CalyxOS
CalyxOS is a free and open-source mobile operating system derived from Android, developed by the Calyx Institute, a non-profit organization, with an emphasis on enhancing user privacy and security through the minimization of tracking and surveillance by device manufacturers, carriers, and internet service providers.[1][2]
The system supports a limited selection of devices, primarily Google Pixel smartphones and select others like Fairphone models, and includes built-in features such as support for microG to enable compatibility with apps requiring Google services without proprietary dependencies, a Datura firewall for network access control, encrypted backups via SeedVault, and recommendations for privacy-focused applications like Signal for communications.[3][4]
CalyxOS prioritizes usability alongside security, distinguishing it from more hardened alternatives by incorporating mechanisms for broader app ecosystem integration while maintaining open-source principles and proactive security updates where feasible.[5][3]
As of August 2025, development and over-the-air updates for CalyxOS have been placed on an indefinite hiatus due to concerns over maintenance sustainability, prompting users to consider reverting to stock firmware or alternative operating systems, with the project indicating a potential resumption after 4 to 6 months but requiring device reflashing upon return.[6][7]
History
Founding and Initial Development
CalyxOS was developed by the Calyx Institute, a non-profit organization founded in May 2010 by Nicholas Merrill, Micah Anderson, and Kobi Snitz to advance digital privacy and security. The Institute initiated the CalyxOS project as an effort to create a privacy-focused mobile operating system based on Android, drawing inspiration from secure systems like Tails and Qubes OS, with Merrill having contemplated an alternative mobile OS for years prior to its tangible development.[8] Initial development emphasized removing Google dependencies while maintaining usability, incorporating open-source alternatives such as microG for limited compatibility with Google services and Auditor for hardware attestation verification.[4] The project gained momentum in the late 2010s, with public availability emerging around 2019–2020, coinciding with the launch of the CalyxOS website on September 1, 2020. Lead developer Chirayu Desai organized the AOSP Alliance in 2020 to foster collaboration among Android-based privacy OS projects.[9] Early efforts focused on Google Pixel devices due to their unlockable bootloaders and timely security updates, porting CalyxOS to Android 11 shortly after its September 2020 release.[9] The first stable release, CalyxOS 2.0.1 based on Android 11, was announced on January 2, 2021, supporting the Pixel 2 and Pixel 2 XL.[10] This milestone marked the transition from experimental builds to a more reliable system, with subsequent expansions in 2021 adding compatibility for Pixel 4a, 4a (5G), and Pixel 5, increasing supported devices to 12.[9] Development involved an international team of volunteers and staff, prioritizing verifiable security features and de-Googled functionality without compromising essential mobile capabilities.[4]Expansion and Key Milestones
CalyxOS expanded its device compatibility beyond initial Google Pixel support, incorporating hardware from multiple manufacturers to broaden accessibility for privacy-focused users. By June 2022, the project supported 12 Pixel models from the Pixel 3 onward, with test builds available for one Fairphone device and three OnePlus models, achieving a total of 16 compatible options.[11] This marked an early milestone in diversifying from Pixel exclusivity, enabling preliminary adoption on Fairphone's modular, repairable phones and OnePlus flagships.[11] Device support grew substantially by mid-2024, reaching 27 officially backed models, including expanded Pixel lineup and stable builds for non-Pixel hardware. A key milestone occurred in May 2024 with the addition of the Google Pixel 8a, followed by release candidate status for Android 15-based builds. In November 2024, three Motorola Moto G series devices (G32, G42, G52) gained support via CalyxOS 4.15.0 on Android 13, extending reach to budget-oriented mid-range phones.[12] Further expansion in 2025 included four new Motorola models in May—moto g 5G (2024), g34 5G, g45 5G, and g84 5G—prioritizing 5G-capable mid-range options for wider user testing and feedback.[13] Pixel compatibility advanced with Pixel 9a support added in June 2025 alongside CalyxOS 6.8.10, incorporating Android 15 QPR1 and the June security patch.[14] Regular feature and security updates, such as the July 2024 CalyxOS 5.9.0 release across all supported devices and the May 2025 update to version 6.7.23 with enhancements like Seedvault app restarts, underscored ongoing maturation and commitment to timely patches.[15] These developments reflected CalyxOS's progression toward a more inclusive ecosystem, with over 25 devices stabilized by mid-2025.[6]2025 Leadership Transition and Hiatus
In August 2025, the Calyx Institute announced a significant leadership transition at the helm of CalyxOS, involving the departure of founder and president Nicholas Merrill and lead developer Chirayu Desai. This change prompted immediate structural and personnel adjustments within the project, leading to a temporary halt in development and release cycles. The institute cited the need to address potential risks, including concerns over the security of existing signing keys amid the transition, as a key factor in suspending over-the-air (OTA) updates for current installations.[6][16][17] The hiatus, projected to last 4 to 6 months, was formally detailed in a community letter dated August 1, 2025, advising users to uninstall CalyxOS due to the unmaintained status of existing devices and the impending use of new signing keys for future builds. New installations were also paused to mitigate risks during this period, with the institute emphasizing that ongoing maintenance of prior versions posed potential vulnerabilities without timely security patches. A final OTA update on August 27, 2025, delivered platform-level patches to select devices (including Motorola and Fairphone models) while explicitly warning users of the development pause and the absence of subsequent updates for installed systems.[6][18][19] Despite the disruption to CalyxOS specifically, the Calyx Institute affirmed its commitment to broader initiatives, including fostering free and open-source software ecosystems and tools for secure internet access, with plans to resume CalyxOS development post-hiatus under revised leadership and processes. This transition occurred amid earlier challenges, such as adapting to Android 16's release in June 2025, which had already anticipated delays in the update schedule. The move drew scrutiny from privacy-focused communities, with some interpreting the key concerns and update cessation as indicative of deeper operational issues, though official statements framed it as a precautionary restructuring to ensure long-term viability.[16][20]Technical Architecture
Core Components and Base
CalyxOS is built primarily on the Android Open Source Project (AOSP), which supplies the foundational framework including the core libraries, runtime environment, native code execution capabilities via the Android Runtime (ART), and essential system services.[4] AOSP forms the backbone, enabling compatibility with Android's application ecosystem while allowing modifications for custom distributions. Unlike proprietary Android implementations from manufacturers, CalyxOS adheres closely to AOSP's open-source structure to minimize vendor-specific dependencies and proprietary blobs.[4] To achieve broader device support beyond Google's Pixel lineup, CalyxOS integrates components from LineageOS, a community-driven extension of AOSP that provides device trees, kernel configurations, and hardware adaptations for non-Google hardware.[21] This incorporation facilitates porting to devices like Fairphone and select Samsung models, though it introduces some additional code complexity compared to pure AOSP forks. LineageOS contributions handle vendor interface adaptations and recovery mechanisms, ensuring bootloader relocking and verified boot where hardware permits.[22] At the lowest level, CalyxOS employs Google's Android Linux kernel, which is the standard monolithic kernel for Android systems, hardened with upstream security patches and Calyx-specific patches for features such as the built-in firewall and privacy controls.[23] The Hardware Abstraction Layer (HAL) follows AOSP standards, abstracting device-specific drivers for components like cameras, sensors, and radios through standardized interfaces, with device-specific implementations sourced from LineageOS or upstreamed vendor code to maintain functionality without full reliance on closed-source firmware.[24] These elements collectively form a base that diverges from AOSP mainly in the exclusion of Google Mobile Services and the addition of privacy-oriented substitutions, prioritizing verifiable builds and reduced telemetry.[24]Device Compatibility and Installation
CalyxOS maintains compatibility with a curated set of smartphones, prioritizing devices with verifiable hardware security features like secure bootloaders and timely firmware updates from manufacturers. Primary support targets Google Pixel devices from the Pixel 3 series onward, which benefit from Google's extended security patch commitments, alongside select Fairphone and Motorola models. As of May 2025, modern supported devices include the Fairphone 5 running Android 15, various Motorola moto g series phones such as the moto g 5G (2024), g34 5G, g45 5G, and g84 5G, and Google Pixel models up to the latest generations.[25][13] Extended support, offering security patches beyond manufacturer timelines but without full feature updates, covers older hardware like the Google Pixel 5a (5G), Pixel 5, Pixel 4a (5G), and Motorola moto g52, g42, g32, all aligned to Android 15 where feasible. Devices no longer receiving updates include early Pixels such as the Pixel 3 series and 4 series, which ended support with the March 2025 security patch under Android 14, as well as beta OnePlus models like the 9 Pro. Verizon-branded Pixel variants are explicitly incompatible due to locked bootloaders. Compatibility excludes most other Android devices, as CalyxOS relies on official vendor kernels and drivers for stability and security; unofficial ports risk unverified vulnerabilities.[25][26][27] Installation begins with verifying device eligibility on the official CalyxOS site, followed by backing up data, as the process wipes the device. Users enable developer options, OEM unlocking, and USB debugging on the stock OS, then unlock the bootloader using device-specific fastboot commands, which triggers a factory reset and potentially voids manufacturer warranties. For Pixels, CalyxOS provides a web-based flasher tool or manual sideloading via ADB/Fastboot: download the device-tagged factory image ZIP, extract it, boot into fastboot mode, and executeflash-all or equivalent scripts to partition and install the OS, including verified boot images. Fairphone and Motorola installations mirror this, using vendor tools for bootloader access and CalyxOS images flashed via fastbootd. Post-install, users set up MicroG for optional Google services compatibility or rely on F-Droid and bundled apps; rebooting confirms the OS via the recovery menu or settings. The process demands a compatible host computer with platform-tools and typically takes 30-60 minutes, with warnings against interrupted flashes to avoid bricking.[27][28][29]
Core Features
Privacy-Oriented Configurations
CalyxOS configures its operating system with privacy enhancements enabled by default, excluding Google Play Services to minimize proprietary tracking and telemetry. Instead, it offers optional integration of microG, an open-source replacement that provides limited compatibility for apps requiring location or push notifications without full Google ecosystem dependencies; users can enable or disable microG services selectively, such as signature spoofing for app functionality, while avoiding account linking unless explicitly configured.[30][3] Network privacy is prioritized through default replacement of Google DNS resolvers with Cloudflare's 1.1.1.1 service, which undergoes independent privacy audits and does not log IP addresses beyond temporary aggregation for abuse detection. Private DNS is pre-configured for optional use with Cloudflare or other providers, enabling encrypted DNS queries to prevent ISP interception of domain requests. The built-in Datura firewall grants granular per-app controls, allowing users to block all internet access, restrict background activity, or differentiate between Wi-Fi, mobile data, and VPN traffic; by default, no apps have unrestricted access, requiring explicit user approval for connectivity.[3][31] Device identifiers are randomized where possible to thwart tracking: Wi-Fi connections use a randomized MAC address by default, configurable per network via Settings → Network & Internet → Wi-Fi → Advanced → Privacy. Advertising IDs are not generated natively without microG, and when enabled, microG permits resetting or opting out of personalized ads. Location services employ strict redaction policies, aggregating data only when necessary and defaulting to alternative providers like Mozilla's Location Service or microG's offline database derived from open sources such as OpenStreetMap, bypassing Google's fused location entirely unless GPS is active. Geocoding defaults to Nominatim, an open Nominatim instance focused on privacy-respecting queries.[32][5][3] Storage and data handling include mandatory file-based encryption using hardware-backed keys from device bootloaders, ensuring data at rest remains inaccessible without authentication. SeedVault provides default support for encrypted backups, transferable via USB or self-hosted Nextcloud servers without third-party cloud reliance. A privacy dashboard in Settings displays real-time app permission usage, and tools like Scrambled Exif automatically strip metadata from shared images. Default bundled apps, such as DuckDuckGo Browser with integrated tracker blocking and Signal for end-to-end encrypted messaging, further embed privacy without requiring post-install configuration.[3][33]Bundled Applications and Tools
CalyxOS ships with a curated set of pre-installed applications and tools designed to enhance privacy and usability without relying on proprietary Google services. These include F-Droid, an open-source app repository for installing and updating free software applications, complete with a privileged extension for seamless background updates.[3] SeedVault provides encrypted backups and restores, supporting both local USB storage and remote Nextcloud servers for app data and settings.[3] The Datura firewall enables users to granularly control network access for individual apps, including options to block Wi-Fi, mobile data, or VPN traffic.[3] For telephony, a basic phone dialer is bundled, featuring integration with apps like Signal for secure calling and a "Sensitive Numbers" option to dial emergency or helpline numbers without logging them.[3] Aurora Store is included as an alternative client for accessing the Google Play catalog anonymously, with support for spoofing or session-based logins to download and update apps.[3] Browsing defaults to Vanadium, a de-Googled fork of Chromium, alongside Tor Browser for anonymous web access that routes traffic through the Tor network.[28] microG services are pre-installed but disabled by default, offering compatibility for apps requiring Google Play Services through alternatives like UnifiedNlp for location (using sources such as Mozilla or Apple) and signature spoofing for push notifications.[3] Users can enable it during setup or opt for full disablement or Google login. The Auditor app is bundled for hardware-based remote attestation, allowing verification of bootloader status and OS integrity against official keys.[1] During initial setup, CalyxOS prompts users to optionally install a predefined list of recommended free and open-source apps from an on-device F-Droid repository, including Signal for encrypted messaging, Orbot for Tor-based VPN routing, Briar for offline-secure communication, and CalyxVPN for free encrypted tunneling provided by the Calyx Institute.[34][3] This approach prioritizes user choice while promoting tools vetted for privacy, such as DAVx⁵ for calendar and contact synchronization and Hypatia for on-device malware scanning.[3]Compatibility Mechanisms
CalyxOS employs MicroG, an open-source reimplementation of Google Play Services, as its primary mechanism for enabling compatibility with applications that depend on proprietary Google APIs, such as push notifications, location services, and in-app purchases, without requiring full Google integration.[30] MicroG is included by default but can be disabled or configured selectively; when enabled with a Google account, it supports additional services like Google Fi while spoofing device signatures to mimic stock Android behavior.[30] This approach contrasts with stock Android's proprietary framework, potentially reducing telemetry but introducing risks like incomplete API emulation, which may cause failures in apps relying on undocumented Google features.[30] For hardware compatibility, CalyxOS prioritizes devices with unlockable and relockable bootloaders, verified boot support, and vendor-provided firmware updates, focusing on Google Pixel models (from Pixel 3 onward as of 2022, extending to newer models like Pixel 8 series by 2025) due to their alignment with AOSP reference implementations.[25][35] Non-Pixel support is limited to select Fairphone (e.g., Fairphone 4, 5) and Motorola devices (e.g., moto g series added in May 2025, including g34 5G, g45 5G, g84 5G, and g 5G 2024), selected for Qualcomm SoCs that facilitate porting and security updates over MediaTek alternatives, which often lack timely open-source drivers.[25][13] Installation requires manual flashing via tools likefastboot and adb, with relocking the bootloader post-install to restore verified boot, though this demands user verification of firmware blobs for proprietary hardware acceleration.[27]
App compatibility is further assessed via external databases like Plexus, where CalyxOS configurations (MicroG disabled for "de-Googled" testing) reveal varying success rates; for instance, banking apps often function with MicroG enabled due to its emulation of SafetyNet and Google Play integrity checks, though some require additional workarounds like rooted signatures or sandboxed Play Store instances.[36][37] Device-specific mechanisms include custom kernel configurations and HAL (Hardware Abstraction Layer) adaptations, as seen in code reviews adding GNSS and AAM HAL entries to compatibility matrices for models like Pixel 9 series, ensuring sensor and modem interoperability without vendor lock-in.[38][39] Overall, these mechanisms balance privacy by minimizing Google dependencies while accepting trade-offs in universal app support compared to stock ROMs.[36]
Security and Privacy Claims
Implemented Security Measures
CalyxOS incorporates Android's Verified Boot mechanism, which cryptographically verifies the integrity of the operating system partitions during startup to detect tampering or malware modifications, with support for relocking the bootloader to enforce this chain of trust.[25][2] This preserves the core Android security model, including mandatory access controls via SELinux in enforcing mode and app sandboxing to isolate processes and limit privilege escalation.[1] A key addition is the Datura firewall, which enables granular per-application network controls, such as blocking all outbound traffic, restricting access to Wi-Fi or mobile data only, or permitting specific domains, thereby mitigating unauthorized data leaks or remote exploitation vectors without requiring root access.[33][36] Users can configure these rules via a dedicated interface, with default policies blocking network access for non-essential apps during initial setup.[28] Data at rest is protected through default full-disk encryption using hardware-backed keys, integrated with Android's file-based encryption scheme to secure user partitions and prevent offline data extraction.[3] Backups employ client-side encryption to ensure data confidentiality during transfer and storage.[33] Additional hardening includes blocking access from unknown USB devices to thwart physical supply-chain or evil-maid attacks, and integration of privacy-focused defaults like disabling telemetry and proprietary blobs where feasible to reduce the attack surface.[33] Security updates incorporate AOSP patches and device-specific vendor fixes, applied through over-the-air mechanisms, though implementation relies on community-maintained trees for supported hardware.[1]Empirical Security Track Record
CalyxOS has not been associated with any publicly reported security breaches or targeted exploits against its users as of October 2025.[7][40] Independent analyses and community discussions, including those on platforms like Hacker News and Reddit, similarly lack evidence of real-world compromises unique to the OS, though its smaller user base compared to stock Android may contribute to fewer observed incidents.[41][42] A notable vulnerability addressed by the project involved an AOSP external storage bypass, allowing third-party apps to access sensitive folders without permissions; this was patched in CalyxOS versions 6.6.22 and 6.6.23, released in April 2025, following Google's fix.[43] The project's security FAQ acknowledges theoretical risks from bundled components like Aurora Store, such as potential exploits in its implementation, but no empirical exploits have materialized from these.[44] However, CalyxOS has faced criticism for delayed security updates, with instances of up to four months without applying Android or browser patches, including during periods when vulnerabilities were actively exploited in the wild.[41][45] This issue intensified in 2025 amid a leadership transition and announced six-month update hiatus starting August 2025, raising concerns about exposure to unpatched upstream Android flaws without verified boot enforcement in some scenarios.[6][40][46] The project has committed to internal and independent security audits, with reports planned for publication, but none have been released as of late 2025.[6][47]Privacy Trade-offs and MicroG Analysis
CalyxOS incorporates microG, an open-source reimplementation of proprietary Google Play Services, to enable compatibility with applications that depend on Google APIs without requiring the full suite of Google software. This allows features like push notifications and location services to function in a de-Googled environment, but microG operates by spoofing Google app signatures, which necessitates enabling signature spoofing—a modification that undermines Android's standard app verification and isolation mechanisms.[30] In terms of privacy, microG reduces continuous data uploads compared to official Play Services; for instance, it does not perform background location tracking or telemetry by default unless explicitly configured. However, enabling certain functionalities, such as Firebase Cloud Messaging (FCM) for push notifications, requires connections to Google endpoints like mtalk.google.com, potentially exposing device identifiers, IP addresses, and notification metadata to Google servers. CalyxOS mitigates some risks by allowing users to disable microG entirely or avoid signing into a Google account, which limits account-linked tracking, but apps demanding verified SafetyNet attestation may still compel interactions with Google infrastructure.[30][48] Security analyses highlight that microG's implementation fails to fully replicate Play Services' encrypted connections or robust API access controls, creating vulnerabilities where malicious apps could exploit spoofed interfaces. GrapheneOS developers have critiqued this as a fundamental weakening of the system, arguing that signature spoofing creates a persistent attack surface absent in hardened alternatives. Empirical assessments, including those from privacy-focused communities, position microG as a usability concession: it broadens app support for users tolerant of partial Google reliance but falls short of zero-knowledge privacy ideals, as any Google communication risks data correlation over time.[45] Overall, CalyxOS's microG integration embodies a deliberate trade-off, prioritizing practical compatibility over maximal isolation; users with lower threat models benefit from seamless operation of mainstream apps, while those seeking uncompromising privacy may prefer disabling it or opting for ROMs without such dependencies. Official CalyxOS documentation acknowledges these limitations, emphasizing configurable controls like the Datura firewall to restrict microG's network access, though independent verification confirms residual exposures persist.[30][45]Comparisons to Alternatives
Versus GrapheneOS
CalyxOS and GrapheneOS are both open-source, privacy-oriented operating systems derived from the Android Open Source Project (AOSP), primarily targeting Google Pixel devices to enable de-Googled experiences with enhanced controls over permissions and network access.[33][49] GrapheneOS emphasizes security hardening as its core priority, implementing features such as a hardened memory allocator to mitigate heap exploitation, kernel-level protections including memory tagging and disabled just-in-time compilation, and stricter application sandboxing via enhanced SELinux policies and seccomp-bpf filters.[49] In contrast, CalyxOS focuses on usability alongside privacy, incorporating tools like the Datura firewall for granular network controls and a panic button for rapid app uninstallation, but it lacks equivalent low-level exploit mitigations, aligning more closely with standard AOSP security models extended by verified boot.[33] A primary divergence lies in handling Google Play Services compatibility: CalyxOS bundles MicroG—a open-source reimplementation of Google APIs—by default as a privileged system component to enable push notifications and location services without full Google integration, which its developers claim preserves privacy by avoiding proprietary phoning home.[33] GrapheneOS rejects MicroG due to its incomplete API coverage leading to potential bugs, reliance on reverse-engineered protocols, and elevated privileges that could amplify risks if compromised, opting instead for an optional sandboxed Google Play installation that confines services to unprivileged apps without system-level access.[49] This choice reflects GrapheneOS's first-principles approach to minimizing attack surface by preserving AOSP's isolation boundaries, whereas MicroG's integration in CalyxOS has drawn criticism for potentially undermining security in favor of broader app compatibility.[17] Device compatibility favors CalyxOS, which extends support beyond Pixels to include Fairphone models like the Fairphone 5 (Android 15 as of 2025) and select Motorola devices such as the moto g52 and g84 5G, enabling installation on non-Pixel hardware with varying levels of optimization.[25] GrapheneOS restricts support exclusively to Pixel devices, leveraging their hardware security modules and verified boot implementations for maximal integrity guarantees, but this limits options to Google's ecosystem.[49] As of October 2025, CalyxOS faces update disruptions following a leadership departure in August 2025, remaining stalled on the June 1, 2025, security patch level and missing fixes for remotely exploitable vulnerabilities like those in Exynos cellular radios, with full resumption uncertain due to signing key transitions requiring device reflashing.[6] GrapheneOS maintains timely monthly updates incorporating the latest patches, such as Linux kernel 5.10.199 equivalents, without such interruptions.[49][17] Empirically, neither OS has reported widespread exploits in production, but GrapheneOS's audited hardening—evidenced by features like per-connection MAC randomization and default sensor/network blocks—positions it as more resilient against advanced threats, while CalyxOS's broader compatibility and MicroG inclusion trade some security for practical privacy tools like anonymous Aurora Store access.[49][33] Developers of GrapheneOS have characterized CalyxOS as non-hardened and akin to LineageOS in capability, arguing its historical decisions prioritize functionality over robust protections.[17] Users seeking maximal security typically favor GrapheneOS, whereas CalyxOS appeals to those needing seamless integration with Google-dependent apps on diverse hardware.[45]Versus Stock Android and Other ROMs
CalyxOS diverges from stock Android primarily in its de-Google approach, excluding proprietary Google Play Services by default to minimize telemetry and data collection, while offering microG as an optional replacement for compatibility with location services and push notifications.[28] This configuration enables users to avoid the pervasive tracking inherent in stock Android's integration of Google services, which collect usage data across apps and system levels.[50] Additionally, CalyxOS includes privacy-enhancing tools such as a customizable firewall for app-level network control and pre-installed FOSS alternatives via F-Droid, contrasting stock Android's reliance on the Google Play Store and default permissions that facilitate broader data sharing.[51] Security-wise, CalyxOS supports bootloader relocking on compatible Pixels, preserving verified boot similar to stock, and delivers monthly updates aligned with Google's timeline for extended support devices.[1] However, it has faced criticism for selectively disabling or modifying certain AOSP security features, such as reduced exploit mitigations, leading claims that it is substantially less secure than stock Pixel OS in areas like app sandboxing and firmware verification.[52] Empirical track records show CalyxOS benefiting from Pixel hardware security modules but lacking stock Android's full upstream hardening against advanced threats, though it avoids stock's mandatory Google attestation requirements that can expose device state.[53] Relative to other custom ROMs, CalyxOS prioritizes usability for privacy-conscious users over maximal security, integrating microG for seamless app compatibility—unlike GrapheneOS, which forgoes microG entirely, sandboxes any Google services, and enforces stricter hardware-backed attestation for superior exploit resistance but at the expense of functionality in Google-dependent apps.[45] Against LineageOS, CalyxOS ships fewer proprietary blobs, enforces privacy defaults like randomized MAC addresses, and maintains relockable bootloaders on supported devices, whereas LineageOS emphasizes broad device compatibility and customization but often retains more Google dependencies and relaxes security boundaries for feature parity with stock.[54][55] DivestOS shares CalyxOS's de-Googling ethos but extends support to legacy devices with extended maintenance, though CalyxOS edges in Pixel-specific optimizations for timely updates as of 2025.[53]| Aspect | CalyxOS | Stock Android | GrapheneOS | LineageOS |
|---|---|---|---|---|
| Google Services | Optional microG | Full integration with telemetry | Sandboxed optional Play | Often GApps add-on |
| Security Hardening | Relockable bootloader, partial AOSP | Full verified boot, monthly patches | Enhanced attestation, no microG | Customizable but reduced vs AOSP |
| Privacy Defaults | Firewall, no default tracking | Permissive permissions, data collection | Maximal isolation | Variable, user-configurable |
| Device Support (2025) | Pixels, select Fairphone/Motorola | All certified devices | Pixels only | Broadest, including legacy |