1
0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-10-26 17:22:11 +00:00

Remove CalyxOS (#1518)

Co-Authored-By: matchboxbananasynergy <107055883+matchboxbananasynergy@users.noreply.github.com>
Signed-off-by: Daniel Gray <dng@disroot.org>
This commit is contained in:
Tommy
2022-07-10 18:18:08 +00:00
committed by Daniel Gray
parent 65874da53c
commit b89eb32968
5 changed files with 18 additions and 53 deletions

View File

@@ -6,7 +6,7 @@ icon: 'fontawesome/brands/android'
These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. We also have additional Android-related information:
- [General Android Overview and Recommendations :hero-arrow-circle-right-fill:](android/overview.md)
- [GrapheneOS vs CalyxOS Comparison :hero-arrow-circle-right-fill:](android/grapheneos-vs-calyxos.md)
- [Why we recommend GrapheneOS over CalyxOS? :hero-arrow-circle-right-fill:](android/grapheneos-vs-calyxos.md)
## AOSP Derivatives
@@ -65,26 +65,6 @@ DivestOS implements some system hardening patches originally developed for Graph
Not all of the supported devices have verified boot, and some perform it better than others.
### CalyxOS
!!! recommendation
![CalyxOS logo](assets/img/android/calyxos.svg){ align=right }
**CalyxOS** is a system with some privacy features on top of AOSP, including [Datura](https://calyxos.org/docs/tech/datura-details) firewall, [Signal](https://signal.org) integration in the dialer app, and a built in panic button. CalyxOS also comes with firmware updates and signed builds, so verified boot is fully supported.
We only recommend CalyxOS as a harm reduction measure for the OnePlus 8T, OnePlus 9, and especially the Fairphone 4 if you need microG.
[:octicons-home-16: Homepage](https://calyxos.org/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://calyxinstitute.org/legal/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://calyxos.org/docs/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/CalyxOS){ .card-link title="Source Code" }
[:octicons-heart-16:](https://members.calyxinstitute.org/donate){ .card-link title=Contribute }
CalyxOS optionally includes [microG](https://microg.org/), a partially open-source reimplementation of Play Services which provides broader app compatibility. It also bundles in alternate location services: [Mozilla](https://location.services.mozilla.com/) and [DejaVu](https://github.com/n76/DejaVu).
CalyxOS [supports](https://calyxos.org/docs/guide/device-support/) Google Pixel phones, the OnePlus 8T/9/9 Pro and the Fairphone 4.
## Android Devices
When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
@@ -126,30 +106,6 @@ A few more tips for purchasing a Google Pixel:
- Look at online community bargain sites in your country. These can alert you to good sales.
- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: $\text{Cost} \over \text {EOL Date }-\text{ Current Date}$, meaning that the longer use of the device the lower cost per day.
### Other Devices
The following OEMs are only mentioned as they have phones compatible with the operating systems recommended by us. If you are purchasing a new device, we only recommend purchasing a Google Pixel.
#### OnePlus
If you are unable to obtain a Google Pixel, recent OnePlus devices are the next best option if you want to run a custom OS without privileged Play Services. OnePlus 8 and later devices will receive 4 years of security updates from their initial launch date. CalyxOS has [experimental support](https://calyxos.org/news/2022/04/01/fairphone4-oneplus8t-oneplus9-test-builds/) for the **OnePlus 8T** and **9**.
DivestOS has support for most OnePlus devices up to the **OnePlus 9 Pro**, with varying levels of support.
#### Fairphone
!!! danger
The Fairphone 3 and 4 are not secure by default, as the [stock bootloader trusts the public AVB signing key](https://forum.fairphone.com/t/bootloader-avb-keys-used-in-roms-for-fairphone-3-4/83448/11). This breaks verified boot on a stock Fairphone device, as the system will boot alternative Android operating systems such (such as /e/) [without any warning](https://source.android.com/security/verifiedboot/boot-flow#locked-devices-with-custom-root-of-trust) about custom operating system usage.
This problem is somewhat mitigated when you install a custom operating system such as CalyxOS or DivestOS and trust the developer's signing keys rather than the stock system keys, however a vulnerability in CalyxOS or DivestOS's recovery environments could still potentially allow an attacker to bypass AVB.
**To reiterate, you must install a custom operating system with custom boot keys to use Fairphone devices in a secure manner.**
CalyxOS has [experimental support](https://calyxos.org/news/2022/04/01/fairphone4-oneplus8t-oneplus9-test-builds/) for the **Fairphone 4**. DivestOS has builds available for the **Fairphone 3**.
Fairphone markets their devices as receiving 6 years of support. However, the SoC (Qualcomm Snapdragon 750G on the Fairphone 4) has a considerably shorter EOL date. This means that firmware security updates from Qualcomm for the Fairphone 4 will end in September 2023, regardless of whether Fairphone continues to release software security updates.
## General Apps
### Orbot

View File

@@ -1,12 +1,15 @@
---
title: "GrapheneOS vs CalyxOS"
title: "Why we recommend GrapheneOS over CalyxOS?"
icon: 'material/cellphone-cog'
---
GrapheneOS and CalyxOS are commonly compared as similar options for people looking for an alternative Android OS for their Pixel devices. Below are some of the reasons we recommend GrapheneOS over CalyxOS.
## Profiles
CalyxOS includes a device controller app so there is no need to install a third-party app like Shelter.
GrapheneOS extends the user profile feature, allowing you to end a current session. To do this, select *End Session* which will clear the encryption key from memory. There are plans to add a [cross profile notifications system](https://github.com/GrapheneOS/os-issue-tracker/issues/88) in the future. GrapheneOS plans to introduce nested profile support with better isolation in the future.
GrapheneOS extends the user profile feature, allowing you to end a current session. To do this, select *End Session* which will clear the encryption key from memory. GrapheneOS also provides [cross-profile notification forwarding](https://grapheneos.org/features#notification-forwarding). GrapheneOS plans to introduce nested profile support with better isolation in the future.
## Sandboxed Google Play vs Privileged microG
@@ -22,9 +25,11 @@ Local RF location backends like DejaVu require that the phone has a working GPS
If your threat model requires protecting your location or the MAC addresses of nearby devices, rerouting location requests to the OS location API is probably the best option. The benefit brought by microG's custom location backend is minimal at best when compared to Sandboxed Play Services.
In terms of application compatibility, Sandboxed Google Play on GrapheneOS outperforms microG on CalyxOS due to its support for many services which microG has not yet implemented, like [Google Play Games](https://play.google.com/googleplaygames) and [In-app Billing API](https://android-doc.github.io/google/play/billing/api.html). Larger apps, especially games, require Play Delivery to be installed, which is currently not implemented in microG. Authentication using [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) with online services on Android also relies on Play Services, and does not currently work with microG.
In terms of application compatibility, Sandboxed Google Play on GrapheneOS is always going to be more compatible as it is the same code as what is released by Google. microG is a reimplementation of these services. As a result of that it only supports the various parts that have been reimplemented, meaning some things such as [Google Play Games](https://play.google.com/googleplaygames) and [In-app Billing API](https://android-doc.github.io/google/play/billing/api.html) are not yet supported.
[^1]: It should be noted that microG still uses proprietary Google binaries for some of its components such as DroidGuard. Push notifications, if enabled, still go through Google's servers just like with Play Services. Outside of default microG setups like on CalyxOS, it is possible to run microG in the unprivileged `untrusted app` SELinux domain and without the signature spoofing patch. However, microG's functionality and compatibility, which is already not nearly as broad as Sandboxed Play Services, will greatly diminish.
Larger apps, especially games, require Play Delivery to be installed, which is currently not implemented in microG. Authentication using [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) with online services on Android also relies on Play Services, and does not currently work with microG.
[^1]: It should be noted that microG still uses proprietary Google binaries for some of its components such as DroidGuard. Push notifications, if enabled, still go through Google's servers just like with Play Services. Outside of default microG setups like on CalyxOS, it is possible to run microG in the unprivileged [`untrusted app`](https://source.android.com/security/selinux/concepts) SELinux domain and without the signature spoofing patch. However, microG's functionality and compatibility, which is already not nearly as broad as Sandboxed Play Services, will greatly diminish.
## Privileged eSIM Activation Application
@@ -32,7 +37,7 @@ Currently, eSIM activation is tied to a privileged proprietary application by Go
On GrapheneOS, the app comes disabled and can be *optionally* enabled by the user after they have installed Sandboxed Play Services.
On CalyxOS, the app comes installed by default (regardless of whether you choose to have microG or not) and cannot be opted out. This is particularly problematic, as it means Google still has access to the user's hardware identifiers regardless of whether they even need the eSIM activation or not, and can access them persistently.
On CalyxOS, the app comes installed by default (regardless of whether you choose to have microG or not) and cannot be opted out. This means Google still has access to your hardware identifiers regardless of whether or not you need eSIM activation and can be accessed persistently.
## Privileged App Extensions

View File

@@ -34,6 +34,8 @@ Verified Boot ensures the integrity of the operating system files, thereby preve
Unfortunately, OEMs are only obliged to support Verified Boot on their stock Android distribution. Only a few OEMs such as Google support custom AVB key enrollment on their devices. Additionally, some AOSP derivatives such as LineageOS or /e/ OS do not support Verified Boot even on hardware with Verified Boot support for third-party operating systems. We recommend that you check for support **before** purchasing a new device. AOSP derivatives which do not support Verified Boot are **not** recommended.
Many OEMs also have broken implementation of Verified Boot that you have to be aware of beyond their marketing. For example, the Fairphone 3 and 4 are not secure by default, as the [stock bootloader trusts the public AVB signing key](https://forum.fairphone.com/t/bootloader-avb-keys-used-in-roms-for-fairphone-3-4/83448/11). This breaks verified boot on a stock Fairphone device, as the system will boot alternative Android operating systems such (such as /e/) [without any warning](https://source.android.com/security/verifiedboot/boot-flow#locked-devices-with-custom-root-of-trust) about custom operating system usage.
## Firmware Updates
Firmware updates are critical for maintaining security and without them your device cannot be secure. OEMs have support agreements with their partners to provide the closed-source components for a limited support period. These are detailed in the monthly [Android Security Bulletins](https://source.android.com/security/bulletin).
@@ -42,6 +44,8 @@ As the components of the phone, such as the processor and radio technologies rel
EOL devices which are no longer supported by the SoC manufacturer cannot receive firmware updates from OEM vendors or after market Android distributors. This means that security issues with those devices will remain unfixed.
Fairphone, for example, markets their devices as receiving 6 years of support. However, the SoC (Qualcomm Snapdragon 750G on the Fairphone 4) has a considerably shorter EOL date. This means that firmware security updates from Qualcomm for the Fairphone 4 will end in September 2023, regardless of whether Fairphone continues to release software security updates.
## Android Versions
It's important to not use an [end-of-life](https://endoflife.date/android) version of Android. Newer versions of Android not only receive security updates for the operating system but also important privacy enhancing updates too. For example, [prior to Android 10](https://developer.android.com/about/versions/10/privacy/changes), any apps with the [`READ_PHONE_STATE`](https://developer.android.com/reference/android/Manifest.permission#READ_PHONE_STATE) permission could access sensitive and unique serial numbers of your phone such as [IMEI](https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity), [MEID](https://en.wikipedia.org/wiki/Mobile_equipment_identifier), your SIM card's [IMSI](https://en.wikipedia.org/wiki/International_mobile_subscriber_identity), whereas now they must be system apps to do so. System apps are only provided by the OEM or Android distribution.
@@ -52,6 +56,9 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi
Should you want to run an app that you're unsure about, consider using a user or work profile.
## Media Access
Quite a few applications allows you to "share" a file with them for media upload. If you want to, for example, tweet a picture to Twitter, do not grant Twitter access to your "media and photos", because it will have access to all of your pictures then. Instead, go to your file manager (documentsUI), hold onto the picture, then share it with Twitter.
## User Profiles
Multiple user profiles can be found in **Settings****System****Multiple users** and are the simplest way to isolate in Android.

View File

@@ -1,2 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="matrix(.43429 0 0 .43429 -102.24 -35.595)" stroke-width=".26458"><path d="m313.4 119.93c-7.7343 13.52-22.298 22.631-38.991 22.631-16.692 0-31.256-9.1114-38.991-22.631 7.7346-13.521 22.299-22.632 38.991-22.632 16.693 0 31.257 9.1115 38.991 22.632" fill="#9acc01"/><path d="m298.61 144.6-6.8334-12.569c2.364-3.4422 3.7478-7.6102 3.7478-12.101 0-11.819-9.5811-21.4-21.4-21.4-11.819 0-21.4 9.5806-21.4 21.4 0 11.819 9.5811 21.4 21.4 21.4 4.4736 0 8.6265-1.3727 12.061-3.7206l12.422 6.9937z" fill="#231f20"/><path d="m284.91 125.24c0 5.7915-4.7106 10.502-10.502 10.502-5.7915 0-10.502-4.7106-10.502-10.502v-12.917c0-0.80301 0.65352-1.456 1.4565-1.456 0.80275 0 1.456 0.65299 1.456 1.456v7.8192c0 0.4236 0.34263 0.76623 0.76702 0.76623 8e-3 0 0.0167-2e-3 0.0257-2e-3s0.0164 2e-3 0.0251 2e-3c0.4236 0 0.7665-0.34263 0.7665-0.76623v-11.856c0-0.80354 0.65299-1.4571 1.4565-1.4571s1.4565 0.65352 1.4565 1.4571v11.166c0 0.42387 0.34343 0.76624 0.76677 0.76624 0.42254 0 0.76623-0.34264 0.76623-0.76624v-13.875c0-0.80301 0.65378-1.4555 1.4563-1.4555 0.80354 0 1.4568 0.65246 1.4568 1.4555v13.773c0 0.42413 0.34317 0.76703 0.7665 0.76703 0.42307 0 0.7665-0.34317 0.7665-0.76703v-11.37c0-0.80327 0.65352-1.4565 1.4565-1.4565 0.80327 0 1.456 0.65352 1.456 1.4565v14.555c-1.7436 0.16219-5.8518 1.0464-7.543 5.7222-0.14366 0.39793 0.0622 0.83767 0.46038 0.9824 0.0857 0.031 0.1741 0.0455 0.26009 0.0455 0.31379 0 0.60748-0.19474 0.72125-0.50536 1.7732-4.903 6.6273-4.7546 6.8313-4.7464l0.80354 0.0386v-8.0939c0-0.80301 0.7112-1.4565 1.5843-1.4565 0.87392 0 1.5841 0.65352 1.5841 1.4565v9.2625zm-1.5841-12.253c-0.57864 0-1.1192 0.15557-1.5843 0.41963v-5.4277c0-1.6486-1.3409-2.9901-2.9895-2.9901-0.53314 0-1.0327 0.14261-1.4666 0.38761-0.10398-1.555-1.3991-2.789-2.98-2.789-1.6484 0-2.9893 1.3409-2.9893 2.989v0.10001c-0.4318-0.2413-0.92763-0.381-1.4565-0.381-1.6481 0-2.9893 1.3409-2.9893 2.9901v1.4594c-0.44344-0.26035-0.95752-0.41222-1.5079-0.41222-1.6486 0-2.99 1.3404-2.99 2.9893v12.917c0 6.636 5.3991 12.035 12.036 12.035 6.636 0 12.035-5.3991 12.035-12.035v-9.2631c0-1.6484-1.3981-2.9893-3.1171-2.9893" fill="#9acc01"/></g></svg>

Before

Width:  |  Height:  |  Size: 2.2 KiB

View File

@@ -49,7 +49,6 @@ For more details about each project, why they were chosen, and additional tips o
- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji } [GrapheneOS](android.md#grapheneos)
- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji } [DivestOS](android.md#divestos)
- ![CalyxOS logo](assets/img/android/calyxos.svg){ .twemoji } [CalyxOS](android.md#calyxos)
</div>