Conversation

Satrinity

@satrinity402

Aug 6, 2021

Replying to

@Rand0mGuest2

Lmao, at least you can run SW on your daily Lmk if you want help flashing

@CalyxOS

on a Pixel

This Tweet is from a suspended account. Learn more

Replying to

and

Calyx is the best privacy focused OS in terms of app compatibility. It's not perfect but it's become very stable over the last few months of using it as a daily. Has some very nice features too like a firewall that completely disables data access to individual apps.

Replying to

and

I heard

was a bit more secure?

Replying to

It is. But at the cost of app compatibility and other drawbacks like lack of instant push notifications Calyx is better for daily use Graphene is best for users who need maximum privacy and security

Replying to

GrapheneOS has never had a lack of proper push notifications. Please read grapheneos.org/faq#notificati. GrapheneOS also has a sandboxed Play services compatibility layer providing broader app compatibility than microG in CalyxOS: grapheneos.org/usage#sandboxe. It's early but works already.

Replying to

Appreciate the correction. My mistake. Will have to check it out! What would you say graphene has an advantage over Calyx on? Are there any drawbacks graphene has for a daily user when compared to Calyx?

Replying to

GrapheneOS doesn't come with assorted bundled apps. It's a more barebones starting point where users need to decide what to use. It's easier to install GrapheneOS via grapheneos.org/install/web but it's harder to get the initial apps. We also don't bundle any form of Play services.

grapheneos.org

GrapheneOS web installer

Web-based installer for GrapheneOS, a security and privacy focused mobile OS with Android app compatibility.

Replying to

Users can install Play services on GrapheneOS due to our sandboxed Play services compatibility layer. It doesn't ship with it though. Similarly, we don't bundle third party app stores (F-Droid, Aurora Store) and don't give them unrestricted unattended app install privileges.

Replying to

They grant microG special privileges to allow it to bypass the signature checks in apps checking for genuine Play services. That's how it's able to work. However, microG doesn't enforce the same security checks and key pinning as Play services. That has security consequences.

Replying to

Apps using Play services include the Play services client code in themselves and running it. A fair bit of it including nearly the entire Ads functionality works without Play services. Only apps using the Lite library need Play services for Ads:

developers.google.com

Google Mobile Ads Lite SDK | Android | Google Developers

12:46 AM · Aug 7, 2021Twitter Web App

Replying to

Since apps using Play services are shipping the Play services within themselves already, we feel it's much better to use the official Play services in the same full app sandbox with zero special privileges. It doesn't get any more access than Play has via the libraries in apps.

Replying to

Our implementation of grapheneos.org/usage#sandboxe is very new and is currently the same kind of mixed bag as microG with compatibility. However, even in the upcoming release it provides substantially broader compatibility already. It's only a couple hundred lines of code too.

Show replies