[HN Gopher] CalyxOS - De-Googled Android Alternative ___________________________________________________________________ CalyxOS - De-Googled Android Alternative Author : ssklash Score : 434 points Date : 2021-08-06 17:07 UTC (5 hours ago) (HTM) web link (calyxos.org) (TXT) w3m dump (calyxos.org) | joecool1029 wrote: | > microG replaces some functions of Google Play Services while | maintaining much more anonymity and privacy. | | I've said it before and saying it again on here for those that | don't know: microG breaks the security model on android and adds | in package signature spoofing. It's the only way to add a fake | Google Play Services without needing to pull Google blobs. This | is why projects like LineageOS are against using this method, it | weakens overall package security. | | However, it is still possible for the tinfoil hat crew to not use | Google play services with OS like LineageOS. This will of course | break some functionality (apps will have to poll instead of | relying on push) but it will not break the security model. | | I'd like a different, better set of options to choose from but we | don't have it at this time. Most users should probably choose a | minimal Google Play distribution if they value things like | battery life and working apps while still maintaining protections | against spoofed apps. | josh_today wrote: | Funny that you're using "tin foil hat crew" the day after Apple | announced snooping on everyone's pictures | genewitch wrote: | Also google has never ever used users' data to turn a buck or | anything. | collsni wrote: | Yeah more like a "baseball cap crew" these days.. lol i dont | trust corporations. | cdesai wrote: | I've said this in another comment, but I'll duplicate here: | | The microG creator goes into more detail about signature | spoofing at | https://github.com/microg/GmsCore/issues/1467#issuecomment-8... | The concerns usually raised against that are due to the | "default" patch included in their repository, which has a | specific purpose. | | We don't use that, https://calyxos.org/about/tech/microg/ are | the precautions we take to try and prevent "weakening overall | package security" | | In addition, microG is optional and can be disabled on first | install, see https://calyxos.org/features/microg/#1-microg- | disabled | chias wrote: | > see http://127.0.0.1:4000/features/microg/#1-microg- | disabled | | As someone who also accidentally pastes my local dev URLs | from time to time, I feel your pain ;) | | For everyone else: that's | https://calyxos.org/features/microg/#1-microg-disabled | cdesai wrote: | I edited the comment to fix it, thank you! | joecool1029 wrote: | Making it system-only still isn't ideal. It then requires a | full OS update to push updates to microg/playservices, cannot | just update the app components if vulnerabilities are found | in the wild. | | I would like if there was stronger privacy laws or antitrust | orders that force Google to open their service provider API's | so people can choose alternative location/push providers, but | this doesn't seem like it will exist soon. | | For many users, it's going to be the best usability | compromise to use minimal play services and use apps that | don't send content over the push networks (signal is like | this, element can be configured this way). | phendrenad2 wrote: | If signature spoofing is confined to apps that I designate as | spoofed (such as microg), then I'm okay with it. No security | problem as far as I'm concerned. | | I'd like to see people make their own apps that don't rely on | Google services (or faked Google services) of course, like the | Linux ecosystem. | cdesai wrote: | On CalyxOS only microG can signature spoof, no other app can. | gnufx wrote: | But I don't want Google Play stuff. I'm just using microG for | location services in /e/. | flas9sd wrote: | Calyx made an effort to sponsor and integrate the backup tool | Seedvault (https://calyxinstitute.org/projects/seedvault- | encrypted-back...) into their ROM - and other AOSP distributions | benefit from this effort. Handhelds are tethered devices, its | essential to have contacts and precious photos stored at a second | place (online or offline) and easily restored or used when | changing devices. A user friendly full backup solution not | requiring root access of some sort was missing to date. | cdesai wrote: | Thank you for bringing this up. | | We're continuing to fund work on it, both ourselves and also | through applying for external funding. | | Full Storage backup support (Files / Photos) was recently added | thanks to a grant from NLnet - | https://nlnet.nl/project/Seedvault/index.html | | https://github.com/seedvault-app/seedvault Contributions | welcome! | alfiedotwtf wrote: | Does Seed Vault backup the _whole_ device? Last time I used | it, I found out that apps can opt-out of being backed up, | along with their settings. In other words, every app i | installed didnt get backed up :( | summm wrote: | As if an app should have any say about if it can be | backupped or not. 'Muhh security model'. If your security | model includes letting apps randomly deprives me as a user | of backups of my _own_ phone , it 's just another creepy | google-bigbrother-wannabe. | summm wrote: | https://github.com/seedvault-app/seedvault/issues/165 | this is the issue, and it seems they are working on it. | Good. What I didn't understand is why one would need to | fake some Device2Device transfer, when one could just as | well patch the root cause. It's open source after all. | johnnyApplePRNG wrote: | I made the mistake of purchasing a DOOGEE phone a few months | back. | | Won't touch it now that I realize the OS is completely hijacked | by whatever chinese company produced this not-half-bad phone. (It | goes so far as adding a watermark of the company logo to every | photo I take! Sure I can disable it but I just don't feel right | putting anything of value on there.) | | What would happen if I tried installing CalyxOS on it? Or another | android compatible operating system? | | It's not listed as compatible on any alternative android OS that | I can see at least. | sparaker wrote: | I don't know if they have this, but a good feature a privacy | centric android experience would be, to have a simple accessible | log of what app accessed what using which permission. | fragileone wrote: | You're looking for Privacy Dashboard, which is available as a | 3rd-party FOSS standalone app[1] or built into Android 12. | | [1] https://github.com/RushikeshKamewar/PrivacyDashboard | cdesai wrote: | We do, https://calyxos.org/features/ (Look for "Trusted Agent" | to see a screenshot) | | The code for this was already present in AOSP, Google simply | had it disabled / reverted in their builds. We just bring it | back like many other Android ROMs. | dasyatidprime wrote: | I'd worry that translating this to an end-user-relevant concept | of security would lead to a lot of scares, though. | | Probe all the files in a directory to see which ones are | "yours": "What? Why is it accessing _all_ the files? So | suspicious!" | | Require a specific name pattern or something: "I never have to | remember to do this on the other apps..." | | There's a lot of these tradeoffs that in human life are | resolved through reference to all sorts of subtle human things | that the machine knows not of. We're at this liminal point | where "app" software is given a bare form of "agency" from a | social perspective as an extension of its developer, but it | doesn't have the intelligence to negotiate over it much (and I | think that's behind some of the model-simplification pressure | that's encouraged heavy vertical integration). | izacus wrote: | This is being added to Android 12 as a feature, so most new | builds should have it. | bishoprook2 wrote: | So where is my OpenBSD phone? | cdnsteve wrote: | I like this, along with membership enrollment so I can help pay | to keep the project alive. Will have to test this out. | buzzy_hacker wrote: | Are there any resources summarizing the differences between... | | - CalyxOS | | - Purism, Librem | | - microG | | - /e/ | | - LineageOS | | - LineageOS for microG | | - GrapheneOS | | And I'm sure many other Android open source/degooglers? | phh wrote: | It doesn't answer your real question, but still, I'll try to | make a summary: | | All of CalyxOS, LineageOS, LineageOS for microG, GrapheneOS and | /e/ are Android distributions (based on the open-source part of | Android, with some modifications and additions) | | Purism (brand name) Librem 5 (model name) is an opensource | smartphones that reduces black boxes to closed areas, while on | most smartphones black boxes like modem share RAM access, using | a brand new GNU/Linux (so not Android) smartphone OS. | | microG is fundamentally simply an opensource Android app, that | replaces some small parts of Google Services (which are very | big unauditable closed-source Android apps), so apps requiring | Google Services may have a chance to work without Google | services. However microG requires a bit more permissions than a | standard app, that's why there needs to be a "LineageOS for | miroG" to support microG. | | Now, between CalyxOS, /e/, LineageOS, and GrapheneOS: | | - LineageOS targets devices support. LineageOS supports many | devices officially, and provides infrastructure to support many | more unofficially. They also include many features, but it | doesn't feel like they have a specific orientation, and they | are happy to integrate with Google apps. They are the very core | of Android community original development. | | - GrapheneOS is security first and foremost, no matter the cost | to usability (their philosophy there does seem to evolve to | open to more users recently). They do (great) security original | development. | | - /e/ is market first. They focus on having the best experience | to the user, and try to reach as many users as possible. They | have very little original development, their value is mostly in | communication, and providing a "cloud" account. | | - CalyxOS is targeting a good private user-experience. This | goes both by having good usable defaults, and filling gaps. | They have nice original developments in making Google-less more | usable. | gnufx wrote: | Purism's Librem runs GNU/Linux, not Android; microG is a free | replacement for Google bits in Android (Google "services", | including location services from other sources); LineageOS is a | non-privacy focussed, somewhat de-Googled Android; /e/ is a | privacy and free software focussed derivative of LineageOS with | a larger set of supported hardware; GrapheneOS is a security- | focussed (not privacy-focussed) version of Android with rather | limited hardware support. It's not clear to me what the | fundamental difference is between CalyxOS and /e/ other than | hardware support and what's built-in. | m12k wrote: | As someone who knows quite little about Android (currently in the | Apple ecosystem, but considering jumping ship): When you use | these privacy-focused Android versions without Google Play, is | there a consistent way to get apps from the Play store to run on | there? (e.g. download the APK from somewhere and sideload it). | I'd really like an OS that doesn't spy on me, but there's e.g. | some goverment ID apps, transit apps and so on, that I'd really | not like to have to give up. | simonmales wrote: | In short yes. | godelski wrote: | You are always able to add playstore in. But of course this | comes with some cost to privacy. | | There's also other app stores like f-Droid. Usually these are | populated with the same apps but often there are ones you are | going to have a harder time getting. | | Does anyone know if there's a way to do a sandboxed playstore? | Like you can use it to download the apps and update (assuming | this won't be automatic) but that it is contained otherwise? | dstryr wrote: | - Install Shelter from F-Droid | | - Install the Aurora store apk inside of Shelter | | - Open Aurora store in Shelter's work profile and use like a | normal play store and all apps installed within Aurora remain | sandboxed | cdesai wrote: | There is also a built-in Work Profile feature now, under | Settings -> System -> Multiple Users. | | It basically does the same thing under the hood. | Mikkel-T wrote: | There is an app store called Aurora Store that Calyx comes | preinstalled with. | https://f-droid.org/en/packages/com.aurora.store/ | grawprog wrote: | There's places like APK mirror or Aurora which will download | .apk's from the play store. | | The problem with degoogled phones isn't not accessing the | google play store, it's not having the confusingly named google | play services. | | https://en.m.wikipedia.org/wiki/Google_Play_Services | | A lot of apps rely on google play services. It mostly depends | on how much of google play services an app requires as to | whether it'll work on a degoogled phone or not. | calvinmorrison wrote: | I use f-droid for most of my standard apps (note-taking, | calendar, etc) - and since I am not using gmail, those suite of | apps are useless to me. I use firefox for my browser, and use | the client provided by my email provider. | | The worst thing is basically not having Google Maps because | while fdroid does work, it is not condusive to 'just looking | things up real quick'. It's more of a 90's GPS where you pull | over, take 5 minutes to look up what you want and navigate | there. | | The other issue I have is I don't get push notifications from | CalyxOS, and I don't know why. Messages are received, but my | phone won't show me unless i unlock the screen - and then I get | alll the notifications at once. If I don't interact with the | notification, it will do it again the next time I use my phone. | | otherwise it's been fine. I am using a google pixel 3. | commoner wrote: | > The worst thing is basically not having Google Maps because | while fdroid does work, it is not condusive to 'just looking | things up real quick'. | | If you're okay with a closed source navigation app, Magic | Earth strikes a balance between Google Maps and FOSS apps | such as Organic Maps. Magic Earth uses OpenStreetMap data but | layers its own address search on top of it to cover addresses | and landmarks that are not available on OSM. | | https://www.magicearth.com | | Google Maps does work on CalyxOS and so does its most fully- | featured proprietary competitor, HERE WeGo. But if you only | want to use free and open source software, I understand. | | > Messages are received, but my phone won't show me unless i | unlock the screen - and then I get alll the notifications at | once. | | Is your device configured to hide notifications when locked? | See "Control how notifications show on your lock screen": | | https://support.google.com/android/answer/9079661 | calvinmorrison wrote: | > Is your device configured to hide notifications when | locked? See "Control how notifications show on your lock | screen". | | Yeah it's a bug with push notifications I think. I don't | care - I think it's a great feature because if I don't hear | the buzz, I won't look until my brain decides to check my | phone, which can be a long time. | | I am looking to move towards a Punkt MP-02 for my next | device, but the fact that it's not an open source device | that I trust... I hesitate. | tn1 wrote: | There are sites like APKPure that mirror the Play store. That | particular site also has an app of their own that functions as | an app store, which will install from their catalog. | | Of course, you're just moving your trust from Google to this | other third party, it's up to you if you consider that wise. | 0x416c6578 wrote: | There are third-party clients for the Play Store (Aurora store | being a good example). Aurora store uses anonymous accounts to | download the APKs directly from Google. That being said, just | because you can install the application doesn't mean it will | actually work without Play Services installed. I've had quite a | bit of luck with random applications I've installed | (interestingly most Google apps like Gboard, Photos and GCam | work fine offline and without Play Services), however YMMV. | google234123 wrote: | That's a piracy site. | LanternLight83 wrote: | Nah, Aurora only works for snagging free apps from the play | store via a proxy account- you're thinking of another well- | known APK download site starting with an A, one which | allows users to create their own 'app stores' (ie. | repositories) and is rampant with piracy. I'm sure it comes | in handy for kids with more tech--savy-ness (enough to | avoid the malware!) than literal cents. | commoner wrote: | > you're thinking of another well-known APK download site | starting with an A | | Aptoide. I have seen pirated paid apps on Aptoide, but | any app marked as "verified" is not pirated (as in, it's | available free of charge elsewhere) and the app's | signature is checked with the app's signature on Google | Play. Everything in the main "apps" repository and some | apps in other repos are verified. | | Aptoide is useful for downloading older versions of | Android apps, especially when APKMirror doesn't have an | entry for the app. | | Fun fact: Aptoide is open source and F-Droid is actually | a fork of Aptoide. | | - GitHub: https://github.com/Aptoide/aptoide-client-v8 | | - Wikipedia: https://en.wikipedia.org/wiki/Aptoide | fragileone wrote: | Aurora Store is not a piracy site. It's a FOSS app that | gives you access to the official Google Play Store | directly. | rOOb85 wrote: | To add: | | Aurora store does NOT let you download paid apps. If you | have paid for a app, you can sign into that account in | aurora store and download the app you bought. However, | the paid app will most likely not work as most apps use a | SDK provided by google for verifying purchases in a app. | This SDK heavily relies on google play services. And | secondly, using a 3rd party store like aurora does | violate googles use agreement which means google could | ban your account if you sign into it from aurora. I would | highly advise to not use a google account you care about | with aurora. | mackrevinack wrote: | ive been trying that it the last while with an old phone where | i didn't bother logging into google when i reset it. i just use | tasker on my main phone to extract the apk for the current app | and save it into to my syncthing folder and sync it across that | way. but there are other apps that will let you extract the | apk's as well. | | so far only one or two have worked unfortunately but most do | spinax wrote: | One of the most popular ways is to use the F-Droid | repositories, which if you know a little Linux concepts it's | like plugging in another software repository to the same | package manager. (see f-droid.org) It can be confusing though | because F-Droid is both an app, _and_ the name of the primary | software repo which is pure FOSS software (no ads, no | trackers). | | The F-Droid _app_ supports adding more repositories (think like | apt /yum/dnf on Linux) easily, so you can source software from | anywhere which runs their own repository. One of the most | popular "other" repos is Izzy (apt.izzysoft.de/fdroid), and | there is an alternate project called "microG" which can allow | you to use Google Play store apps (microg.org/fdroid.html). | microG is how you will get your Google Play apps onto the | device, usually (there are other solutions besides microG out | there however). | | The CalyxOS install ROM includes F-Droid (app and repos) and | offers to install microG for you on your first boot (as well as | some other opt-in stuff). Calyx runs their own F-Droid repo | which is pre-added to the app so you get updates from them as | well (think the built-in apps most smartphones have). | alfiedotwtf wrote: | Just note that there's a tonne of apps on F-Droid that | haven't had updates in _years_ | commoner wrote: | That's true, but the date of the most recent release is | clearly shown, and it's easy to avoid the unmaintained | ones. Also, F-Droid most likely has newer alternatives for | the kind of app you're looking for. | jefftk wrote: | _> pure FOSS software (no ads, no trackers)_ | | Nit: something can be FOSS while having ads and/or tracking | (telemetry) | spinax wrote: | Nit rebuttal: I was referring to the F-Droid repository | which I thought was clear from context. These elements are | scanned for and apps called out (tagged) should they | contain something not-free, even connecting to network | services like Reddit or Twitter. The are referred to as | Anti-Features: https://f-droid.org/en/docs/Anti-Features/ | jefftk wrote: | Sorry! I understood you to be saying that the definition | of FOSS includes no ads or trackers, and I wanted to make | sure no one was misled by that. | | Additionally, as you say, the F-droid repository does | contain apps with those properties; they're labeled, not | excluded. | spinax wrote: | Trivia: by default (unless it has changed upstream), the | F-Droid app defaults to "Include anti-feature apps: Off" | in the Settings. The user must go in there and manually | opt-in to see all the anti-feature apps on the mobile | client. | fragileone wrote: | Use the Aurora Store app (you can keep this updated via the | F-Droid app), it's a client for the Google Play Store so it'll | allow you to update those apps through it. | dopu wrote: | It used to be that iOS was the recommended phone OS if you were | looking for the best combination of privacy and security. Even | Daniel Micay (the lead developer of GrapheneOS) thought so, 2 | years ago [0]. But these ROMs are looking much more mature these | days. Anyone have thoughts on how CalyxOS and GrapheneOS compare | to iOS in the present day? | | [0]: | https://www.reddit.com/r/GrapheneOS/comments/bddq5u/os_secur... | fitblipper wrote: | The thing which always makes me hesitant about these projects is | that they don't receive frequent security audits and not having | an expensive brand behind them makes them more at risk to being | willing to trash their name at the cost of my privacy and | security. I consider these to be a fairly critical part of any | project which claims superior privacy and security. | | I think about it this way: Should I trust | | A. The company which has thousands of developers working on it | and wants to avoid their brand being dirtied by failures in | security and privacy. | | B. The small group of people who have formed an organization | which may or may not be another Anom like FBI controlled | software. | | Don't get me wrong, I absolutely want to pick B, but I consider | it much more risky since there are a lot more unknowns around | that. At least with A I know what I'm getting (basically a free | flow of my info to whichever government asks for it, but cross my | fingers they don't ask for it or that A doesn't want too broad of | a breach of trust). | minsc__and__boo wrote: | There was a time I would have gone with B), but I've been | burned by too many "companies" with almost nothing to lose | suddenly becoming malware or some other exploitive. | | This new wave of privacy branding, without 3P verification, | open sourcing, or even means of recourse seems to be the new | frontier for these used car salesman "trust me, it's private" | pitches. | corebuffer wrote: | IMO the free software group at least is auditable. | | I wish Replicant was able to catch up. Having blobs at the | baseband is awful, but having the baseband accessing all RAM is | just game over for privacy. There isn't what to trust in that | setting. | zozbot234 wrote: | This is why I see projects like postmarketOS, Mobian and Debian | Mobile as having a lot more potential. Let's be clear about | this, these projects are _not_ practically usable right now in | a "daily driver" sense, even compared to a simple AOSP-based | custom ROM. But they have the right goal in place - sharing a | _single_ , unified code base across our mainstream and mobile | OS's. | [deleted] | mycall wrote: | Google has thousands of Android developers? Interesting. | bubblethink wrote: | Man, stuff like this is so depressing to read. Like this is | supposed to be a forum for showcasing new tech, projects, etc. | What's the point of having this if people in the industry are | going to say, "I don't like it because it's not backed by a | trillion dollar company". What will change ? | Kaytaro wrote: | OP didn't say he doesn't like it, just pointing out the | reality. But yes, the reality is depressing. | [deleted] | fragmede wrote: | In offering only two choices, when the reality is far more | complex than that, GP sets the tone for the rest of the | discussion. There are more options, and a far deeper lake | of information to use for drawing conclusions, so the | simplification is also insulting, on top of being | depressing. | nerbert wrote: | OP is just saying that audits would be nice, which is | true. | VortexDream wrote: | If you have other options or other things that should be | considered, then add them. As it is, you seem to be | dismissing his absolutely valid concerns without any | reason as to why you think they're invalid. I have the | same concerns as he does and it's the same reason I don't | use custom ROMs. I have no way to know how security | conscious the developers actually are. | taf2 wrote: | Simple answer to a drepressing reality is to say "fuck it". | Build it anyway. If you build it they will come. When | Amazon was getting started selling books online - barnes | and noble was pretty scary big who would trust paying for | something like a book online?? The reality of software is | the playing field is always up for grabs. Googles still a | great company but how many great engineers are still there? | Lot of them have left- still many remain . End rant | ajklsdhfniuwehf wrote: | all those phones need closed source binary blob drives to | even power on. | | that's why each project is focused on a single device at a | time. | | THis is all toxic to open source! | | The only wining move is NOT to play. If you go out of your | way to buy the phone that some unkwown party managed to hack | the binary blob(s) out of the official image into the custom | one, you are losing because the quality will be worse than | the closed source offering, always. From actual security to | usability. And it will be driving engagement away from actual | solutions to the problem (such as pine phone etc, which are | also lagging, but are not as this egregiously bad) | oh_sigh wrote: | Many people run their entire lives off of their phones. Being | concerned about security is prudent, not depressing. | VoodooJuJu wrote: | >Many people run their entire lives off of their phones | | This is the real problem, not the lack of security audits. | posguy wrote: | How far off of AOSP is CalyxOS though? Given that most | Android users are running unaudited carrier & OEM modified | ROMs that rarely see updates, a ROM that is very close to | upstream AOSP is apt to be much more secure. | | Nevermind that many of the apps that Google ships as part | of Google Play are not receiving security audits outside of | Google, Google is not committing to regularly audit their | apps or publish the results, and these apps function as | black boxes on your phone, with privileges that most other | apps do not have. | chrisco255 wrote: | Open source software has a better security track record | than closed source software run by billion dollar corps. | OJFord wrote: | That's not really the point though is it? It's more like 'I | do like it.. is it sensible to use it?' At least, that's how | I read it, and how I feel about such things. | | I'd very much like my next phone to run Linux (i.e. be a | Pinephone) though. | thinkloop wrote: | > I'd very much like my next phone to run Linux | | Why? Android is already free and open source and Linux | doesn't have good answers for the proprietary goodies | zozbot234 wrote: | > Linux doesn't have good answers for the proprietary | goodies | | It doesn't need to. The feasible short-term target is | feature parity with de-googled AOSP roms, which would | still make it plenty useful in a "daily driver" scenario. | OJFord wrote: | I like the level of control and ease of reproducible | setup that I have on my desktop, and find my (Android) | phone frustrating to use in part because it lacks it. | | It's not without trying either, I've worked on and off on | a terraform provider for Android - currently apps only | but with some vague intention to try to manage as much of | settings as possible (not much, AIUI). It's just not | meant to be used like that though, of course, and I wish | Linux was a viable enough option that, at least among | nerds already using Linux for work if nothing else, it | didn't need to be justified for use on phones. | shadowgovt wrote: | I got a Pinephone. | | I like the idea, but it's a deeply frustrating experience | right now. Basic table-stakes features I have come to | assume from both Android and iOS platforms just aren't | there yet. | | It's a frustrating chicken egg problem... I want the thing | to succeed, but my smartphone is so critical to my day-to- | day that I can either wait for it to get better or invest | the time into having it suck on toast while I improve it. | zozbot234 wrote: | Yup, the PinePhone is still being worked on and quite far | from being usable as a daily driver. To be fair, the | Pine64 folks are also very clear about this. | OJFord wrote: | Oh I get that, hence 'would very much like my next to be' | vs. rushing 'out' to buy one. | | I'd also have to figure out some more specifically | personal stuff like alternatives or Matrix bridges for | apps I 'need to' use to communicate with certain people. | atatatat wrote: | Disagree. | | The reputation of Nick Calyx (worth a look his Wikipedia page), | or GrapheneOS team, etc, is so much easier lost than that of, | say, Google's Android team.....or iOS security team. | | Having said that: Calyx shouldn't be considered much more | secure than Android Open Source Project (AOSP). That's where | GrapheneOS shines. | | Calyx should, however, be considered more private than AOSP, | less dodgy & exploitable than Samsung etc Android | "enhancements", aka UI/UX bloatware. | nextos wrote: | How does CalyxOS compare to GrapheneOS? | GekkePrutser wrote: | Calyx has more focus on functionality and privacy rather | than security. On Graphene, security is always priority #1. | | For example: Calyx provides MicroG. This means you can talk | to Google Play services, though in a better, more privacy- | conscious way. MicroG is an open implentation of Google | Play Services. | | However, MicroG requires signature spoofing: You need to | install a fake Google certificate so that it can trick | official apps into thinking they're talking to Google Play | Services directly. This could technically be abused, though | Calyx takes lots of precautions to prevent that. GrapheneOS | with their security-first approach don't deem this worth | the risk. So with apps requiring play services you don't | get push messages and network-based location checks, among | others. | | So, do you want an allround phone to use everyday (and use | things like Uber, Facebook, etc) but more private and | secure than AOSP, take Calyx. Do you want security over | everything and are willing to compromise a bit on | functionality and app compatibility (some apps will refuse | to run without google play), pick Graphene. | | Either way you'll need a Google Pixel by the way. | cdesai wrote: | The microG creator goes into more detail about signature | spoofing at https://github.com/microg/GmsCore/issues/1467 | #issuecomment-8... | | The concerns usually raised against that are due to the | "default" patch included in their repository, which has a | specific purpose. | | We don't use that, https://calyxos.org/about/tech/microg/ | are the precautions we take to try and prevent abuse. | | I made it a privileged permission because that's a | standard Android thing to gate things (such as reading of | IMEI) - My thought process being that if you somehow | managed to get around privileged permissions, we have | much bigger problems than signature spoofing. | GekkePrutser wrote: | Yeah I agree, it's a good compromise and I definitely use | MicroG despite that (though not on Calyx but Lineage for | MicroG, as I don't have a Pixel phone). I think the Calyx | precautions are more than adequate. And better than | Lineage's. | | I just wanted to highlight the difference in focus, | GrapheneOS will always pick the security side when a | compromise needs to be made. Another example is the "We | don't lie about security features" stance about | SafetyNet. Even though a GrapheneOS phone is arguably | more secure than a random manufacturer-modified Android | rom. I agree that signature spoofing has an unnecessarily | bad name. Probably because some mainstream roms like | Lineage eschewing it. Personally I think it's a great | tradeoff between privacy and functionality. | throwaway888abc wrote: | > you don't get push messages and network-based location | checks, among others. | | This should be advertised as major feature. | kelnos wrote: | This is the trade off that I hate having to make, and I'm | glad to see something like Calyx here. | | I want a phone that respects my privacy and is secure, | but I also want to use apps like Google Photos (my | favorite app that I use more than anything, aside from | Firefox), Lyft, Netflix, Slack, banking apps, airline | apps, and, critically, Google Pay. | | I get that using many of those apps might increase my | exposure to tracking and privacy leaks, but I just want | an OS behind them that I know I can trust in isolation, | and that may have measures in place that at least try to | mitigate some of the worst privacy abuses from the apps. | (And if it can't always succeed at that, that's fine, | I'll live.) | | Meanwhile, my only real choices are stock Android, which | I know I can't trust to protect my privacy (since | Google's business model depends on that), and iOS, which | will treat me like a child and not let me do what I want | with my phone unless Apple approves. (I'm also really | concerned about the privacy implications of Apple's plan | to do client-side scanning for CSAM material, assuming | that's true.) | | So I just don't feel like there's anything out there | right now that will let me run the apps I want, that is | built in top of an OS that I feel I can trust. Calyx | seems to be one of the few I've seen that looks like | they're actually trying to be that. | GekkePrutser wrote: | I agree, this is my stance as well,. Though I don't think | Calyx tries to limit tracking on installed apps. I would | recommend using something like TrackerControl to limit | those. | ignoramous wrote: | TrackerControl doesn't encrypt your DNS queries, though. | You'd need to proxy DNS requests to another app like | http://github.com/ch4t4r/Nebulo which supports DoT / DoH3 | / DoH for that. | | (disclosure: I co-develop a FOSS TrackerControl | alternative) | dyndos wrote: | Note that the GrapheneOS developer has indicated they are | working on getting the Google Play Services apps to run | sandboxed like normal apps, without extensive system | permissions. This could be quite promising. | commoner wrote: | This is very interesting. Do you have a link to the post | or discussion? | dyndos wrote: | Should have included this from the get go :) | https://twitter.com/GrapheneOS/status/1422117365957922818 | commoner wrote: | Thank you! | GekkePrutser wrote: | Yeah GrapheneOS is security over privacy, Calyx is privacy | over security (and has a bit more mainstream appeal with | MicroG, supporting push messaging and location services etc). | | GrapheneOS has also pioneered a lot of security measures, a | lot of which have been added to Android proper (if you see | their feature log, a lot of it says "removed because it was | introduced in Android"). I wonder if that wouldn't have been | the case without them pioneering it. | | Finally, the big guys make a lot of mistakes too. Remember | the time when you could sudo on macOS with a blank password | :) Or that other time when they showed your _actual password_ | instead of the password hint. AFAIK, Graphene and Calyx have | never made any mistakes even close to that severity. | ineedasername wrote: | _Remember the time when you could sudo on macOS with a | blank password :)_ | | Apple paid out a lot of free sandwiches on that one [0] | Internationalization on that command was a mess though. | Defaults were based on OS settings and the flags to | override were based on a combination of country & postal | code rather than the localized name of the ingredient. | | So, if I didn't want the default of an American cheese | sandwich on white bread with mayo, I had to research each | bread, meats, and cheese lineage to get, for example, | provolone using the switches _-c IT -r 26100_. It got worse | if you wanted multiple cheese types. | | In the end I just aliased a bunch of options. My favorite | was meatloaf w/ swiss cheese... I have no idea where Apple | sources their meatloaf for the US region, but I haven't had | anything like it since. The cafeteria staff at Apple HQ | have stopped taking my calls. | | [0] https://xkcd.com/149/ | Koshkin wrote: | Don't privacy and security go hand in hand? | aryamaan wrote: | They don't go hand in hand in real life. Can imagine that | happening in digital world too. | valiant-comma wrote: | Another way of looking at it: | | Privacy is what about you're trying to protect, security | is about how you are protecting it. | natpalmer1776 wrote: | I think the distinction is such that with a private (but | not secure) application, the only person getting my data | is a malicious actor. | | With a secure (but not private) application, the only | person getting my data is the owner of the code & anyone | _they_ are willing to share it with (Governments, Ad- | tech, etc.) | | So if your hard requirement is 'nobody can know anything | about what I do with this software' you are correct. | However in-practice, security requirements often exist | somewhere between the above two scenarios. | grifball wrote: | Yeah. Mostly, the difference is whether you're protecting | against big tech or smaller hackers. | | The only other difference is that computer _security_ | also protects your computer as a resource say against | mining trojans. | Saris wrote: | I see it as: | | Private = not sending data out of my device unless I want | it to. | | Secure = resistant to someone trying to get into my | device. | | They do overlap a bit, to be private a device needs some | base level of security. But a device can be very secure | and still not be private as it's sending data out for | analytics, tracking, etc. | corty wrote: | No. First, there are security measures that wreck | privacy, e.g. sending all your data to some company's | servers for virus scanning. Routing all your traffic | through some filtering VPN provider. That kind of stuff. | There are privacy measures that wreck security, e.g. not | using personalized user accounts for certain things. | | Security is also mostly up to definition, a secure | computer system is a system that only does what it is | defined to do. What this definition entails is up to the | vendor, which isn't necessarily the same definition a | user might want for security or privacy. | | But generally, there is a large overlap between privacy | and security. | chme wrote: | > No. First, there are security measures that wreck | privacy, e.g. sending all your data to some company's | servers for virus scanning. Routing all your traffic | through some filtering VPN provider. That kind of stuff. | There are privacy measures that wreck security, e.g. not | using personalized user accounts for certain things. | | Aren't those examples more examples of bad security by | introducing single points of failure? | corty wrote: | Maybe, but there are more examples along those lines that | don't introduce single points of failure. | | E.g. very all-encompassing logging is generally good for | security, and if the logs are stored in a secure fashion, | there is also no security problem created. However, | privacy suffers because one might log things one | shouldn't log. | | In the other direction, file and traffic encryption is | good for privacy, and the less "permeable" you make it, | i.e. the less readable for admins, system task, scanners, | the better for privacy. However, for security, encrypting | just for the user's eyes is a huge problem, because you | cannot do malware scanning, you cannot do exfiltration | prevention. Having users bring their own device into a | work network is good for privacy, because those devices | don't have central admin access, but bad for security, | because same reason. | vngzs wrote: | GrapheneOS, lacking MicroG in the default install, is | therefore more private than CalyxOS. Keeping Google out of | the loop entirely is necessary for true privacy. | cdesai wrote: | On CalyxOS you do get an option to disable microG when | setting it up for the first time, see | https://calyxos.org/features/microg/#1-microg-disabled | | microG being disabled but present is still enough for | some apps to work, which makes sense given that you can | disable Google Play Services on the stock OS. | LukeShu wrote: | _> Nick Calyx (worth a look his Wikipedia page)_ | | For those struggling to do this: "Nicholas Merrill" is the | name you'll need to look up on Wikipedia. | sildur wrote: | B, of course. The FBI may or may not control that specific | group of people. But you can bet it controls that company with | thousands of developers. | cdesai wrote: | A. While it is hard to say something about A having thousands | of developers (just having more eyes on everything they're | doing), it's not infallible, nor does it strictly mean they | want to 'avoid their brand being dirtied' | | B. CalyxOS is a project of the non-profit Calyx Institute, | founded by https://en.wikipedia.org/wiki/Nicholas_Merrill | securitypunk wrote: | Anyone who has managed a product security program will tell you | that's it's impossible for small groups to keep up with the | complexity and attack surface of products like android. | | From a consumer perspective, going with A and trusting the | company is by far the safest option. | scns wrote: | Sorry to be a pedantic but: Two People created CopperheadOS, | one of them now works on GrapheneOS. The security mitigations | developed for those were incorporated upstream into Android, | decreasing the attack surface. | runawaybottle wrote: | I can appreciate that but option A actors are now in full | dictator mode with respect to how they are willing to breach | privacy and monetize their users. | | How did Linux keep up with security updates? | vngzs wrote: | You have an army of volunteers backporting patches, in the | case of Debian. It's been done, but it takes a certain | amount of support. | trulyme wrote: | Meh. Given the option of a secure but adversarial OS and less | secure but open one, I will always pick the latter. Then at | least there is a fighting chance my data stays mine. | peakaboo wrote: | That attitude will lead to you being a slave for Apple or | Microsoft or Google for your entire life. They won't change | their ways. You won't have privacy there. | codegladiator wrote: | > The thing which always makes me hesitant about these projects | is that they don't receive frequent security audits and not | having an expensive brand behind them makes them more at risk | | Why are you looking for alternatives ? or are you even | bbarnett wrote: | To be fair, Samsung is a bloated hell of their own spyware, | with endless phone homes for the keyboard, and all their apps. | | Google endlessly spies on everyone. | | I really don't think anyone could be worse, than a big corp. | scrps wrote: | I trust people with money as their motive about as much as I'd | trust a serious alcoholic to hold on to a bottle of booze for | me without taking a sip. Might not be a popular opinion but it | is my 2 cents to spend. | | Could a someone at an open source project slip in an obfuscated | backdoor in some esoteric area of the OS? Of course. But the | risks of being found out are so much higher, after the fact | that all changes at an open source project are logged, diffed, | and public (normally), even if only 10% of the userbase looks | at the code, runs packet capture or an SSL bump on the network | traffic, etc, that is 10% more than for products by Microsoft, | Apple, Google, and unlike an insider with access who discovers | something highly questionable at a massively powerful | corporation, an open source project has almost no leverage to | compel them to keep their mouth shut, meanwhile the risk for | developers of an open source project that does something like | that (even if they aren't in the know) is total loss of trust, | forever. | | Couple all of that with targeting a highly technical audience | (drug kingpins looking for secure comms are more c-suite than | engineers, they are still caught up on a good sales pitch more | than hard technical details e.g. Anom ) and you'd be fairly | stupid to try to pull the wool over their eyes and expect it to | not eventually get discovered. | shadowgovt wrote: | The alcoholic will definitely take a sip. | | ... But they are also heavily incentivized to know where your | booze is, care for your booze, and make sure it doesn't get | stolen or poisoned. Because if something happens to you, | where are they going to get the sip? | heavyset_go wrote: | > _... But they are also heavily incentivized to know where | your booze is, care for your booze, and make sure it doesn | 't get stolen or poisoned. Because if something happens to | you, where are they going to get the sip?_ | | Where else are customers going to go? All phones in stores | right now run OSes from either Apple or Google. Both | companies can forsake their customers' trust and people | will still buy phones that run their software. | | That incentive doesn't really exist in a market that's | ruled by a two company mobile operating system cartel. | ezconnect wrote: | This is definitely better than google spyware as a phone. No | built in exploit. | vngzs wrote: | I know people who made it to the final rounds of interviews at | Calyx. They are the real deal. I don't think much of anything | could get them to compromise their values about privacy [0]. | | Might they miss something because they're a smaller team? Yeah, | maybe. Will they sell out? I don't think so. | | [0]: | https://en.wikipedia.org/wiki/American_Civil_Liberties_Union... | botwriter wrote: | People always say this until CP is put on their computer by | an intelligence agency and they don't want to go to prison as | a child abuser... Who's going to believe a pedo anyway... | pl0x wrote: | There should be a third party independent group to conduct | audits. That might solve this. | heavyset_go wrote: | > _Should I trust: A. The company which has thousands of | developers working on it and wants to avoid their brand being | dirtied by failures in security and privacy._ | | If you're hoping market forces would keep companies competitive | and secure, well, people don't have much of a choice when it | comes to mobile operating systems. Free market dynamics that | should correct this problem don't really come into play when a | two company cartel has 99.7% of the mobile operating system | market nearly split in half between them. | yosito wrote: | I don't use Calyx to protect myself from state surveillance. I | assume state actors can easily access anything and everything I | do on internet connected devices. I use Calyx to protect myself | from Google collecting data on me, profiling me, and turning me | into a sheep on their attention economy farm. | scns wrote: | May i suggest to you to check out what the (strange name i | know) /e/ foundation is doing? Not a trillion dollar company by | any means but still worth taking a look at IMHO. Builds on | LineageOs MicroG, Google free. You can even buy phones from | them with the OS preinstalled, Fairphones, refurbished older | Samsung Galaxy S and a GigaSet are offered. A good site (once | Show HN) to find phones supported by this and other ROMs is | https://sustaphones.com | dheera wrote: | > B. The small group of people who have formed an organization | which may or may not be another Anom like FBI controlled | software. | | Um, this project is 100% open source, unlike Google's flavor of | Android. If there are backdoors to the FBI they will be exposed | in due time. | | https://gitlab.com/CalyxOS | | That said I'd love to understand how it compares to LineageOS. | tkzed49 wrote: | I just don't buy this take. There's so much code; how can you | be certain it will face sufficient scrutiny just by virtue of | being available? | enriquto wrote: | you cannot be certain, but at least the code has the chance | to be publicly scrutinized. This is not the case at all | with google binaries, so you have a net, objective gain. | atatatat wrote: | This is a valid criticism. | | Upstream being AOSP helps a lot. | atatatat wrote: | Well, Calyx keeps the basic security model of Android intact | (verified boot), unlike Lineage. | zozbot234 wrote: | Custom verified boot needs to be supported in hardware. But | with most devices, you can use "fastboot boot" from an | external device to start from an image that you trust. | cdesai wrote: | Note: You can only do this when the bootloader is | unlocked. | | When it's locked (which is the entire point of custom | verified boot), this is not allowed. | GekkePrutser wrote: | Indeed, but in return it only supports pixel phones, sadly | (considering they're not great value for money for custom | rom purposes, and most of their added value is lost when | running a custom rom) | mdp2021 wrote: | > most of their added value is lost when running a custom | rom | | Could you please explain? | GekkePrutser wrote: | Well, Google packages the pixel phones with their latest | OS updates and pixel specific features like Gcam. By | running a custom ROM you lose those. Its cameras mainly | perform so well because of the big AI farms at Google. | cdesai wrote: | Google Camera works just fine, entirely offline as well. | | You do miss out on some other pixel-specific features | (Hold for Me for example), but camera quality should be | unaffected. | [deleted] | ranguna wrote: | How risky is it if I install this on a device that is not on the | supported list? | dangfang wrote: | Since Microsoft now supports Android apps, you can expect | ungoogled android to become more popular since more apps would be | written which dont need play store | Popegaf wrote: | I hope so, but at the same time, which app developer is going | to target compatibility with the windows desktop when writing | an app? | | Also, how will/do apps that depend on Google Services work (or | not)? Is there some shim or something? | wingmanjd wrote: | Doesn't the Microsoft Android support require an Amazon | account, though? | theunspoken wrote: | yes and no. first of all: which services does Amazon provide | that would make an app dependent on them in the same way it | might be on Google services? does Amazon have its own system | for push notifications? for weather data? for syncing | contacts? secondly: it has been confirmed that Android apps | will be able to be sideloaded. a Microsoft employee tweeted | about it but I can't really find the post right now | jszymborski wrote: | So, what's the current experience like on Android w/o Play | services? | | I know at some point it was quite bad but that there were some | up-and-coming solutions. | Popegaf wrote: | Some apps (especially banking and governmental apps) refuse to | start at all. With microG (https://microg.org/) you can run a | wide range of apps though. It's quite bearable, especially if | you aren't an app junkie that downloads every app promising a | discount on that new store you're purchasing from. | fragileone wrote: | microG as a semi-Play Services experience is fine, the only | issue I have is that most network-based geolocation backends | tend to be hit or miss. I usually have to enable the Apple | location service if I need a fast geolocation. | amelius wrote: | Can you run banking apps on this without problems? | | And can Google block any apps that run on this Android clone? | hentrep wrote: | Others have mentioned GrapheneOS as an alternative. Recent | Graphene builds include sandboxed Google Play compatibility | layers [0] | | [0] https://grapheneos.org/usage#sandboxed-play-services | throwawaycuriou wrote: | It's not clear from what I have read anywhere on the site if | installing CalyxOS is reversible. If you want to get back to | Android can you? | cdesai wrote: | You can easily go back to stock Android, | http://calyxos.org/get/back-to-stock | throwawaycuriou wrote: | Are there any other repercussions one should consider before | giving this a try? Would software that uses DRM such as | Netflix be affected? | mark_l_watson wrote: | It is asking a lot, but this would be nice: if the developer | organizations behind CalyxOS and GrapheneOS could sell new phones | with software installed, sort of like System 76 for Linux | laptops. | abawany wrote: | I believe CalyxOS sells a Pixel 4a preloaded with membership | (https://calyxinstitute.org/membership/calyxos). | mark_l_watson wrote: | Thanks for that. | cdesai wrote: | Lead Developer here, AMA? | luca020400 wrote: | Director/Head Developer @ LinaegeOs here. | | Hi, sharing codebase when? :P | cdesai wrote: | We're already sharing developers, even one of the directors | :P | | Only question is: who forks what. | luca020400 wrote: | Guess I'll play a bit more on CalyxOS then. Feel free to | hire me I guess. | | We are the base of course. | fragileone wrote: | 1) What would you say are your unique differences from | LineageOS and GrapheneOS? | | 2) What big goals/projects are planned for the future? | | 3) Where do you see Android as a platform in 5 or 10 years? Any | predictions or notable obstacles? | | 4) What do you think of mobile Linux distributions? | cdesai wrote: | > 1) What would you say are your unique differences from | LineageOS and GrapheneOS? | | We do borrow a lot of code from other projects and try to | send any fixes / improvements back to them. | | We try to provide an OS designed to ensure maximum usability | and flexibility, so that you have an array of choices | available to ensure your privacy and security. | | For example, I really like the way we have microG available - | https://calyxos.org/features/microg/ | | You can choose to disable it (which still has benefits), keep | it enabled, or even login a Google Account. There's even a | fourth option where you have it enabled but without the | notifications / communication with Google servers, where it's | still useful for some app compatibility, and things like | location providers and exposure notifications. | | > 2) What big goals/projects are planned for the future? | | Our biggest goal has always been expanding the reach of the | project. We want to support cheaper phones which are widely | available in the world. | | We also have a bunch of features in the works or planned for | the future - Panic trigger improvements, built in ad/tracker | block (without losing the ability to use a VPN), and more. | Most of it is documented as | https://gitlab.com/groups/CalyxOS/-/epics | | > 3) Where do you see Android as a platform in 5 or 10 years? | Any predictions or notable obstacles? | | We will be at S now, which means we'll be at Z in 7 years. | What happens then? | | Kidding aside, I'm always excited by watching the changes | Google is doing (some of it is done in the open, through AOSP | at https://android-review.googlesource.com/ - you see lots of | Rust here nowadays, I need to learn that) | | Fuchsia is also going to be interesting, they must have | something planned. | | > 4) What do you think of mobile Linux distributions? | | I have massive respect for them given the work they're doing. | I always see at it this way - we're working on Android, and | especially on the Pixels - all the hardware is there working | for us, so we can focus our efforts on improvements in other | areas. | | Linux on mobile has to spend a lot of time catching up to | just the basics (getting phone calls working for example). | | There are pros and cons to both, it entirely depends on your | use case to see what fits. | seaghost wrote: | Nice, but still very Google dependant for security and OS | updates. | Koshkin wrote: | Which, looks like, defeats the whole purpose. (It's almost like | if ReactOS or WINE allowed Microsoft Windows updates.) | cdesai wrote: | I'd argue that it's more akin to Ubuntu relying on Debian for | updates, or Microsoft's Edge / Brave Browser / one of the | many other forks relying on Google for Chromium / Blink | updates. | | The one distinction is in addition to the open source code | comparison here, we also use some proprietary bits from their | updates, which are needed to get the phone booting and basic | hardware working. | vbsteven wrote: | I'm thinking about buying a degoogled Android phone to replace my | iPhone. The main things I want are: | | * Spotify needs to work over Bluetooth in my car | | * WhatsApp needs to work (preferably with push notifications) | | * I need the Fitbit app to work so my watch can show push | notifications from my personal apps | | * a network-based location provider to be consumed by my personal | apps (I'm working on a personal data and automation suite that | relies on frequent smartphone location updates) | | Is this something that can be done with CalyxOS on a Pixel? Can | other Android flavours like GrapheneOS or LineageOS do this? | | And aside from Android, how far along are other "mobile linux" | smartphones for use as a daily driver with regards to the above | points? | brundolf wrote: | > Can other Android flavours like GrapheneOS or LineageOS do | this? | | There's a separate question you're missing: what your Google | Services situation is | | Distros like Lineage come without Google Services; if you want | them, you install them yourself | | "gapps" is the official one. It's straight Google everything. | Lineage OS + gapps will give you a very clean and nice Android | experience if you don't care about Google collecting your data. | | If you _do_ care about that, you have two options: | | 1) go without Services entirely (most apps will have problems; | if you're lucky they just won't send push notifications or be | able to use your location, if you're unlucky they will be flat | out broken or crash) | | 2) use microG, which is an unofficial non-Google replacement | masquerading to the rest of the system as Google Services. I've | heard mixed things about how well it works, but that appears to | be what CalyxOS comes with. You can install it on Lineage, but | I don't know what extra hoops may have to be jumped through. | Note that it's also walking a fine line with Google and I could | see them intentionally breaking it at any time down the road. | Depend on it at your own risk. | | I care about privacy and I would not buy a degoogled Android | phone today. I switched to iPhone a few years ago after | roughing it without Google Services for a year and a half. It | was fairly awful. | | I once had to return some headphones because the app that went | with them simply wouldn't work. | | I had to use a combination of the Google Maps web app and | OSMAnd (which was just atrocious) for navigation, which | basically meant I didn't really have navigation. | | Slack wouldn't send me push notifications. | | I couldn't use my banking app. | | Even Signal struggled to run in the background/send me | notifications. | | It was basically back to the iPhone 1 days where your phone | could text, call, web browse, take pictures and play (local) | music. Though even the iPhone 1 had a functioning Maps app. | wintermutestwin wrote: | X >will give you a very clean and nice Android experience if | you don't care about Google collecting your data. | | I must be confused here, but isn't the whole point of | installing any OS besides Android on an Android device | preventing google from collecting your data? Why else would | anyone deal with a non-standard OS? | brundolf wrote: | The above are all distros of Android | | The other reasons to use a non-stock version of Android | are: | | - Much longer updates lifetime than you get from the OEM | | - Removal of OEM bloat | | - Addition of features that are actually good | nobodywasishere wrote: | Currently been using LineageOS for three years now, latter | half without GApps/Play services. | | Google maps (from Aurora store) works perfectly fine on my | phone without it. | | Telegram notifications work perfectly fine. | | My banking app works fine. | | Apple Music and Jellyfin work great. | | I use nextcloud for contacts/calendar/cloud/photo management. | alfiedotwtf wrote: | Not sure why nobody was is here's comment is greyed, but yep | I'm in the same boat - LineageOS works fine and am using | Spotify and Audible without any issues. There are some apps | that haven't worked, buy I'm fine with that. | WorldPeas wrote: | heres what i do and it works great: use the regular google | build of android BUT on a fresh install, disable all google | apps sans chrome, use it to install fdroid, then uninstall | that, from there use TrackerControl to prevent google and | others from phoning home, use the aurora store for apps, use | organicmaps for maps, signal for sms florisboard for keyboard, | etc. you'll have a google-free experience which you can exit | for 10 minute periods using the button on the trackercontrol | dialog, and things like google pay and notifications will still | perform quite well. I've been using this for a year and loving | it | kemenaran wrote: | Interesting setup. | | Do you have any resources about how efficient TrackerControl | is at preventing Google to collect data from the phone | various system services? | nonplus wrote: | I would also like to hear more on this, a quick look at | TrackerControl's readme tells me it mainly functions as a | blocklist. Which (I would think) the moment you turn off | tracker control to use google maps (or whatever play | services app you wanted to use for a moment), said app will | send a flood of queued location data that it has been | collecting in the background if allowed. | | I suppose that setup could work if the user is disciplined | about not letting apps that use play services run at all | when not in active use, but at that point I don't see the | advantage to using tracker control at all. | Aachen wrote: | > the moment you turn off tracker control to use google | maps... | | No, it works per app. I'm also a TC user, it's quite | great. Per app you tell it whether it should allow | talking to various motherships. You can toggle on broad | categories (for a given app) or also more fine-grained. | It also logs which services applications tried to | contact, so I can see that Spotify that I pay for is | trying to send god knows what to Facebook (and that TC | blocks it). | | It takes a bit of setup because a ton of apps talk to a | ton of centralized services (Aurora store and Newpipe | obviously need to talk to Google, for example), but after | that I'm a lot less bothered by apps including the | Facebook sdk or something because it'll be stopped | anyhow. | | I'm waiting for the day that apps/websites stop telling | your phone/browser to rat on you and they start doing it | server-side. Lot less gdpr trouble because nobody can | check what you're doing and goodbye blocklists. But so | far it seems things don't yet work that way. | corty wrote: | I don't know about Fitbit stuff, but LineageOS can do | everything else you named. Have been using it for years. | | I guess other alternative Android distributions shouldn't be | too different there. | hadrien01 wrote: | For you first two questions: Spotify will work with Bluetooth, | and WhatsApp will have eventual notifications (real-time if the | app was recently opened, up to seven hours later otherwise, at | least on my device) | prox wrote: | If you degoogle yourself but then hook into FB whatsapp, | isn't that just defeating a bit of the point? | Aachen wrote: | Perfect is the enemy of good. | cdesai wrote: | We're very close to getting the notification issues fixed. | | We've sent some patches to microG to address them at | https://github.com/microg/GmsCore/pull/1483 | | I'm running it on my device since a few weeks now and it has | been quite reliable so far. | hadrien01 wrote: | I don't use microG, the delay is WhatsApp waking itself up | _1 wrote: | > * I need the Fitbit app to work so my watch can show push | notifications from my personal apps | | It's going to hard to degoogle your phone and stay attached to | your Fitbit. | vbsteven wrote: | Is there a specific reason for this? Does the Fitbit app rely | on Play Services? | | I don't care too much for on wrist calls or anything like | that. I just want to use the Fitbit app to sync stats and | mostly display notifications from WhatsApp and my personal | apps. | _1 wrote: | I don't know how the app works under the hood, but Google | owns Fitbit | vbsteven wrote: | I should have know that. Now I understand what you meant | in your first comment. | | As long as the app doesn't rely on Play Services it | shouldn't be a problem. By "degoogled" phone I mostly | mean taking Google out of the critical (privileged) path | in the OS for software and app updates. | cdesai wrote: | I can confirm that, | | * Spotify over Blueooth in a car works. | | * WhatsApp works, with notifications | | * I'm not sure about FitBit, per | https://plexus.techlore.tech/applications/fitbit it might not | but things may have changed. | | * We include some providers by default and you can install more | from F-Droid. | vbsteven wrote: | Thank you, that sounds very promising. | | Is there a specific device you would recommend for long-term | CalyxOS support? | cdesai wrote: | The newest Pixels are the best given that's what Google | will support the longest, and with every Pixel generation | they make a lot of improvements. | | https://calyxos.org/about/faq/device-support/#update- | timefra... | | Pixel 6 is right around the corner, however it'll take a | few months for us to get it all going (getting the phone, | porting Android 12, making changes for Pixel 6) | grey_earthling wrote: | From https://calyxos.org/about/: | | > In social science, agency is defined as: the capacity of | individuals to act independently and to make their own free | choices. | | > built-in integration for Signal and WhatsApp calls | | Signal and WhatsApp are both fully centralised, tied to a single | organisation each -- they are antithetical to agency. | | Why not use open protocols like DeltaChat, Matrix or XMPP | instead? | | > built-in free "Virtual Private Network" services from trusted | organizations protect you from being spied on | | Trusted by whom? | barbazoo wrote: | > Why not use open protocols like DeltaChat, Matrix or XMPP | instead? | | I can give you an answer for Matrix and it's usability. It's | difficult to onboard users, at least it was ~a year ago. I | wouldn't want to expose my non-tech friends to that. | cdesai wrote: | The integration is done in the Dialer, and the choices are | shown when you make a phone call to a number. | | Signal and WhatsApp are choices there since they use phone | numbers. How do you make a matrix call to a phone number? :) | cdesai wrote: | The VPN is one of the Digital Services we offer, completely | free. | | https://calyxinstitute.org/projects/digital-services/vpn | | We also include RiseupVPN, and Orbot (which is Tor as a VPN) | spinax wrote: | > Trusted by whom? | | Calyx VPN uses the same tech stack as Riseup VPN, which are | branded versions of the Bitmask client - CalyxOS is a part of | the Calyx Institute family. You can instead use the Bitmask | client from the F-Droid repo and choose to connect to either | service with the same app (rather than using branded apps for | each service). | edoceo wrote: | Well, I don't trust them either. Does it run Wireguard? | _jal wrote: | The tech stack matters far less than the trustworthiness and | competence of the operators running it. And the hard part | with VPN services is that it is very difficult to prove those | things to others. | grey_earthling wrote: | So the organizations that provide the VPN service are Calyx | VPN and Calyx Institute (have I understood correctly?) | | The site says these organizations are "trusted", but I'm | still not sure who are they saying is doing the trusting. | | It's very easy to label something "trusted", but trusted _by_ | whom? | steelbrain wrote: | Curious, does anyone know what's their business model to | monetizing the "free" VPN service? How do they make their | money back or is it a donation kind of thing? | flylikeabanana wrote: | I gave them some money at DEFCON 2019 for an unlimited | personal hotspot | | https://boingboing.net/2016/09/22/i-have-found-a-secret- | tunn... | cdesai wrote: | It is all based on donations, see | https://calyxinstitute.org/projects/digital-services/vpn | godelski wrote: | > Why not use open protocols like DeltaChat, Matrix or XMPP | instead? | | Because Signal and WhatsApp are text/messanger replacements and | Matrix is a slack/discord replacement? I'm not sure why there's | the constant Signal vs Matrix battle here on HN, I see them as | different tools doing different things. I'm not going to create | or get all my friends to join a server with Matrix. Or even | coworkers or random acquaintances I meet. But I can get their | phone number and quickly communicate with them on Signal/WA. I | don't see why Signal and Matrix have to be in competition. Just | the same way I don't see Slack/Discord in competition with Text | Messaging or FB Messenger. | Ninjinka wrote: | Only available on Pixel phones and a single Xiaomi phone. | crudbug wrote: | That is the irony. Only pixel hardware provides one step OEM | unlocking in US. All other devices are carrier locked and have | restrictive unlocking process. | | Samsung/Motorola/ etc. should release OEM unlocked devices not | just carrier unlocked that can be purchased directly from their | online stores. | | This will make adoption easy for these open Android projects. | cdesai wrote: | We do want to support more devices, however not all of them | meet our requirements https://calyxos.org/about/faq/device- | support/#requirements-f... | | We're trying to find devices which do, and if not see if the | requirements can be relaxed. | | The most important part that's missing from many phones is | being able to relock the bootloader with a custom OS installed. | Krasnol wrote: | It would help if you'd put the supported devices right up on | the front page. It saves much time for most visitors and | doesn't end up in frustration if people get them on the | second step. | dcow wrote: | Got to start somewhere. | SubzeroCarnage wrote: | Unlike GrapheneOS (which I recommend you use if you can) and | CalyxOS, my project https://divestos.org is tested working on | 30+ devices. | atatatat wrote: | Very cool! | | Few quips: | | Silence was last updated (on F-Droid) a year ago -- is this | project secure//being maintained? | | & Mozilla-cousin browser: you're going to lose the security | clout these days unfortunately. | SubzeroCarnage wrote: | Silence is sadly no longer maintained, but it still seems | to work for now. I will eventually replace it. | | Re Mozilla: I do state on my browser comparison page that | Chromium browsers are more secure. Also the Bromite | repository is included in F-Droid by default on DivestOS. | atatatat wrote: | Props on bringing verified boot to those devices Lineage | can//will not, and doesn't tell users clearly that they could | have it with other options. | SubzeroCarnage wrote: | That is a limitation of Lineage only because they choose to | cater to users who want root (which usually modifies | /system) and to support flashing Google Apps. | summm wrote: | Why would having root itself rule out secure boot? It's | just that they refuse to offer root themselves, and only | as a result of that refusal one has to use system | modifications to gain root. In a sense this is the | opposite of your claim: they do explicitly not cater to | root users. | SubzeroCarnage wrote: | Verified boot is only enforcing on -user builds. Lineage | ships -userdebug builds. | | Furthermore Lineage's official root addon writes to | /system. You can't have any additional changes to system | or else verified boot won't boot. | | You can't have it both ways as it stands. | | That isn't to say they are incompatible, you can compile- | in root support before the system hashes are generated | and then you can have a locked bootloader with verified | boot with root support. But you cannot make any | additional changes to /system with that root power | afterwards. | zozbot234 wrote: | > But you cannot make any additional changes to /system | with that root power afterwards. | | Not a showstopper, as modern root solutions like Magisk | support "systemless" root, via file system overlays. | kiawe_fire wrote: | Anybody have experience using something like this (or others like | GrapheneOS) as a daily driver? | | I'm interested in moving away from Apple and big tech in general, | but I don't know how practical that is yet. | uhtred wrote: | I've been using /e/os [1] for a while and I am very happy with | it. It has microG integrated so any apps that rely on google | play services should still work. [1] https://e.foundation/ | kiawe_fire wrote: | Thanks, I hadn't heard of /e/os until now. | | I'm kind of surprised just how big this space of DeGoogled | Android is right now. Far bigger than 6+ years ago when I | last looked into it. | fragileone wrote: | I use LineageOS for microG [1] and I'm planning to move to | GrapheneOS once the Pixel 6 gets released (since it finally has | guaranteed 5 years of kernel updates). | | LineageOS is superb for getting rid of stock OS bloatware and | spyware and I have an experience on it that's better than stock | Android. However it doesn't have hardened security like | GrapheneOS, which is why I want to move to that later. On the | other hand microG is needed for push notifications and maps | APIs, which GrapheneOS doesn't support so I'm not sure how the | fallback options of some of my currently used apps will fare on | it. | | If microG turns out to be necessary for my workflow then I'll | get CalyxOS instead, since it includes microG and is somewhere | between LineageOS and GrapheneOS in terms of security. | | [1] https://lineage.microg.org/ | kiawe_fire wrote: | From the sounds of it, the Pixel phones have the widest | support across the different options here, so the Pixel 6 | might end up being my first Android phone purchase in a | while. | | This thread has encouraged me to give this a go! | johnbrodie wrote: | LineageOS + microG here, on a motoX4. It's been the phone I use | every day for about a year. My wife has the exact same setup, | and generally gets along fine with it. FDroid has _most_ of the | stuff we want. Some apps just aren't available there, so we end | up using the Aurora store for those, with Warden used to scan | those apps and stub out as much tracking code as it can. It's | all about compromises, especially for others. | | Self-hosted NextCloud replaced Drive/Dropbox, and with some | plugins it also does phone/location tracking, secure messaging | and video calls, TODO lists, and some more. Self-hosted | PhotoPrism replaces Google Photos. | | The phone experience hasn't been bad. One thing that came up | initially is that most of the open source apps aren't as | "pretty", and the UX just isn't as good. I don't care about it | too much, and I'm fine with overall using the phone less | anyway. The issue that comes up on a regular basis is the | Google Maps replacement. OSMand is a great app, but like | someone else mentioned it's more of a "look up the address and | type it in" experience than a "show me all Thai restaurants in | the area" experience. IMO small price to pay, I've been using | GPS much less, and I've gotten much better at navigating with | my "mental map". | kiawe_fire wrote: | I do expect some rough edges on the UX front. | | In fact I hope once I become familiar with everything that I | can start contributing to some of the open source projects in | the de-Googled space. | | If I'm going to become a user of some of this stuff, seems | like a good use of my time to also help move it forward. | 0x416c6578 wrote: | I've used LineageOS without Google services for about a year | now. The only big missing feature I've found is notifications | which in some ways is quite freeing and makes me check my phone | a lot less. | | LineageOS (and perhaps other ROMs) have the option to disable | all networking features for apps, so I actually still use | Google Camera, Google Photos (as an offline gallery) and Gboard | (again all offline) and the majority of features just work. | They don't complain about missing Google Services, nor about | the missing internet connection. | | There are great alternatives to apps like YouTube (NewPipe), | Maps (OSMand), Chrome (Chromium, or I use a browser called | Privacy Browser on F-droid) and I have tried apps like Spotify | and they too work without Google services (although I guess | some features might be lacking). | | F-droid is an amazing service and has many FOSS alternatives to | apps. I found myself today recompiling my browser application | to fix some small bugs which just made me sit back in my chair | and think "that is so cool"! | | I think making the change can be gradual (for example switching | to LineageOS for MicroG to get a subset of working Google | services) before fully de-Googling, but the change is | definitely possible (and easy) to make. | SubzeroCarnage wrote: | I have a few apps on F-Droid and I also maintain a list of | recommended apps from F-Droid here: | https://divestos.org/index.php?page=recommended_apps | kiawe_fire wrote: | Thank you for the suggestion! | | It sounds like LineageOS for MicroG might be the friendliest | way to ease into this for me. | m0ngr31 wrote: | How do you disable networking for apps? I'd love to use | Gboard offline. ASK just isn't as good. | SubzeroCarnage wrote: | Long press the app in your launcher, App Info, Mobile data | & Wi-Fi, Allow network access | m0ngr31 wrote: | Nice, thanks | dtx1 wrote: | I am daily driving GrapheneOS for over a year now as my only | phone on a pixel 3a and I like it quite a lot. Here's how I | handle stuff and what limits i encountered. Keep in Mind that | you have to rethink your app usage aswell, meaning testing a | lot of apps from F-Droid to see what works for you. You average | FAANG Privacy Invasion App dejour propably won't work and i'd | be wary of hardware requiring an app to be used if you go all | in. | | 1. E-Mail: Using Fairmail from F-Droid (paid version though) is | great for GMail and most other Providers. Notifications are | usually faster than G-Mail in the Browser. 2. WebBrowser: Using | Fennec from F-Droid with Adblock. The Chromium Version | integrated in Graphene is propably more secure though. But | adblock is life... 3. OsmAnd from F-Droid for Navigation. Works | well enough, UI is clunky though. But Offline Maps are pretty | sweet to have. 4. Most Messengers work, Notifications are | spotty sometimes. Telegram Signal, Element, Threema all do fine | though Element sucks battery life down to unaccaptable levels. | Haven't and won't test whatsapp. 5. OpenCamera + Nextcloud is | good for Cloudsyncing and Camera. 6. Password Management with | AndOTP and KeePassXC is sweet and integration of the | fingerprint sensor is really useful. Useful enough that i miss | it on my desktop linux 7. Paypal App works, my Banks app work | but YMMV. 8. Biggest annoyances are local german Taxi Apps. | They all don't work but i was able to work around it using a | website. Still can't pay via app. ...Well i don't use my phone | for much more than that. | | Battery Life is great, Security and Privacy is also good. You | can lookup App Compatibility to a degree here: | https://plexus.techlore.tech/ | kiawe_fire wrote: | Thanks, this is very helpful both for setting expectations | and for recommendations! | zmnxo718 wrote: | Bromium is also a good alternative to vanadium. | terhechte wrote: | I'm using GrapheneOS on a second device for various reasons. | The biggest issue for me is that not all apps work / run. | However, I have limited app requirements, so that is fine. If | you want to run all social networks, Uber, Lyft, and so on, | there might be the one or other that doesn't work (I didn't try | them all). However, you can always use the mobile web offering | I guess. | | In terms of classical smartphone features, I know what I don't | get out of the box due to the lack of Google Services | (Assistant, Picture Sync, etc). That wasn't an issue for me as | it is a secondary device. | atatatat wrote: | What apps haven't worked for you on GrapheneOS, from Aurora | Store? | JoeyBananas wrote: | 8orl .o | | 1 | gautamcgoel wrote: | Can you run this on the desktop? | commoner wrote: | The CalyxOS website publishes emulator images, if you would | like to test the OS in Android Studio: | | https://calyxos.org/news/2021/05/27/emulator-images/ | SavantIdiot wrote: | Side note: Tor Browser as your primary browser is super painful. | Lots of stuff doesn't work, and latency can be in the minutes. | fithisux wrote: | Question, is it Raspberry Pi compatible? | bmarquez wrote: | > you can make encrypted phone calls directly, using the built-in | integration for Signal and WhatsApp calls | | Does this mean WhatsApp is automatically installed with Calyx, or | just that there are extra features if you manually install it? | azdle wrote: | CalyxOS has a handful of apps that exist in the image that you | can optionally install. I would assume it's one of those. I run | CalyxOS and don't and never did have WhatsApp installed. | cdesai wrote: | WhatsApp is not one of those apps, we only include FOSS apps. | Knighttime wrote: | Unsure. It seems that they have Signal installed by default, | but not WhatsApp. However, if you install WhatsApp you can make | a WhatsApp call directly from the dialer I think? | cdesai wrote: | Exactly. Signal is available as a default however you can | choose not to install it. | | WhatsApp is shown as an option if you have it installed, the | option won't show up if you don't. | | The rationale being: We didn't exactly ant to promote | WhatsApp but still have it present for those who already use | it. | new_stranger wrote: | I purchased a Pixel phone to test this stuff on. | | I installed LineageOS and found I couldn't run some google apps. | I reinstalled LineageOS with https://opengapps.org added during | the install and made the mistake of transferring from my old | phone which brought all the google services and everything back | to the phone (mostly). | | I then installed CalyxOS - much easier install process than | lineage. Really liked the defaults. Could not get many apps that | relied on google play services though. If I didn't need so many | Google-tied apps I would pick this as my phone OS for basic stuff | like messaging and browsing. | | Installed LineageOS again, found there were a couple apps I could | not get working after all (50 different apps installed). | | In the end I gave up and re-flashed Google firmware back onto the | phone. I spent about 10 hours on all this stuff and simply ran | out of time for now. I though I could get away from Google but I | didn't realize how much my apps needed Google. | brink wrote: | I had nearly the exact same experience. | yusi-san wrote: | You can try lineage with MicroG[0][1], it replaces Google | services. If you want stores there is the F-Droid store for | FOSS app or Aurora Store if you want casual apps. | | YouTube can be replaced by NewPipe and these days I'm trying | Organic Maps (a layer for OSM with nav and offline maps) to | replace Google Maps. | | [0] : https://microg.org/ [1] : https://lineage.microg.org/ | fragileone wrote: | CalyxOS includes microG which supports some of the most popular | APIs. Which apps did you have issues with? | riedel wrote: | Don't you think it is kind of absurd that you have to buy a | device from Google to degooglify it as CalyxOS does not support | other devices. How difficult would it be to actually port it to | a device already supported e.g. by lineage? | somenewaccount1 wrote: | F-Droid is for distributing viruses. There may be legit apps on | there, but there are also tons of virus's and not enough app | oversite to be safe. It's doesn't seem like much of a threat | because the userbase is so small that not a lot of hackers target | it. Once it has 5% of pop though, it would be a meaninful target | - particularly since these are rooted phones. | juniperplant wrote: | Your comment seems to imply that the majority of apps on | F-droid are malware. I don't think that's the case. | | Also, F-droid does not require root. | inickt wrote: | It has been years since I have used Android (and F-Droid), but | I always thought F-Droid was pretty heavily curated and had a | sane security model [1]. Why do you say it is for distributing | viruses? | | [1] https://f-droid.org/en/docs/Security_Model/ | hjek wrote: | > F-Droid is for distributing viruses. | | Lol, please point me to one? (Or an article about one?) | m0ngr31 wrote: | I've been using MicroG+Lineage for a few years now. No complaints | from me, but I don't use a ton of apps. Not sure what the | advantage of CalyxOS would be over my current setup (especially | considering Lineage has a much better catalog of supported | devices) | commoner wrote: | If you are not using root, CalyxOS lets you relock your | bootloader with the developer key, which increases the security | of your device by preventing other operating systems from being | booted or flashed onto your device (until you choose to unlock | the bootloader again, which requires you to enter your lock | screen password and would wipe the device data). CalyxOS only | supports devices with bootloaders that can be relocked with a | custom key. | dcow wrote: | If you're unfamiliar with the context: Calyx Institute is a | 501(c)(3) with a digital privacy and security mission. For a | while they've offered, for a few hundred dollars a year donation, | unmetered access to sprint's network. I don't know the details | but I think they have retained access to the network through the | merger due to some non-profit provision (something like the | sprint merger was allowed with stipulation that certain agencies | using the network for certain purposes would be grandfathered | over). There's apparently more history related to the founder | previously running an ISP under gag order, which drives their | mission. | | Access to the network is only possible through wifi pucks. I | asked if I could register the IMEI of my ThinkPad's modem/radio, | but they wouldn't allow it citing the usual "we are responsible | for the behavior of the devices on the network so you have to use | our certified device". Sadly, these phones do not participate in | Calyx's data network, they require a traditional carrier. Maybe | it's part of their roadmap to eventually offer their data | services on these handset form factor devices? But until then, I | don't see a huge point. It would be really awesome to say "I get | my network access through a privacy oriented non-profit" (: | posguy wrote: | I wonder if the MEID/ESN locking will go away with the sunset | of the Sprint network? It should be possible to move the Calyx | SIM to any device you like at that point. | yellow_lead wrote: | More info here. https://calyxinstitute.org/ | | Looks like $500-$600 for 4G, and $750 for 4G/5G. Could be a | good deal for certain people. But yes, it's lame you have to | use the puck. | windthrown wrote: | I have the wifi pick, use it frequently and have been quite | happy with it. | | I got the impression when signing up that it was Sprint's terms | that limited their ability to offer to other devices but they | would if they could. | rodolphoarruda wrote: | Most of the de-Googled or Linux based mobile OSes have their | installation restricted to Pixel phones. Why? Is there any option | for old Motorola phones? | LukeShu wrote: | Because those are the phones that are supported in the upstream | Android Open Source Project (AOSP), which these OSes are | typically based on. Other phones, even ones that to a great job | of publishing their sources (like Sony's), have their support | living outside of AOSP. And older phones get dropped from AOSP, | the original Pixel was dropped in Android 11. So, by only | targeting the devices that AOSP supports these OSes can focus | on the interesting part of building the OS, rather than getting | bogged down with hardware support. | cdesai wrote: | The other aspect to this is that you can install a custom OS | on the Pixels and still re-locked the bootloader, which means | you get Verified Boot and all the security guarantees that | brings. | | https://source.android.com/security/verifiedboot | LukeShu wrote: | You actually couldn't do that with the original Pixel | (which until recently, Android 11, these custom derivatives | tended to support). You'd get a warning screen every boot | about how the OS has been modified. | cdesai wrote: | You definitely could, we used to support it in a previous | iteration. | | This was also possible on the Nexus devices, although the | oldest I've tried it is the Nexus 6P. | | It just worked slightly differently on those, nowadays | you enroll the public key by flashing it to the device, | on those (Pixel 1, Nexus) you used to have the public key | embedded in the kernel. | LukeShu wrote: | Unless I'm mistaken, the Pixel 1 blindly accepts whatever | pubkey is embedded in the kernel, but displays the | warning screen on boot if it's not Google's pubkey (to | clarify, not a click-through screen, just a temporary | splash screen). I guess yeah it's technically Verified | Boot, but if it just accepts any key you throw at it, | then the security guarantees are a lot less. You can't | tell it about your pubkey to get the scare screen to go | away, and you can't tell it to block other keys to get | the security guarantees. | cdesai wrote: | Telling even the newer devices about your pubkey doesn't | get the scare screen away. You see a Yellow Verified Boot | warning meaning the OS is signed and verifies but with a | custom set of keys. | | When you lock the bootloader you block other keys, since | fastboot is pretty much disabled when you do that, and | the only way to install something would be via OTA | updates which would have to be signed with your custom | keys. | | I guess maybe if you're able to get a root exploit and | replace the boot image? Not exactly sure what would | happen then, need to try. | hjek wrote: | Is there an Android X86 build of this? That would be an awesome | laptop OS. | Paul_S wrote: | That is lovely but what use is it of I have to buy a new phone to | use it because it doesn't support the phone I have. | cutler wrote: | Exactly. I want it for my Facebook-infested Samsung Galaxy A20 | but I guess I'm out of luck. | rchaud wrote: | It's ironic that the only devices this can be installed on are | Google phones and one Xiaomi phone. ___________________________________________________________________ (page generated 2021-08-06 23:00 UTC)