More than a few people around me are waking up and realizing that the simple cellphone is the weakest link when it comes to privacy.
Two of the best known privacy respecting alternative operating systems on Pixel phones are CalyxOS and GrapheneOS. I have tested both and made GrapheneOS my daily drive. But it is a matter of taste and threat level. Yes, threat level, as not everyone needs the same protection, or privacy. Some chose convenience or a camera as their buying point when choosing a phone. The mighty pen on a Samsung S22 Ultra, perhaps. Yet, when it comes to deGoogle a phone, you have Lineage, GrapheneOS and CalyxOS as the ultimate options.
The big question is, can CalyxOS or GrapheneOS be the daily drive for everyone or just for privacy freaks, and if so, which would be the better option?
Well, to be fair, both are Android operating systems, so if you like that then you are half-way there. The big question you need to answer is, are you OK with a Pixel phone (the irony is stunning… get a Google phone, so you can deGoogle your life)?!?
Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5a (5G), Pixel 6 , Pixel 6 pro and Xiaomi Mi A2
This is in theory as the updates and support for the Pixel 2, Pixel 2 XL and Xiaomi Mi A2 are behind security updates and will be unsupported from now going forward. I would recommend going with any Pixel device newer than 4 to go into CalyxOS.
Installing CalyxOS is straightforward, however, needs you to use the terminal.
Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL and Pixel 4a, Pixel 4a (5G), Pixel 5a (5G), Pixel 6 and Pixel 6 pro.
Once again, if you are up for a new phone, get anything newer than the Pixel 4, this gives you better support.
GrapheneOS has two officially supported installation methods. You can either use the WebUSB-based installer recommended for most users or the command-line installation guide aimed at more technical users.
The WebUSB-based approach is dead simple!
The next question is, “do you need Google Play Services and the Google Play Store?” If so, you have two different approaches.
CalyxOS uses microG which can be selected during the installation, plus you can also select Aurora Store which will give you the opportunity to download from the Google Play Store, totally anonymously. It won't allow you to download paid apps in anonymity, but you can use your Google account to download via the Aurora Store, I do recommend signing back out after downloading your apps.
CalyxOS also offers other applications like Signal or F-Droid etc. to be pre-installed during the setup, which makes it easier for people who are just switching from a regular Android phone to a privacy-focused phone.
I do not need the Play Services and have never been a fan of microG, but if you require it, you do have the option.
Unlike CalyxOS which lets you choose microG to be installed, GrapheneOS does not ship with an option to be selected during the first boot. However, GrapheneOS lets you install the Google Service Framework, the Google Play Store and Google Play Services via an app which is pre-installed on the OS.
GrapheneOS has a compatibility layer providing the option to install and use the official releases of Google Play in the standard app sandbox. Google Play receives absolutely no special access or privileges on GrapheneOS as opposed to bypassing the app sandbox and receiving a massive amount of highly privileged access. Instead, the compatibility layer teaches it how to work within the full app sandbox. It also isn't used as a backend for the OS services as it would be elsewhere since GrapheneOS doesn't use Google Play even when it's installed.
This approach is safer, but also treats the Google apps as just apps! This mean you can give them or remove access to network and every other usually enforced privilege which Google usually grant to their applications.
You can also install just the Play Service and/or the Google Service Framework and use Aurora store from F-Droid to install apps for the Google Play Store.
Keep in mind, of course, that you can install the Aurora Store and download all apps just as you would with the Play Store, on both CalyxOS and GrapheneOS, without microG or any Google Services installed. The difference is that you might get warnings about Play Services not being installed and some of the apps not working.
I have, however, not seen this on any of the apps I am using except ProtonMail which doesn't send notifications as it relies on the Google Cloud Service for push.
I know ProtonMail is a privacy-focused provider, but they do not bother to have an interval email/messaging checking option or run in the background like Signal or Telegram when you do not have Google Cloud…sad but true!
So, when it comes to Google Services related apps, if you really need them, both CalyxOS and GrapheneOS can deliver. GrapheneOS has the slight upper hand security-wise.
You won't miss much or even realize that you don't have Google Android…apart from not getting customized ads or being tracked as much.
Let me say this again, download F-Droid and use the open-source apps it offers over Google (Aurora) and its tracker-ladened apps.
Camera is always a tricky one, alone because the Pixel phones make some of the best pictures when it comes to any phones on the market. Privacy-wise, it is not always really recommended to use Gcam. Thanks to GrapheneOS and CalyxOS firewalls, you can, of course, take network away, and it should work as expected. In other words, after installing Gcam you have a 100% Pixel photo experience!
GrapheneOS has, however, it's very own in-house developed Camera app, which is amazing! In daytime, it is on a par with Gcam, however at night you can see a difference. This said, just like everything on GrapheneOS the camera app is actively developed, and every update makes the app even better, it also has a QR scan function built-in.
Both CalyxOS and GrapheneOS only work on devices with a verified boot. This means the bootloader is locked and can’t be manipulated, for example, as with an Evil-Maid attack.
GrapheneOS will only boot when you have a verified boot and therefore no manipulation in the code, via ADB etc.
CalyxOS and GrapheneOS picked the Pixel models because fingerprints and face unlock both and get verified on the device via the Titan-M-Chip, or the Tensor chip on the Pixel 6 and Pixel 6 Pro. These chips also verifies that the bootloader is not manipulated, it checks for Brute-Force attacks and another great option is via Android-API private keys and passwords that can be encrypted directly on the chip.
GrapheneOS goes the extra mile and hardens the Kernel and also has its own malloc development.
Unlike CalyxOS, GrapheneOS comes with a hardened browser called Vanadium. It is Chromium-based, but is heavily hardened and has everything Google removed from the browser itself. Similar to Bromite, yet one level up, and optimized for the Graphene operating system, it also includes the WebView component.
GrapheneOS comes with its own PDF-viewer and an onboard encrypted backup solution called SeedVault (which was originally part of CalyxOS), so, you have this option on both operating systems.
Pixel phones provide baseband isolation, in other words, the mobile and Wi-Fi band is separated from the actual OS, which makes the possibility of attack way less likely:
Activating airplane mode will fully disable the cellular radio transmit and receive capabilities, which will prevent your phone from being reached from the cellular network and stop your carrier (and anyone impersonating them to you) from tracking the device via the cellular radio. The baseband implements other functionality such as Wi-Fi and GPS functionality, but each of these components is separately sandboxed on the baseband and independent of each other. Enabling airplane mode disables the cellular radio, but Wi-Fi can be re-enabled and used without activating the cellular radio again. This allows using the device as a Wi-Fi only device.
GrapheneOS has a slight advantage over CalyxOS here, yet neither are perfect.
CalyxOS uses Google's DNS-Servers pre-configured, GrapheneOS goes with Cloudflare as a fallback pre-configured, both solutions are horrible ideas when it comes to privacy. The good news is that on Android, you can always change your DNS in Settings and make your entire experience encrypted and using a trusted DNS server.
After the first boot the Captive-Portal-Check kicks in, which uses Google to do so, see:
connectivitycheck.gstatic.com
By default, the GrapheneOS connectivity check server is used via the following URLs: (No Google involved)
HTTPS: https://connectivitycheck.grapheneos.network/generate_204HTTP: http://connectivitycheck.grapheneos.network/generate_204HTTP fallback: http://grapheneos.network/gen_204HTTP other fallback: http://grapheneos.network/generate_204
Vanadium does not make connections not requested by the app as part of providing the WebView implementation in the OS. If you choose to use it as your browser, it performs similar connections as the ones performed by the OS above. It does not send any identifying information to servers, etc. but rather fetches some static assets like dictionaries when triggered by usage of the app. We're working on eliminating everything unnecessary and making our servers the default for handling anything that cannot simply be shipped with Vanadium for one reason or another such as requiring quicker updates."
So, as a recap, first things first, regardless of whether you use CalyxOS or GrapheneOS or any other Android or even iOS-based operating system, change your DNS. I love NextDNS which filters all trackers and ads and just gives you a great experience.
However, DNS is the first thing you should change on your device. The second is a decent firewall, and both CalyxOS and GrapheneOS have great firewalls.
CalyxOS has a dedicated firewall called Datura, which gives you fine-grained control over network access for all of your apps.
GrapheneOS inherits the deeply integrated firewall from the Android Open-Source Project, which is used to implement portions of the security model and various other features. The GrapheneOS project historically made various improvements to the firewall, but over time most of these changes have been integrated upstream or became irrelevant.
GrapheneOS adds a user-facing network permission toggle providing a robust way to deny both direct and indirect network access to applications. It builds upon the standard non-user-facing INTERNET permission, so it's already fully adopted by the app ecosystem. Revoking the permission denies indirect access via OS components and apps enforcing the INTERNET permission, such as Download Manager. Direct access is denied by blocking low-level network socket access.
If you like to use a VPN to make sure your ISP does not see your internet traffic, I recommend iVPN, ProtonVPN or Mullvad. All the official apps will respect your private DNS setup, so even if you use a VPN to hide traffic from your ISP, you'll still have the encryption and possibly the ad and tracking filters from your trusted DNS provider.
Overall, it comes back to what you need or want. CalyxOS is a little more difficult to install, but has then an easy first installation which lets you select Signal, Aurora Store, F-Droid etc. On the other hand, GrapheneOS has an easier Web-based installer, but not the selection of pre-installable apps.
CalyxOS has an easy to use dedicated firewall vs the GrapheneOS version, which is in embedded in the app and privacy settings.
GrapheneOS has more frequent updates and is more security hardened, for these reasons I prefer it..
The sandboxed Google Services solution is also a point which scores for GrapheneOS. Personally, the firewall looks maybe a bit better on CalyxOS, but thanks to the way GrapheneOS hardened theirs, the GrapheneOS way is the more private and more locked down solution.
Coming back to the question "could either of the two be a great daily drive?" It sure is for me, and if you are really concerned about privacy and want a phone that doesn't just claim to care about your privacy, then any of the two operating systems are a great pick.