I use CalyxOs without any Google Apps (camera app blocked via firewall). I find GrapheneOS horrible. If I want to get away from Google, I don't want to run Google Apps in the sandbox either
So you are using a Google app (Google Camera) in an objectively much weaker sandbox than the one provided by GrapheneOS. You're giving it shared storage access since it requires it and CalyxOS doesn't have features like https://grapheneos.org/features#storage-scopes. The whole point of sandboxed Google Play on GrapheneOS is that it runs in the full standard app sandbox. It has absolutely no special access or privileges. It's not different than running another app. Same sandbox, same permission model, and all the same GrapheneOS improvements to those including user-facing ones like Storage Scopes, Sensors permission toggle and the Network permission toggle which blocks more forms of access than a firewall-based approach.
What I love about GrapheneOS is that it gives people a choice. It starts out slim, without any Google services. You have the choice to use them if you need them, and you can use them in the same way and with the same sandbox as you would any other app. But the most important thing is choice and options.
You can even use Sandboxed Google Play in a specific user profile, instead of options like MicroG where it has to be privileged for a lot of its features/functionality to function, and where it's ever-present in all of your profiles.
Furthermore, since we're talking about Google apps and services, I find the fact that CalyxOS ships with the privileged eSIM activation Google app which is enabled by default and to my understanding cannot be disabled very concerning...
On the other hand, (again) GrapheneOS has it disabled by default and you're given the choice to use it if you need it, instead of having it forced on you by default.
After looking at all options for alternative Android OSes, not matter which way you slice it, GrapheneOS takes the cake, so I don't really understand how someone who has actually looked at both options can call it "terrible".
Well, than don’t? How does allowing the option making it terrible? Also, CalyxOS also support it in an objectively worse way (microG and basically not caring about signatures)
They don't know much about it and haven't used it. CalyxOS isn't a hardened OS and isn't at all comparable to GrapheneOS. They recently didn't even ship half the baseline Android security patches for 2 months, let alone providing much better patching and substantially hardening the privacy and security of the OS. Unfortunately, they've chosen to promote it through inaccurate talking points about GrapheneOS and fabricated stories about our developers. They've heavily invested in this. You can see their developers doing it earlier today. You'll see it in every thread about GrapheneOS on this site from people promoting CalyxOS, which again, is a highly insecure non-hardened OS rolling back the Android security model substantially and not shipping full baseline Android patches on time. I don't understand why they come to pick this fight. GrapheneOS provides far better privacy, security and usability (much broader app compatibility).
(First, strcat, thank you so much for your work on GrapheneOS. I should have a little ETH to send to the project in a few weeks, to make this sentiment a bit more concrete.)
Regarding community among people valuing security and privacy...
On my most recent big phone/handheld switch, I tried CalyxOS first, but found that I personally preferred GrapheneOS.
I think CalyxOS also has its merits.
Users of CalyxOS and GrapheneOS are relatively small groups, with overlapping interests, and together are stronger, if the tone is friendly competition and mutual assistance.
I don't think a highly insecure OS not shipping privacy/security updates for months is even a reasonable choice for people who don't care much about privacy and security. Their site presents standard Android privacy/security features as their own and has news posts claiming to ship security updates where half the patches were skipped, so that's not a reliable source of information to use. They've heavily marketed CalyxOS based on false claims about privacy and security not only in CalyxOS but with a substantial focus on misleading people about GrapheneOS. Even as recent as today and yesterday, the leader of the Calyx Institute has been openly spreading misinformation and fabricated stories about GrapheneOS. Yesterday, he was openly doing it in their chat rooms with someone who has publicly, repeatedly called for me to kill myself and posted the usual Calyx claims that I'm "crazy", "delusional", "schizophrenic", "deranged", etc. Do you think this is appropriate behavior?
Check the recent screenshot I posted about a Calyx reseller who works with them (@maxtannahill) and is in several of their private Signal, Matrix and Discord chat rooms. I linked a thread where he openly states his neo-nazi views which he has done repeatedly. He's openly a holocaust denier who supports fascism, wants democracies turned into authoritarian dictatorships and overtly a white supremacist wanting the US as a white homeland. Calyx permits Kiwi Farms server in their room and has had no problem with the abuse targeted towards me. In fact, the leader of the organization has repeatedly participated in it when it happens, encouraging it while also steering it away from being done inside their rooms. These logs have been archived and while the lead CalyxOS developer has gone back and purged a lot of it from the Matrix history, much of it is still there. You can check for yourself what happened yesterday and can confirm the main person attacking me there and in other rooms is a Calyx community member friends with several of them and has openly told me to kill myself.
> Users of CalyxOS and GrapheneOS are relatively small groups, with overlapping interests, and together are stronger, if the tone is friendly competition and mutual assistance.
Calyx developers / leadership have repeatedly engaged in an extreme bullying/harassment campaign targeting me. They've heavily focused on spreading misinformation both about CalyxOS and GrapheneOS to mislead and scam users.
We're never going to work with people who have done these things. No one else should be working with them or tolerating them either, but unfortunately people don't do anything about the massive amount of charlatans and abusers in the privacy/security industries. It's sad. You should never expect that I'm going to tolerate it.
CalyxOS is not a hardened OS. It's also blatantly insecure by not shipping patches fully or on time while misleading users. I'm not sure how it's a competitor with GrapheneOS. Presenting it as a private and secure OS in their marketing doesn't make it one. Engaging in all kinds of abusive and underhanded behavior is not going to turn it into one either.
Commments like this are precisely why the "rivalry" continues to exist.
GrapheneOS handily beats out every other project on security and technical merit -- let the code and project speak for itself, because jumping in to every single convo between end users you can find, doesn't help quell any of it.
From a GrapheneOS user for many years who thanks you for your work and dedication
So you are using a Google app (Google Camera) in an objectively much weaker sandbox than the one provided by GrapheneOS. You're giving it shared storage access since it requires it and CalyxOS doesn't have features like https://grapheneos.org/features#storage-scopes. The whole point of sandboxed Google Play on GrapheneOS is that it runs in the full standard app sandbox. It has absolutely no special access or privileges. It's not different than running another app. Same sandbox, same permission model, and all the same GrapheneOS improvements to those including user-facing ones like Storage Scopes, Sensors permission toggle and the Network permission toggle which blocks more forms of access than a firewall-based approach.