companies can forsake their customers' trust and people
| will still buy phones that run their software.
|
| That incentive doesn't really exist in a market that's
| ruled by a two company mobile operating system cartel.
| ezconnect wrote:
| This is definitely better than google spyware as a phone. No
| built in exploit.
| vngzs wrote:
| I know people who made it to the final rounds of interviews at
| Calyx. They are the real deal. I don't think much of anything
| could get them to compromise their values about privacy [0].
|
| Might they miss something because they're a smaller team? Yeah,
| maybe. Will they sell out? I don't think so.
|
| [0]:
| https://en.wikipedia.org/wiki/American_Civil_Liberties_Union...
| botwriter wrote:
| People always say this until CP is put on their computer by
| an intelligence agency and they don't want to go to prison as
| a child abuser... Who's going to believe a pedo anyway...
| pl0x wrote:
| There should be a third party independent group to conduct
| audits. That might solve this.
| heavyset_go wrote:
| > _Should I trust: A. The company which has thousands of
| developers working on it and wants to avoid their brand being
| dirtied by failures in security and privacy._
|
| If you're hoping market forces would keep companies competitive
| and secure, well, people don't have much of a choice when it
| comes to mobile operating systems. Free market dynamics that
| should correct this problem don't really come into play when a
| two company cartel has 99.7% of the mobile operating system
| market nearly split in half between them.
| yosito wrote:
| I don't use Calyx to protect myself from state surveillance. I
| assume state actors can easily access anything and everything I
| do on internet connected devices. I use Calyx to protect myself
| from Google collecting data on me, profiling me, and turning me
| into a sheep on their attention economy farm.
| scns wrote:
| May i suggest to you to check out what the (strange name i
| know) /e/ foundation is doing? Not a trillion dollar company by
| any means but still worth taking a look at IMHO. Builds on
| LineageOs MicroG, Google free. You can even buy phones from
| them with the OS preinstalled, Fairphones, refurbished older
| Samsung Galaxy S and a GigaSet are offered. A good site (once
| Show HN) to find phones supported by this and other ROMs is
| https://sustaphones.com
| dheera wrote:
| > B. The small group of people who have formed an organization
| which may or may not be another Anom like FBI controlled
| software.
|
| Um, this project is 100% open source, unlike Google's flavor of
| Android. If there are backdoors to the FBI they will be exposed
| in due time.
|
| https://gitlab.com/CalyxOS
|
| That said I'd love to understand how it compares to LineageOS.
| tkzed49 wrote:
| I just don't buy this take. There's so much code; how can you
| be certain it will face sufficient scrutiny just by virtue of
| being available?
| enriquto wrote:
| you cannot be certain, but at least the code has the chance
| to be publicly scrutinized. This is not the case at all
| with google binaries, so you have a net, objective gain.
| atatatat wrote:
| This is a valid criticism.
|
| Upstream being AOSP helps a lot.
| atatatat wrote:
| Well, Calyx keeps the basic security model of Android intact
| (verified boot), unlike Lineage.
| zozbot234 wrote:
| Custom verified boot needs to be supported in hardware. But
| with most devices, you can use "fastboot boot" from an
| external device to start from an image that you trust.
| cdesai wrote:
| Note: You can only do this when the bootloader is
| unlocked.
|
| When it's locked (which is the entire point of custom
| verified boot), this is not allowed.
| GekkePrutser wrote:
| Indeed, but in return it only supports pixel phones, sadly
| (considering they're not great value for money for custom
| rom purposes, and most of their added value is lost when
| running a custom rom)
| mdp2021 wrote:
| > most of their added value is lost when running a custom
| rom
|
| Could you please explain?
| GekkePrutser wrote:
| Well, Google packages the pixel phones with their latest
| OS updates and pixel specific features like Gcam. By
| running a custom ROM you lose those. Its cameras mainly
| perform so well because of the big AI farms at Google.
| cdesai wrote:
| Google Camera works just fine, entirely offline as well.
|
| You do miss out on some other pixel-specific features
| (Hold for Me for example), but camera quality should be
| unaffected.
| [deleted]
| ranguna wrote:
| How risky is it if I install this on a device that is not on the
| supported list?
| dangfang wrote:
| Since Microsoft now supports Android apps, you can expect
| ungoogled android to become more popular since more apps would be
| written which dont need play store
| Popegaf wrote:
| I hope so, but at the same time, which app developer is going
| to target compatibility with the windows desktop when writing
| an app?
|
| Also, how will/do apps that depend on Google Services work (or
| not)? Is there some shim or something?
| wingmanjd wrote:
| Doesn't the Microsoft Android support require an Amazon
| account, though?
| theunspoken wrote:
| yes and no. first of all: which services does Amazon provide
| that would make an app dependent on them in the same way it
| might be on Google services? does Amazon have its own system
| for push notifications? for weather data? for syncing
| contacts? secondly: it has been confirmed that Android apps
| will be able to be sideloaded. a Microsoft employee tweeted
| about it but I can't really find the post right now
| jszymborski wrote:
| So, what's the current experience like on Android w/o Play
| services?
|
| I know at some point it was quite bad but that there were some
| up-and-coming solutions.
| Popegaf wrote:
| Some apps (especially banking and governmental apps) refuse to
| start at all. With microG (https://microg.org/) you can run a
| wide range of apps though. It's quite bearable, especially if
| you aren't an app junkie that downloads every app promising a
| discount on that new store you're purchasing from.
| fragileone wrote:
| microG as a semi-Play Services experience is fine, the only
| issue I have is that most network-based geolocation backends
| tend to be hit or miss. I usually have to enable the Apple
| location service if I need a fast geolocation.
| amelius wrote:
| Can you run banking apps on this without problems?
|
| And can Google block any apps that run on this Android clone?
| hentrep wrote:
| Others have mentioned GrapheneOS as an alternative. Recent
| Graphene builds include sandboxed Google Play compatibility
| layers [0]
|
| [0] https://grapheneos.org/usage#sandboxed-play-services
| throwawaycuriou wrote:
| It's not clear from what I have read anywhere on the site if
| installing CalyxOS is reversible. If you want to get back to
| Android can you?
| cdesai wrote:
| You can easily go back to stock Android,
| http://calyxos.org/get/back-to-stock
| throwawaycuriou wrote:
| Are there any other repercussions one should consider before
| giving this a try? Would software that uses DRM such as
| Netflix be affected?
| mark_l_watson wrote:
| It is asking a lot, but this would be nice: if the developer
| organizations behind CalyxOS and GrapheneOS could sell new phones
| with software installed, sort of like System 76 for Linux
| laptops.
| abawany wrote:
| I believe CalyxOS sells a Pixel 4a preloaded with membership
| (https://calyxinstitute.org/membership/calyxos).
| mark_l_watson wrote:
| Thanks for that.
| cdesai wrote:
| Lead Developer here, AMA?
| luca020400 wrote:
| Director/Head Developer @ LinaegeOs here.
|
| Hi, sharing codebase when? :P
| cdesai wrote:
| We're already sharing developers, even one of the directors
| :P
|
| Only question is: who forks what.
| luca020400 wrote:
| Guess I'll play a bit more on CalyxOS then. Feel free to
| hire me I guess.
|
| We are the base of course.
| fragileone wrote:
| 1) What would you say are your unique differences from
| LineageOS and GrapheneOS?
|
| 2) What big goals/projects are planned for the future?
|
| 3) Where do you see Android as a platform in 5 or 10 years? Any
| predictions or notable obstacles?
|
| 4) What do you think of mobile Linux distributions?
| cdesai wrote:
| > 1) What would you say are your unique differences from
| LineageOS and GrapheneOS?
|
| We do borrow a lot of code from other projects and try to
| send any fixes / improvements back to them.
|
| We try to provide an OS designed to ensure maximum usability
| and flexibility, so that you have an array of choices
| available to ensure your privacy and security.
|
| For example, I really like the way we have microG available -
| https://calyxos.org/features/microg/
|
| You can choose to disable it (which still has benefits), keep
| it enabled, or even login a Google Account. There's even a
| fourth option where you have it enabled but without the
| notifications / communication with Google servers, where it's
| still useful for some app compatibility, and things like
| location providers and exposure notifications.
|
| > 2) What big goals/projects are planned for the future?
|
| Our biggest goal has always been expanding the reach of the
| project. We want to support cheaper phones which are widely
| available in the world.
|
| We also have a bunch of features in the works or planned for
| the future - Panic trigger improvements, built in ad/tracker
| block (without losing the ability to use a VPN), and more.
| Most of it is documented as
| https://gitlab.com/groups/CalyxOS/-/epics
|
| > 3) Where do you see Android as a platform in 5 or 10 years?
| Any predictions or notable obstacles?
|
| We will be at S now, which means we'll be at Z in 7 years.
| What happens then?
|
| Kidding aside, I'm always excited by watching the changes
| Google is doing (some of it is done in the open, through AOSP
| at https://android-review.googlesource.com/ - you see lots of
| Rust here nowadays, I need to learn that)
|
| Fuchsia is also going to be interesting, they must have
| something planned.
|
| > 4) What do you think of mobile Linux distributions?
|
| I have massive respect for them given the work they're doing.
| I always see at it this way - we're working on Android, and
| especially on the Pixels - all the hardware is there working
| for us, so we can focus our efforts on improvements in other
| areas.
|
| Linux on mobile has to spend a lot of time catching up to
| just the basics (getting phone calls working for example).
|
| There are pros and cons to both, it entirely depends on your
| use case to see what fits.
| seaghost wrote:
| Nice, but still very Google dependant for security and OS
| updates.
| Koshkin wrote:
| Which, looks like, defeats the whole purpose. (It's almost like
| if ReactOS or WINE allowed Microsoft Windows updates.)
| cdesai wrote:
| I'd argue that it's more akin to Ubuntu relying on Debian for
| updates, or Microsoft's Edge / Brave Browser / one of the
| many other forks relying on Google for Chromium / Blink
| updates.
|
| The one distinction is in addition to the open source code
| comparison here, we also use some proprietary bits from their
| updates, which are needed to get the phone booting and basic
| hardware working.
| vbsteven wrote:
| I'm thinking about buying a degoogled Android phone to replace my
| iPhone. The main things I want are:
|
| * Spotify needs to work over Bluetooth in my car
|
| * WhatsApp needs to work (preferably with push notifications)
|
| * I need the Fitbit app to work so my watch can show push
| notifications from my personal apps
|
| * a network-based location provider to be consumed by my personal
| apps (I'm working on a personal data and automation suite that
| relies on frequent smartphone location updates)
|
| Is this something that can be done with CalyxOS on a Pixel? Can
| other Android flavours like GrapheneOS or LineageOS do this?
|
| And aside from Android, how far along are other "mobile linux"
| smartphones for use as a daily driver with regards to the above
| points?
| brundolf wrote:
| > Can other Android flavours like GrapheneOS or LineageOS do
| this?
|
| There's a separate question you're missing: what your Google
| Services situation is
|
| Distros like Lineage come without Google Services; if you want
| them, you install them yourself
|
| "gapps" is the official one. It's straight Google everything.
| Lineage OS + gapps will give you a very clean and nice Android
| experience if you don't care about Google collecting your data.
|
| If you _do_ care about that, you have two options:
|
| 1) go without Services entirely (most apps will have problems;
| if you're lucky they just won't send push notifications or be
| able to use your location, if you're unlucky they will be flat
| out broken or crash)
|
| 2) use microG, which is an unofficial non-Google replacement
| masquerading to the rest of the system as Google Services. I've
| heard mixed things about how well it works, but that appears to
| be what CalyxOS comes with. You can install it on Lineage, but
| I don't know what extra hoops may have to be jumped through.
| Note that it's also walking a fine line with Google and I could
| see them intentionally breaking it at any time down the road.
| Depend on it at your own risk.
|
| I care about privacy and I would not buy a degoogled Android
| phone today. I switched to iPhone a few years ago after
| roughing it without Google Services for a year and a half. It
| was fairly awful.
|
| I once had to return some headphones because the app that went
| with them simply wouldn't work.
|
| I had to use a combination of the Google Maps web app and
| OSMAnd (which was just atrocious) for navigation, which
| basically meant I didn't really have navigation.
|
| Slack wouldn't send me push notifications.
|
| I couldn't use my banking app.
|
| Even Signal struggled to run in the background/send me
| notifications.
|
| It was basically back to the iPhone 1 days where your phone
| could text, call, web browse, take pictures and play (local)
| music. Though even the iPhone 1 had a functioning Maps app.
| wintermutestwin wrote:
| X >will give you a very clean and nice Android experience if
| you don't care about Google collecting your data.
|
| I must be confused here, but isn't the whole point of
| installing any OS besides Android on an Android device
| preventing google from collecting your data? Why else would
| anyone deal with a non-standard OS?
| brundolf wrote:
| The above are all distros of Android
|
| The other reasons to use a non-stock version of Android
| are:
|
| - Much longer updates lifetime than you get from the OEM
|
| - Removal of OEM bloat
|
| - Addition of features that are actually good
| nobodywasishere wrote:
| Currently been using LineageOS for three years now, latter
| half without GApps/Play services.
|
| Google maps (from Aurora store) works perfectly fine on my
| phone without it.
|
| Telegram notifications work perfectly fine.
|
| My banking app works fine.
|
| Apple Music and Jellyfin work great.
|
| I use nextcloud for contacts/calendar/cloud/photo management.
| alfiedotwtf wrote:
| Not sure why nobody was is here's comment is greyed, but yep
| I'm in the same boat - LineageOS works fine and am using
| Spotify and Audible without any issues. There are some apps
| that haven't worked, buy I'm fine with that.
| WorldPeas wrote:
| heres what i do and it works great: use the regular google
| build of android BUT on a fresh install, disable all google
| apps sans chrome, use it to install fdroid, then uninstall
| that, from there use TrackerControl to prevent google and
| others from phoning home, use the aurora store for apps, use
| organicmaps for maps, signal for sms florisboard for keyboard,
| etc. you'll have a google-free experience which you can exit
| for 10 minute periods using the button on the trackercontrol
| dialog, and things like google pay and notifications will still
| perform quite well. I've been using this for a year and loving
| it
| kemenaran wrote:
| Interesting setup.
|
| Do you have any resources about how efficient TrackerControl
| is at preventing Google to collect data from the phone
| various system services?
| nonplus wrote:
| I would also like to hear more on this, a quick look at
| TrackerControl's readme tells me it mainly functions as a
| blocklist. Which (I would think) the moment you turn off
| tracker control to use google maps (or whatever play
| services app you wanted to use for a moment), said app will
| send a flood of queued location data that it has been
| collecting in the background if allowed.
|
| I suppose that setup could work if the user is disciplined
| about not letting apps that use play services run at all
| when not in active use, but at that point I don't see the
| advantage to using tracker control at all.
| Aachen wrote:
| > the moment you turn off tracker control to use google
| maps...
|
| No, it works per app. I'm also a TC user, it's quite
| great. Per app you tell it whether it should allow
| talking to various motherships. You can toggle on broad
| categories (for a given app) or also more fine-grained.
| It also logs which services applications tried to
| contact, so I can see that Spotify that I pay for is
| trying to send god knows what to Facebook (and that TC
| blocks it).
|
| It takes a bit of setup because a ton of apps talk to a
| ton of centralized services (Aurora store and Newpipe
| obviously need to talk to Google, for example), but after
| that I'm a lot less bothered by apps including the
| Facebook sdk or something because it'll be stopped
| anyhow.
|
| I'm waiting for the day that apps/websites stop telling
| your phone/browser to rat on you and they start doing it
| server-side. Lot less gdpr trouble because nobody can
| check what you're doing and goodbye blocklists. But so
| far it seems things don't yet work that way.
| corty wrote:
| I don't know about Fitbit stuff, but LineageOS can do
| everything else you named. Have been using it for years.
|
| I guess other alternative Android distributions shouldn't be
| too different there.
| hadrien01 wrote:
| For you first two questions: Spotify will work with Bluetooth,
| and WhatsApp will have eventual notifications (real-time if the
| app was recently opened, up to seven hours later otherwise, at
| least on my device)
| prox wrote:
| If you degoogle yourself but then hook into FB whatsapp,
| isn't that just defeating a bit of the point?
| Aachen wrote:
| Perfect is the enemy of good.
| cdesai wrote:
| We're very close to getting the notification issues fixed.
|
| We've sent some patches to microG to address them at
| https://github.com/microg/GmsCore/pull/1483
|
| I'm running it on my device since a few weeks now and it has
| been quite reliable so far.
| hadrien01 wrote:
| I don't use microG, the delay is WhatsApp waking itself up
| _1 wrote:
| > * I need the Fitbit app to work so my watch can show push
| notifications from my personal apps
|
| It's going to hard to degoogle your phone and stay attached to
| your Fitbit.
| vbsteven wrote:
| Is there a specific reason for this? Does the Fitbit app rely
| on Play Services?
|
| I don't care too much for on wrist calls or anything like
| that. I just want to use the Fitbit app to sync stats and
| mostly display notifications from WhatsApp and my personal
| apps.
| _1 wrote:
| I don't know how the app works under the hood, but Google
| owns Fitbit
| vbsteven wrote:
| I should have know that. Now I understand what you meant
| in your first comment.
|
| As long as the app doesn't rely on Play Services it
| shouldn't be a problem. By "degoogled" phone I mostly
| mean taking Google out of the critical (privileged) path
| in the OS for software and app updates.
| cdesai wrote:
| I can confirm that,
|
| * Spotify over Blueooth in a car works.
|
| * WhatsApp works, with notifications
|
| * I'm not sure about FitBit, per
| https://plexus.techlore.tech/applications/fitbit it might not
| but things may have changed.
|
| * We include some providers by default and you can install more
| from F-Droid.
| vbsteven wrote:
| Thank you, that sounds very promising.
|
| Is there a specific device you would recommend for long-term
| CalyxOS support?
| cdesai wrote:
| The newest Pixels are the best given that's what Google
| will support the longest, and with every Pixel generation
| they make a lot of improvements.
|
| https://calyxos.org/about/faq/device-support/#update-
| timefra...
|
| Pixel 6 is right around the corner, however it'll take a
| few months for us to get it all going (getting the phone,
| porting Android 12, making changes for Pixel 6)
| grey_earthling wrote:
| From https://calyxos.org/about/:
|
| > In social science, agency is defined as: the capacity of
| individuals to act independently and to make their own free
| choices.
|
| > built-in integration for Signal and WhatsApp calls
|
| Signal and WhatsApp are both fully centralised, tied to a single
| organisation each -- they are antithetical to agency.
|
| Why not use open protocols like DeltaChat, Matrix or XMPP
| instead?
|
| > built-in free "Virtual Private Network" services from trusted
| organizations protect you from being spied on
|
| Trusted by whom?
| barbazoo wrote:
| > Why not use open protocols like DeltaChat, Matrix or XMPP
| instead?
|
| I can give you an answer for Matrix and it's usability. It's
| difficult to onboard users, at least it was ~a year ago. I
| wouldn't want to expose my non-tech friends to that.
| cdesai wrote:
| The integration is done in the Dialer, and the choices are
| shown when you make a phone call to a number.
|
| Signal and WhatsApp are choices there since they use phone
| numbers. How do you make a matrix call to a phone number? :)
| cdesai wrote:
| The VPN is one of the Digital Services we offer, completely
| free.
|
| https://calyxinstitute.org/projects/digital-services/vpn
|
| We also include RiseupVPN, and Orbot (which is Tor as a VPN)
| spinax wrote:
| > Trusted by whom?
|
| Calyx VPN uses the same tech stack as Riseup VPN, which are
| branded versions of the Bitmask client - CalyxOS is a part of
| the Calyx Institute family. You can instead use the Bitmask
| client from the F-Droid repo and choose to connect to either
| service with the same app (rather than using branded apps for
| each service).
| edoceo wrote:
| Well, I don't trust them either. Does it run Wireguard?
| _jal wrote:
| The tech stack matters far less than the trustworthiness and
| competence of the operators running it. And the hard part
| with VPN services is that it is very difficult to prove those
| things to others.
| grey_earthling wrote:
| So the organizations that provide the VPN service are Calyx
| VPN and Calyx Institute (have I understood correctly?)
|
| The site says these organizations are "trusted", but I'm
| still not sure who are they saying is doing the trusting.
|
| It's very easy to label something "trusted", but trusted _by_
| whom?
| steelbrain wrote:
| Curious, does anyone know what's their business model to
| monetizing the "free" VPN service? How do they make their
| money back or is it a donation kind of thing?
| flylikeabanana wrote:
| I gave them some money at DEFCON 2019 for an unlimited
| personal hotspot
|
| https://boingboing.net/2016/09/22/i-have-found-a-secret-
| tunn...
| cdesai wrote:
| It is all based on donations, see
| https://calyxinstitute.org/projects/digital-services/vpn
| godelski wrote:
| > Why not use open protocols like DeltaChat, Matrix or XMPP
| instead?
|
| Because Signal and WhatsApp are text/messanger replacements and
| Matrix is a slack/discord replacement? I'm not sure why there's
| the constant Signal vs Matrix battle here on HN, I see them as
| different tools doing different things. I'm not going to create
| or get all my friends to join a server with Matrix. Or even
| coworkers or random acquaintances I meet. But I can get their
| phone number and quickly communicate with them on Signal/WA. I
| don't see why Signal and Matrix have to be in competition. Just
| the same way I don't see Slack/Discord in competition with Text
| Messaging or FB Messenger.
| Ninjinka wrote:
| Only available on Pixel phones and a single Xiaomi phone.
| crudbug wrote:
| That is the irony. Only pixel hardware provides one step OEM
| unlocking in US. All other devices are carrier locked and have
| restrictive unlocking process.
|
| Samsung/Motorola/ etc. should release OEM unlocked devices not
| just carrier unlocked that can be purchased directly from their
| online stores.
|
| This will make adoption easy for these open Android projects.
| cdesai wrote:
| We do want to support more devices, however not all of them
| meet our requirements https://calyxos.org/about/faq/device-
| support/#requirements-f...
|
| We're trying to find devices which do, and if not see if the
| requirements can be relaxed.
|
| The most important part that's missing from many phones is
| being able to relock the bootloader with a custom OS installed.
| Krasnol wrote:
| It would help if you'd put the supported devices right up on
| the front page. It saves much time for most visitors and
| doesn't end up in frustration if people get them on the
| second step.
| dcow wrote:
| Got to start somewhere.
| SubzeroCarnage wrote:
| Unlike GrapheneOS (which I recommend you use if you can) and
| CalyxOS, my project https://divestos.org is tested working on
| 30+ devices.
| atatatat wrote:
| Very cool!
|
| Few quips:
|
| Silence was last updated (on F-Droid) a year ago -- is this
| project secure//being maintained?
|
| & Mozilla-cousin browser: you're going to lose the security
| clout these days unfortunately.
| SubzeroCarnage wrote:
| Silence is sadly no longer maintained, but it still seems
| to work for now. I will eventually replace it.
|
| Re Mozilla: I do state on my browser comparison page that
| Chromium browsers are more secure. Also the Bromite
| repository is included in F-Droid by default on DivestOS.
| atatatat wrote:
| Props on bringing verified boot to those devices Lineage
| can//will not, and doesn't tell users clearly that they could
| have it with other options.
| SubzeroCarnage wrote:
| That is a limitation of Lineage only because they choose to
| cater to users who want root (which usually modifies
| /system) and to support flashing Google Apps.
| summm wrote:
| Why would having root itself rule out secure boot? It's
| just that they refuse to offer root themselves, and only
| as a result of that refusal one has to use system
| modifications to gain root. In a sense this is the
| opposite of your claim: they do explicitly not cater to
| root users.
| SubzeroCarnage wrote:
| Verified boot is only enforcing on -user builds. Lineage
| ships -userdebug builds.
|
| Furthermore Lineage's official root addon writes to
| /system. You can't have any additional changes to system
| or else verified boot won't boot.
|
| You can't have it both ways as it stands.
|
| That isn't to say they are incompatible, you can compile-
| in root support before the system hashes are generated
| and then you can have a locked bootloader with verified
| boot with root support. But you cannot make any
| additional changes to /system with that root power
| afterwards.
| zozbot234 wrote:
| > But you cannot make any additional changes to /system
| with that root power afterwards.
|
| Not a showstopper, as modern root solutions like Magisk
| support "systemless" root, via file system overlays.
| kiawe_fire wrote:
| Anybody have experience using something like this (or others like
| GrapheneOS) as a daily driver?
|
| I'm interested in moving away from Apple and big tech in general,
| but I don't know how practical that is yet.
| uhtred wrote:
| I've been using /e/os [1] for a while and I am very happy with
| it. It has microG integrated so any apps that rely on google
| play services should still work. [1] https://e.foundation/
| kiawe_fire wrote:
| Thanks, I hadn't heard of /e/os until now.
|
| I'm kind of surprised just how big this space of DeGoogled
| Android is right now. Far bigger than 6+ years ago when I
| last looked into it.
| fragileone wrote:
| I use LineageOS for microG [1] and I'm planning to move to
| GrapheneOS once the Pixel 6 gets released (since it finally has
| guaranteed 5 years of kernel updates).
|
| LineageOS is superb for getting rid of stock OS bloatware and
| spyware and I have an experience on it that's better than stock
| Android. However it doesn't have hardened security like
| GrapheneOS, which is why I want to move to that later. On the
| other hand microG is needed for push notifications and maps
| APIs, which GrapheneOS doesn't support so I'm not sure how the
| fallback options of some of my currently used apps will fare on
| it.
|
| If microG turns out to be necessary for my workflow then I'll
| get CalyxOS instead, since it includes microG and is somewhere
| between LineageOS and GrapheneOS in terms of security.
|
| [1] https://lineage.microg.org/
| kiawe_fire wrote:
| From the sounds of it, the Pixel phones have the widest
| support across the different options here, so the Pixel 6
| might end up being my first Android phone purchase in a
| while.
|
| This thread has encouraged me to give this a go!
| johnbrodie wrote:
| LineageOS + microG here, on a motoX4. It's been the phone I use
| every day for about a year. My wife has the exact same setup,
| and generally gets along fine with it. FDroid has _most_ of the
| stuff we want. Some apps just aren't available there, so we end
| up using the Aurora store for those, with Warden used to scan
| those apps and stub out as much tracking code as it can. It's
| all about compromises, especially for others.
|
| Self-hosted NextCloud replaced Drive/Dropbox, and with some
| plugins it also does phone/location tracking, secure messaging
| and video calls, TODO lists, and some more. Self-hosted
| PhotoPrism replaces Google Photos.
|
| The phone experience hasn't been bad. One thing that came up
| initially is that most of the open source apps aren't as
| "pretty", and the UX just isn't as good. I don't care about it
| too much, and I'm fine with overall using the phone less
| anyway. The issue that comes up on a regular basis is the
| Google Maps replacement. OSMand is a great app, but like
| someone else mentioned it's more of a "look up the address and
| type it in" experience than a "show me all Thai restaurants in
| the area" experience. IMO small price to pay, I've been using
| GPS much less, and I've gotten much better at navigating with
| my "mental map".
| kiawe_fire wrote:
| I do expect some rough edges on the UX front.
|
| In fact I hope once I become familiar with everything that I
| can start contributing to some of the open source projects in
| the de-Googled space.
|
| If I'm going to become a user of some of this stuff, seems
| like a good use of my time to also help move it forward.
| 0x416c6578 wrote:
| I've used LineageOS without Google services for about a year
| now. The only big missing feature I've found is notifications
| which in some ways is quite freeing and makes me check my phone
| a lot less.
|
| LineageOS (and perhaps other ROMs) have the option to disable
| all networking features for apps, so I actually still use
| Google Camera, Google Photos (as an offline gallery) and Gboard
| (again all offline) and the majority of features just work.
| They don't complain about missing Google Services, nor about
| the missing internet connection.
|
| There are great alternatives to apps like YouTube (NewPipe),
| Maps (OSMand), Chrome (Chromium, or I use a browser called
| Privacy Browser on F-droid) and I have tried apps like Spotify
| and they too work without Google services (although I guess
| some features might be lacking).
|
| F-droid is an amazing service and has many FOSS alternatives to
| apps. I found myself today recompiling my browser application
| to fix some small bugs which just made me sit back in my chair
| and think "that is so cool"!
|
| I think making the change can be gradual (for example switching
| to LineageOS for MicroG to get a subset of working Google
| services) before fully de-Googling, but the change is
| definitely possible (and easy) to make.
| SubzeroCarnage wrote:
| I have a few apps on F-Droid and I also maintain a list of
| recommended apps from F-Droid here:
| https://divestos.org/index.php?page=recommended_apps
| kiawe_fire wrote:
| Thank you for the suggestion!
|
| It sounds like LineageOS for MicroG might be the friendliest
| way to ease into this for me.
| m0ngr31 wrote:
| How do you disable networking for apps? I'd love to use
| Gboard offline. ASK just isn't as good.
| SubzeroCarnage wrote:
| Long press the app in your launcher, App Info, Mobile data
| & Wi-Fi, Allow network access
| m0ngr31 wrote:
| Nice, thanks
| dtx1 wrote:
| I am daily driving GrapheneOS for over a year now as my only
| phone on a pixel 3a and I like it quite a lot. Here's how I
| handle stuff and what limits i encountered. Keep in Mind that
| you have to rethink your app usage aswell, meaning testing a
| lot of apps from F-Droid to see what works for you. You average
| FAANG Privacy Invasion App dejour propably won't work and i'd
| be wary of hardware requiring an app to be used if you go all
| in.
|
| 1. E-Mail: Using Fairmail from F-Droid (paid version though) is
| great for GMail and most other Providers. Notifications are
| usually faster than G-Mail in the Browser. 2. WebBrowser: Using
| Fennec from F-Droid with Adblock. The Chromium Version
| integrated in Graphene is propably more secure though. But
| adblock is life... 3. OsmAnd from F-Droid for Navigation. Works
| well enough, UI is clunky though. But Offline Maps are pretty
| sweet to have. 4. Most Messengers work, Notifications are
| spotty sometimes. Telegram Signal, Element, Threema all do fine
| though Element sucks battery life down to unaccaptable levels.
| Haven't and won't test whatsapp. 5. OpenCamera + Nextcloud is
| good for Cloudsyncing and Camera. 6. Password Management with
| AndOTP and KeePassXC is sweet and integration of the
| fingerprint sensor is really useful. Useful enough that i miss
| it on my desktop linux 7. Paypal App works, my Banks app work
| but YMMV. 8. Biggest annoyances are local german Taxi Apps.
| They all don't work but i was able to work around it using a
| website. Still can't pay via app. ...Well i don't use my phone
| for much more than that.
|
| Battery Life is great, Security and Privacy is also good. You
| can lookup App Compatibility to a degree here:
| https://plexus.techlore.tech/
| kiawe_fire wrote:
| Thanks, this is very helpful both for setting expectations
| and for recommendations!
| zmnxo718 wrote:
| Bromium is also a good alternative to vanadium.
| terhechte wrote:
| I'm using GrapheneOS on a second device for various reasons.
| The biggest issue for me is that not all apps work / run.
| However, I have limited app requirements, so that is fine. If
| you want to run all social networks, Uber, Lyft, and so on,
| there might be the one or other that doesn't work (I didn't try
| them all). However, you can always use the mobile web offering
| I guess.
|
| In terms of classical smartphone features, I know what I don't
| get out of the box due to the lack of Google Services
| (Assistant, Picture Sync, etc). That wasn't an issue for me as
| it is a secondary device.
| atatatat wrote:
| What apps haven't worked for you on GrapheneOS, from Aurora
| Store?
| JoeyBananas wrote:
| 8orl .o
|
| 1
| gautamcgoel wrote:
| Can you run this on the desktop?
| commoner wrote:
| The CalyxOS website publishes emulator images, if you would
| like to test the OS in Android Studio:
|
| https://calyxos.org/news/2021/05/27/emulator-images/
| SavantIdiot wrote:
| Side note: Tor Browser as your primary browser is super painful.
| Lots of stuff doesn't work, and latency can be in the minutes.
| fithisux wrote:
| Question, is it Raspberry Pi compatible?
| bmarquez wrote:
| > you can make encrypted phone calls directly, using the built-in
| integration for Signal and WhatsApp calls
|
| Does this mean WhatsApp is automatically installed with Calyx, or
| just that there are extra features if you manually install it?
| azdle wrote:
| CalyxOS has a handful of apps that exist in the image that you
| can optionally install. I would assume it's one of those. I run
| CalyxOS and don't and never did have WhatsApp installed.
| cdesai wrote:
| WhatsApp is not one of those apps, we only include FOSS apps.
| Knighttime wrote:
| Unsure. It seems that they have Signal installed by default,
| but not WhatsApp. However, if you install WhatsApp you can make
| a WhatsApp call directly from the dialer I think?
| cdesai wrote:
| Exactly. Signal is available as a default however you can
| choose not to install it.
|
| WhatsApp is shown as an option if you have it installed, the
| option won't show up if you don't.
|
| The rationale being: We didn't exactly ant to promote
| WhatsApp but still have it present for those who already use
| it.
| new_stranger wrote:
| I purchased a Pixel phone to test this stuff on.
|
| I installed LineageOS and found I couldn't run some google apps.
| I reinstalled LineageOS with https://opengapps.org added during
| the install and made the mistake of transferring from my old
| phone which brought all the google services and everything back
| to the phone (mostly).
|
| I then installed CalyxOS - much easier install process than
| lineage. Really liked the defaults. Could not get many apps that
| relied on google play services though. If I didn't need so many
| Google-tied apps I would pick this as my phone OS for basic stuff
| like messaging and browsing.
|
| Installed LineageOS again, found there were a couple apps I could
| not get working after all (50 different apps installed).
|
| In the end I gave up and re-flashed Google firmware back onto the
| phone. I spent about 10 hours on all this stuff and simply ran
| out of time for now. I though I could get away from Google but I
| didn't realize how much my apps needed Google.
| brink wrote:
| I had nearly the exact same experience.
| yusi-san wrote:
| You can try lineage with MicroG[0][1], it replaces Google
| services. If you want stores there is the F-Droid store for
| FOSS app or Aurora Store if you want casual apps.
|
| YouTube can be replaced by NewPipe and these days I'm trying
| Organic Maps (a layer for OSM with nav and offline maps) to
| replace Google Maps.
|
| [0] : https://microg.org/ [1] : https://lineage.microg.org/
| fragileone wrote:
| CalyxOS includes microG which supports some of the most popular
| APIs. Which apps did you have issues with?
| riedel wrote:
| Don't you think it is kind of absurd that you have to buy a
| device from Google to degooglify it as CalyxOS does not support
| other devices. How difficult would it be to actually port it to
| a device already supported e.g. by lineage?
| somenewaccount1 wrote:
| F-Droid is for distributing viruses. There may be legit apps on
| there, but there are also tons of virus's and not enough app
| oversite to be safe. It's doesn't seem like much of a threat
| because the userbase is so small that not a lot of hackers target
| it. Once it has 5% of pop though, it would be a meaninful target
| - particularly since these are rooted phones.
| juniperplant wrote:
| Your comment seems to imply that the majority of apps on
| F-droid are malware. I don't think that's the case.
|
| Also, F-droid does not require root.
| inickt wrote:
| It has been years since I have used Android (and F-Droid), but
| I always thought F-Droid was pretty heavily curated and had a
| sane security model [1]. Why do you say it is for distributing
| viruses?
|
| [1] https://f-droid.org/en/docs/Security_Model/
| hjek wrote:
| > F-Droid is for distributing viruses.
|
| Lol, please point me to one? (Or an article about one?)
| m0ngr31 wrote:
| I've been using MicroG+Lineage for a few years now. No complaints
| from me, but I don't use a ton of apps. Not sure what the
| advantage of CalyxOS would be over my current setup (especially
| considering Lineage has a much better catalog of supported
| devices)
| commoner wrote:
| If you are not using root, CalyxOS lets you relock your
| bootloader with the developer key, which increases the security
| of your device by preventing other operating systems from being
| booted or flashed onto your device (until you choose to unlock
| the bootloader again, which requires you to enter your lock
| screen password and would wipe the device data). CalyxOS only
| supports devices with bootloaders that can be relocked with a
| custom key.
| dcow wrote:
| If you're unfamiliar with the context: Calyx Institute is a
| 501(c)(3) with a digital privacy and security mission. For a
| while they've offered, for a few hundred dollars a year donation,
| unmetered access to sprint's network. I don't know the details
| but I think they have retained access to the network through the
| merger due to some non-profit provision (something like the
| sprint merger was allowed with stipulation that certain agencies
| using the network for certain purposes would be grandfathered
| over). There's apparently more history related to the founder
| previously running an ISP under gag order, which drives their
| mission.
|
| Access to the network is only possible through wifi pucks. I
| asked if I could register the IMEI of my ThinkPad's modem/radio,
| but they wouldn't allow it citing the usual "we are responsible
| for the behavior of the devices on the network so you have to use
| our certified device". Sadly, these phones do not participate in
| Calyx's data network, they require a traditional carrier. Maybe
| it's part of their roadmap to eventually offer their data
| services on these handset form factor devices? But until then, I
| don't see a huge point. It would be really awesome to say "I get
| my network access through a privacy oriented non-profit" (:
| posguy wrote:
| I wonder if the MEID/ESN locking will go away with the sunset
| of the Sprint network? It should be possible to move the Calyx
| SIM to any device you like at that point.
| yellow_lead wrote:
| More info here. https://calyxinstitute.org/
|
| Looks like $500-$600 for 4G, and $750 for 4G/5G. Could be a
| good deal for certain people. But yes, it's lame you have to
| use the puck.
| windthrown wrote:
| I have the wifi pick, use it frequently and have been quite
| happy with it.
|
| I got the impression when signing up that it was Sprint's terms
| that limited their ability to offer to other devices but they
| would if they could.
| rodolphoarruda wrote:
| Most of the de-Googled or Linux based mobile OSes have their
| installation restricted to Pixel phones. Why? Is there any option
| for old Motorola phones?
| LukeShu wrote:
| Because those are the phones that are supported in the upstream
| Android Open Source Project (AOSP), which these OSes are
| typically based on. Other phones, even ones that to a great job
| of publishing their sources (like Sony's), have their support
| living outside of AOSP. And older phones get dropped from AOSP,
| the original Pixel was dropped in Android 11. So, by only
| targeting the devices that AOSP supports these OSes can focus
| on the interesting part of building the OS, rather than getting
| bogged down with hardware support.
| cdesai wrote:
| The other aspect to this is that you can install a custom OS
| on the Pixels and still re-locked the bootloader, which means
| you get Verified Boot and all the security guarantees that
| brings.
|
| https://source.android.com/security/verifiedboot
| LukeShu wrote:
| You actually couldn't do that with the original Pixel
| (which until recently, Android 11, these custom derivatives
| tended to support). You'd get a warning screen every boot
| about how the OS has been modified.
| cdesai wrote:
| You definitely could, we used to support it in a previous
| iteration.
|
| This was also possible on the Nexus devices, although the
| oldest I've tried it is the Nexus 6P.
|
| It just worked slightly differently on those, nowadays
| you enroll the public key by flashing it to the device,
| on those (Pixel 1, Nexus) you used to have the public key
| embedded in the kernel.
| LukeShu wrote:
| Unless I'm mistaken, the Pixel 1 blindly accepts whatever
| pubkey is embedded in the kernel, but displays the
| warning screen on boot if it's not Google's pubkey (to
| clarify, not a click-through screen, just a temporary
| splash screen). I guess yeah it's technically Verified
| Boot, but if it just accepts any key you throw at it,
| then the security guarantees are a lot less. You can't
| tell it about your pubkey to get the scare screen to go
| away, and you can't tell it to block other keys to get
| the security guarantees.
| cdesai wrote:
| Telling even the newer devices about your pubkey doesn't
| get the scare screen away. You see a Yellow Verified Boot
| warning meaning the OS is signed and verifies but with a
| custom set of keys.
|
| When you lock the bootloader you block other keys, since
| fastboot is pretty much disabled when you do that, and
| the only way to install something would be via OTA
| updates which would have to be signed with your custom
| keys.
|
| I guess maybe if you're able to get a root exploit and
| replace the boot image? Not exactly sure what would
| happen then, need to try.
| hjek wrote:
| Is there an Android X86 build of this? That would be an awesome
| laptop OS.
| Paul_S wrote:
| That is lovely but what use is it of I have to buy a new phone to
| use it because it doesn't support the phone I have.
| cutler wrote:
| Exactly. I want it for my Facebook-infested Samsung Galaxy A20
| but I guess I'm out of luck.
| rchaud wrote:
| It's ironic that the only devices this can be installed on are
| Google phones and one Xiaomi phone.
___________________________________________________________________
(page generated 2021-08-06 23:00 UTC)