Does that mean if I debloat my Samsung and replace some apps with things like Heliboard, it’s as good for privacy and security as my Pixel running Calyx?
Obviously it depends on your device (Pixel>Samsung) but what im trying to say is that your pixel is not really more prívate or secure with Calyx than it would be if you harden the stock OS.
1 Like
AFAIK Calyx always has privileged Google services and libraries, specially with microG which downloads and runs propietary Google code, also if you use mainstream apps they probably have Google code bundled inside them and it can run for as long as you use them even if your OS has no play services.
If you use Calyx with microG or propietary apps you might be tracked by Google just like in the stock OS.
I asked in LOS topic, but could also ask here - Is there any comparison of different phone settups (e.g. Samsung as it is, Samsung de-googled as much as possible without rooting, CalyxOS with microG, CalyxOS without microG…) and how much data they are sending to Google?
There was that news few years ago, that Android phones are sending 4MB of data per day, with almost 400 connections. If CalyxOS is at e.g. 100KB, then I would say it is much better and it might make sense to use it.
And regarding PG recommendations, I’m not saying it should be on the list. There’s a clear description and guideline how and why things get recommended, so if CalyxOS doesn’t fulfills criteria, it shouldn’t be there. But I would like to see clear pros and cons of using (un)recommended products and services, so people can make a decision based on their preferences and threat model.
2 Likes
That could be a few years ago, and there’s no info to which brands of those Android phones. Moreover, it doesn’t matter how much of data that’s sending if it’s encrypted. There are many factors to consider other than the amount of data that’s being sent.
As I am using Samsung, all data back up and sync to Samsung account are end-to-end encrypted, but the user has to enable them manually, since the user has to keep the encryption key themselves.
Data back up to Google account should have the same security and privacy across the board among Android devices running Google services, including the one running in CalyxOS.
Your backups are uploaded to Google and encrypted with your Google Account password. For some data, your device’s screen lock PIN, pattern, or password is also used for encryption.
All data, including photos and videos, messages and more are encrypted as they move between your device, Google services, and our data centers.
Some data is further encrypted with your device’s screen lock. Photos and videos in Google Photos, and MMS media received from your carrier aren’t encrypted by your device’s screen lock.
IMO, I don’t see the point of CalyxOS at all. Even if my phone is supported, most of its features are not convincing me enough to use this OS specifically, since there are 3rd-party apps for that, or the user can simply achieve the same features in the stock settings, e.g. private DNS.
On the other hand, Secure Folder in stock Samsung devices is hard to replace as a privacy tool. It’s not simply an app locker, but another profile that’s encrypted and requires a password or other authentications to access.
I think a stock Samsung ROM could provide better security and privacy benefits than many custom ROM already, especially with verity boot intact.
1 Like
https://xcancel.com/GrapheneOS/status/1872448041656922231#m
Moving from DivestOS to LineageOS, /e/OS or CalyxOS would mean giving up a bunch of privacy and security features they ported from GrapheneOS.
Among other things, DivestOS used a port of our hardened allocator, secure app spawning, a subset of the kernel hardening, a lot of the browser/WebView hardening, Sensors toggle, Network toggle and per-connection MAC randomization.
There’s a 3rd party comparison with a privacy and security focus at eylenburg.github.io/android.
Among other things, DivestOS used a port of our hardened allocator, secure app spawning, a subset of the kernel hardening, a lot of the browser/WebView hardening, Sensors toggle, Network toggle and per-connection MAC randomization.
DivestOS started out with the network toggles from LineageOS but provided a port of our Network toggle as a better replacement due to the LineageOS approach used in each of those other options being quite leaky.
DivestOS didn’t have the resources needed to keep up with new Android versions or port more privacy and security hardening to it. Those other operating systems are not trying to provide similar fundamental privacy and security enhancements in the first place.
Would have been great if @SkewedZeppelin and anyone in their team re-considers the offer by GrapheneOS to work with them when they he takes time off, they are very skilled, dedicated and committed.
Would have been great if @SkewedZeppelin and anyone in their team re-considers the offer by GrapheneOS to work with them when they he takes time off, they are very skilled, dedicated and committed.
Skewed is done with Android and Android-related projects for the time being. I believe they are NOT interested in continuing with Android any more.
There was this study from 3 years ago.
1 Like
This is the question I asked earlier. Would my Samsung A54, debloated and with 3rd party privacy apps (and maybe a different DNS?), be as private/secure as my Pixel 6a running Calyx?
1 Like
This is literally false. All those devices you mentioned are supported because of the ability to re-lock the bootloader on those phones. You can view their avb hashes here - https://review.calyxos.org/c/CalyxOS/calyxos.org/+/24066/11/pages/_data/devices.yml
“Re-locking” on that page is referring to flashing something after flashing Calyx :
These two don’t have proper rollback protections, there’s still it on recovery and stuff but not really on Verified Boot, as they need to match a number from stock; as they don’t wipe the rollback index when the bootloader is unlocked
Source : You're invited to talk on Matrix (their matrix room)
OEM Androids are far more integrated with invasive stuff than any custom ROM. Sure you can use Android debloater, but you will not achieve the same level of privacy as with something properly degoogled like Calyx or Graphene.
Where Calyx does use Google connections, those are mainly for microG functionality and are also anonymised.
EDIT : Here’s another page on why COS uses Google connections.
3 Likes
What are you referring to? Many Pixels do not have the AVB hash. Does that mean those Pixels don’t support relocking?
You said CalyxOS does not support relocking the bootloader on non-Pixel devices. That is the false part. All devices officially supported by Calyx have bootloader relocking.
In terms of privacy features, I think Samsung would get an edge over CalyxOS. But I don’t know about its currently telemetry, or the telemetry of CalyxOS.
My bottom line is, if you get a Pixels, use GOS if you enjoy security and privacy over the convenient from Google services.
If you got Samsung or any other phones for that matter that relocking the bootloader is not supported, using a stock would be a much better option over a custom ROM in terms of security. In terms of privacy, it would depend on the brand. I stay with Samsung because the support is long, and the software are decent, especially Secure Folder.
Then why don’t they say so on this page?
This part is not making any sense to me, since verity boot with locked bootloader ensures that the system is intact and nothing can be tampered with it. It doesn’t matter what you want to flash, you just can’t.
…if you are really convinced that the company that forcefully installs Facebook using a system application, and marks TikTok as an essential application has the edge in terms of privacy features, then I can’t really say anything.
6 Likes
None of that can’t be disabled, or uninstalled. Recommended apps are opt-in.
Yes, it doesn’t look good for their image, but we’re talking about facts as they’re presented here.
It is mentioned here : Device Support
Ability to relock the bootloader with a custom OS installed:
CalyxOS is meant to be run with a locked bootloader after installation, which makes sure that the OS cannot be tampered without your knowledge. Additionally, this has to be implemented properly to not boot any other OS once a CalyxOS build signed with our own private keys is installed - whether it be another set of private keys, or the publicly available AOSP test keys.
CalyxOS never supports running a device with an unlocked bootloader. In fact, when some OnePlus devices lost the ability to relock, CalyxOS stopped working on their port to those OnePlus devices.
2 Likes
No, as I said the paper was from 2021. IIRC, TikTok also wasn’t introduced as a recommended app in Samsung then 
My point is the paper is outdated.
Moreover, it’s not just the telemetries, privacy features also count.