Conversation
It is. But at the cost of app compatibility and other drawbacks like lack of instant push notifications
Calyx is better for daily use
Graphene is best for users who need maximum privacy and security
1
1
GrapheneOS has never had a lack of proper push notifications. Please read grapheneos.org/faq#notificati.
GrapheneOS also has a sandboxed Play services compatibility layer providing broader app compatibility than microG in CalyxOS: grapheneos.org/usage#sandboxe. It's early but works already.
1
2
Appreciate the correction. My mistake.
Will have to check it out!
What would you say graphene has an advantage over Calyx on? Are there any drawbacks graphene has for a daily user when compared to Calyx?
1
1
GrapheneOS doesn't come with assorted bundled apps. It's a more barebones starting point where users need to decide what to use. It's easier to install GrapheneOS via grapheneos.org/install/web but it's harder to get the initial apps. We also don't bundle any form of Play services.
1
1
Users can install Play services on GrapheneOS due to our sandboxed Play services compatibility layer. It doesn't ship with it though.
Similarly, we don't bundle third party app stores (F-Droid, Aurora Store) and don't give them unrestricted unattended app install privileges.
1
1
They grant microG special privileges to allow it to bypass the signature checks in apps checking for genuine Play services. That's how it's able to work. However, microG doesn't enforce the same security checks and key pinning as Play services. That has security consequences.
1
1
Apps using Play services include the Play services client code in themselves and running it. A fair bit of it including nearly the entire Ads functionality works without Play services. Only apps using the Lite library need Play services for Ads:
1
Since apps using Play services are shipping the Play services within themselves already, we feel it's much better to use the official Play services in the same full app sandbox with zero special privileges. It doesn't get any more access than Play has via the libraries in apps.
1
2
Our implementation of grapheneos.org/usage#sandboxe is very new and is currently the same kind of mixed bag as microG with compatibility. However, even in the upcoming release it provides substantially broader compatibility already. It's only a couple hundred lines of code too.
1
3
microG will always be struggling to implement a tiny fraction of Play services and you're still running the Play services code in the apps using it. It's true that CalyxOS has better compatibility with apps than not shipping microG, but it still has serious compatibility issues.
We don't think that's good enough, and we aren't willing to sacrifice security by not having the same security checks and key pinning as Play. The reason apps check the Play services signature is not to hinder compatibility but to prevent their data being leaked or intercepted.
1