[HN Gopher] CalyxOS - De-Googled Android Alternative
___________________________________________________________________
CalyxOS - De-Googled Android Alternative
Author : ssklash
Score : 930 points
Date : 2021-08-06 17:07 UTC (1 days ago)
(HTM) web link (calyxos.org)
(TXT) w3m dump (calyxos.org)
| cyberpanther wrote:
| After using CalyxOS for a while, I came up with a method to use
| stock android and preserve more of your privacy.
| https://hackernoon.com/have-your-privacy-cake-on-android-and...
| strcat wrote:
| You might be interested in the sandboxed Play services
| compatibility layer being developed by GrapheneOS:
|
| https://grapheneos.org/usage#sandboxed-play-services
|
| An early release of this is already available in the
| Stable/Beta channel releases. Our hope is that more projects
| take interest and collaborate on making a much more broadly
| compatible alternative to microG with the same security
| sacrifices it makes.
| joecool1029 wrote:
| > microG replaces some functions of Google Play Services while
| maintaining much more anonymity and privacy.
|
| I've said it before and saying it again on here for those that
| don't know: microG breaks the security model on android and adds
| in package signature spoofing. It's the only way to add a fake
| Google Play Services without needing to pull Google blobs. This
| is why projects like LineageOS are against using this method, it
| weakens overall package security.
|
| However, it is still possible for the tinfoil hat crew to not use
| Google play services with OS like LineageOS. This will of course
| break some functionality (apps will have to poll instead of
| relying on push) but it will not break the security model.
|
| I'd like a different, better set of options to choose from but we
| don't have it at this time. Most users should probably choose a
| minimal Google Play distribution if they value things like
| battery life and working apps while still maintaining protections
| against spoofed apps.
| justnotworthit wrote:
| I worry that these projects are asking me to either turn the
| phone into an ipad touch or a dumb phone.
|
| Do push notifications require microg/google? A communications
| device (as opposed to a media player) that didn't have push
| notifications would be missing something required, in my use.
|
| It's my understanding that alternatives to google's location
| services exist.
|
| I'd just like a phone that allows me to chat/use apps/gps
| (let's put cell service to the side of a second) without being
| an OS-wide, logged-in, analytics tracker.
| josh_today wrote:
| Funny that you're using "tin foil hat crew" the day after Apple
| announced snooping on everyone's pictures
| atatatat wrote:
| Especially since tinfoil would be like an antenna.
|
| Everyone knows that.
| genewitch wrote:
| Also google has never ever used users' data to turn a buck or
| anything.
| collsni wrote:
| Yeah more like a "baseball cap crew" these days.. lol i dont
| trust corporations.
| opan wrote:
| In my experience, LineageOS without gapps or microg is plenty
| usable. I get all my apps from F-Droid and have for years. I
| don't feel like I'm missing anything major. I'm sure this won't
| work for some people, but it's an option worth mentioning.
|
| Also, for this reason I shy away from alternatives to LineageOS
| which include microg by default. I don't want it.
| thaumasiotes wrote:
| > This will of course break some functionality (apps will have
| to poll instead of relying on push)
|
| It seems like what we really want here is for the app to
| implement its own notifications without going through Firebase.
| All you need for push rather than polling is an open socket...
| cdesai wrote:
| I've said this in another comment, but I'll duplicate here:
|
| The microG creator goes into more detail about signature
| spoofing at
| https://github.com/microg/GmsCore/issues/1467#issuecomment-8...
| The concerns usually raised against that are due to the
| "default" patch included in their repository, which has a
| specific purpose.
|
| We don't use that, https://calyxos.org/about/tech/microg/ are
| the precautions we take to try and prevent "weakening overall
| package security"
|
| In addition, microG is optional and can be disabled on first
| install, see https://calyxos.org/features/microg/#1-microg-
| disabled
| chias wrote:
| > see http://127.0.0.1:4000/features/microg/#1-microg-
| disabled
|
| As someone who also accidentally pastes my local dev URLs
| from time to time, I feel your pain ;)
|
| For everyone else: that's
| https://calyxos.org/features/microg/#1-microg-disabled
| cdesai wrote:
| I edited the comment to fix it, thank you!
| joecool1029 wrote:
| Making it system-only still isn't ideal. It then requires a
| full OS update to push updates to microg/playservices, cannot
| just update the app components if vulnerabilities are found
| in the wild.
|
| I would like if there was stronger privacy laws or antitrust
| orders that force Google to open their service provider API's
| so people can choose alternative location/push providers, but
| this doesn't seem like it will exist soon.
|
| For many users, it's going to be the best usability
| compromise to use minimal play services and use apps that
| don't send content over the push networks (signal is like
| this, element can be configured this way).
| cdesai wrote:
| > Making it system-only still isn't ideal. It then requires
| a full OS update to push updates to microg/playservices
|
| It does not, you can update system-apps out of band just
| fine.
|
| Google does it with Play Services (and many other apps),
| and we have our microG builds in our F-Droid repos for out
| of band updates.
|
| In fact, that is one of the big selling point of Play
| Services - the fact that it gets updated outside of OS
| updates, which means that you have a recent / the latest
| version on all devices regardless of their update record.
|
| And therefore anything implemented in Play Services can be
| used even on older Android versions.
| phendrenad2 wrote:
| If signature spoofing is confined to apps that I designate as
| spoofed (such as microg), then I'm okay with it. No security
| problem as far as I'm concerned.
|
| I'd like to see people make their own apps that don't rely on
| Google services (or faked Google services) of course, like the
| Linux ecosystem.
| cdesai wrote:
| On CalyxOS only microG can signature spoof, no other app can.
| nickcalyx wrote:
| * and it can only spoof one signature, that of google play
| services
| gnufx wrote:
| But I don't want Google Play stuff. I'm just using microG for
| location services in /e/.
| flas9sd wrote:
| Calyx made an effort to sponsor and integrate the backup tool
| Seedvault (https://calyxinstitute.org/projects/seedvault-
| encrypted-back...) into their ROM - and other AOSP distributions
| benefit from this effort. Handhelds are tethered devices, its
| essential to have contacts and precious photos stored at a second
| place (online or offline) and easily restored or used when
| changing devices. A user friendly full backup solution not
| requiring root access of some sort was missing to date.
| cdesai wrote:
| Thank you for bringing this up.
|
| We're continuing to fund work on it, both ourselves and also
| through applying for external funding.
|
| Full Storage backup support (Files / Photos) was recently added
| thanks to a grant from NLnet -
| https://nlnet.nl/project/Seedvault/index.html
|
| https://github.com/seedvault-app/seedvault Contributions
| welcome!
| alfiedotwtf wrote:
| Does Seed Vault backup the _whole_ device? Last time I used
| it, I found out that apps can opt-out of being backed up,
| along with their settings. In other words, every app i
| installed didnt get backed up :(
| summm wrote:
| As if an app should have any say about if it can be
| backupped or not. 'Muhh security model'. If your security
| model includes letting apps randomly deprives me as a user
| of backups of my _own_ phone , it 's just another creepy
| google-bigbrother-wannabe.
| summm wrote:
| https://github.com/seedvault-app/seedvault/issues/165
| this is the issue, and it seems they are working on it.
| Good. What I didn't understand is why one would need to
| fake some Device2Device transfer, when one could just as
| well patch the root cause. It's open source after all.
| alfiedotwtf wrote:
| Yep, that was my point. If you're backing up, apps
| shouldn't get a say
| johnnyApplePRNG wrote:
| I made the mistake of purchasing a DOOGEE phone a few months
| back.
|
| Won't touch it now that I realize the OS is completely hijacked
| by whatever chinese company produced this not-half-bad phone. (It
| goes so far as adding a watermark of the company logo to every
| photo I take! Sure I can disable it but I just don't feel right
| putting anything of value on there.)
|
| What would happen if I tried installing CalyxOS on it? Or another
| android compatible operating system?
|
| It's not listed as compatible on any alternative android OS that
| I can see at least.
| commoner wrote:
| Copying my reply to another comment:
|
| Not recommended. Downloads are tailored to specific device
| models, and installing an operating system image intended for a
| different device model would not work and could brick your
| device.
|
| DOOGEE phones are not supported by LineageOS, and there is
| unfortunately hardly any developer focus on this brand:
|
| https://forum.xda-developers.com/c/doogee.12007/
|
| You are probably better off selling it. A used Google Pixel 3a
| is in the same price range, and would make a much more flexible
| replacement.
| zozbot234 wrote:
| > I made the mistake of purchasing a DOOGEE phone a few months
| back.
|
| You can't make this stuff up. Does it ship with a Shiba Inu as
| the default background (and photo watermark, of course)?
| sparaker wrote:
| I don't know if they have this, but a good feature a privacy
| centric android experience would be, to have a simple accessible
| log of what app accessed what using which permission.
| fragileone wrote:
| You're looking for Privacy Dashboard, which is available as a
| 3rd-party FOSS standalone app[1] or built into Android 12.
|
| [1] https://github.com/RushikeshKamewar/PrivacyDashboard
| cdesai wrote:
| We do, https://calyxos.org/features/ (Look for "Trusted Agent"
| to see a screenshot)
|
| The code for this was already present in AOSP, Google simply
| had it disabled / reverted in their builds. We just bring it
| back like many other Android ROMs.
| dasyatidprime wrote:
| I'd worry that translating this to an end-user-relevant concept
| of security would lead to a lot of scares, though.
|
| Probe all the files in a directory to see which ones are
| "yours": "What? Why is it accessing _all_ the files? So
| suspicious!"
|
| Require a specific name pattern or something: "I never have to
| remember to do this on the other apps..."
|
| There's a lot of these tradeoffs that in human life are
| resolved through reference to all sorts of subtle human things
| that the machine knows not of. We're at this liminal point
| where "app" software is given a bare form of "agency" from a
| social perspective as an extension of its developer, but it
| doesn't have the intelligence to negotiate over it much (and I
| think that's behind some of the model-simplification pressure
| that's encouraged heavy vertical integration).
| izacus wrote:
| This is being added to Android 12 as a feature, so most new
| builds should have it.
| bishoprook2 wrote:
| So where is my OpenBSD phone?
| cdnsteve wrote:
| I like this, along with membership enrollment so I can help pay
| to keep the project alive. Will have to test this out.
| surajs wrote:
| I am as a rule wary of anyone who decides to offer me "privacy"
| as a USP of their products, I didn't pick up the phone or laptop
| to get more privacy, but to share more data. Moreover, the iron
| law of oligarchy seems to suggest that those who are excessively
| concerned about my data must need it more.
| buzzy_hacker wrote:
| Are there any resources summarizing the differences between...
|
| - CalyxOS
|
| - Purism, Librem
|
| - microG
|
| - /e/
|
| - LineageOS
|
| - LineageOS for microG
|
| - GrapheneOS
|
| And I'm sure many other Android open source/degooglers?
| phh wrote:
| It doesn't answer your real question, but still, I'll try to
| make a summary:
|
| All of CalyxOS, LineageOS, LineageOS for microG, GrapheneOS and
| /e/ are Android distributions (based on the open-source part of
| Android, with some modifications and additions)
|
| Purism (brand name) Librem 5 (model name) is an opensource
| smartphones that reduces black boxes to closed areas, while on
| most smartphones black boxes like modem share RAM access, using
| a brand new GNU/Linux (so not Android) smartphone OS.
|
| microG is fundamentally simply an opensource Android app, that
| replaces some small parts of Google Services (which are very
| big unauditable closed-source Android apps), so apps requiring
| Google Services may have a chance to work without Google
| services. However microG requires a bit more permissions than a
| standard app, that's why there needs to be a "LineageOS for
| miroG" to support microG.
|
| Now, between CalyxOS, /e/, LineageOS, and GrapheneOS:
|
| - LineageOS targets devices support. LineageOS supports many
| devices officially, and provides infrastructure to support many
| more unofficially. They also include many features, but it
| doesn't feel like they have a specific orientation, and they
| are happy to integrate with Google apps. They are the very core
| of Android community original development.
|
| - GrapheneOS is security first and foremost, no matter the cost
| to usability (their philosophy there does seem to evolve to
| open to more users recently). They do (great) security original
| development.
|
| - /e/ is market first. They focus on having the best experience
| to the user, and try to reach as many users as possible. They
| have very little original development, their value is mostly in
| communication, and providing a "cloud" account.
|
| - CalyxOS is targeting a good private user-experience. This
| goes both by having good usable defaults, and filling gaps.
| They have nice original developments in making Google-less more
| usable.
| phh wrote:
| An additional note: Android is natively much more private (1)
| and secure (2) than GNU/Linux. This is the reason /e/ is
| considered okay privacy-wise, by simply removing Google and
| OEM apps, you make Android much more private.
|
| (1) Except if you have Google apps or OEM apps, which can
| access all your data. But your data is pretty safe from other
| people.
|
| (2) except that kernel upgrades are often lagging behind
| zozbot234 wrote:
| > An additional note: Android is natively much more private
| (1) and secure (2) than GNU/Linux.
|
| Not so. There's nothing stopping you from using
| containerization in GNU/Linux to sandbox any potentially
| malicious programs, as AOSP does. It's just that running a
| fully Free desktop means you generally don't _have_ to do
| this in the first place!
| buzzy_hacker wrote:
| Thank you!
| gnufx wrote:
| Purism's Librem runs GNU/Linux, not Android; microG is a free
| replacement for Google bits in Android (Google "services",
| including location services from other sources); LineageOS is a
| non-privacy focussed, somewhat de-Googled Android; /e/ is a
| privacy and free software focussed derivative of LineageOS with
| a larger set of supported hardware; GrapheneOS is a security-
| focussed (not privacy-focussed) version of Android with rather
| limited hardware support. It's not clear to me what the
| fundamental difference is between CalyxOS and /e/ other than
| hardware support and what's built-in.
| buzzy_hacker wrote:
| Thank you!
| atatatat wrote:
| https://www.makeuseof.com/best-android-rom-for-privacy/
| m12k wrote:
| As someone who knows quite little about Android (currently in the
| Apple ecosystem, but considering jumping ship): When you use
| these privacy-focused Android versions without Google Play, is
| there a consistent way to get apps from the Play store to run on
| there? (e.g. download the APK from somewhere and sideload it).
| I'd really like an OS that doesn't spy on me, but there's e.g.
| some goverment ID apps, transit apps and so on, that I'd really
| not like to have to give up.
| simonmales wrote:
| In short yes.
| godelski wrote:
| You are always able to add playstore in. But of course this
| comes with some cost to privacy.
|
| There's also other app stores like f-Droid. Usually these are
| populated with the same apps but often there are ones you are
| going to have a harder time getting.
|
| Does anyone know if there's a way to do a sandboxed playstore?
| Like you can use it to download the apps and update (assuming
| this won't be automatic) but that it is contained otherwise?
| dstryr wrote:
| - Install Shelter from F-Droid
|
| - Install the Aurora store apk inside of Shelter
|
| - Open Aurora store in Shelter's work profile and use like a
| normal play store and all apps installed within Aurora remain
| sandboxed
| cdesai wrote:
| There is also a built-in Work Profile feature now, under
| Settings -> System -> Multiple Users.
|
| It basically does the same thing under the hood.
| Mikkel-T wrote:
| There is an app store called Aurora Store that Calyx comes
| preinstalled with.
| https://f-droid.org/en/packages/com.aurora.store/
| grawprog wrote:
| There's places like APK mirror or Aurora which will download
| .apk's from the play store.
|
| The problem with degoogled phones isn't not accessing the
| google play store, it's not having the confusingly named google
| play services.
|
| https://en.m.wikipedia.org/wiki/Google_Play_Services
|
| A lot of apps rely on google play services. It mostly depends
| on how much of google play services an app requires as to
| whether it'll work on a degoogled phone or not.
| commoner wrote:
| CalyxOS includes microG, which solves the compatibility issue
| for some of Google Play Services' most essential features,
| including push notifications, better geolocation, and map
| rendering. microG also keeps Google's in-app ads disabled.
|
| Implementation status:
| https://github.com/microg/GmsCore/wiki/Implementation-Status
| grawprog wrote:
| The gp mentioned government id apps specifically. Those
| along with banking apps are the ones I've heard having the
| most trouble without actual google play.
| calvinmorrison wrote:
| I use f-droid for most of my standard apps (note-taking,
| calendar, etc) - and since I am not using gmail, those suite of
| apps are useless to me. I use firefox for my browser, and use
| the client provided by my email provider.
|
| The worst thing is basically not having Google Maps because
| while fdroid does work, it is not condusive to 'just looking
| things up real quick'. It's more of a 90's GPS where you pull
| over, take 5 minutes to look up what you want and navigate
| there.
|
| The other issue I have is I don't get push notifications from
| CalyxOS, and I don't know why. Messages are received, but my
| phone won't show me unless i unlock the screen - and then I get
| alll the notifications at once. If I don't interact with the
| notification, it will do it again the next time I use my phone.
|
| otherwise it's been fine. I am using a google pixel 3.
| commoner wrote:
| > The worst thing is basically not having Google Maps because
| while fdroid does work, it is not condusive to 'just looking
| things up real quick'.
|
| If you're okay with a closed source navigation app, Magic
| Earth strikes a balance between Google Maps and FOSS apps
| such as Organic Maps. Magic Earth uses OpenStreetMap data but
| layers its own address search on top of it to cover addresses
| and landmarks that are not available on OSM.
|
| https://www.magicearth.com
|
| Google Maps does work on CalyxOS and so does its most fully-
| featured proprietary competitor, HERE WeGo. But if you only
| want to use free and open source software, I understand.
|
| > Messages are received, but my phone won't show me unless i
| unlock the screen - and then I get alll the notifications at
| once.
|
| Is your device configured to hide notifications when locked?
| See "Control how notifications show on your lock screen":
|
| https://support.google.com/android/answer/9079661
| calvinmorrison wrote:
| > Is your device configured to hide notifications when
| locked? See "Control how notifications show on your lock
| screen".
|
| Yeah it's a bug with push notifications I think. I don't
| care - I think it's a great feature because if I don't hear
| the buzz, I won't look until my brain decides to check my
| phone, which can be a long time.
|
| I am looking to move towards a Punkt MP-02 for my next
| device, but the fact that it's not an open source device
| that I trust... I hesitate.
| tn1 wrote:
| There are sites like APKPure that mirror the Play store. That
| particular site also has an app of their own that functions as
| an app store, which will install from their catalog.
|
| Of course, you're just moving your trust from Google to this
| other third party, it's up to you if you consider that wise.
| 0x416c6578 wrote:
| There are third-party clients for the Play Store (Aurora store
| being a good example). Aurora store uses anonymous accounts to
| download the APKs directly from Google. That being said, just
| because you can install the application doesn't mean it will
| actually work without Play Services installed. I've had quite a
| bit of luck with random applications I've installed
| (interestingly most Google apps like Gboard, Photos and GCam
| work fine offline and without Play Services), however YMMV.
| google234123 wrote:
| That's a piracy site.
| LanternLight83 wrote:
| Nah, Aurora only works for snagging free apps from the play
| store via a proxy account- you're thinking of another well-
| known APK download site starting with an A, one which
| allows users to create their own 'app stores' (ie.
| repositories) and is rampant with piracy. I'm sure it comes
| in handy for kids with more tech--savy-ness (enough to
| avoid the malware!) than literal cents.
| commoner wrote:
| > you're thinking of another well-known APK download site
| starting with an A
|
| Aptoide. I have seen pirated paid apps on Aptoide, but
| any app marked as "verified" is not pirated (as in, it's
| available free of charge elsewhere) and the app's
| signature on Aptoide matches the app's signature on
| Google Play. Everything in the main "apps" repository and
| some apps in other repos are verified.
|
| Aptoide is useful for downloading older versions of
| Android apps, especially when APKMirror doesn't have an
| entry for the app.
|
| Fun fact: Aptoide is open source and F-Droid is actually
| a fork of Aptoide.
|
| - GitHub: https://github.com/Aptoide/aptoide-client-v8
|
| - Wikipedia: https://en.wikipedia.org/wiki/Aptoide
| fragileone wrote:
| Aurora Store is not a piracy site. It's a FOSS app that
| gives you access to the official Google Play Store
| directly.
| rOOb85 wrote:
| To add:
|
| Aurora store does NOT let you download paid apps. If you
| have paid for a app, you can sign into that account in
| aurora store and download the app you bought. However,
| the paid app will most likely not work as most apps use a
| SDK provided by google for verifying purchases in a app.
| This SDK heavily relies on google play services. And
| secondly, using a 3rd party store like aurora does
| violate googles use agreement which means google could
| ban your account if you sign into it from aurora. I would
| highly advise to not use a google account you care about
| with aurora.
| mackrevinack wrote:
| ive been trying that it the last while with an old phone where
| i didn't bother logging into google when i reset it. i just use
| tasker on my main phone to extract the apk for the current app
| and save it into to my syncthing folder and sync it across that
| way. but there are other apps that will let you extract the
| apk's as well.
|
| so far only one or two have worked unfortunately but most do
| spinax wrote:
| One of the most popular ways is to use the F-Droid
| repositories, which if you know a little Linux concepts it's
| like plugging in another software repository to the same
| package manager. (see f-droid.org) It can be confusing though
| because F-Droid is both an app, _and_ the name of the primary
| software repo which is pure FOSS software (no ads, no
| trackers).
|
| The F-Droid _app_ supports adding more repositories (think like
| apt /yum/dnf on Linux) easily, so you can source software from
| anywhere which runs their own repository. One of the most
| popular "other" repos is Izzy (apt.izzysoft.de/fdroid), and
| there is an alternate project called "microG" which can allow
| you to use Google Play store apps (microg.org/fdroid.html).
| microG is how you will get your Google Play apps onto the
| device, usually (there are other solutions besides microG out
| there however).
|
| The CalyxOS install ROM includes F-Droid (app and repos) and
| offers to install microG for you on your first boot (as well as
| some other opt-in stuff). Calyx runs their own F-Droid repo
| which is pre-added to the app so you get updates from them as
| well (think the built-in apps most smartphones have).
| alfiedotwtf wrote:
| Just note that there's a tonne of apps on F-Droid that
| haven't had updates in _years_
| commoner wrote:
| That's true, but the date of the most recent release is
| clearly shown, and it's easy to avoid the unmaintained
| ones. Also, F-Droid most likely has newer alternatives for
| the kind of app you're looking for.
| alfiedotwtf wrote:
| Yep, you have good points. I just thought I'd warn people
| thinking its going to be all roses.
|
| Either way, I'm happy with my non-Google, Android setup
| jefftk wrote:
| _> pure FOSS software (no ads, no trackers)_
|
| Nit: something can be FOSS while having ads and/or tracking
| (telemetry)
| spinax wrote:
| Nit rebuttal: I was referring to the F-Droid repository
| which I thought was clear from context. These elements are
| scanned for and apps called out (tagged) should they
| contain something not-free, even connecting to network
| services like Reddit or Twitter. The are referred to as
| Anti-Features: https://f-droid.org/en/docs/Anti-Features/
| jefftk wrote:
| Sorry! I understood you to be saying that the definition
| of FOSS includes no ads or trackers, and I wanted to make
| sure no one was misled by that.
|
| Additionally, as you say, the F-droid repository does
| contain apps with those properties; they're labeled, not
| excluded.
| spinax wrote:
| Trivia: by default (unless it has changed upstream), the
| F-Droid app defaults to "Include anti-feature apps: Off"
| in the Settings. The user must go in there and manually
| opt-in to see all the anti-feature apps on the mobile
| client.
| sphinxcdi wrote:
| It doesn't actually hide apps with "anti-features", you
| can still see them by default. The only thing it does is
| hide the description and install button of apps with
| "anti-features" in the search screen. It seems like a
| half-baked feature.
| fragileone wrote:
| Use the Aurora Store app (you can keep this updated via the
| F-Droid app), it's a client for the Google Play Store so it'll
| allow you to update those apps through it.
| BorisMelnik wrote:
| very cool project - assuming by de-bloating all this google-ware
| the battery performance might be better?
| dopu wrote:
| It used to be that iOS was the recommended phone OS if you were
| looking for the best combination of privacy and security. Even
| Daniel Micay (the lead developer of GrapheneOS) thought so, 2
| years ago [0]. But these ROMs are looking much more mature these
| days. Anyone have thoughts on how CalyxOS and GrapheneOS compare
| to iOS in the present day?
|
| [0]:
| https://www.reddit.com/r/GrapheneOS/comments/bddq5u/os_secur...
| cosmojg wrote:
| To my knowledge, GrapheneOS has become the leader of the mobile
| security space while CalyxOS remains more-or-less on par with
| iOS. This all depends on your security model, though. There are
| tradeoffs everywhere.
| fitblipper wrote:
| The thing which always makes me hesitant about these projects is
| that they don't receive frequent security audits and not having
| an expensive brand behind them makes them more at risk to being
| willing to trash their name at the cost of my privacy and
| security. I consider these to be a fairly critical part of any
| project which claims superior privacy and security.
|
| I think about it this way: Should I trust
|
| A. The company which has thousands of developers working on it
| and wants to avoid their brand being dirtied by failures in
| security and privacy.
|
| B. The small group of people who have formed an organization
| which may or may not be another Anom like FBI controlled
| software.
|
| Don't get me wrong, I absolutely want to pick B, but I consider
| it much more risky since there are a lot more unknowns around
| that. At least with A I know what I'm getting (basically a free
| flow of my info to whichever government asks for it, but cross my
| fingers they don't ask for it or that A doesn't want too broad of
| a breach of trust).
| minsc__and__boo wrote:
| There was a time I would have gone with B), but I've been
| burned by too many "companies" with almost nothing to lose
| suddenly becoming malware or some other exploitive.
|
| This new wave of privacy branding, without 3P verification,
| open sourcing, or even means of recourse seems to be the new
| frontier for these used car salesman "trust me, it's private"
| pitches.
| corebuffer wrote:
| IMO the free software group at least is auditable.
|
| I wish Replicant was able to catch up. Having blobs at the
| baseband is awful, but having the baseband accessing all RAM is
| just game over for privacy. There isn't what to trust in that
| setting.
| zozbot234 wrote:
| This is why I see projects like postmarketOS, Mobian and Debian
| Mobile as having a lot more potential. Let's be clear about
| this, these projects are _not_ practically usable right now in
| a "daily driver" sense, even compared to a simple AOSP-based
| custom ROM. But they have the right goal in place - sharing a
| _single_ , unified code base across our mainstream and mobile
| OS's.
| [deleted]
| mycall wrote:
| Google has thousands of Android developers? Interesting.
| 627467 wrote:
| To say that trillion dollar companies are less likely to fail
| at security/privacy because all their decisions take into
| consideration the hypothesis of reputation damage seems
| simplistic. They also have the money to pay for damage control.
| bubblethink wrote:
| Man, stuff like this is so depressing to read. Like this is
| supposed to be a forum for showcasing new tech, projects, etc.
| What's the point of having this if people in the industry are
| going to say, "I don't like it because it's not backed by a
| trillion dollar company". What will change ?
| Kaytaro wrote:
| OP didn't say he doesn't like it, just pointing out the
| reality. But yes, the reality is depressing.
| [deleted]
| fragmede wrote:
| In offering only two choices, when the reality is far more
| complex than that, GP sets the tone for the rest of the
| discussion. There are more options, and a far deeper lake
| of information to use for drawing conclusions, so the
| simplification is also insulting, on top of being
| depressing.
| nerbert wrote:
| OP is just saying that audits would be nice, which is
| true.
| VortexDream wrote:
| If you have other options or other things that should be
| considered, then add them. As it is, you seem to be
| dismissing his absolutely valid concerns without any
| reason as to why you think they're invalid. I have the
| same concerns as he does and it's the same reason I don't
| use custom ROMs. I have no way to know how security
| conscious the developers actually are.
| bubblethink wrote:
| That's a valid concern and only you can judge for
| yourself whether something works for you or not. It's
| open source. Read the code and do your research. Going to
| some project's thread and saying, "But, what if this is
| shoddy code or run by the FBI ?" is beyond pointless.
| Praise can be generous. Criticism needs to be
| conservative and precise.
| VortexDream wrote:
| That's utterly ridiculous and you're clearly arguing in
| bad faith.
|
| Let's say I do have the infinite amount of time necessary
| _and_ the technical expertise to conduct an audit of a
| custom ROM. Is every single person who 's interested in
| privacy and security required to do their own audit?
|
| If I publish my findings, why should anybody ever believe
| me? Who am I to tell anybody how safe it is? If you think
| it's so safe, why don't you do an audit and prove it to
| those of us with doubts instead of expecting us to do it?
|
| Oh, right. You're operating on faith on these groups of
| people that you don't know who don't have any processes
| in place to ensure that what they're doing is safe for
| their users.
| bubblethink wrote:
| I'm not arguing that you or anyone should use this
| project. All I'm saying is that this line of questioning
| is not constructive. Sure, an audit is good, but since
| this hasn't been audited, what will this line of
| questioning achieve ? You can go to any project's
| announcement and pose this type of question, and it
| doesn't add anything. If you have concrete criticism to
| add, that's fine. This type of vague insinuation is
| what's in bad faith here.
| taf2 wrote:
| Simple answer to a drepressing reality is to say "fuck it".
| Build it anyway. If you build it they will come. When
| Amazon was getting started selling books online - barnes
| and noble was pretty scary big who would trust paying for
| something like a book online?? The reality of software is
| the playing field is always up for grabs. Googles still a
| great company but how many great engineers are still there?
| Lot of them have left- still many remain . End rant
| ajklsdhfniuwehf wrote:
| all those phones need closed source binary blob drives to
| even power on.
|
| that's why each project is focused on a single device at a
| time.
|
| THis is all toxic to open source!
|
| The only wining move is NOT to play. If you go out of your
| way to buy the phone that some unkwown party managed to hack
| the binary blob(s) out of the official image into the custom
| one, you are losing because the quality will be worse than
| the closed source offering, always. From actual security to
| usability. And it will be driving engagement away from actual
| solutions to the problem (such as pine phone etc, which are
| also lagging, but are not as this egregiously bad)
| oh_sigh wrote:
| Many people run their entire lives off of their phones. Being
| concerned about security is prudent, not depressing.
| VoodooJuJu wrote:
| >Many people run their entire lives off of their phones
|
| This is the real problem, not the lack of security audits.
| lobocinza wrote:
| Being concerned is being rational just the reality of it
| that's depressing.
| posguy wrote:
| How far off of AOSP is CalyxOS though? Given that most
| Android users are running unaudited carrier & OEM modified
| ROMs that rarely see updates, a ROM that is very close to
| upstream AOSP is apt to be much more secure.
|
| Nevermind that many of the apps that Google ships as part
| of Google Play are not receiving security audits outside of
| Google, Google is not committing to regularly audit their
| apps or publish the results, and these apps function as
| black boxes on your phone, with privileges that most other
| apps do not have.
| chrisco255 wrote:
| Open source software has a better security track record
| than closed source software run by billion dollar corps.
| joemazerino wrote:
| Does it though? Have you looked at the vast number of
| vulnerabilities _introduced_ into the Linux kernel in the
| last 3 years?
| OJFord wrote:
| That's not really the point though is it? It's more like 'I
| do like it.. is it sensible to use it?' At least, that's how
| I read it, and how I feel about such things.
|
| I'd very much like my next phone to run Linux (i.e. be a
| Pinephone) though.
| thinkloop wrote:
| > I'd very much like my next phone to run Linux
|
| Why again? Android is already free and open source and
| Linux doesn't have good answers for the proprietary goodies
| zozbot234 wrote:
| > Linux doesn't have good answers for the proprietary
| goodies
|
| It doesn't need to. The feasible short-term target is
| feature parity with de-googled AOSP roms, which would
| still make it plenty useful in a "daily driver" scenario.
| OJFord wrote:
| I like the level of control and ease of reproducible
| setup that I have on my desktop, and find my (Android)
| phone frustrating to use in part because it lacks it.
|
| It's not without trying either, I've worked on and off on
| a terraform provider for Android - currently apps only
| but with some vague intention to try to manage as much of
| settings as possible (not much, AIUI). It's just not
| meant to be used like that though, of course, and I wish
| Linux was a viable enough option that, at least among
| nerds already using Linux for work if nothing else, it
| didn't need to be justified for use on phones.
| shadowgovt wrote:
| I got a Pinephone.
|
| I like the idea, but it's a deeply frustrating experience
| right now. Basic table-stakes features I have come to
| assume from both Android and iOS platforms just aren't
| there yet.
|
| It's a frustrating chicken egg problem... I want the thing
| to succeed, but my smartphone is so critical to my day-to-
| day that I can either wait for it to get better or invest
| the time into having it suck on toast while I improve it.
| zozbot234 wrote:
| Yup, the PinePhone is still being worked on and quite far
| from being usable as a daily driver. To be fair, the
| Pine64 folks are also very clear about this.
| OJFord wrote:
| Oh I get that, hence 'would very much like my next to be'
| vs. rushing 'out' to buy one.
|
| I'd also have to figure out some more specifically
| personal stuff like alternatives or Matrix bridges for
| apps I 'need to' use to communicate with certain people.
| 8bitsrule wrote:
| I was hoping to use Pinephone this year, but nope. I have
| a 7yo phone with better specs, including a 2.5x faster
| clock. Yes it's an Android, but ... Maybe next year.
| panta wrote:
| > A. The company which has thousands of developers working on
| it and wants to avoid their brand being dirtied by failures in
| security and privacy.
|
| They don't seem to be too much concerned about failures in
| security and privacy... Their entire business is based on
| dismantling of privacy, why should they be trusted more than
| companies that have alternative business models?
| atatatat wrote:
| Disagree.
|
| The reputation of Nick Calyx (worth a look his Wikipedia page),
| or GrapheneOS team, etc, is so much easier lost than that of,
| say, Google's Android team.....or iOS security team.
|
| Having said that: Calyx shouldn't be considered much more
| secure than Android Open Source Project (AOSP). That's where
| GrapheneOS shines.
|
| Calyx should, however, be considered more private than AOSP,
| less dodgy & exploitable than Samsung etc Android
| "enhancements", aka UI/UX bloatware.
| nextos wrote:
| How does CalyxOS compare to GrapheneOS?
| GekkePrutser wrote:
| Calyx has more focus on functionality and privacy rather
| than security. On Graphene, security is always priority #1.
|
| For example: Calyx provides MicroG. This means you can talk
| to Google Play services, though in a better, more privacy-
| conscious way. MicroG is an open implentation of Google
| Play Services.
|
| However, MicroG requires signature spoofing: You need to
| install a fake Google certificate so that it can trick
| official apps into thinking they're talking to Google Play
| Services directly. This could technically be abused, though
| Calyx takes lots of precautions to prevent that. GrapheneOS
| with their security-first approach don't deem this worth
| the risk. So with apps requiring play services you don't
| get push messages and network-based location checks, among
| others.
|
| So, do you want an allround phone to use everyday (and use
| things like Uber, Facebook, etc) but more private and
| secure than AOSP, take Calyx. Do you want security over
| everything and are willing to compromise a bit on
| functionality and app compatibility (some apps will refuse
| to run without google play), pick Graphene.
|
| Either way you'll need a Google Pixel by the way.
| strcat wrote:
| > Calyx has more focus on functionality and privacy
| rather than security.
|
| That's not true. GrapheneOS is heavily focused on privacy
| and offers much better privacy than CalyxOS. See
| https://grapheneos.org/features for the privacy and
| security features offered beyond AOSP. Unlike CalyxOS, we
| aren't listing AOSP features as our own.
|
| CalyxOS has a leaky firewall which apps can bypass and a
| leaky VPN tethering implementation. GrapheneOS has a
| Network toggle without those leaks and prefers the
| approach of fine-grained VPNs rather than using the same
| tunnel for everything. We want real per-profile VPNs
| rather than making more devices use the same VPN,
| especially in a leaky way.
|
| > For example: Calyx provides MicroG. This means you can
| talk to Google Play services, though in a better, more
| privacy-conscious way. MicroG is an open implentation of
| Google Play Services.
|
| GrapheneOS has https://grapheneos.org/usage#sandboxed-
| play-services which is able to provide much better app
| compatibility, far more functionality and without the
| privacy/security sacrifices of microG. microG lacks the
| same security checks and key pinning of Play. It doesn't
| avoid trusting Play because the apps using Play are using
| the Play client libraries. microG is an additional
| trusted party.
|
| > This could technically be abused, though Calyx takes
| lots of precautions to prevent that.
|
| They simply limit it to microG and the Play services
| signature, which was our suggestion. That isn't taking a
| lot of precautions. It is abused because apps are tricked
| into giving their data to an app without the same
| security model/checks and key pinning (microG) is
|
| > GrapheneOS with their security-first approach don't
| deem this worth the risk.
|
| No, we took a better approach instead.
|
| https://grapheneos.org/usage#sandboxed-play-services
|
| > So with apps requiring play services you don't get push
| messages and network-based location checks, among others.
|
| Push works fine with many apps without Play. GrapheneOS
| has support for using Play in a sandbox.
|
| > So, do you want an allround phone to use everyday (and
| use things like Uber, Facebook, etc) but more private and
| secure than AOSP, take Calyx.
|
| Those apps work fine on GrapheneOS. CalyxOS isn't more
| private and more secure than AOSP. CalyxOS includes a lot
| more proprietary services (Google, WhatsApp, etc.) than
| AOSP. For the most part, they're making changes which
| quite easily hurt privacy and security.
|
| > Do you want security over everything and are willing to
| compromise a bit on functionality and app compatibility
| (some apps will refuse to run without google play), pick
| Graphene.
|
| This is a highly inaccurate portrayal of what GrapheneOS
| provides and the decision making process. GrapheneOS
| values privacy and usability very highly. It balances
| those with security.
|
| What really defines GrapheneOS is that we aim to
| implement things in a proper way that cannot be bypassed
| by adversaries. A privacy feature that's simply worked
| around is not much of a privacy feature.
| cdesai wrote:
| > CalyxOS has a leaky firewall which apps can bypass and
| a leaky VPN tethering implementation.
|
| We're working on fixing the one bypass. I don't know what
| you mean by leaky VPN tethering implementation.
|
| We have a patch (from LineageOS) that allows tethered
| devices to connect over the VPN. By default in AOSP a
| tethered device ignores the VPN.
|
| Wouldn't this be the opposite of leaky? It prevents
| leaks, especially when you have always-on VPN enabled.
|
| > GrapheneOS has a Network toggle without those leaks and
| prefers the approach of fine-grained VPNs rather than
| using the same tunnel for everything.
|
| We evaluated the network toggle and found it to cause
| crashes in apps when the permission got taken away from
| them unexpectedly, which is why we've gone with the
| solely network-level implementation.
|
| We also do not have anything that'd make you think 'use
| the same tunnel for everything'. Multiple users work just
| fine, and in fact we now have a built-in work profile
| feature which lets you run another VPN in that (since
| that's how Android works) out of the box.
|
| > CalyxOS includes a lot more proprietary services
| (Google, WhatsApp, etc.)
|
| We do not include any proprietary services. We have
| microG which is open source, and the WhatsApp integration
| is done in open source code in the Dialer, it does not
| rely on anything proprietary.
|
| In fact, you're the one who's brought up your play
| services approach which involves running the proprietary
| binary. Don't you see the irony?
| GekkePrutser wrote:
| Like I said in my post below I didn't mean to attack you.
| I don't even use either Calyx nor GrapheneOS. > That's
| not true. GrapheneOS is heavily focused on privacy and
| offers much better privacy than CalyxOS. See
| https://grapheneos.org/features for the privacy and
| security features offered beyond AOSP. Unlike CalyxOS, we
| aren't listing AOSP features as our own.
|
| I simply wanted to explain that you will always pick the
| security side if a balance has to be made between
| security and privacy. I don't mean this as a bad thing.
| It's a good point and a good differentiator between both
| IMO.
|
| > GrapheneOS has https://grapheneos.org/usage#sandboxed-
| play-services which is able to provide much better app
| compatibility, far more functionality and without the
| privacy/security sacrifices of microG. microG lacks the
| same security checks and key pinning of Play. It doesn't
| avoid trusting Play because the apps using Play are using
| the Play client libraries. microG is an additional
| trusted party.
|
| I don't agree with this. I would not want any google play
| stuff on my phone, sandboxed or not.
|
| > Those apps work fine on GrapheneOS. CalyxOS isn't more
| private and more secure than AOSP. CalyxOS includes a lot
| more proprietary services (Google, WhatsApp, etc.) than
| AOSP. For the most part, they're making changes which
| quite easily hurt privacy and security.
|
| Does Calyx really include WhatsApp out of the box? That
| would indeed be a very negative point for me. As I
| mentioned I haven't used either.
|
| > This is a highly inaccurate portrayal of what
| GrapheneOS provides and the decision making process.
| GrapheneOS values privacy and usability very highly. It
| balances those with security.
|
| As far as I understand your website you do always pick
| security if a tradeoff has to be made. I don't think this
| is a bad thing. I think it's a good option. It's just not
| the choice I would make but it's nevertheless a good
| stance for those who care about security the most.
|
| Anyway like I said in my other post I'm sorry you view my
| post as an attack. If you look at my other posts you will
| see I praised you for promoting security features that
| were incorporated into AOSP after you had initially
| developed them.
| cdesai wrote:
| > Does Calyx really include WhatsApp out of the box? That
| would indeed be a very negative point for me. As I
| mentioned I haven't used either.
|
| We do not, we would never ship a proprietary app like
| that.
|
| What we have is a small patch to the open source Dialer /
| Phone application that lets you make WhatsApp calls
| directly.
|
| It only shows WhatsApp as an option if you have it
| installed already, if you don't you won't see it, we
| don't want to promote using proprietary services.
|
| This was done after a lot of back and forth with our UX
| team.
| commoner wrote:
| While I really appreciate your work on GrapheneOS (and I
| will be checking out the sandboxed Google Play Services
| feature), I don't think it's very good form to heavily
| promote your OS in a discussion about a different OS,
| especially in such an adversarial way. There's room in
| the FOSS space for both GrapheneOS and CalyxOS.
| dead-snake wrote:
| > There's room in the FOSS space for both GrapheneOS and
| CalyxOS.
|
| I doubt strcat disagrees with that. He's responding to
| specific statements comparing GrapheneOS and CalyxOS. I
| don't think we would have seen those comments if nobody
| had mentioned GrapheneOS.
| strcat wrote:
| Please look at the comments being replied to from that
| user in this thread. They're spreading misinformation
| about GrapheneOS in order to promote CalyxOS. This isn't
| something isolated but rather than community is highly
| hostile towards our project and has been heavily involved
| in harassment of our developers, raids on our community
| and coordinated spreading of misinformation. Every time
| GrapheneOS or CalyxOS is mentioned, the CalyxOS community
| and project are there pretending GrapheneOS doesn't care
| about privacy and functionality/usability. We're only
| responding to the comments where this is being done. We
| didn't jump into this thread but rather they're choosing
| to attack us and bring us into it.
| tentacleuno wrote:
| > has been heavily involved in harassment of our
| developers, raids on our community and coordinated
| spreading of misinformation
|
| I'd be interested to see how you draw this conclusion. I
| have been in the CalyxOS rooms for quite a long time and
| have never seen anything of the sort. In fact, when
| GrapheneOS is mentioned, users are told to change the
| topic.
| strcat wrote:
| People can see for themselves the misinformation being
| regularly spread about GrapheneOS by the CalyxOS
| community whenever either CalyxOS or GrapheneOS is
| brought up. The raids on our channels are a well known
| fact and those people are openly welcomed in the CalyxOS
| rooms, even those who have publicly told me to kill
| myself on multiple occasions. Nick himself has been
| heavily involved in this behavior. I don't think someone
| who is involved in the community perpetrating these
| attacks is a good source on what has been happening. He
| justifies his support for these people by saying they
| have an open channel with free speech.
|
| > In fact, when GrapheneOS is mentioned, users are told
| to change the topic.
|
| Yes, people get banned when they defend GrapheneOS from
| attacks. Nothing is done when they spread misinformation
| about it as long as they don't do it too blatantly.
| Action is quickly taken if someone there tries to counter
| it.
| GekkePrutser wrote:
| Sorry if I misunderstood some of the differences, but I
| was trying to simplify it and trying to be helpful by
| explaining what I read about both.
|
| I'm not trying to promote either, and I don't use either
| as I don't have any pixel phones. However I thought of
| buying one and as such I looked into the differences.
|
| I didn't realise you now had sandboxed play services, but
| to be honest I would trust MicroG a _lot_ more than
| Google, even if it 's sandboxed :) The only way I'd want
| to interact with Firebase is for push notifications, I
| prefer MicroG's way of handling location by the way, with
| its location plugins pointing to really open sources.
| Play Services are still closed-source google components
| that I don't want on my phone.
|
| I was not saying that you don't care about privacy. I
| just wanted to express that I generally see GrapheneOS
| pick the security side over privacy if there is a choice
| to be made between both (and only then). And with privacy
| I mainly mean big data tracking from the likes of Google.
|
| I didn't mean to attack you at all. I have no side in
| this conflict and I'm sorry you feel that way. See also
| how I said in my original post that GrapheneOS has
| security as Priority #1. How is that a bad thing??
|
| If you look at my other posts you will see I praised you
| for promoting security features that were incorporated
| into AOSP after you had initially developed them. I was
| just trying to present the situation as I understood it.
| I didn't realise it was so adversarial.
| [deleted]
| commoner wrote:
| This looks like a messy dispute, so I'm not going to step
| in. The FOSS community is outnumbered by those who prefer
| closed source software, and it's a shame to see
| infighting between two projects that, despite their
| differences, both counter the Google/Apple duopoly on
| mobile device platforms. I hope the GrapheneOS and
| CalyxOS communities can find a way to reconcile.
| cdesai wrote:
| I specifically avoided commenting on the comparison
| threads solely to not have to see this. You will not find
| me doing that anywhere, anytime (unless perhaps when we
| were on good terms)
|
| I've done that all this time, the only time I comment on
| something is when somebody asks us to integrate it into
| CalyxOS, and that's only within our context.
|
| You're the one here who're responding in a hostile
| manner, and doing exactly what you're accusing us of.
| Please stop.
| cdesai wrote:
| The microG creator goes into more detail about signature
| spoofing at https://github.com/microg/GmsCore/issues/1467
| #issuecomment-8...
|
| The concerns usually raised against that are due to the
| "default" patch included in their repository, which has a
| specific purpose.
|
| We don't use that, https://calyxos.org/about/tech/microg/
| are the precautions we take to try and prevent abuse.
|
| I made it a privileged permission because that's a
| standard Android thing to gate things (such as reading of
| IMEI) - My thought process being that if you somehow
| managed to get around privileged permissions, we have
| much bigger problems than signature spoofing.
| GekkePrutser wrote:
| Yeah I agree, it's a good compromise and I definitely use
| MicroG despite that (though not on Calyx but Lineage for
| MicroG, as I don't have a Pixel phone). I think the Calyx
| precautions are more than adequate. And better than
| Lineage's.
|
| I just wanted to highlight the difference in focus,
| GrapheneOS will always pick the security side when a
| compromise needs to be made. Another example is the "We
| don't lie about security features" stance about
| SafetyNet. Even though a GrapheneOS phone is arguably
| more secure than a random manufacturer-modified Android
| rom. I agree that signature spoofing has an unnecessarily
| bad name. Probably because some mainstream roms like
| Lineage eschewing it. Personally I think it's a great
| tradeoff between privacy and functionality.
| throwaway888abc wrote:
| > you don't get push messages and network-based location
| checks, among others.
|
| This should be advertised as major feature.
| kelnos wrote:
| This is the trade off that I hate having to make, and I'm
| glad to see something like Calyx here.
|
| I want a phone that respects my privacy and is secure,
| but I also want to use apps like Google Photos (my
| favorite app that I use more than anything, aside from
| Firefox), Lyft, Netflix, Slack, banking apps, airline
| apps, and, critically, Google Pay.
|
| I get that using many of those apps might increase my
| exposure to tracking and privacy leaks, but I just want
| an OS behind them that I know I can trust in isolation,
| and that may have measures in place that at least try to
| mitigate some of the worst privacy abuses from the apps.
| (And if it can't always succeed at that, that's fine,
| I'll live.)
|
| Meanwhile, my only real choices are stock Android, which
| I know I can't trust to protect my privacy (since
| Google's business model depends on that), and iOS, which
| will treat me like a child and not let me do what I want
| with my phone unless Apple approves. (I'm also really
| concerned about the privacy implications of Apple's plan
| to do client-side scanning for CSAM material, assuming
| that's true.)
|
| So I just don't feel like there's anything out there
| right now that will let me run the apps I want, that is
| built in top of an OS that I feel I can trust. Calyx
| seems to be one of the few I've seen that looks like
| they're actually trying to be that.
| GekkePrutser wrote:
| I agree, this is my stance as well,. Though I don't think
| Calyx tries to limit tracking on installed apps. I would
| recommend using something like TrackerControl to limit
| those.
| ignoramous wrote:
| TrackerControl doesn't encrypt your DNS queries, though.
| You'd need to proxy DNS requests to another app like
| http://github.com/ch4t4r/Nebulo which supports DoT / DoH3
| / DoH for that.
|
| (disclosure: I co-develop a FOSS TrackerControl
| alternative)
| privacyking wrote:
| What is your trackercontrol alternative called? What
| makes it better or worse?
| ignoramous wrote:
| RethinkDNS + Firewall:
| https://github.com/celzero/rethink-app
|
| TrackerControl has a tad better UX; is built on top of
| the super-stable NetGuard and hence inherits its flaws
| and merits.
|
| For instance, it does not support DoH/DoT/DNSCrypt.
|
| It also leaks DNS connections over TCP (this happens when
| a DNS question or answer payload is too big to fit in a
| single UDP packet). In fact, all userspace DNS clients on
| Android I have taken a look at, leak DNS queries over
| TCP.
|
| TrackerControl does not trap all packets over port 53,
| which RethinkDNS does by default.
|
| TrackerControl isn't geared towards bypassing censorship.
| RethinkDNS can bypass stateless firewalls employing a
| similar trick to GreenTunnel, and we plan to implement a
| couple more such mitigations.
|
| Unimplemented but soon, RethinkDNS would let users block
| connections if apps don't resolve DNS with a resolver of
| their choosing.
|
| RethinkDNS has open-sourced both its client app and a pi-
| hole like stub resolver: https://github.com/serverless-
| dns/serverless-dns
|
| There's three of us working on RethinkDNS full-time, so
| it is likely to see feature development at a faster clip
| than TrackerControl and NetGuard (the latter's been put
| under maintanence mode by its original developer).
| themsay wrote:
| Super solid firewall, since I found it never look back.
| dyndos wrote:
| Note that the GrapheneOS developer has indicated they are
| working on getting the Google Play Services apps to run
| sandboxed like normal apps, without extensive system
| permissions. This could be quite promising.
| kelnos wrote:
| Oh wow, this is actually amazing. I'm really impressed
| with the work the GrapheneOS folks are doing. Ah, damn,
| it looks like they've dropped support for the Pixel 2. I
| have a Pixel 4 as my daily driver, but I'd prefer to try
| it first on a phone I don't use all the time. Ah well.
| Perhaps the 4 will still be supported whenever I get my
| next phone :)
|
| Some non-Twitter prose about the Play Services support
| (though it doesn't include the tweeted info about
| dynamite support being nearly finished):
| https://grapheneos.org/usage#sandboxed-play-services
| strcat wrote:
| You can still download the Pixel 2 images via getting the
| version from https://releases.grapheneos.org/walleye-
| testing if you really want to use it. There may be a
| final extended support release, but it's very insecure at
| this point and we won't be making those extended support
| releases for much longer.
| atatatat wrote:
| At some point, the new hardware has been changed for good
| reason -- exploits have been discovered!
|
| Upgrading to a new-to-you few-hundred dollars Pixel every
| 2-4 few years isn't anywhere close to the expense of a
| new $600-$900 phone every 1-3yrs, the way people used to
| (and the way iPhone users still seem to).
| commoner wrote:
| This is very interesting. Do you have a link to the post
| or discussion?
| dyndos wrote:
| Should have included this from the get go :)
| https://twitter.com/GrapheneOS/status/1422117365957922818
| commoner wrote:
| Thank you!
| silasdavis wrote:
| I feel similarly. However I could probably drop Netflix,
| Slack (at a push), Google pay (painful) if I could find a
| replacement for Google photos, it's been too valuable in
| recording my life memories. The Apple CSAM story gave me
| a kick to think I don't want to be sending photos in the
| plain to Google either.
|
| Alternatives seem to be Owncloud and Nextcloud, which
| have hosted options. I don't really want to self host but
| nice to have the option. Does anyone have experience with
| their android apps for photo storage as compared to
| Google photos? In particular autobackup and image
| scaling/compression would be nice.
|
| I use ProtonMail and have started fiddling with their new
| calendar offering, I was half hoping they might have some
| encrypted storage service in the offing...
| strcat wrote:
| GrapheneOS has the substantial privacy and security
| features documented at https://grapheneos.org/features.
| This is a list of differences from AOSP. We've landed
| assorted privacy/security upstream in AOSP and AOSP
| upstream projects like the Linux kernel. Those features are
| NOT listed on that page, because they aren't differences
| from AOSP anymore. We're confident enough in our ability to
| implement substantial improvements that we can land
| features upstream.
|
| GrapheneOS has an easy to use web installer:
| https://grapheneos.org/install/web which is based on the
| fastboot.js library created with our funding.
|
| We also now has a sandboxed Play services compatibility
| layer implementing a no compromises approach to providing
| app compatibility:
|
| https://grapheneos.org/usage#sandboxed-play-services
|
| This will provide much more functionality than microG with
| better security and without sacrificing privacy by not
| giving Play any additional access than it has via the
| client libraries used by apps. It runs as a normal,
| sandboxed app and we provide fallback code for it to work
| that way. We return placeholder values for most of the
| privileged APIs and implement certain APIs like dynamite
| modules in an unprivileged way.
|
| No need to bypass security checks in apps as has to be done
| to make microG work. That's a problem because microG
| doesn't uphold the same security model and checks as Play
| services. For example, it's not pinning component and
| server keys for important cases.
|
| GrapheneOS currently has a much more barebones fresh
| install, but it's easier to install due to the web
| installer. The barebones installer is by design. We don't
| bundle proprietary services. We also don't bundle 3rd party
| apps and services unnecessarily rather than leaving it up
| to the user. We'll be providing a first party app
| repository with modern metadata signing, key rotation,
| delta update, stable/beta release channels, etc. within the
| next few months to make it easy for users to install an
| initial set of apps. High standards will be applied to the
| apps we choose to build for our repository.
|
| Play Store requires API 29+ at the moment and that will be
| required to use the much safer unattended upgrade approach
| in Android 12 as opposed to the risky approach used by the
| Play Store, Aurora Store and F-Droid. We'll likely require
| API 30+ though.
|
| F-Droid itself if API 25 (Android 7.1). The API level is
| the privacy/security level of an app. API 28 introduces a
| much stronger SELinux sandbox with per-app SELinux MLS
| domains protecting the app from others and other apps from
| it. There are many other improvements, with each API level
| making things better. For apps not distributed via the Play
| Store, this is a simple health check to see how much an app
| prioritizes privacy and security compared to simply getting
| it working.
| GekkePrutser wrote:
| Yeah GrapheneOS is security over privacy, Calyx is privacy
| over security (and has a bit more mainstream appeal with
| MicroG, supporting push messaging and location services etc).
|
| GrapheneOS has also pioneered a lot of security measures, a
| lot of which have been added to Android proper (if you see
| their feature log, a lot of it says "removed because it was
| introduced in Android"). I wonder if that wouldn't have been
| the case without them pioneering it.
|
| Finally, the big guys make a lot of mistakes too. Remember
| the time when you could sudo on macOS with a blank password
| :) Or that other time when they showed your _actual password_
| instead of the password hint. AFAIK, Graphene and Calyx have
| never made any mistakes even close to that severity.
| strcat wrote:
| > Yeah GrapheneOS is security over privacy
|
| No, GrapheneOS is heavily focused on both privacy and
| security. See https://grapheneos.org/features for a list of
| the enhancements compared to the latest Android Open Source
| Project. GrapheneOS offers substantial privacy advantages
| over CalyxOS. It has a bunch of nice privacy improvements,
| carefully designed to work against real adversaries.
| Bypasses of privacy features are taken very seriously and
| prioritized as security vulnerabilities. GrapheneOS also
| doesn't integrate proprietary apps/services into the OS.
| We'd never stick WhatsApp support in the Dialer or ship
| Google services integrated into the OS in a special way not
| available to other apps. Services should be on an equal
| playing ground. That's the real issue with Play services
| and with iOS too.
|
| GrapheneOS has full MAC randomization, DHCP anonymity and
| doesn't reuse IPv6 addresses across networks.
|
| GrapheneOS has the Network permission toggle for
| disallowing both direct and indirect network access. Calyx
| takes an approach that allows apps to bypass it via APIs
| gated by the INTERNET permission. It also has other
| bypasses. They present it as a firewall app with a fancy
| name, but it's just a UI for the AOSP firewall and it
| doesn't really work as they present it.
| https://gitlab.com/CalyxOS/calyxos/-/issues/454
| acknowledges the issue but presents an unworkable plan to
| address it. The approach doesn't work. Similarly, fine-
| grained filtering of domains/addresses in most firewalls
| even as a whitelist doesn't work due to DNS acting as 2-way
| communication via a permitted IP to arbitrary third
| parties. These indirect forms of access can't simply be
| ignored.
|
| GrapheneOS has the Sensors toggle to disallow apps from
| accessing the miscellaneous sensors usable for coarse
| movement (which can map to location) and audio recording
| among other things.
|
| It has substantially privacy improvements beyond these
| things, but they're some nice examples. I strongly
| recommend looking through https://grapheneos.org/features
| and keep in mind it does not list AOSP features as most
| projects would. Avoiding bundling third party apps and
| services is explicitly listed as a feature rather than
| listing out integrating proprietary services and assorted
| apps.
|
| GrapheneOS is also focused on usability, and it's hard to
| deny that https://grapheneos.org/install/web is a very nice
| way of performing the install. The fastboot.js library
| powering it is a project we funded.
|
| > and has a bit more mainstream appeal with MicroG,
| supporting push messaging and location services etc
|
| Location works properly on GrapheneOS, as do notifications.
|
| https://grapheneos.org/faq#notifications
|
| GrapheneOS has a sandboxed Play services compatibility
| layer for running Play services with zero special
| privileges:
|
| https://grapheneos.org/usage#sandboxed-play-services
|
| Despite being very new, it's already rapidly moving beyond
| what microG supports. It doesn't require making the
| security sacrifices of microG by losing the standard
| security checks and key pinning. It also doesn't make
| privacy sacrifices: it provides Play with zero additional
| access. Apps using Play include the Play client libraries.
| Many of these fully work without Play services installed,
| including Google's Ads library. That only has a hard
| dependency on Play services if apps use the Lite variant:
| https://developers.google.com/admob/android/lite-sdk. The
| claims about microG privacy/security benefits are not just
| overstated but backwards. It also only implements a tiny
| subset of the API.
|
| Sandboxed Play services compatibility layer is another much
| more broadly application project funded by us, among
| others.
|
| > GrapheneOS has also pioneered a lot of security measures,
| a lot of which have been added to Android proper (if you
| see their feature log, a lot of it says "removed because it
| was introduced in Android").
|
| We're also implemented a lot of substantial privacy
| measures. There aren't really distinctions between these
| things. GrapheneOS helped get substantial app sandbox
| restrictions into AOSP restricting the information
| available to apps.
| [deleted]
| emptysongglass wrote:
| Can you please stop attacking another Android distro
| under the umbrella of a project (the Calyx Institute)
| that has done a lot of good for others? It makes you look
| like an a**hole.
|
| There's plenty of room in this space for multiple visions
| of what a more-secure, more-private Android OS looks
| like. There's gradations of privacy and security and some
| users might prefer your gradient, whereas others might
| prefer CalyxOS'.
|
| You might try getting your act together and reach across
| the aisle so the world can benefit rather than this
| frankly stupid and childish infighting.
|
| And to pre-empt your honestly terrible, "but they started
| it", I don't see anyone from Calyx giving the mouth
| you're giving them, repeatedly, in this thread about
| their product. So please just stop.
| strcat wrote:
| You don't see LineageOS, /e/ or countless other operating
| systems constantly spreading misinformation about
| GrapheneOS. It's only CalyxOS. Others are not doing this.
| I' not sure why you folks can't resist the urge to attack
| us with false claims any time either OS is mentioned
| anywhere.
|
| See https://github.com/bromite/bromite/discussions/1186
| for an example of what is being done on a regular basis.
| These impersonation attacks are currently ongoing on
| Reddit and Telegram.
| emptysongglass wrote:
| All you've done is expose your paranoia with this (and
| the other down thread) comment. I'm not affiliated with
| the vast conspiracy you've concocted in your head.
|
| I'll tell you what though: I see people who think they
| can throw their clout around (DevOps Engineer from
| Denmark, hi) every day in my line of work. I make a habit
| of telling them they better act like adults if they hope
| to cut it.
|
| Look through my comments history and you'll see I don't
| take kindly to people like Moxie, like you, thinking you
| get to push people around because you think you're
| better. That time is over. You can lord over your tiny
| fiefdom all you want but the rest of the industry is done
| taking it.
|
| The future is human cooperation and dignity, not this
| paranoid, egoic trip you're wrapped up tight in.
|
| I suggest you work together with the broader community
| and don't fall into useless, divisive attacks on people
| engaged in the _shared_ enterprise of a more-secure,
| more-private OS.
| atatatat wrote:
| Your comment leaves out the danger of advertising
| security and privacy when you cripple those things.
|
| All open source projects should be able to take GP's
| criticism, dev of "competitor" or otherwise --
| specifically because they're _not_ products -- they 're
| public projects.
|
| Both projects should absolutely be encouraged -- and
| steered, if a user knows a better way.
| strcat wrote:
| It can be plainly see that we were responding to the
| brigade of attacks from the CalyxOS group involved in
| spreading misinformation about GrapheneOS across
| platforms. You're responding to one of them above.
| emptysongglass wrote:
| > Your comment leaves out the danger of advertising
| security and privacy when you cripple those things.
|
| Nobody is doing this. Calyx is taking a measured
| approach, as they see it, and is making commensurate
| claims: "CalyxOS is an Android mobile operating system
| that puts privacy and security into the hands of everyday
| users." Right on their website.
|
| I am vehemently against absolutisms on security. Where
| that road goes is straight into a dick measuring contest
| and it's ugly. You only have to look at Moxie's terrible
| public behavior to see what the fallout from that
| approach looks like.
|
| It's a poison in the security industry and it needs to be
| called out and stopped now. It rewards grown adults for
| acting like children. It's enough now.
| strcat wrote:
| You're another member of the CalyxOS community group
| involved in spreading misinformation about GrapheneOS
| across platforms. It's plainly visible that we didn't
| start anything in this thread but rather that you folks
| spreading misinformation about GrapheneOS through talking
| points misrepresenting it.
|
| The harassment of our developers, raids on our channels
| and misinformation being spread by your community needs
| to stop.
|
| Any time anyone brings up CalyxOS or GrapheneOS, you
| folks show up to attack GrapheneOS with these talking
| points.
|
| As usual, you're trying to accuse the people you're
| attacking of being the ones creating the problems. We
| would NOT be involved in this thread if you folks weren't
| here misrepresenting what we provide.
| atatatat wrote:
| > You only have to look at Moxie's terrible public
| behavior to see what the fallout from that approach looks
| like.
|
| Cite Torvalds' absolutism on not breaking userspace, too,
| while you're at it..
|
| These projects are all forwarding their missions; it's
| not because they listened to your criticism about being
| too absolutist on goals they are passionate about.
|
| The "dick measuring" you're seeing is how any niche group
| quickly scrambles to sift out the "truth". Geopolitics
| research threads, when airplanes go down mysteriously,
| new longboard gets released, whatever -- the smartest
| people go back and forth with (at?) each other1 until
| some form of consensus is reached, and the "herd
| immunity" or general knowledge of the community is
| improved.
|
| 1(sometimes with far less civility than in this case!)
| emptysongglass wrote:
| > about being too absolutist on goals they are passionate
| about.
|
| Not at all what I mean when I say I am vehemently against
| absolutisms on security. Any claim to superiority on
| security and subsequent trashing of others is rotten
| because it's not kind, not compassionate, not conducive
| to cooperation, the single greatest tool we have as
| humankind. We don't need more division in this space and
| we don't need people with a headful of their egos being
| affirmed for bad human behavior.
|
| There are better ways of being critical of others without
| being an a**hole in public. That's the thrust of my
| argument. We'd all do well to hold these people to a
| better standard of behavior.
| strcat wrote:
| We're responding to the attacks from your community
| making uncalled for attacks on us and misrepresentations
| of GrapheneOS here. It's not us attacking you. It's
| plainly visible that you're the ones making attacks on
| us. We're countering the misinformation that's being
| spread with some facts, not personal attacks and insults
| as you're doing.
| strcat wrote:
| It has to be noted that you're another member of the
| group spreading misinformation about GrapheneOS.
|
| We're responding to comments here from a few CalyxOS
| community members and developers attacking GrapheneOS and
| misrepresenting what the project provides. It's not us
| being hostile and starting any trouble. It's plainly
| visible that we're responding to their talking points
| misrepresenting GrapheneOS as not being focused on
| providing privacy, security and usability. They take
| every opportunity to attack us whenever either OS is
| brought up. People can see that we responded here to
| these talking points trying to claim we only care about
| security. No responses would be left here if attacks were
| not being made on us.
|
| It should be noted that the CalyxOS community has been
| heavily involved in raiding our community and harassing
| our developers. Multiple GrapheneOS contributors have had
| to step back from contributing due to ongoing harassment.
| This is something they've subtly condoned and encouraged,
| supposedly because they support free speech within their
| community, except when it's someone countering the
| attacks being made. We have ample evidence of the
| harassment including Nicholas Merrill engaging in trying
| to portray me as deranged/crazy on multiple occasions to
| direct more harassment towards me.
| cdesai wrote:
| > They present it as a firewall app with a fancy name,
| but it's just a UI for the AOSP firewall and it doesn't
| really work as they present it.
|
| There is no AOSP Firewall, this is all based on code
| which originated in LineageOS, and we've been maintaining
| and extending it since about a year now. We make changes,
| send patches back upstream (LineageOS), and are talks in
| that developer.
|
| The bypass is serious, we're looking into it and will
| have a working patch available shortly. It will work.
|
| We do not muck around with the INTERNET permission and
| change the android permission model since that has known
| to crash apps, we did evaluate it before putting effort
| into this.
|
| The beauty of doing this network side is that apps are
| unaware and keep working, unlike some apps which crash
| when you take away their INTERNET permission - that is
| why we didn't go with that approach.
|
| What use is a toggle if it crashes the app and makes it
| unsable.
|
| > The fastboot.js library powering it is a project we
| funded.
|
| Thank you for funding that!
| ineedasername wrote:
| _Remember the time when you could sudo on macOS with a
| blank password :)_
|
| Apple paid out a lot of free sandwiches on that one [0]
| Internationalization on that command was a mess though.
| Defaults were based on OS settings and the flags to
| override were based on a combination of country & postal
| code rather than the localized name of the ingredient.
|
| So, if I didn't want the default of an American cheese
| sandwich on white bread with mayo, I had to research each
| bread, meats, and cheese lineage to get, for example,
| provolone using the switches _-c IT -r 26100_. It got worse
| if you wanted multiple cheese types.
|
| In the end I just aliased a bunch of options. My favorite
| was meatloaf w/ swiss cheese... I have no idea where Apple
| sources their meatloaf for the US region, but I haven't had
| anything like it since. The cafeteria staff at Apple HQ
| have stopped taking my calls.
|
| [0] https://xkcd.com/149/
| Koshkin wrote:
| Don't privacy and security go hand in hand?
| aryamaan wrote:
| They don't go hand in hand in real life. Can imagine that
| happening in digital world too.
| valiant-comma wrote:
| Another way of looking at it:
|
| Privacy is what about you're trying to protect, security
| is about how you are protecting it.
| temptemptemp111 wrote:
| Very. People can't think.
| strcat wrote:
| Yes, they do, and GrapheneOS is heavily focused on both.
| The purpose of the project and what it provides is being
| heavily misrepresented by the comment above.
|
| GrapheneOS treats bypasses of privacy features as
| security vulnerabilities. It offers substantial privacy
| advantages of CalyxOS and doesn't come with the privacy
| drawbacks it introduces. See
| https://news.ycombinator.com/item?id=28095033 (above) for
| a more in-depth explanation.
| GekkePrutser wrote:
| I actually praised you here for pioneering important
| security features into AOSP :) Please don't view my
| comments as attacks or Calyx fanboi-ism. I'm not using
| either and I think you're doing great work. I just wanted
| to highlight the difference in approach as I saw it as a
| potential user when I was considering buying a pixel
| phone.
| tentacleuno wrote:
| Disclaimer: strcat is the GrapheneOS developer.
| strcat wrote:
| Disclaimer: tentacleuno is a member of a community
| engaged in harassment and bullying.
|
| GrapheneOS has a development team with a dozen developers
| and several of those are having their work funded. It's
| not a single person project. Please stop spreading your
| malicious talking points.
| FieryBinary wrote:
| He's not "the GrapheneOS developer", he's the lead
| developer and one of many developers. It's a
| collaborative open-source project which has made a
| production-grade OS and whose contributions have been
| upsteamed for AOSP.
| natpalmer1776 wrote:
| I think the distinction is such that with a private (but
| not secure) application, the only person getting my data
| is a malicious actor.
|
| With a secure (but not private) application, the only
| person getting my data is the owner of the code & anyone
| _they_ are willing to share it with (Governments, Ad-
| tech, etc.)
|
| So if your hard requirement is 'nobody can know anything
| about what I do with this software' you are correct.
| However in-practice, security requirements often exist
| somewhere between the above two scenarios.
| grifball wrote:
| Yeah. Mostly, the difference is whether you're protecting
| against big tech or smaller hackers.
|
| The only other difference is that computer _security_
| also protects your computer as a resource say against
| mining trojans.
| Saris wrote:
| I see it as:
|
| Private = not sending data out of my device unless I want
| it to.
|
| Secure = resistant to someone trying to get into my
| device.
|
| They do overlap a bit, to be private a device needs some
| base level of security. But a device can be very secure
| and still not be private as it's sending data out for
| analytics, tracking, etc.
| corty wrote:
| No. First, there are security measures that wreck
| privacy, e.g. sending all your data to some company's
| servers for virus scanning. Routing all your traffic
| through some filtering VPN provider. That kind of stuff.
| There are privacy measures that wreck security, e.g. not
| using personalized user accounts for certain things.
|
| Security is also mostly up to definition, a secure
| computer system is a system that only does what it is
| defined to do. What this definition entails is up to the
| vendor, which isn't necessarily the same definition a
| user might want for security or privacy.
|
| But generally, there is a large overlap between privacy
| and security.
| chme wrote:
| > No. First, there are security measures that wreck
| privacy, e.g. sending all your data to some company's
| servers for virus scanning. Routing all your traffic
| through some filtering VPN provider. That kind of stuff.
| There are privacy measures that wreck security, e.g. not
| using personalized user accounts for certain things.
|
| Aren't those examples more examples of bad security by
| introducing single points of failure?
| corty wrote:
| Maybe, but there are more examples along those lines that
| don't introduce single points of failure.
|
| E.g. very all-encompassing logging is generally good for
| security, and if the logs are stored in a secure fashion,
| there is also no security problem created. However,
| privacy suffers because one might log things one
| shouldn't log.
|
| In the other direction, file and traffic encryption is
| good for privacy, and the less "permeable" you make it,
| i.e. the less readable for admins, system task, scanners,
| the better for privacy. However, for security, encrypting
| just for the user's eyes is a huge problem, because you
| cannot do malware scanning, you cannot do exfiltration
| prevention. Having users bring their own device into a
| work network is good for privacy, because those devices
| don't have central admin access, but bad for security,
| because same reason.
| vngzs wrote:
| GrapheneOS, lacking MicroG in the default install, is
| therefore more private than CalyxOS. Keeping Google out of
| the loop entirely is necessary for true privacy.
| strcat wrote:
| GrapheneOS doesn't ship integration of proprietary
| services like CalyxOS, whether that's WhatsApp or Google
| services.
|
| GrapheneOS does have
| https://grapheneos.org/usage#sandboxed-play-services
| providing a way to use Play services in a sandbox with
| zero special privileges. This doesn't provide Play with
| any access beyond what it has in the client libraries
| within apps using it. Many of those client libraries
| aren't simply thin clients. The Ads library works without
| Play services. There's a special Lite variant that's
| actually a thin client:
| https://developers.google.com/admob/android/lite-sdk.
|
| GrapheneOS does this by implement the missing fallback
| code Play services should have itself to work without any
| invasive OS integration.
|
| We believe these services should be on an equal playing
| field. Google services shouldn't be built into the OS and
| shouldn't have capabilities not available to a regular
| sandboxed app. Our views are counter to a whole lot of
| what CalyxOS is doing which is bundling third party
| apps/services and giving them special capabilities. For
| example, they give special unattended installation
| privileges to Aurora Store and F-Droid.
|
| F-Droid still targets API 25 (Android 7.1) which wouldn't
| meet the security requirements of the Play Store (API
| 29+) if it could be uploaded there. It also lacks modern
| cryptography and signing with full file signing + key
| rotation. Lots of attack surface too. They give it the
| ability to do _unattended_ app installations without user
| consent. If it gets compromised in any way, it can
| install mimic apps, etc. tricking the user. It could
| install ancient API level apps with the weakest possible
| sandbox.
|
| Android 12 will be providing a far safer way to do this,
| and that's what the in-development GrapheneOS app
| repository client will be using rather than being granted
| special privileges by the OS. F-Droid is still using
| partial file signing without key rotation for app
| repositories too. It does many things that we cannot
| accept for an app bundled into the OS.
| cdesai wrote:
| I did not want to get into this, but you're simply spread
| falsehoods.
|
| > GrapheneOS doesn't ship integration of proprietary
| services like CalyxOS, whether that's WhatsApp or Google
| services.
|
| We do not ship anything proprietary. We ship microG,
| which is "A free-as-in-freedom re-implementation of
| Google's proprietary Android user space apps and
| libraries." - see https://microg.org/
|
| We ship an integration with WhatsApp in the Dialer, which
| is entirely open source code. It is based on the existing
| contacts mechanism (anyone who has WhatsApp or Signal on
| any Android will see entries for those in the Contacts
| app - that is what we expose to the Dialer to make it
| easy to use those to make end-to-end encrypted calls.
|
| In fact, WhatsApp is not listed by default, it only shows
| up if you have it installed. We believe that end-to-end
| encrypted calls are important, and while this would leak
| some metadata, if one has it installed already presumably
| they're fine with that. The network effect is strong!
|
| In fact, you're the one who's promoting your approach of
| being able to run the proprietary Play Services - and yet
| you say you don't ship integration of proprietary
| services. Which is it? You can't ship Play Services
| legally anyway.
|
| > or example, they give special unattended installation
| privileges to Aurora Store and F-Droid.
|
| Aurora Store does not get unattended installation
| permission, it never has. It can only update installed
| apps, which is what Google is allowing in Android 12.
|
| F-Droid Privileged Extension is extended, and both that
| and F-Droid have received security audits in the past
| which haven't found issues - and the Privileged Extension
| itself hasn't changed much since then. We're very careful
| about making any changes there.
|
| It is one thing to give constructive criticism to
| projects, it's another to attack them directly based on
| falsehoods.
| strcat wrote:
| > I did not want to get into this, but you're simply
| spread falsehoods.
|
| I'm not spreading any falsehoods.
|
| > We do not ship anything proprietary.
|
| You ship integration of proprietary services including
| Google services and WhatsApp. You provide them with
| privileged integration unavailable to other apps.
|
| > We ship microG, which is "A free-as-in-freedom re-
| implementation of Google's proprietary Android user space
| apps and libraries." - see https://microg.org/
|
| i.e. an implementation of proprietary Google services.
|
| > We ship an integration with WhatsApp in the Dialer,
| which is entirely open source code. It is based on the
| existing contacts mechanism (anyone who has WhatsApp or
| Signal on any Android will see entries for those in the
| Contacts app - that is what we expose to the Dialer to
| make it easy to use those to make end-to-end encrypted
| calls.
|
| i.e. integration of proprietary services into the OS in a
| way that isn't available to other apps.
|
| > In fact, you're the one who's promoting your approach
| of being able to run the proprietary Play Services - and
| yet you say you don't ship integration of proprietary
| services. Which is it?
|
| GrapheneOS does not include any form of Play services and
| has no support for the OS using it. If a user installs
| Play services, the OS detects it and intercepts the
| attempts it makes to use privileged APIs and instead
| returns placeholder data.
|
| With microG, the Play services code is still present in
| each app using it. microG is an additional trusted party,
| not implementing the same level of transport security or
| other security checks and does not avoid trusting the
| Play services code to exactly the same extent.
|
| > You can't ship Play Services legally anyway.
|
| Not actually true. Do you claim that stuff like firmware
| cannot be shipped too?
|
| > Aurora Store does not get unattended installation
| permission, it never has. It can only update installed
| apps, which is what Google is allowing in Android 12.
|
| No, they're allowing it in a more secure, restricted way
| rather than what is implemented in CalyxOS. Look at the
| list of requirements for an unattended app update via the
| Android 12 API.
|
| > F-Droid Privileged Extension is extended, and both that
| and F-Droid have received security audits in the past
| which haven't found issues - and the Privileged Extension
| itself hasn't changed much since then. We're very careful
| about making any changes there.
|
| Shallow security audits in the past is meaningless.
| F-Droid is an API 25 app (Android 7.1) with a a metadata
| signing system with the same weaknesses as Android's
| deprecated v1 signature scheme and massive attack
| surface. It bypasses the standard OS security model for
| determining sources of apps rather than respecting it.
| This is incompatible with the expected the security model
| for unattended app updates in Android 12.
|
| > It is one thing to give constructive criticism to
| projects, it's another to attack them directly based on
| falsehoods.
|
| I'm not doing that. Rather, that is what you folks have
| been doing at every opportunity in these threads. I've
| only posted here to defend us from malicious
| misinformation being spread by you folks. You're engaging
| in that yourself and can't claim to be uninvolved.
| cdesai wrote:
| I'm really tired of this.
|
| > GrapheneOS does not include any form of Play services
| and has no support for the OS using it. If a user
| installs Play services, the OS detects it and intercepts
| the attempts it makes to use privileged APIs and instead
| returns placeholder data.
|
| Isn't that shipping an integration for a proprietary
| service?
|
| How can you claim that we're the ones shipping
| proprietary service integrations when we ship an open
| source implementation, and you're the ones shipping an
| integration for the proprietary implementation.
|
| I'm done here, there's no point arguing with you, you
| don't see reason.
|
| > Not actually true. Do you claim that stuff like
| firmware cannot be shipped too?
|
| There is precedent here,
| https://phandroid.com/2009/09/25/cyanogen-gets-cd-from-
| googl...
|
| It's the sole reason why there exists the concept of
| flashing gapps are installing other custom ROMs, and that
| cannot be supported without verified boot.
|
| The other way is what you're doing, which is impressive,
| not questioning the code / implementation, just the way
| you're trying to present it here.
| FieryBinary wrote:
| >How can you claim that we're the ones shipping
| proprietary service integrations when we ship an open
| source implementation, and you're the ones shipping an
| integration for the proprietary implementation.
|
| Play Services is not integrated into GrapheneOS at all.
| It only has a few shims that, as strcat explained
| _several times_ , return placeholder data. Play Services
| has no special permissions, and using it on GOS is the
| same as installing any other app.
|
| microG is integrated into your OS. It's a partial
| reimplementation of proprietary Play Services.
|
| >There is precedent here,
| https://phandroid.com/2009/09/25/cyanogen-gets-cd-from-
| googl...
|
| That was for distributing Google apps, not for shipping
| firmware updates. You're making a false comparison.
|
| As you could see if you had read strcat's comments and
| the documentation, GrapheneOS doesn't ship Play Services
| but only some compatibility shims, otherwise Play
| wouldn't know how to work. Users must manually install
| Play and associated apps.
| cdesai wrote:
| On CalyxOS you do get an option to disable microG when
| setting it up for the first time, see
| https://calyxos.org/features/microg/#1-microg-disabled
|
| microG being disabled but present is still enough for
| some apps to work, which makes sense given that you can
| disable Google Play Services on the stock OS.
| folmar wrote:
| It seems to miss my favourite with Lineage - microG
| enabled, but C2DM disabled, i.e. services present, but no
| talking to google servers (but maps api, locations and so
| on still work).
|
| Disclaimer: I've only read the linked webpage.
| commoner wrote:
| You're able to enable microG on CalyxOS while disabling
| Google device registration and Firebase Cloud Messaging
| (the current push messaging service which has replaced
| the deprecated C2DM). The microG Services Core app
| behaves on CalyxOS exactly as it does on LineageOS for
| microG.
| strcat wrote:
| GrapheneOS has https://grapheneos.org/usage#sandboxed-
| play-services so our users have the option to use Play
| services too, in a way that will provide more
| functionality and avoids losing the security checks and
| key pinning that are missing in microG. We'll be making
| it easy for users to install via our app repository
| rather than bundling Google services in the OS.
|
| Google's Play client libraries are still used on CalyxOS
| by the apps using Play services. The Ads SDK is a fat
| library and works without Play services. Only the Lite
| variant of that has a hard dependency on Play. GrapheneOS
| isn't giving any additional access to Play when it's
| installed compared to what the client libraries have
| available.
|
| WhatsApp is clearly a proprietary service too, and
| CalyxOS is integrating that into the Dialer app. Signal's
| server source code is not fully public either and went a
| whole year without even the incomplete releases that are
| now available again. Both are centralized, third party
| services integrated in a special way not available to
| other apps. Isn't that the problem with Play services? It
| is from our perspective.
| cdesai wrote:
| > Google's Play client libraries are still used on
| CalyxOS by the apps using Play services.
|
| They'd also be used on GrapheneOS, and anywhere else
| basically.
|
| > WhatsApp is clearly a proprietary service too, and
| CalyxOS is integrating that into the Dialer app.
|
| The integration is entirely done into the open source
| Dialer app and generic enough that it could be extended
| to any apps that have phone numbers. Signal and WhatsApp
| are simply the most popular amongst those.
| [deleted]
| LukeShu wrote:
| _> Nick Calyx (worth a look his Wikipedia page)_
|
| For those struggling to do this: "Nicholas Merrill" is the
| name you'll need to look up on Wikipedia.
| sildur wrote:
| B, of course. The FBI may or may not control that specific
| group of people. But you can bet it controls that company with
| thousands of developers.
| cdesai wrote:
| A. While it is hard to say something about A having thousands
| of developers (just having more eyes on everything they're
| doing), it's not infallible, nor does it strictly mean they
| want to 'avoid their brand being dirtied'
|
| B. CalyxOS is a project of the non-profit Calyx Institute,
| founded by https://en.wikipedia.org/wiki/Nicholas_Merrill
| securitypunk wrote:
| Anyone who has managed a product security program will tell you
| that's it's impossible for small groups to keep up with the
| complexity and attack surface of products like android.
|
| From a consumer perspective, going with A and trusting the
| company is by far the safest option.
| scns wrote:
| Sorry to be a pedantic but: Two People created CopperheadOS,
| one of them now works on GrapheneOS. The security mitigations
| developed for those were incorporated upstream into Android,
| decreasing the attack surface.
| strcat wrote:
| > Two People created CopperheadOS, one of them now works on
| GrapheneOS.
|
| No, that's not true. GrapheneOS is the continuation of the
| project by the original development team. There aren't any
| developers who stuck with Copperhead. The project was
| created 1 year before Copperhead existed as a company.
|
| https://grapheneos.org/history
|
| > The security mitigations developed for those were
| incorporated upstream into Android, decreasing the attack
| surface.
|
| https://grapheneos.org/features is a list of the current
| features differentiating it from AOSP. It doesn't list the
| many things we've gotten into upstream projects, since they
| aren't differences anymore.
| scns wrote:
| I'm sorry, if i misrepresented the great stuff you did
| and still do. English is the first foreign language i
| learned.
|
| "Two People created CopperheadOS, they had a
| disagreement. One of them continues to work on it under
| the name GrapheneOS."
|
| Would this describe it better?
| FieryBinary wrote:
| See grapheneos.org/history/copperheados and verify it for
| yourself using Github graphs and other resources.
|
| A better description would be "One person handled
| development of the project and other person CEO'd the
| sponsor company. The CEO attempted to hijack the project
| and the developer eventually resumed the project under
| the name GrapheneOS."
|
| A little longer, but more accurate :)
| hfkfktnekfm wrote:
| If I find an exploit in Chrome and I send a patch to
| Google, it doesn't imply that single handed I can manage
| the security of a Chrome fork.
| runawaybottle wrote:
| I can appreciate that but option A actors are now in full
| dictator mode with respect to how they are willing to breach
| privacy and monetize their users.
|
| How did Linux keep up with security updates?
| vngzs wrote:
| You have an army of volunteers backporting patches, in the
| case of Debian. It's been done, but it takes a certain
| amount of support.
| trulyme wrote:
| Meh. Given the option of a secure but adversarial OS and less
| secure but open one, I will always pick the latter. Then at
| least there is a fighting chance my data stays mine.
| lobocinza wrote:
| You're missing the other 'halves' of the problem. Insecurity
| is a business and it's not profitable for companies like NSO
| to make their "solutions" compatible with non-mainstream
| devices.
| nuker wrote:
| Option A is actually split:
|
| A.1 ... Google, an Ad company
|
| A.2 ... Apple, hardware company
| peakaboo wrote:
| That attitude will lead to you being a slave for Apple or
| Microsoft or Google for your entire life. They won't change
| their ways. You won't have privacy there.
| codegladiator wrote:
| > The thing which always makes me hesitant about these projects
| is that they don't receive frequent security audits and not
| having an expensive brand behind them makes them more at risk
|
| Why are you looking for alternatives ? or are you even
| bbarnett wrote:
| To be fair, Samsung is a bloated hell of their own spyware,
| with endless phone homes for the keyboard, and all their apps.
|
| Google endlessly spies on everyone.
|
| I really don't think anyone could be worse, than a big corp.
| TroisM wrote:
| > The thing which always makes me hesitant about these projects
| is that they don't receive frequent security audits and not
| having an expensive brand behind them makes them more at risk
| to being willing to trash their name at the cost of my privacy
| and security. I consider these to be a fairly critical part of
| any project which claims superior privacy and security.
|
| Lets keep using known flawed alternatives instead?
| scrps wrote:
| I trust people with money as their motive about as much as I'd
| trust a serious alcoholic to hold on to a bottle of booze for
| me without taking a sip. Might not be a popular opinion but it
| is my 2 cents to spend.
|
| Could a someone at an open source project slip in an obfuscated
| backdoor in some esoteric area of the OS? Of course. But the
| risks of being found out are so much higher, after the fact
| that all changes at an open source project are logged, diffed,
| and public (normally), even if only 10% of the userbase looks
| at the code, runs packet capture or an SSL bump on the network
| traffic, etc, that is 10% more than for products by Microsoft,
| Apple, Google, and unlike an insider with access who discovers
| something highly questionable at a massively powerful
| corporation, an open source project has almost no leverage to
| compel them to keep their mouth shut, meanwhile the risk for
| developers of an open source project that does something like
| that (even if they aren't in the know) is total loss of trust,
| forever.
|
| Couple all of that with targeting a highly technical audience
| (drug kingpins looking for secure comms are more c-suite than
| engineers, they are still caught up on a good sales pitch more
| than hard technical details e.g. Anom ) and you'd be fairly
| stupid to try to pull the wool over their eyes and expect it to
| not eventually get discovered.
| shadowgovt wrote:
| The alcoholic will definitely take a sip.
|
| ... But they are also heavily incentivized to know where your
| booze is, care for your booze, and make sure it doesn't get
| stolen or poisoned. Because if something happens to you,
| where are they going to get the sip?
| heavyset_go wrote:
| > _... But they are also heavily incentivized to know where
| your booze is, care for your booze, and make sure it doesn
| 't get stolen or poisoned. Because if something happens to
| you, where are they going to get the sip?_
|
| Where else are customers going to go? All phones in stores
| right now run OSes from either Apple or Google. Both
| companies can forsake their customers' trust and people
| will still buy phones that run their software.
|
| That incentive doesn't really exist in a market that's
| ruled by a two company mobile operating system cartel.
| ezconnect wrote:
| This is definitely better than google spyware as a phone. No
| built in exploit.
| vngzs wrote:
| I know people who made it to the final rounds of interviews at
| Calyx. They are the real deal. I don't think much of anything
| could get them to compromise their values about privacy [0].
|
| Might they miss something because they're a smaller team? Yeah,
| maybe. Will they sell out? I don't think so.
|
| [0]:
| https://en.wikipedia.org/wiki/American_Civil_Liberties_Union...
| botwriter wrote:
| People always say this until CP is put on their computer by
| an intelligence agency and they don't want to go to prison as
| a child abuser... Who's going to believe a pedo anyway...
| pl0x wrote:
| There should be a third party independent group to conduct
| audits. That might solve this.
| heavyset_go wrote:
| > _Should I trust: A. The company which has thousands of
| developers working on it and wants to avoid their brand being
| dirtied by failures in security and privacy._
|
| If you're hoping market forces would keep companies competitive
| and secure, well, people don't have much of a choice when it
| comes to mobile operating systems. Free market dynamics that
| should correct this problem don't really come into play when a
| two company cartel has 99.7% of the mobile operating system
| market nearly split in half between them.
| yosito wrote:
| I don't use Calyx to protect myself from state surveillance. I
| assume state actors can easily access anything and everything I
| do on internet connected devices. I use Calyx to protect myself
| from Google collecting data on me, profiling me, and turning me
| into a sheep on their attention economy farm.
| scns wrote:
| May i suggest to you to check out what the (strange name i
| know) /e/ foundation is doing? Not a trillion dollar company by
| any means but still worth taking a look at IMHO. Builds on
| LineageOs MicroG, Google free. You can even buy phones from
| them with the OS preinstalled, Fairphones, refurbished older
| Samsung Galaxy S and a GigaSet are offered. A good site (once
| Show HN) to find phones supported by this and other ROMs is
| https://sustaphones.com
| dheera wrote:
| > B. The small group of people who have formed an organization
| which may or may not be another Anom like FBI controlled
| software.
|
| Um, this project is 100% open source, unlike Google's flavor of
| Android. If there are backdoors to the FBI they will be exposed
| in due time.
|
| https://gitlab.com/CalyxOS
|
| That said I'd love to understand how it compares to LineageOS.
| tkzed49 wrote:
| I just don't buy this take. There's so much code; how can you
| be certain it will face sufficient scrutiny just by virtue of
| being available?
| enriquto wrote:
| you cannot be certain, but at least the code has the chance
| to be publicly scrutinized. This is not the case at all
| with google binaries, so you have a net, objective gain.
| atatatat wrote:
| This is a valid criticism.
|
| Upstream being AOSP helps a lot.
| atatatat wrote:
| Well, Calyx keeps the basic security model of Android intact
| (verified boot), unlike Lineage.
| zozbot234 wrote:
| Custom verified boot needs to be supported in hardware. But
| with most devices, you can use "fastboot boot" from an
| external device to start from an image that you trust.
| cdesai wrote:
| Note: You can only do this when the bootloader is
| unlocked.
|
| When it's locked (which is the entire point of custom
| verified boot), this is not allowed.
| GekkePrutser wrote:
| Indeed, but in return it only supports pixel phones, sadly
| (considering they're not great value for money for custom
| rom purposes, and most of their added value is lost when
| running a custom rom)
| mdp2021 wrote:
| > most of their added value is lost when running a custom
| rom
|
| Could you please explain?
| GekkePrutser wrote:
| Well, Google packages the pixel phones with their latest
| OS updates and pixel specific features like Gcam. By
| running a custom ROM you lose those. Its cameras mainly
| perform so well because of the big AI farms at Google.
| atatatat wrote:
| Pixel cameras are great, regardless of what app used.
| cdesai wrote:
| Google Camera works just fine, entirely offline as well.
|
| You do miss out on some other pixel-specific features
| (Hold for Me for example), but camera quality should be
| unaffected.
| atatatat wrote:
| > considering they're not great value for money for
| custom rom purposes
|
| I pay $120-$350 for used Pixels.
|
| What I guess I'm trying to say is: Huh?
| [deleted]
| ranguna wrote:
| How risky is it if I install this on a device that is not on the
| supported list?
| commoner wrote:
| Not recommended. Downloads are tailored to specific device
| models, and installing an operating system image intended for a
| different device model would not work and could brick your
| device. If your device is supported by LineageOS but not
| CalyxOS, LineageOS for microG is an alternative OS that might
| work for you:
|
| https://lineage.microg.org
| ranguna wrote:
| Perfect, thank you very much for all the info !
| dangfang wrote:
| Since Microsoft now supports Android apps, you can expect
| ungoogled android to become more popular since more apps would be
| written which dont need play store
| Popegaf wrote:
| I hope so, but at the same time, which app developer is going
| to target compatibility with the windows desktop when writing
| an app?
|
| Also, how will/do apps that depend on Google Services work (or
| not)? Is there some shim or something?
| wingmanjd wrote:
| Doesn't the Microsoft Android support require an Amazon
| account, though?
| theunspoken wrote:
| yes and no. first of all: which services does Amazon provide
| that would make an app dependent on them in the same way it
| might be on Google services? does Amazon have its own system
| for push notifications? for weather data? for syncing
| contacts? secondly: it has been confirmed that Android apps
| will be able to be sideloaded. a Microsoft employee tweeted
| about it but I can't really find the post right now
| commoner wrote:
| > does Amazon have its own system for push notifications?
|
| Yes, but only for Amazon (Fire) devices. Amazon Device
| Messaging handles push notifications to Amazon devices:
|
| https://developer.amazon.com/docs/adm/faq-adm.html
|
| Microsoft might implement Amazon Device Messaging in
| Windows 11.
|
| > secondly: it has been confirmed that Android apps will be
| able to be sideloaded. a Microsoft employee tweeted about
| it but I can't really find the post right now
|
| Here: https://www.theverge.com/2021/6/25/22550689/windows-1
| 1-andro...
| kristov wrote:
| I have been using LineageOS without google replacement libs for
| about a year. There is a huge amount of comments here, which is
| interesting in itself - clearly there is a lot of interest in de-
| googled Android. I worry about fragmentation, eg: if there are
| too many options will they get diluted without the larger user
| base. Many apps won't work without google libs. I would like to
| think that this puts pressure on app builders to not just blindly
| require google libs, but the reality is without a significant
| user base wanting it, the tradeoff will always side with the
| majority. Interestingly WhatsApp works fine - presumably because
| using your competitors libs is seen as a no-no. FB are no angels
| here, but I need WhatsApp for family chats.
| hfkfktnekfm wrote:
| WhatsApp still works on a 9 year old Android I still have.
| Remember that a large part of the world doesn't have fancy
| phones, and WhatsApp needs to work on all kinds.
|
| In fact, it's easier to install WhatsApp with severely limited
| permissions, while I just couldn't install the supposedly much
| more private Signal without giving it SMS access.
| jszymborski wrote:
| So, what's the current experience like on Android w/o Play
| services?
|
| I know at some point it was quite bad but that there were some
| up-and-coming solutions.
| Popegaf wrote:
| Some apps (especially banking and governmental apps) refuse to
| start at all. With microG (https://microg.org/) you can run a
| wide range of apps though. It's quite bearable, especially if
| you aren't an app junkie that downloads every app promising a
| discount on that new store you're purchasing from.
| fragileone wrote:
| microG as a semi-Play Services experience is fine, the only
| issue I have is that most network-based geolocation backends
| tend to be hit or miss. I usually have to enable the Apple
| location service if I need a fast geolocation.
| commoner wrote:
| Mozilla Location Services is crowdsourced, and you can
| contribute data from your area with the Tower Collector app
| to make geolocation faster for you:
|
| https://github.com/zamojski/TowerCollector
| atatatat wrote:
| I struggle to find any half-assed techy person who uses an app
| that won't run on AOSP/Calyx/GrapheneOS.
| ForHackernews wrote:
| How does CalyxOX compare to /e/ https://e.foundation/ ?
|
| I've been really happy with /e/ in daily usage but I'm curious to
| see what other projects are out there.
| amelius wrote:
| Can you run banking apps on this without problems?
|
| And can Google block any apps that run on this Android clone?
| hentrep wrote:
| Others have mentioned GrapheneOS as an alternative. Recent
| Graphene builds include sandboxed Google Play compatibility
| layers [0]
|
| [0] https://grapheneos.org/usage#sandboxed-play-services
| throwawaycuriou wrote:
| It's not clear from what I have read anywhere on the site if
| installing CalyxOS is reversible. If you want to get back to
| Android can you?
| cdesai wrote:
| You can easily go back to stock Android,
| http://calyxos.org/get/back-to-stock
| throwawaycuriou wrote:
| Are there any other repercussions one should consider before
| giving this a try? Would software that uses DRM such as
| Netflix be affected?
| mark_l_watson wrote:
| It is asking a lot, but this would be nice: if the developer
| organizations behind CalyxOS and GrapheneOS could sell new phones
| with software installed, sort of like System 76 for Linux
| laptops.
| abawany wrote:
| I believe CalyxOS sells a Pixel 4a preloaded with membership
| (https://calyxinstitute.org/membership/calyxos).
| mark_l_watson wrote:
| Thanks for that.
| cdesai wrote:
| Lead Developer here, AMA?
| luca020400 wrote:
| Director/Head Developer @ LinaegeOs here.
|
| Hi, sharing codebase when? :P
| cdesai wrote:
| We're already sharing developers, even one of the directors
| :P
|
| Only question is: who forks what.
| luca020400 wrote:
| Guess I'll play a bit more on CalyxOS then. Feel free to
| hire me I guess.
|
| We are the base of course.
| fragileone wrote:
| 1) What would you say are your unique differences from
| LineageOS and GrapheneOS?
|
| 2) What big goals/projects are planned for the future?
|
| 3) Where do you see Android as a platform in 5 or 10 years? Any
| predictions or notable obstacles?
|
| 4) What do you think of mobile Linux distributions?
| cdesai wrote:
| > 1) What would you say are your unique differences from
| LineageOS and GrapheneOS?
|
| We do borrow a lot of code from other projects and try to
| send any fixes / improvements back to them.
|
| We try to provide an OS designed to ensure maximum usability
| and flexibility, so that you have an array of choices
| available to ensure your privacy and security.
|
| For example, I really like the way we have microG available -
| https://calyxos.org/features/microg/
|
| You can choose to disable it (which still has benefits), keep
| it enabled, or even login a Google Account. There's even a
| fourth option where you have it enabled but without the
| notifications / communication with Google servers, where it's
| still useful for some app compatibility, and things like
| location providers and exposure notifications.
|
| > 2) What big goals/projects are planned for the future?
|
| Our biggest goal has always been expanding the reach of the
| project. We want to support cheaper phones which are widely
| available in the world.
|
| We also have a bunch of features in the works or planned for
| the future - Panic trigger improvements, built in ad/tracker
| block (without losing the ability to use a VPN), and more.
| Most of it is documented as
| https://gitlab.com/groups/CalyxOS/-/epics
|
| > 3) Where do you see Android as a platform in 5 or 10 years?
| Any predictions or notable obstacles?
|
| We will be at S now, which means we'll be at Z in 7 years.
| What happens then?
|
| Kidding aside, I'm always excited by watching the changes
| Google is doing (some of it is done in the open, through AOSP
| at https://android-review.googlesource.com/ - you see lots of
| Rust here nowadays, I need to learn that)
|
| Fuchsia is also going to be interesting, they must have
| something planned.
|
| > 4) What do you think of mobile Linux distributions?
|
| I have massive respect for them given the work they're doing.
| I always see at it this way - we're working on Android, and
| especially on the Pixels - all the hardware is there working
| for us, so we can focus our efforts on improvements in other
| areas.
|
| Linux on mobile has to spend a lot of time catching up to
| just the basics (getting phone calls working for example).
|
| There are pros and cons to both, it entirely depends on your
| use case to see what fits.
| danvittegleo wrote:
| CalyxOS is an awesome project. I have worked with the lead
| developer a bit over the past few years and it's been such a
| pleasure. We share some bits of code between our projects here:
| https://github.com/AOSPAlliance.
|
| If anyone is interested in building their own custom android OS
| in the cloud (AWS) with same ability to lock your bootloader like
| CalyxOS, you can checkout my project I've been maintaining for a
| few years now called RattlesnakeOS:
| https://github.com/dan-v/rattlesnakeos-stack.
|
| And if you prefer to not build in the cloud, there is also a
| really great project called robotnix
| (https://github.com/danielfullmer/robotnix) which provides a way
| to build many flavors of OS (AOSP, GrapheneOS, LineageOS, etc).
| busymom0 wrote:
| How expensive is it to build android in the cloud? And how are
| the build times? Is it possible to do it on a local Mac mini
| instead or will that take too long to build?
| foresto wrote:
| From memory, I think LineageOS 17 took roughly 8-12 hours for
| an initial build and 3.5 hours for subsequent (ccache) builds
| on an Intel i5-3570K and spinning hard drive. That's not
| including the initial git clone.
|
| The idea might seem daunting, but assuming midrange hardware
| and a decent net connection, it's very much doable in under a
| day without resorting to cloud services.
| correcthorse123 wrote:
| How would it scale with the number of cores? 3950x should
| make relatively short work of it, or wouldn't it?
| BorisMelnik wrote:
| that should tear through it. the linux kernel for
| instance compiles much better with higher number of cores
| danvittegleo wrote:
| It scales amazingly well with the number of cores you
| throw at it. Definitely the 3950x would work great.
| foresto wrote:
| I would expect it to scale pretty well, at least until
| you reach the limits of your disk and buffer RAM.
|
| The build process supports the -j option just like make.
| You can use -j N+1 if you want to keep all your cores
| busy, or -j N-1 to keep your machine more responsive
| during the build, or nice and -j 1 if you're in no hurry
| and your machine has more important tasks. (Actually, I
| think reasonable defaults for these might already be part
| of the build scripts, but it has been a while since I
| looked.)
| [deleted]
| danvittegleo wrote:
| With rattlesnakeos-stack, it uses spot instances and defaults
| to a c5.4xlarge which takes about 7-8 hours to build AOSP and
| Chromium (for an up to date webview) and equates to about ~$1
| a build. I typically build on a c5.24xlarge instance which
| takes about 2.5 hours and costs about ~$2 per build.
| Unfortunately both AOSP and Chromium are massive projects
| that require a ton of computing power to build quickly. It's
| definitely still possible to do on less powerful machines,
| but it's just going to take a lot longer to do builds.
| hayd wrote:
| Is any of the build cached?
| danvittegleo wrote:
| In order to limit costs, everything is pulled from source
| on each build and there is nothing cached. This strategy
| takes advantage of the fact that AWS doesn't charge for
| ingress traffic and unfortunately puts additional load on
| Google's servers. I've attempted a few different
| strategies on caching AOSP and Chromium source trees, but
| since you have to incur the storage costs on an ongoing
| basis, it's just not very economical.
| tedk-42 wrote:
| You could certainly do it. No point having multiple EBS
| volumes lying around - just create a snapshot of the
| volume with the git checkout / build cache after each new
| build is done.
|
| When you want to build again, create the instance and
| then recreate the EBS volume from the snapshot and attach
| it to the new instance. Pull the latest set of changes
| from the git repo and build with the old cache!
|
| Obviously there are cache purging considerations (e.g.
| starting from scratch once per week/month) you could
| optimise as well.
| danvittegleo wrote:
| I investigated EBS snapshot as an option, but there were
| two problems. 1) cost as i mentioned initially - for just
| AOSP source tree alone you are looking at > 250GB and at
| a cost of $0.05 per GB you are already at > $10/month and
| 2) EBS snapshots lazy load from S3 which gives TERRIBLE
| performance which means you end up with far far slower
| builds. AWS released a feature "EBS Fast Snapshot
| Restore" to workaround this issue, but it's extremely
| expensive.
| codetrotter wrote:
| Are you doing partial clone?
|
| https://source.android.com/setup/build/downloading
|
| Although, an answer at
| https://stackoverflow.com/questions/33053615/how-to-
| download... from October 2020 says that even a partial
| clone is still 73 GB in size!? That's insane! How the
| heck come it's so big?
| cdesai wrote:
| That's likely the size of the entire checked out tree,
| which would include all of the files.
|
| I just ran the command here and my AOSP 11.0 checkout is
| 54GB, minus any git history, since I clone from a local
| mirror and use '--reference' to avoid having to copy
| objects.
|
| A lot of the size here is from the various prebuilts,
| AOSP build is quite self-contained (jdk, clang, etc) and
| barely uses anything from the host.
| [deleted]
| [deleted]
| bigyikes wrote:
| Could you explain why you would build in the cloud? Based on a
| sibling comment, it sounds like it might be because it's crazy
| resource-intensive? I've honestly not heard of cloud building
| before. Is it common for large projects like operating systems?
| danvittegleo wrote:
| Yes, building AOSP requires a fairly powerful machine (at
| least to do it quickly):
| https://source.android.com/setup/build/requirements. It's
| definitely possible to do on a local machine with decent
| specs though.
| myself248 wrote:
| By my reading, my not-really-a-gaming-desktop could do it
| in 3 hours, that doesn't seem bad at all.
|
| Now granted, those were heavyweight specs when Android came
| out in 2007, but I'd figure about half of us probably have
| a similar box sitting around today, and the other half
| would just need to beef one up with some additional RAM.
| the_biot wrote:
| The trouble I have with AOSP of all flavors isn't lack of Google
| Services, it's lack of access to the app store.
|
| I can do fine without Google Services, but I occasionally need an
| app that's just not available on F-Droid, and Google is doing
| their level best to make it harder to get APKs any other way. You
| used to be able to download them from the store; no longer
| possible. They've announced some other package format, support
| for which I assume won't be released to AOSP.
|
| They're locking Android ever closer in to their store, and it
| makes any alternative Android distribution ever more dependent on
| Google.
| sphinxcdi wrote:
| You can access and download apps from Google Play Store with
| Aurora Store.
|
| https://gitlab.com/AuroraOSS/AuroraStore#aurora-store-a-goog...
|
| > Google is doing their level best to make it harder to get
| APKs any other way. You used to be able to download them from
| the store; no longer possible.
|
| They are making it easier with Android 12 by letting third-
| party stores do automatic updates without user interaction, not
| harder.
|
| https://developer.android.com/about/versions/12/features#aut...
|
| It has always been the case that OEMs need to bundle Play
| Services in the OS and that you need an account to access
| Google Play. Some OEMs like Samsung and Huawei bundle their own
| store, "the store" isn't a thing. Raccoon, Yalp Store, Aurora
| Store, etc. to access Google Play have always existed too.
|
| > They've announced some other package format, support for
| which I assume won't be released to AOSP.
|
| It's not a new format, it's open source and Aurora Store and
| other stuff supports it just fine. It's not locked to Google
| Play.
| the_biot wrote:
| I had no idea about Aurora Store, this changes things for me.
| Thanks!
| seaghost wrote:
| Nice, but still very Google dependant for security and OS
| updates.
| Koshkin wrote:
| Which, looks like, defeats the whole purpose. (It's almost like
| if ReactOS or WINE allowed Microsoft Windows updates.)
| cdesai wrote:
| I'd argue that it's more akin to Ubuntu relying on Debian for
| updates, or Microsoft's Edge / Brave Browser / one of the
| many other forks relying on Google for Chromium / Blink
| updates.
|
| The one distinction is in addition to the open source code
| comparison here, we also use some proprietary bits from their
| updates, which are needed to get the phone booting and basic
| hardware working.
| vbsteven wrote:
| I'm thinking about buying a degoogled Android phone to replace my
| iPhone. The main things I want are:
|
| * Spotify needs to work over Bluetooth in my car
|
| * WhatsApp needs to work (preferably with push notifications)
|
| * I need the Fitbit app to work so my watch can show push
| notifications from my personal apps
|
| * a network-based location provider to be consumed by my personal
| apps (I'm working on a personal data and automation suite that
| relies on frequent smartphone location updates)
|
| Is this something that can be done with CalyxOS on a Pixel? Can
| other Android flavours like GrapheneOS or LineageOS do this?
|
| And aside from Android, how far along are other "mobile linux"
| smartphones for use as a daily driver with regards to the above
| points?
| brundolf wrote:
| > Can other Android flavours like GrapheneOS or LineageOS do
| this?
|
| There's a separate question you're missing: what your Google
| Services situation is
|
| Distros like Lineage come without Google Services; if you want
| them, you install them yourself
|
| "gapps" is the official one. It's straight Google everything.
| Lineage OS + gapps will give you a very clean and nice Android
| experience if you don't care about Google collecting your data.
|
| If you _do_ care about that, you have two options:
|
| 1) go without Services entirely (most apps will have problems;
| if you're lucky they just won't send push notifications or be
| able to use your location, if you're unlucky they will be flat
| out broken or crash)
|
| 2) use microG, which is an unofficial non-Google replacement
| masquerading to the rest of the system as Google Services. I've
| heard mixed things about how well it works, but that appears to
| be what CalyxOS comes with. You can install it on Lineage, but
| I don't know what extra hoops may have to be jumped through.
| Note that it's also walking a fine line with Google and I could
| see them intentionally breaking it at any time down the road.
| Depend on it at your own risk.
|
| I care about privacy and I would not buy a degoogled Android
| phone today. I switched to iPhone a few years ago after
| roughing it without Google Services for a year and a half. It
| was fairly awful.
|
| I once had to return some headphones because the app that went
| with them simply wouldn't work.
|
| I had to use a combination of the Google Maps web app and
| OSMAnd (which was just atrocious) for navigation, which
| basically meant I didn't really have navigation.
|
| Slack wouldn't send me push notifications.
|
| I couldn't use my banking app.
|
| Even Signal struggled to run in the background/send me
| notifications.
|
| It was basically back to the iPhone 1 days where your phone
| could text, call, web browse, take pictures and play (local)
| music. Though even the iPhone 1 had a functioning Maps app.
| wintermutestwin wrote:
| X >will give you a very clean and nice Android experience if
| you don't care about Google collecting your data.
|
| I must be confused here, but isn't the whole point of
| installing any OS besides Android on an Android device
| preventing google from collecting your data? Why else would
| anyone deal with a non-standard OS?
| brundolf wrote:
| The above are all distros of Android
|
| The other reasons to use a non-stock version of Android
| are:
|
| - Much longer updates lifetime than you get from the OEM
|
| - Removal of OEM bloat
|
| - Addition of features that are actually good
| ineedasername wrote:
| _I once had to return some headphones because the app that
| went with them simply wouldn 't work._
|
| Kind of awful when we're at a point where a pair of
| headphones requires a specialized app to use them.
| scns wrote:
| True. Mine run over bluetooth just fine. The app enables
| configuration, checking for firmware updates and a hearing
| test which creates a custom equalizer setting to counteract
| individual deficiencies.
| nobodywasishere wrote:
| Currently been using LineageOS for three years now, latter
| half without GApps/Play services.
|
| Google maps (from Aurora store) works perfectly fine on my
| phone without it.
|
| Telegram notifications work perfectly fine.
|
| My banking app works fine.
|
| Apple Music and Jellyfin work great.
|
| I use nextcloud for contacts/calendar/cloud/photo management.
| kelnos wrote:
| Thanks for the frank details about the downsides.
|
| If I can't use my banking apps, Lyft, Google Pay, Photos,
| Maps, etc. with a particular mobile OS (with all features
| working), then it's unfortunately not for me.
|
| It seems like most of the Android alternatives throw the baby
| out with the bathwater. I get that making a trusted OS based
| on Android is hard, especially with Google having moved so
| much core functionality into Play Services, but the value I
| get out of my phone is mostly from mainstream apps, using
| mainstream features (like push notifications and location
| services). If those don't work, to me it's not really a
| useful device.
|
| I get that a lot of these apps aren't particularly privacy-
| oriented, but to me, my main concern is that there are a lot
| of Google-owned core components to the OS and userland that
| actively subvert my privacy. I'd really like to think there's
| some middle ground on Android where I can trust the OS and
| userspace core, and still run the apps I usually run.
| zozbot234 wrote:
| > If I can't use my banking apps, Lyft, Google Pay, Photos,
| Maps, etc. with a particular mobile OS (with all features
| working), then it's unfortunately not for me.
|
| These are proprietary apps, so it's a bit unrealistic to
| expect that they would support a free OS.
| kelnos wrote:
| I'm not asking for official support from the app
| developer, just knowledge that they "happen to" work on
| an alternative Android-based OS. Which they should, if
| all the APIs they depend on are there (including the Play
| Services ones, via microG or whatever). If they
| specifically look for "non-blessed" Android variants and
| deliberately fail to work, that's a shame, but if it's an
| app I need, that rules out that OS for me, unfortunately.
| That's just the reality of the situation.
| commoner wrote:
| GP seems to be describing a flavor of Android that does not
| have microG or Google Play Services.
|
| CalyxOS has microG, and I have no problems getting timely
| notifications on Signal or Slack, nor do I have any issues
| using Lyft, Google Maps, Google Photos, or any of my
| banking apps on CalyxOS (or LineageOS for microG). The only
| exception on your list is Google Pay, which I don't use
| because it is extremely privacy-invasive (gives Google all
| of your transaction data). In my opinion, CalyxOS is a very
| practical OS that balances convenience with privacy.
| alfiedotwtf wrote:
| Not sure why nobody was is here's comment is greyed, but yep
| I'm in the same boat - LineageOS works fine and am using
| Spotify and Audible without any issues. There are some apps
| that haven't worked, buy I'm fine with that.
| neop1x wrote:
| I have been using LineageOS on Xperia XZ2 Compact for about a
| year with a smaller bundle of official Google Play Services.
|
| Almost everything works fine! Some apps didn't like it or
| detected root but Magisk + MagiskHide helped to hide root for
| those specific apps. Even Google Pay works with basic SafeNet
| attestation - that required "MagiskHide Props Config" Magisk
| extension and selecting a proper fingerprint.
|
| The only problem encountered was that I couldn't connect PS4
| controller and use it as an input device. Probably a driver
| issue related to bluetooth but other bluetooth devices I use
| work normally.
|
| Optional F-Droid privileged extension makes F-Droid able to
| install F-droid app updates automatically like Play Store does.
|
| Overall a very positive experience.
| WorldPeas wrote:
| heres what i do and it works great: use the regular google
| build of android BUT on a fresh install, disable all google
| apps sans chrome, use it to install fdroid, then uninstall
| that, from there use TrackerControl to prevent google and
| others from phoning home, use the aurora store for apps, use
| organicmaps for maps, signal for sms florisboard for keyboard,
| etc. you'll have a google-free experience which you can exit
| for 10 minute periods using the button on the trackercontrol
| dialog, and things like google pay and notifications will still
| perform quite well. I've been using this for a year and loving
| it
| kemenaran wrote:
| Interesting setup.
|
| Do you have any resources about how efficient TrackerControl
| is at preventing Google to collect data from the phone
| various system services?
| nonplus wrote:
| I would also like to hear more on this, a quick look at
| TrackerControl's readme tells me it mainly functions as a
| blocklist. Which (I would think) the moment you turn off
| tracker control to use google maps (or whatever play
| services app you wanted to use for a moment), said app will
| send a flood of queued location data that it has been
| collecting in the background if allowed.
|
| I suppose that setup could work if the user is disciplined
| about not letting apps that use play services run at all
| when not in active use, but at that point I don't see the
| advantage to using tracker control at all.
| Aachen wrote:
| > the moment you turn off tracker control to use google
| maps...
|
| No, it works per app. I'm also a TC user, it's quite
| great. Per app you tell it whether it should allow
| talking to various motherships. You can toggle on broad
| categories (for a given app) or also more fine-grained.
| It also logs which services applications tried to
| contact, so I can see that Spotify that I pay for is
| trying to send god knows what to Facebook (and that TC
| blocks it).
|
| It takes a bit of setup because a ton of apps talk to a
| ton of centralized services (Aurora store and Newpipe
| obviously need to talk to Google, for example), but after
| that I'm a lot less bothered by apps including the
| Facebook sdk or something because it'll be stopped
| anyhow.
|
| I'm waiting for the day that apps/websites stop telling
| your phone/browser to rat on you and they start doing it
| server-side. Lot less gdpr trouble because nobody can
| check what you're doing and goodbye blocklists. But so
| far it seems things don't yet work that way.
| nonplus wrote:
| Played with TC for an hour or so this evening, and what I
| stated above (possibly poorly) still stands. I chose
| google maps in particular, because it is an application
| that requires telemetry data to function; but it is
| reasonable for an individual to not want to be tracked
| when not using google maps.
|
| If I block infinitedata-pa.gogleapis.com, maps will not
| function, but google maps will continue to collect
| telemetry data on my phone if it is running and has
| permissions. It will save that collected data until a
| user unblocks essential monitoring in order to use maps
| (Unless the user clears cache/data, or uninstalls maps,
| before unblocking).
|
| That is the case I am pointing out, tc is a stopgap (and
| a welcome/useful one) but it does _not_ provide users a
| way to prevent _collecting_ of telemetry data to be sent
| off the device. It just delays the sending until the
| applications use is more valuable than the users privacy.
|
| Edit: Things that could help with that:
|
| 1. Physical kill switches for radios (I know, that's not
| going to happen from any major arm cpu maker, the SOC is
| integrated, but it's the most practical solution.).
|
| 2. Granular permissions settings for androids network
| location provider. As an example, A permission that if
| app is running in the background send spoofed location
| data back (Once again, it's not that simple telemetry
| data is coming from many sources, I'm just listing what
| solves the problem.).
| corty wrote:
| I don't know about Fitbit stuff, but LineageOS can do
| everything else you named. Have been using it for years.
|
| I guess other alternative Android distributions shouldn't be
| too different there.
| jszymborski wrote:
| I don't use WhatsApp, but I bridge my other chat apps through
| the Matrix client Element.
|
| It appears that WhatsApp does have a bridge for Matrix, though
| I've not used it.
|
| https://matrix.org/docs/projects/bridge/mautrix-whatsapp
| hadrien01 wrote:
| For you first two questions: Spotify will work with Bluetooth,
| and WhatsApp will have eventual notifications (real-time if the
| app was recently opened, up to seven hours later otherwise, at
| least on my device)
| prox wrote:
| If you degoogle yourself but then hook into FB whatsapp,
| isn't that just defeating a bit of the point?
| Aachen wrote:
| Perfect is the enemy of good.
| kelnos wrote:
| Sure, "a bit", but I don't think a phone that is entirely
| broken except for a few open source apps that don't do
| useful day-to-day things (like order me a Lyft, let me do
| my banking, pay for stuff at a cash register, navigation,
| etc.) is all that useful.
|
| My ideal would be to have a base OS and core standard
| library that I can trust, and then I get to choose what
| apps I run on top of that. Sometimes I will choose to
| install an app that doesn't have a great privacy track
| record, but I will rely on apps like TrackerControl,
| Blokada, and Bouncer to mitigate my exposure somewhat. It
| won't be perfect, but we don't live in a perfect world
| where there are feature-identical, privacy-respecting
| clones of the mainstream apps. Until that time, I can
| decide what are acceptable risks to my privacy.
|
| Unfortunately, I don't have that choice right now: either I
| live with the privacy minefield that is Android (as I do,
| and try to mitigate privacy leaks as well as possible), or
| the nanny state that is iOS (which I -- for now -- consider
| the greater evil).
| cdesai wrote:
| We're very close to getting the notification issues fixed.
|
| We've sent some patches to microG to address them at
| https://github.com/microg/GmsCore/pull/1483
|
| I'm running it on my device since a few weeks now and it has
| been quite reliable so far.
| hadrien01 wrote:
| I don't use microG, the delay is WhatsApp waking itself up
| _1 wrote:
| > * I need the Fitbit app to work so my watch can show push
| notifications from my personal apps
|
| It's going to hard to degoogle your phone and stay attached to
| your Fitbit.
| vbsteven wrote:
| Is there a specific reason for this? Does the Fitbit app rely
| on Play Services?
|
| I don't care too much for on wrist calls or anything like
| that. I just want to use the Fitbit app to sync stats and
| mostly display notifications from WhatsApp and my personal
| apps.
| _1 wrote:
| I don't know how the app works under the hood, but Google
| owns Fitbit
| vbsteven wrote:
| I should have know that. Now I understand what you meant
| in your first comment.
|
| As long as the app doesn't rely on Play Services it
| shouldn't be a problem. By "degoogled" phone I mostly
| mean taking Google out of the critical (privileged) path
| in the OS for software and app updates.
| cdesai wrote:
| I can confirm that,
|
| * Spotify over Blueooth in a car works.
|
| * WhatsApp works, with notifications
|
| * I'm not sure about FitBit, per
| https://plexus.techlore.tech/applications/fitbit it might not
| but things may have changed.
|
| * We include some providers by default and you can install more
| from F-Droid.
| vbsteven wrote:
| Thank you, that sounds very promising.
|
| Is there a specific device you would recommend for long-term
| CalyxOS support?
| cdesai wrote:
| The newest Pixels are the best given that's what Google
| will support the longest, and with every Pixel generation
| they make a lot of improvements.
|
| https://calyxos.org/about/faq/device-support/#update-
| timefra...
|
| Pixel 6 is right around the corner, however it'll take a
| few months for us to get it all going (getting the phone,
| porting Android 12, making changes for Pixel 6)
| einpoklum wrote:
| Is there some crowdfunding initiative to get this working on
| additional phones?
|
| I would contribute to get this working on more Xiaomi phones for
| example.
| grey_earthling wrote:
| From https://calyxos.org/about/:
|
| > In social science, agency is defined as: the capacity of
| individuals to act independently and to make their own free
| choices.
|
| > built-in integration for Signal and WhatsApp calls
|
| Signal and WhatsApp are both fully centralised, tied to a single
| organisation each -- they are antithetical to agency.
|
| Why not use open protocols like DeltaChat, Matrix or XMPP
| instead?
|
| > built-in free "Virtual Private Network" services from trusted
| organizations protect you from being spied on
|
| Trusted by whom?
| barbazoo wrote:
| > Why not use open protocols like DeltaChat, Matrix or XMPP
| instead?
|
| I can give you an answer for Matrix and it's usability. It's
| difficult to onboard users, at least it was ~a year ago. I
| wouldn't want to expose my non-tech friends to that.
| cdesai wrote:
| The integration is done in the Dialer, and the choices are
| shown when you make a phone call to a number.
|
| Signal and WhatsApp are choices there since they use phone
| numbers. How do you make a matrix call to a phone number? :)
| cdesai wrote:
| The VPN is one of the Digital Services we offer, completely
| free.
|
| https://calyxinstitute.org/projects/digital-services/vpn
|
| We also include RiseupVPN, and Orbot (which is Tor as a VPN)
| spinax wrote:
| > Trusted by whom?
|
| Calyx VPN uses the same tech stack as Riseup VPN, which are
| branded versions of the Bitmask client - CalyxOS is a part of
| the Calyx Institute family. You can instead use the Bitmask
| client from the F-Droid repo and choose to connect to either
| service with the same app (rather than using branded apps for
| each service).
| edoceo wrote:
| Well, I don't trust them either. Does it run Wireguard?
| _jal wrote:
| The tech stack matters far less than the trustworthiness and
| competence of the operators running it. And the hard part
| with VPN services is that it is very difficult to prove those
| things to others.
| grey_earthling wrote:
| So the organizations that provide the VPN service are Calyx
| VPN and Calyx Institute (have I understood correctly?)
|
| The site says these organizations are "trusted", but I'm
| still not sure who are they saying is doing the trusting.
|
| It's very easy to label something "trusted", but trusted _by_
| whom?
| steelbrain wrote:
| Curious, does anyone know what's their business model to
| monetizing the "free" VPN service? How do they make their
| money back or is it a donation kind of thing?
| flylikeabanana wrote:
| I gave them some money at DEFCON 2019 for an unlimited
| personal hotspot
|
| https://boingboing.net/2016/09/22/i-have-found-a-secret-
| tunn...
| cdesai wrote:
| It is all based on donations, see
| https://calyxinstitute.org/projects/digital-services/vpn
| godelski wrote:
| > Why not use open protocols like DeltaChat, Matrix or XMPP
| instead?
|
| Because Signal and WhatsApp are text/messanger replacements and
| Matrix is a slack/discord replacement? I'm not sure why there's
| the constant Signal vs Matrix battle here on HN, I see them as
| different tools doing different things. I'm not going to create
| or get all my friends to join a server with Matrix. Or even
| coworkers or random acquaintances I meet. But I can get their
| phone number and quickly communicate with them on Signal/WA. I
| don't see why Signal and Matrix have to be in competition. Just
| the same way I don't see Slack/Discord in competition with Text
| Messaging or FB Messenger.
| atatatat wrote:
| > I don't see why Signal and Matrix have to be in competition
|
| Because people here only care about security and privacy, and
| Signal/Matrix offer some of the best user accessible
| encryption.
| godelski wrote:
| Yeah, I agree, but I don't see why they are in competition
| and not complement an ecosystem.
| uhtred wrote:
| Surprised not many people talking about /e/
| https://e.foundation/e-os/
| Ninjinka wrote:
| Only available on Pixel phones and a single Xiaomi phone.
| crudbug wrote:
| That is the irony. Only pixel hardware provides one step OEM
| unlocking in US. All other devices are carrier locked and have
| restrictive unlocking process.
|
| Samsung/Motorola/ etc. should release OEM unlocked devices not
| just carrier unlocked that can be purchased directly from their
| online stores.
|
| This will make adoption easy for these open Android projects.
| cdesai wrote:
| We do want to support more devices, however not all of them
| meet our requirements https://calyxos.org/about/faq/device-
| support/#requirements-f...
|
| We're trying to find devices which do, and if not see if the
| requirements can be relaxed.
|
| The most important part that's missing from many phones is
| being able to relock the bootloader with a custom OS installed.
| Krasnol wrote:
| It would help if you'd put the supported devices right up on
| the front page. It saves much time for most visitors and
| doesn't end up in frustration if people get them on the
| second step.
| dcow wrote:
| Got to start somewhere.
| SubzeroCarnage wrote:
| Unlike GrapheneOS (which I recommend you use if you can) and
| CalyxOS, my project https://divestos.org is tested working on
| 30+ devices.
| atatatat wrote:
| Very cool!
|
| Few quips:
|
| Silence was last updated (on F-Droid) a year ago -- is this
| project secure//being maintained?
|
| & Mozilla-cousin browser: you're going to lose the security
| clout these days unfortunately.
| SubzeroCarnage wrote:
| Silence is sadly no longer maintained, but it still seems
| to work for now. I will eventually replace it.
|
| Re Mozilla: I do state on my browser comparison page that
| Chromium browsers are more secure. Also the Bromite
| repository is included in F-Droid by default on DivestOS.
| atatatat wrote:
| Very cool!
|
| Thanks for stopping in here!
| atatatat wrote:
| Props on bringing verified boot to those devices Lineage
| can//will not, and doesn't tell users clearly that they could
| have it with other options.
| SubzeroCarnage wrote:
| That is a limitation of Lineage only because they choose to
| cater to users who want root (which usually modifies
| /system) and to support flashing Google Apps.
| summm wrote:
| Why would having root itself rule out secure boot? It's
| just that they refuse to offer root themselves, and only
| as a result of that refusal one has to use system
| modifications to gain root. In a sense this is the
| opposite of your claim: they do explicitly not cater to
| root users.
| SubzeroCarnage wrote:
| Verified boot is only enforcing on -user builds. Lineage
| ships -userdebug builds.
|
| Furthermore Lineage's official root addon writes to
| /system. You can't have any additional changes to system
| or else verified boot won't boot.
|
| You can't have it both ways as it stands.
|
| That isn't to say they are incompatible, you can compile-
| in root support before the system hashes are generated
| and then you can have a locked bootloader with verified
| boot with root support. But you cannot make any
| additional changes to /system with that root power
| afterwards.
| commoner wrote:
| > Furthermore Lineage's official root addon writes to
| /system.
|
| LineageOS no longer offers an official root add-on as of
| December 2019.
|
| https://www.xda-developers.com/lineageos-dropping-
| superuser-...
|
| The most common rooting solution is Magisk, which is
| systemless.
| zozbot234 wrote:
| > But you cannot make any additional changes to /system
| with that root power afterwards.
|
| Not a showstopper, as modern root solutions like Magisk
| support "systemless" root, via file system overlays.
| SubzeroCarnage wrote:
| I am not sure how systemless root interacts with verified
| boot. I've never tried it myself.
| commoner wrote:
| Installing Magisk requires you to patch the bootloader or
| recovery image, which would break verified boot:
|
| https://topjohnwu.github.io/Magisk/install.html
|
| The only way to preserve verified boot with Magisk is for
| the bootloader or recovery image to have Magisk
| compatibility built-in prior to signing. I don't think
| any flavor of Android that supports verified boot is
| currently doing this.
| luca020400 wrote:
| We cater the normal user.
|
| And what the hell? Root with verified boot? That's like
| having the most secure castle while leaving the door open
| for anyone, you can't have both worlds.
|
| Note: our root implementation was apparently affected by
| some vulnerabilities ( never disclosed to us ), meaning I
| tried to lower the attack surface to minimum, but not
| knowing I did anything helpful we just couldn't leave it
| there.
| summm wrote:
| Root doesn't mean you give root permissions to any dumb
| app. I implied proper permission management and
| authorization, of course.
|
| Then it's just like a secure castle where the user can go
| into all of the rooms, to some with a special key. You
| don't have to go into those rooms, but you have the
| option to at any time. And, depending on the
| implementation, you may change the special room, but if
| you return after the next reboot, it will be reverted
| back.
|
| Actually, the castle analogy goes further: Unfortunately,
| many seem to interpret "verified boot" and "most secure"
| as "protects the dumbest user from shooting themselves in
| the foot on purpose by locking them into that castle.
| That is exactly where the recent apple scandal is coming
| from: The user is subservient to the OS vendor, and the
| OS vendor can abuse the user as they please.
|
| Security is very important. Why? In order to not be
| exploited by strangers (criminals, spys...) against my
| interests. If security _enables_ exploitation against my
| interests (by whomever, be it the OS vendor, the movie
| industry, or the government), it is not the security I
| want. This one OS is different than all the other evil
| ones? That 's what Apple said before...
| luca020400 wrote:
| If you're rooted your security is way lower. Simple as
| that. Rooting can be used against you, it can lead to
| exploitation, and likely has been.
|
| Note: you can have secure boot without root and using
| your own Android build, such as CalyxOS. Not rooting
| doesn't imply using the stock firmware, never has been.
| summm wrote:
| I honestly don't understand why it should be "Simple as
| that"? If you have the phone rooted, as long as you don't
| grant root to any application, why should it be less
| secure than if you hadn't rooted it? (assumed everything
| else the same, specifically the rom supporting verified
| boot with root) Then, by granting root permissions to
| apps, of course the attack surface gets larger, but this
| is a thing you control yourself.
|
| Your note was always understood. Of course not rooting
| doesn't imply using the stock firmware. It however
| implies that you are submitting to a different master.
| Who may be different, and maybe a bit more lenient than
| Google/Samsung/whoever, but that other master will still
| enforce any dumb app's will against you.
| hfkfktnekfm wrote:
| How does one verify that this is not a honeypot project funded by
| the FBI, like those secure phones from a month ago?
| ogwh wrote:
| There are some people and organisations you can never keep out.
| It doesn't matter what software you use.
|
| You may stand a good chance of keeping the average snooper out,
| and for that you need to trust the software provider. So it
| ultimately comes down to who you trust more to keep your stuff
| moderately secure.
|
| If you don't want _anyone_ (but yourself) to have access to
| your information then don 't store it digitally.
|
| So who do you trust more, Google or random people on the
| Internet? Neither are an ideal choice, because there isn't one.
| temp8964 wrote:
| I just transferred from Android to iPhone today. I wouldn't
| bother to use these alternative Androids, because I don't trust
| 3rd party app stores. There are banking, authenticator, and other
| essential apps I will never download from a 3rd party app store.
| fragileone wrote:
| Not even an app store that distributes only open-source
| software (eg F-Droid)? Considering the reputation for scams and
| malware on 1st party app stores I could never understand this
| perspective.
| kiawe_fire wrote:
| Anybody have experience using something like this (or others like
| GrapheneOS) as a daily driver?
|
| I'm interested in moving away from Apple and big tech in general,
| but I don't know how practical that is yet.
| uhtred wrote:
| I've been using /e/os [1] for a while and I am very happy with
| it. It has microG integrated so any apps that rely on google
| play services should still work. [1] https://e.foundation/
| strcat wrote:
| microG only provides a tiny subset of the Play services
| functionality. Only certain apps with work with it, not every
| app. It doesn't implement most.
| uhtred wrote:
| I hardly use any apps that are not foss, really I just need
| slack and whatsapp, and they work well (push notifications
| etc) so microG works well for me (I don't think these 2
| apps would work fully without microG but never tested
| that). Banking apps I don't use, and they probably wouldn't
| work, but hey, websites are still a thing.
| kiawe_fire wrote:
| Thanks, I hadn't heard of /e/os until now.
|
| I'm kind of surprised just how big this space of DeGoogled
| Android is right now. Far bigger than 6+ years ago when I
| last looked into it.
| yosito wrote:
| CalyxOS on a Pixel 5 with microG for the past month. The only
| two problems I've had have been that I can't install the
| CapitalOne app and I can't install any paid Google store apps.
| I have a backup Android phone (Unihertz Jelly 2) with LineageOS
| and Google Play Services / Play Store installed, which I
| haven't had any issues with at all. I don't use Google Pay,
| Google Assistant or Google Maps. Those three apps are my
| biggest pain points, but a sacrifice I'm willing to make. I do
| use Garmin Pay on my Garmin watch and the Google Maps web app.
| fragileone wrote:
| I use LineageOS for microG [1] and I'm planning to move to
| GrapheneOS once the Pixel 6 gets released (since it finally has
| guaranteed 5 years of kernel updates).
|
| LineageOS is superb for getting rid of stock OS bloatware and
| spyware and I have an experience on it that's better than stock
| Android. However it doesn't have hardened security like
| GrapheneOS, which is why I want to move to that later. On the
| other hand microG is needed for push notifications and maps
| APIs, which GrapheneOS doesn't support so I'm not sure how the
| fallback options of some of my currently used apps will fare on
| it.
|
| If microG turns out to be necessary for my workflow then I'll
| get CalyxOS instead, since it includes microG and is somewhere
| between LineageOS and GrapheneOS in terms of security.
|
| [1] https://lineage.microg.org/
| kiawe_fire wrote:
| From the sounds of it, the Pixel phones have the widest
| support across the different options here, so the Pixel 6
| might end up being my first Android phone purchase in a
| while.
|
| This thread has encouraged me to give this a go!
| johnbrodie wrote:
| LineageOS + microG here, on a motoX4. It's been the phone I use
| every day for about a year. My wife has the exact same setup,
| and generally gets along fine with it. FDroid has _most_ of the
| stuff we want. Some apps just aren't available there, so we end
| up using the Aurora store for those, with Warden used to scan
| those apps and stub out as much tracking code as it can. It's
| all about compromises, especially for others.
|
| Self-hosted NextCloud replaced Drive/Dropbox, and with some
| plugins it also does phone/location tracking, secure messaging
| and video calls, TODO lists, and some more. Self-hosted
| PhotoPrism replaces Google Photos.
|
| The phone experience hasn't been bad. One thing that came up
| initially is that most of the open source apps aren't as
| "pretty", and the UX just isn't as good. I don't care about it
| too much, and I'm fine with overall using the phone less
| anyway. The issue that comes up on a regular basis is the
| Google Maps replacement. OSMand is a great app, but like
| someone else mentioned it's more of a "look up the address and
| type it in" experience than a "show me all Thai restaurants in
| the area" experience. IMO small price to pay, I've been using
| GPS much less, and I've gotten much better at navigating with
| my "mental map".
| kiawe_fire wrote:
| I do expect some rough edges on the UX front.
|
| In fact I hope once I become familiar with everything that I
| can start contributing to some of the open source projects in
| the de-Googled space.
|
| If I'm going to become a user of some of this stuff, seems
| like a good use of my time to also help move it forward.
| 0x416c6578 wrote:
| I've used LineageOS without Google services for about a year
| now. The only big missing feature I've found is notifications
| which in some ways is quite freeing and makes me check my phone
| a lot less.
|
| LineageOS (and perhaps other ROMs) have the option to disable
| all networking features for apps, so I actually still use
| Google Camera, Google Photos (as an offline gallery) and Gboard
| (again all offline) and the majority of features just work.
| They don't complain about missing Google Services, nor about
| the missing internet connection.
|
| There are great alternatives to apps like YouTube (NewPipe),
| Maps (OSMand), Chrome (Chromium, or I use a browser called
| Privacy Browser on F-droid) and I have tried apps like Spotify
| and they too work without Google services (although I guess
| some features might be lacking).
|
| F-droid is an amazing service and has many FOSS alternatives to
| apps. I found myself today recompiling my browser application
| to fix some small bugs which just made me sit back in my chair
| and think "that is so cool"!
|
| I think making the change can be gradual (for example switching
| to LineageOS for MicroG to get a subset of working Google
| services) before fully de-Googling, but the change is
| definitely possible (and easy) to make.
| SubzeroCarnage wrote:
| I have a few apps on F-Droid and I also maintain a list of
| recommended apps from F-Droid here:
| https://divestos.org/index.php?page=recommended_apps
| kiawe_fire wrote:
| Thank you for the suggestion!
|
| It sounds like LineageOS for MicroG might be the friendliest
| way to ease into this for me.
| m0ngr31 wrote:
| How do you disable networking for apps? I'd love to use
| Gboard offline. ASK just isn't as good.
| SubzeroCarnage wrote:
| Long press the app in your launcher, App Info, Mobile data
| & Wi-Fi, Allow network access
| m0ngr31 wrote:
| Nice, thanks
| 0xdeadb00f wrote:
| I use GrapheneOS as my daily (no google apps).
|
| Literally 0 issues. Previously LineageOS was my preference, but
| Graphene is 1. Closer to stock 2. Actually innovates security-
| wise.
| dtx1 wrote:
| I am daily driving GrapheneOS for over a year now as my only
| phone on a pixel 3a and I like it quite a lot. Here's how I
| handle stuff and what limits i encountered. Keep in Mind that
| you have to rethink your app usage aswell, meaning testing a
| lot of apps from F-Droid to see what works for you. You average
| FAANG Privacy Invasion App dejour propably won't work and i'd
| be wary of hardware requiring an app to be used if you go all
| in.
|
| 1. E-Mail: Using Fairmail from F-Droid (paid version though) is
| great for GMail and most other Providers. Notifications are
| usually faster than G-Mail in the Browser. 2. WebBrowser: Using
| Fennec from F-Droid with Adblock. The Chromium Version
| integrated in Graphene is propably more secure though. But
| adblock is life... 3. OsmAnd from F-Droid for Navigation. Works
| well enough, UI is clunky though. But Offline Maps are pretty
| sweet to have. 4. Most Messengers work, Notifications are
| spotty sometimes. Telegram Signal, Element, Threema all do fine
| though Element sucks battery life down to unaccaptable levels.
| Haven't and won't test whatsapp. 5. OpenCamera + Nextcloud is
| good for Cloudsyncing and Camera. 6. Password Management with
| AndOTP and KeePassXC is sweet and integration of the
| fingerprint sensor is really useful. Useful enough that i miss
| it on my desktop linux 7. Paypal App works, my Banks app work
| but YMMV. 8. Biggest annoyances are local german Taxi Apps.
| They all don't work but i was able to work around it using a
| website. Still can't pay via app. ...Well i don't use my phone
| for much more than that.
|
| Battery Life is great, Security and Privacy is also good. You
| can lookup App Compatibility to a degree here:
| https://plexus.techlore.tech/
| kiawe_fire wrote:
| Thanks, this is very helpful both for setting expectations
| and for recommendations!
| zmnxo718 wrote:
| Bromium is also a good alternative to vanadium.
| terhechte wrote:
| I'm using GrapheneOS on a second device for various reasons.
| The biggest issue for me is that not all apps work / run.
| However, I have limited app requirements, so that is fine. If
| you want to run all social networks, Uber, Lyft, and so on,
| there might be the one or other that doesn't work (I didn't try
| them all). However, you can always use the mobile web offering
| I guess.
|
| In terms of classical smartphone features, I know what I don't
| get out of the box due to the lack of Google Services
| (Assistant, Picture Sync, etc). That wasn't an issue for me as
| it is a secondary device.
| atatatat wrote:
| What apps haven't worked for you on GrapheneOS, from Aurora
| Store?
| 0xdeadb00f wrote:
| Not the person you asked, but my banking app works but
| occasionally will crash when I go to certain parts of the
| app. I'm not sure why.
|
| Other than that Discord, MS Teams, and ProtonMail all work
| fine with the exception of push notifications (I disable
| those anyways, so this isn't a concern of mine).
| strcat wrote:
| GrapheneOS now has https://grapheneos.org/usage#sandboxed-
| play-services providing the ability to install Play services
| in a sandbox. The core functionality is already working in
| the Stable/Beta channel releases. You can install it in a
| dedicated profile to avoid apps in other profiles being able
| to use it.
|
| GrapheneOS is fine with people using Google apps and services
| but not integrated into the OS and they should be on the same
| level as other apps and services without any special
| privileges/access. We're working on making this a reality.
| Google could implement the fallback code paths we're
| providing for Play services themselves. All we're doing is
| teaching it to do what it should already know how to do.
| Perhaps a regulator can force them to unbundle their services
| and make them usable anywhere.
| JoeyBananas wrote:
| 8orl .o
|
| 1
| gautamcgoel wrote:
| Can you run this on the desktop?
| commoner wrote:
| The CalyxOS website publishes emulator images, if you would
| like to test the OS in Android Studio:
|
| https://calyxos.org/news/2021/05/27/emulator-images/
| SavantIdiot wrote:
| Side note: Tor Browser as your primary browser is super painful.
| Lots of stuff doesn't work, and latency can be in the minutes.
| fithisux wrote:
| Question, is it Raspberry Pi compatible?
| bmarquez wrote:
| > you can make encrypted phone calls directly, using the built-in
| integration for Signal and WhatsApp calls
|
| Does this mean WhatsApp is automatically installed with Calyx, or
| just that there are extra features if you manually install it?
| azdle wrote:
| CalyxOS has a handful of apps that exist in the image that you
| can optionally install. I would assume it's one of those. I run
| CalyxOS and don't and never did have WhatsApp installed.
| cdesai wrote:
| WhatsApp is not one of those apps, we only include FOSS apps.
| Knighttime wrote:
| Unsure. It seems that they have Signal installed by default,
| but not WhatsApp. However, if you install WhatsApp you can make
| a WhatsApp call directly from the dialer I think?
| cdesai wrote:
| Exactly. Signal is available as a default however you can
| choose not to install it.
|
| WhatsApp is shown as an option if you have it installed, the
| option won't show up if you don't.
|
| The rationale being: We didn't exactly ant to promote
| WhatsApp but still have it present for those who already use
| it.
| new_stranger wrote:
| I purchased a Pixel phone to test this stuff on.
|
| I installed LineageOS and found I couldn't run some google apps.
| I reinstalled LineageOS with https://opengapps.org added during
| the install and made the mistake of transferring from my old
| phone which brought all the google services and everything back
| to the phone (mostly).
|
| I then installed CalyxOS - much easier install process than
| lineage. Really liked the defaults. Could not get many apps that
| relied on google play services though. If I didn't need so many
| Google-tied apps I would pick this as my phone OS for basic stuff
| like messaging and browsing.
|
| Installed LineageOS again, found there were a couple apps I could
| not get working after all (50 different apps installed).
|
| In the end I gave up and re-flashed Google firmware back onto the
| phone. I spent about 10 hours on all this stuff and simply ran
| out of time for now. I though I could get away from Google but I
| didn't realize how much my apps needed Google.
| brink wrote:
| I had nearly the exact same experience.
| suyash wrote:
| Having developer for Android, I can tell you that Google pushes
| their libraries hard and make that as default in tutorials,
| docs etc so most developers end of depending on play services
| without realizing that is only one of the many options.
|
| This is done by design to lock developers in and by proxy, lock
| users to Google flavored Android OS
| yusi-san wrote:
| You can try lineage with MicroG[0][1], it replaces Google
| services. If you want stores there is the F-Droid store for
| FOSS app or Aurora Store if you want casual apps.
|
| YouTube can be replaced by NewPipe and these days I'm trying
| Organic Maps (a layer for OSM with nav and offline maps) to
| replace Google Maps.
|
| [0] : https://microg.org/ [1] : https://lineage.microg.org/
| andrepd wrote:
| OsmAnd is a more fully featured solution for maps.
| yusi-san wrote:
| I agree that OsmAnd is a better option for public
| transportation and navigation, however, I found that
| Organic Maps is better at showing stuffs like
| restaurants/shops etc and more reactive (smoothness, quick
| to show the map).
|
| I used OsmAnd for quite a long time and just wanted to give
| Organic Maps a try to see other alternatives. Both are
| quite promising as replacing Google maps IMO.
| FredFS456 wrote:
| How does Organic Maps compare to OsmAnd?
| commoner wrote:
| Organic Maps has a better and easier-to-use interface,
| especially for turn-by-turn navigation while driving.
|
| OsmAnd is much more fully featured, especially if you are
| using it to contribute data to OpenStreetMap. With OsmAnd
| Live, you can download hourly updates to OpenStreetMap
| data, while Organic Maps updates at less frequent
| intervals. The app supports plugins for additional
| functionality, including trip recording, Mapillary street
| view, and various map views (such as nautical and ski
| views).
|
| There's no harm in having both installed, since they have
| different strengths.
| NullPrefix wrote:
| Youtube app can be replaced with Firefox
| ekianjo wrote:
| Newpipe is a better option.
| flir wrote:
| Vance gives you an audio-only option, which is nice.
| busymom0 wrote:
| I use Firefox for YouTube with the following add-ons:
|
| 1. uBlock Origin 2. Video Background Play Fix add-on
|
| This allows me to use YouTube as a background playback
| music player.
| commoner wrote:
| NewPipe also has an audio-only option. Unlike YouTube
| Vanced (a mod of the original YouTube app), NewPipe is
| open source and supports video downloading. I think the
| main advantages of Vanced over NewPipe are the
| SponsorBlock integration and the ability to log in to a
| Google account (if that's what you're looking for).
| einpoklum wrote:
| How do you play Youtube clips audio-only with NewPipe?
| newsch wrote:
| I've been very happy with this fork of newpipe that has
| sponsorblock built-in (it's been kept up to date with
| upstream so far):
| https://github.com/polymorphicshade/NewPipe
|
| It started with this rejected PR:
| https://github.com/TeamNewPipe/NewPipe/pull/3205
| efreak wrote:
| The sponsorblock faith is also available through fdroid
| lobocinza wrote:
| Or Brave.
| yusi-san wrote:
| I tried both, Firefox with ublock and Video Background Play
| Fix extensions (as someone else pointed out too) is great.
| But I ended up using NewPipe because I feel it's has a
| better user experience than the mobile version of the
| YouTube website (playlist management, audio only,
| downloading, UI) and it's Open Source.
|
| I still use the Firefox option if newpipe has issues
| fetching the video (which didn't happened to me for a long
| time).
|
| It's a preference thing, many options are great.
| dmos62 wrote:
| You can click share on a Youtube video on Firefox and
| you'll get the option to send it to New Pipe. My only
| gripe with New Pipe is that it breaks some times and it
| doesn't have Youtube's recommendations.
| sleavey wrote:
| Does WhatsApp still work? I care about privacy and degoogling
| but I'm not yet quite ready to abandon my social network over
| it. Currently I use lineageos with the micro Google apps
| bundle which provides the real Play Store services and
| WhatsApp still works. I'd be happy to use the replacement if
| that was still the case.
|
| EDIT: for clarity, by "micro Google apps bundle" I mean the
| opengapps [1] micro variant.
|
| [1] https://opengapps.org/
| rashil2000 wrote:
| I use LineageOS+microG and practically all apps not made by
| Google (WhatsApp, Spotify, PayTM) work as they should. Even
| for some Google apps, there are good alternatives like
| YouTube Vanced etc.
| sleavey wrote:
| Good to know, thanks! I plan to reinstall LineageOS since
| I stupidly relocked my bootloader last time and can't
| upgrade without wiping the phone. I'll try out microG
| this time!
| atatatat wrote:
| > relocked my bootloader last time and can't upgrade
| without wiping the phone
|
| That doesn't sound right.
| efreak wrote:
| Sounds right to me. Unlocking your bootloader wipes
| storage.
| yusi-san wrote:
| Yes I believe it does (I switched to Signal years ago and
| didn't try WhatsApp for a long time). Many proprietary apps
| runs great even the ones depending on Google Services.
| naasking wrote:
| > YouTube can be replaced by NewPipe
|
| I'm using SmartTubeNext. It's great. Haven't tried NewPipe,
| anyone have a comparison?
| fragileone wrote:
| CalyxOS includes microG which supports some of the most popular
| APIs. Which apps did you have issues with?
| commoner wrote:
| Details would be very helpful. Any incompatibilities with
| microG can be reported to its GitHub repo:
|
| https://github.com/microg/GmsCore/issues
| riedel wrote:
| Don't you think it is kind of absurd that you have to buy a
| device from Google to degooglify it as CalyxOS does not support
| other devices. How difficult would it be to actually port it to
| a device already supported e.g. by lineage?
| tholdem wrote:
| The OS in this case has nothing to do with not being able to
| be ported to other phones. Google is one of the few who will
| pay extra to Qualcomm for the ability for users to flash
| their own signing keys. Lineage does not support one of the
| most important security feature of any modern smartphone,
| lockable bootloader and verified boot.
|
| Lineage might be more privacy respecting than Googles
| Android, but far behind regarding security.
|
| CalyxOS and GrapheneOS are the only real options (because
| they support relockable bootloaders) if you dont want to use
| Googles Android.
| entropy1111 wrote:
| There's no point in using LineageOS after they dropped
| PrivacyGuard instead of expanding it. You start going down
| this road and suddenly you'll have a phone that doesn't
| pass SafetyNet anymore. You have to use 3rd-party
| applications and probably a ROM made by a random internet
| user not affiliated with LineageOS because they drop
| support for devices all the time. The phone manufacturers
| bribe ROM developers to do that or they just move on
| quickly.
|
| MicroG is another really unstable experience. Google bought
| KaiOS and will buy the next KaiOS too. They moved and
| continue moving features to their proprietary castle.
| There's just no way you can win this fight against Google.
|
| Long term the only solution is by some miracle a FOSS phone
| gets enough popularity for developers to want to make apps
| for it. I doubt it. My solution is unfortunately using two
| separates phones. Android and a FOSS one.
| 10GBps wrote:
| I had not noticed that Lineage dropped PrivacyGuard.
| Damn, there really is no choice these days.
|
| Lineage is also so frigging annoying how they just drop
| old phones. They won't even provide the last good build
| or previous builds. Really bad thinking over there in
| general I guess.
|
| :(
| zozbot234 wrote:
| They do provide source for all devices, which you can
| just compile yourself. PrivacyGuard was dropped in order
| to provide compatibility with a loosely-equivalent
| solution that's included in AOSP, hence in most custom
| ROMs. Unfortunately, this also means that the supported
| feature set has regressed, and getting back to parity
| will take some effort.
| dmitryminkovsky wrote:
| What's your FOSS phone?
| zozbot234 wrote:
| I don't think anyone is especially happy about the
| LineageOS shortcomings you point out, but that's why
| people are working on supporting the mainstream Linux
| stack on existing hardware.
|
| The LineageOS folks have a very difficult job to do, they
| must keep up with developments in AOSP while supporting
| dozens of existing hardware models, each with its own
| "exciting" quirks. Is it really any wonder that some
| hardware gets dropped from official support? Usually that
| just means bugs have turned up which would make LineageOS
| not fully usable on the hardware, and they don't have the
| volunteer manpower to address them.
|
| Complaining about SafetyNet and microG is even less
| understandable, as these will always amount to
| unsupported hacks and we don't really need them for a
| usable device. Just get your apps from F-Droid, and you
| won't have to care about either.
| luca020400 wrote:
| Privacy Guard) I was the one who purposely removed it. I
| spent days ( if not weeks ) trying to get it working
| properly ( read, it never worked properly and causes many
| issues we still have tickets for ) futhermore Google
| basically rewrote the full stack once again, while
| introducing the, now publicly available in 12, permission
| hub that somehow gave a better view of permissions and
| easy access to remove them. We know it removed some more
| granular ops, but it wasn't worth the effort.
|
| SafetyNet) Nothing can legally pass it unless Google
| certifies it, we can't do much, only Google can enforce
| it to be used only for security related reasons
|
| Bribing) I wish I got a single cent from any of the OEM I
| worked on, name it, Motorola, Asus, Huawei, OnePlus,
| Xiaomi. Not once they threatened us to stop working on
| their devices, and at the same time didn't help at all (
| the only outsider is Asus that is willingly to help ) We
| simply can't continue supporting every device that enters
| the door, we don't have any real way to improve it,
| everyone is doing it voluntarily with no expectation, and
| so do we as project directors.
|
| PS: I'm one of the directors.
| entropy1111 wrote:
| >Privacy Guard) I was the one who purposely removed it.
|
| I know that but it was the main selling point of the ROM
| for me. Also that I didn't even need a firewall because
| you could block network access.
|
| >SafetyNet
|
| I was commenting from the POV of a user who needs apps
| that demand SafetyNet access. You're right.
|
| >Bribing
|
| I was talking about ROM developers on e.g. XDA, not
| LineageOS the "company".
| luca020400 wrote:
| 1) You can still block network via a native firewall (
| it's in app settings ), currently the only issue is that
| network via VPN bypass the toggle.
|
| 3) Never heard of this happening, and I've heard a lot of
| stuff.
| scns wrote:
| Thank you for your (sadly to often undeappreciated but
| still immensly useful to many people) work.
| zozbot234 wrote:
| If you care about verified boot, you can let your phone
| boot in fastboot mode and issue a "fastboot boot" command
| from a trusted device. Combine that with plain FDE, and
| it's as secure as anything Qualcomm will support out of the
| box.
| NeoLaval wrote:
| !
| FieryBinary wrote:
| I disagree. LineageOS has a legitimate use case, being able
| to easily tinker with the device. It's certainly not as
| private or secure, and that doesn't make it a bad option
| depending on someone's use for it.
| glenstein wrote:
| >If I didn't need so many Google-tied apps I would pick this as
| my phone OS for basic stuff like messaging and browsing.
|
| In case I run into a similar issue as you - what turned out to
| be Google-tied apps you weren't able to do without?
| reshie wrote:
| im sure your looking at stuff like fdroid. there are definitely
| sacrifices that have to be made but there are quite a few
| alternatives to the more popular stuff.
| andrepd wrote:
| Did you try microg? It's dead simple to install (they publish
| builds of lineage+microg for any device which has an official
| lineage build), works out of the box, and I haven't had any
| compatibility issues.
|
| > I reinstalled LineageOS with https://opengapps.org added
| during the install and made the mistake of transferring from my
| old phone which brought all the google services and everything
| back to the phone (mostly).
|
| I think you have misunderstood what "opengapps" is. Despite the
| name, it's just a zip that installs Google services and apps
| (Google framework, play store, etc)
| sleavey wrote:
| I think they meant that when they ran Google's automatic
| import tool it reinstalled all the forcefully installed
| Google apps from the old phone. The difference with lineageos
| though is that you can uninstall them afterwards.
| somenewaccount1 wrote:
| F-Droid is for distributing viruses. There may be legit apps on
| there, but there are also tons of virus's and not enough app
| oversite to be safe. It's doesn't seem like much of a threat
| because the userbase is so small that not a lot of hackers target
| it. Once it has 5% of pop though, it would be a meaninful target
| - particularly since these are rooted phones.
| juniperplant wrote:
| Your comment seems to imply that the majority of apps on
| F-droid are malware. I don't think that's the case.
|
| Also, F-droid does not require root.
| inickt wrote:
| It has been years since I have used Android (and F-Droid), but
| I always thought F-Droid was pretty heavily curated and had a
| sane security model [1]. Why do you say it is for distributing
| viruses?
|
| [1] https://f-droid.org/en/docs/Security_Model/
| hjek wrote:
| > F-Droid is for distributing viruses.
|
| Lol, please point me to one? (Or an article about one?)
| m0ngr31 wrote:
| I've been using MicroG+Lineage for a few years now. No complaints
| from me, but I don't use a ton of apps. Not sure what the
| advantage of CalyxOS would be over my current setup (especially
| considering Lineage has a much better catalog of supported
| devices)
| commoner wrote:
| If you are not using root, CalyxOS lets you relock your
| bootloader with the developer key, which increases the security
| of your device by preventing other operating systems from being
| booted or flashed onto your device (until you choose to unlock
| the bootloader again, which requires you to enter your lock
| screen password and would wipe the device data). CalyxOS only
| supports devices with bootloaders that can be relocked with a
| custom key.
| dcow wrote:
| If you're unfamiliar with the context: Calyx Institute is a
| 501(c)(3) with a digital privacy and security mission. For a
| while they've offered, for a few hundred dollars a year donation,
| unmetered access to sprint's network. I don't know the details
| but I think they have retained access to the network through the
| merger due to some non-profit provision (something like the
| sprint merger was allowed with stipulation that certain agencies
| using the network for certain purposes would be grandfathered
| over). There's apparently more history related to the founder
| previously running an ISP under gag order, which drives their
| mission.
|
| Access to the network is only possible through wifi pucks. I
| asked if I could register the IMEI of my ThinkPad's modem/radio,
| but they wouldn't allow it citing the usual "we are responsible
| for the behavior of the devices on the network so you have to use
| our certified device". Sadly, these phones do not participate in
| Calyx's data network, they require a traditional carrier. Maybe
| it's part of their roadmap to eventually offer their data
| services on these handset form factor devices? But until then, I
| don't see a huge point. It would be really awesome to say "I get
| my network access through a privacy oriented non-profit" (:
| posguy wrote:
| I wonder if the MEID/ESN locking will go away with the sunset
| of the Sprint network? It should be possible to move the Calyx
| SIM to any device you like at that point.
| yellow_lead wrote:
| More info here. https://calyxinstitute.org/
|
| Looks like $500-$600 for 4G, and $750 for 4G/5G. Could be a
| good deal for certain people. But yes, it's lame you have to
| use the puck.
| User23 wrote:
| I purchased this several years ago. I don't regret it because
| I was buying to support the Calyx mission and not for the
| access point, but it worked reliably for about a month and
| then it got QoSed into unusability.
| itomato wrote:
| I'm a former subscriber, not renewing because T-Mobile is
| supposedly shutting down Sprint's old LTE equipment:
| https://www.lightreading.com/5g/t-mobile-to-shutter-sprints-...
|
| If this is true, I'm not surprised there's a pivot to an
| unlocked phone without a bundled subscription with Mobile
| Citizen/Calyx.
| windthrown wrote:
| I have the wifi pick, use it frequently and have been quite
| happy with it.
|
| I got the impression when signing up that it was Sprint's terms
| that limited their ability to offer to other devices but they
| would if they could.
| rodolphoarruda wrote:
| Most of the de-Googled or Linux based mobile OSes have their
| installation restricted to Pixel phones. Why? Is there any option
| for old Motorola phones?
| LukeShu wrote:
| Because those are the phones that are supported in the upstream
| Android Open Source Project (AOSP), which these OSes are
| typically based on. Other phones, even ones that to a great job
| of publishing their sources (like Sony's), have their support
| living outside of AOSP. And older phones get dropped from AOSP,
| the original Pixel was dropped in Android 11. So, by only
| targeting the devices that AOSP supports these OSes can focus
| on the interesting part of building the OS, rather than getting
| bogged down with hardware support.
| cdesai wrote:
| The other aspect to this is that you can install a custom OS
| on the Pixels and still re-locked the bootloader, which means
| you get Verified Boot and all the security guarantees that
| brings.
|
| https://source.android.com/security/verifiedboot
| LukeShu wrote:
| You actually couldn't do that with the original Pixel
| (which until recently, Android 11, these custom derivatives
| tended to support). You'd get a warning screen every boot
| about how the OS has been modified.
| cdesai wrote:
| You definitely could, we used to support it in a previous
| iteration.
|
| This was also possible on the Nexus devices, although the
| oldest I've tried it is the Nexus 6P.
|
| It just worked slightly differently on those, nowadays
| you enroll the public key by flashing it to the device,
| on those (Pixel 1, Nexus) you used to have the public key
| embedded in the kernel.
| LukeShu wrote:
| Unless I'm mistaken, the Pixel 1 blindly accepts whatever
| pubkey is embedded in the kernel, but displays the
| warning screen on boot if it's not Google's pubkey (to
| clarify, not a click-through screen, just a temporary
| splash screen). I guess yeah it's technically Verified
| Boot, but if it just accepts any key you throw at it,
| then the security guarantees are a lot less. You can't
| tell it about your pubkey to get the scare screen to go
| away, and you can't tell it to block other keys to get
| the security guarantees.
| cdesai wrote:
| Telling even the newer devices about your pubkey doesn't
| get the scare screen away. You see a Yellow Verified Boot
| warning meaning the OS is signed and verifies but with a
| custom set of keys.
|
| When you lock the bootloader you block other keys, since
| fastboot is pretty much disabled when you do that, and
| the only way to install something would be via OTA
| updates which would have to be signed with your custom
| keys.
|
| I guess maybe if you're able to get a root exploit and
| replace the boot image? Not exactly sure what would
| happen then, need to try.
| atatatat wrote:
| Throwing them in the trash due to entropy of security.
| toastal wrote:
| Something like this seems a lot easier to set up than the hoops I
| ran through to get my Xaiomi Redmi K20 Pro running Havoc OS +
| microG. I wish it were more straightforward to get more device
| compatibility for builds. With GNU/Linux I pick my CPU
| architecture and I'm good to go. With a project like this, I,
| given my Android proficiency, should wait who knows how long to
| get a compatible build. But why a separate build for every
| device?
| fragileone wrote:
| Previously Android phones were allowed to be released each with
| modified unique kernels. All new phones which ship with Android
| 12 however must use the same generic Android Common Kernel, and
| any device-specific drivers are then attached via kernel
| modules.
|
| So basically from September-ish all future Android phones
| should be able to boot off the same image, or at least a
| Generic System Image.
| hjek wrote:
| Is there an Android X86 build of this? That would be an awesome
| laptop OS.
| thoughty wrote:
| Anyone know if they ship the phone to india?
| Paul_S wrote:
| That is lovely but what use is it of I have to buy a new phone to
| use it because it doesn't support the phone I have.
| cutler wrote:
| Exactly. I want it for my Facebook-infested Samsung Galaxy A20
| but I guess I'm out of luck.
| rchaud wrote:
| It's ironic that the only devices this can be installed on are
| Google phones and one Xiaomi phone.
| summm wrote:
| Even with the most secure alternative Android, you always have
| blobs from the original manufacturer that you have to use for
| some hardware-related critical functionality. And of course,
| the baseband that usually has full access to device's memory
| using DMA. That's where the backdoors go, I'd suspect. In this
| regard I'd trust Xiaomi way less than Google.
|
| However, Google phones have been subpar for a long time. E.g.
| the storage was too small and non-extendable. Makes sense from
| a Google point of view, as you're supposed to store everything
| into their cloud. But not well suitable for offline-first and
| privacy-first.
___________________________________________________________________
(page generated 2021-08-07 23:01 UTC)