Lineage is great (hell, most of the stock Calyx apps are LineageOS apps I believe).
But, I was writing according to PG criteria. userdebug allows root access so PG probably doesn’t want to recommend Lineage.
Also the microG signature spoofing is probably a reason why Calyx is not recommended as well (even though it is restricted on Calyx).
It does have root access through adb yeah (only if you enable it), but fair enough. I do think that if someone already know your phone password and can fuck with the settings you’re already fucked anyway.
The “must not require system modification to support Google Play Services” is tad too vague tbh, spoofing is system modification, so is Graphene’s exotic sandbox
True. When I wrote my initial analysis of whether Calyx fits PG criteria, I assumed that they only meant Play Services, the app, so Calyx using microG bypassed this issue (as no system modification is needed to support Play Services).
Disagreeable, Calyx prevents signature spoofing for any apps other than microG.
a simple translation layer that downgrades priviliged API calls to regular ones is quite different.
Not quite simple - DivestOS' unprivileged microG implementation - #3 by SkewedZeppelin
That came at the cost of compatibility such as no access to location or ability to bypass SafetyNet/support Play Integrity.
I was referring to unprivileged microG, not sandboxed Google Play Services.
I guess this is a problem only when you try to install it, not when it is bundled by the custom ROM. CalyxOS doesn’t allow signature spoofing for anything other than microG for example. (linked above)
It is also the case with LineageOS now
https://www.reddit.com/r/LineageOS/comments/1b11zex/los_has_added_internal_microg_support/
The change is signature spoofing, so that applications thinks that it is speaking with the real Google GMS/GSF (On a side note, not all application checks the signature, in my personal experience a bit less than half works without spoofing)