Andromxda

Until Graphene OS pulls a Crowdstrike…

This is just pure speculation about a theoretical possibility and no counterargument to the fact that CalyxOS repeatedly missed important patches for months. Stuff can go wrong in any software release, including billion-dollar companies like Crowdstrike. Software is still written by humans, which have a very natural behavior of making mistakes. But please show me one broken GrapheneOS release from the past decade. This argument just makes no sense.

GrapheneOS always goes through extensive (including automated) testing before releasing anything. As I have explained many times, these guys actually focus on quality, security and reliability. Also, we're talking about ASB patches that are provided by AOSP, so if something goes wrong, not just GrapheneOS will be broken, it would affect all AOSP-based systems that deliver updates in a timely manner (Calyx of course not included, they don't give a fuck about delivering updates in a reasonable time)

They deliver patches within a month. I don’t think there is that many critical vulnerabilities as AOSP has a small attack surface by design.

I really recommend reading more about Android Security Bulletins.

Graphene isn’t this magic OS that has patches faster than they come out. They are still dependent on the Android security team.

Obviously. But they also never claimed that. They at least do the bare minimum of delivering patches in a timely manner. CalyxOS takes a month, while GrapheneOS almost always does it on the same day. There is no excuse for taking a month to do this, unless you don't really care about the security of your users, and you are misleading them, and giving them a false sense of security.

Virtualization on iOS is terrible. You can only use half of your device's RAM, because iOS kills any app that uses more than that.

I don’t even use proprietary apps so most if the “security features” aren’t even useful to me.

That's absolutely not how security works.

I looked at some other ROMs, and I could hardly find any feature that's worth including in the comparison table. Specifically, I looked at the features page of CalyxOS: https://calyxos.org/features/

• The Firewall is listed in the table, GrapheneOS also has it (it provides a better solution, but that's not too important for now)
• microG is also listed in the table
• the Wi-Fi and Bluetooth timers from the "Device security" section are not covered, but these aren't unique to CalyxOS. From looking at the screenshots on the website, I actually think that the code was simply copied from GrapheneOS (which is not an issue btw, GrapheneOS is FOSS software. But this is not a unique Calyx feature)
• USB-C control is covered in the comparison table, and it also shows that CalyxOS uses a much weaker implementation of it, which is simply based on Graphene's old code, before they replaced with a newer, better implementation

⚙️ Privacy settings lets you see what apps are requesting which permissions

That's an AOSP feature I guess

• The following point:

🤫 Sensitive Numbers privacy. Calls to numbers for help lines such as domestic violence, child abuse, suicide hotlines are not recorded in the call log.

📇 Access these numbers in the Helplines Dialer entry.

is not an OS feature, as it's simply implemented in the Dialer, which can freely be changed by the user. Putting this in an OS comparison table wouldn't make any sense, as it isn't an OS feature, but rather a feature of an individual app.

• Seedvault backups are included in the comparison table
• Work profiles are a stock AOSP feature, it doesn't make sense to include this, as it isn't unique to any ROM
• The dialer is mentioned again. I already explained why it doesn't make sense to include it.
• They mention Cromite and the Tor Browser, both are apps that can be downloaded by the user
• Aurora and F-Droid can also be installed by the user, they're not unique features

⌛ Auto-reboot device when not unlocked for a certain period requiring entering PIN/password again

🙈 Scramble lockscreen PIN

These two points also use the original GrapheneOS code and they aren't unique to Calyx. Sure, these could be included, but it wouldn't give Calyx any advantage.

• Next they mention that they bundle Signal and K-9 Mail. Again, these apps can simple be installed by the user. Having Signal pre-installed shouldn't be a selling point for a custom ROM. If someone doesn't know how to install Signal on their own, maybe they shouldn't be using a custom ROM in the first place.

(Sorry for the bad formatting btw, but it should still be understandable)

The comparison table is absolutely not biased. It is clear that it's focused on security, and it factually compares the security features of different ROMs. Feel free to create your own objective, factual comparison table that focuses on other aspects.

Well I personally can’t stand the idea of Google GSF

I can actually understand that, and I had the same thought when I started using GrapheneOS. But microG is just an open source layer that requires proprietary Google blobs in the background, which sits between the proprietary Google Play services library in proprietary apps and proprietary Google network services. You gain almost nothing from using it, while simultaneously increasing attack surface, due to microG's requirement for root privileges.

MicroG also is very flexible on how it works. It is broken down into lots of different services.

Can you really control which parts of microG are active? This suggests the opposite: https://discuss.grapheneos.org/d/4290-sandboxed-microg/18

From the thread:

Signal is a perfect example where the app works fine without Google Play including with push but will not work correctly in a setup you proposed in the other thread of using it with FCM disabled. That breaks the app and it won't get calls or push notifications anymore, unlike using it in a profile without Google Play

(Yes, I know that the GrapheneOS Forum might be a biased source when talking about this topic, but I currently don't have any way of testing this out with microG. If you don't believe what the Graphene dev is saying in the forum thread, you can try it out for yourself)

The only part of microG that I would really consider using is UnifiedNLP, together with a privacy-friendly network location service. There was actually a discussion about including UnifiedNLP in GrapheneOS, but I think there were some licensing issues. (GrapheneOS can't use GPLv3 code. GPLv2, MIT and Apache are fine though). But Graphene's SUPL & PSDS-based approach for obtaining location information currently works well enough, and they might integrate an open, privacy-friendly NLP like beaconDB in the future.

Ah yes, because everyone just throws away their phone after 2 years. People definitely haven't purchased iPhones before the invasion.

Works with VoIP numbers though

What about iOS users?

And it isn't even encrypted by default, you manually have to enable that. By default, all your plain text messages are stored on their servers.

Some parts of microG like FCM don't necessarily require signature spoofing, but others do. This has nothing to do with the ROM, but with the way Google Play services and microG work.

Calyx absolutely doesn't check this box:

• you get all the latest security patches and really fast

And the fact that people like you believe that they are delivering patches on time shows how misleading their team is about updates.