English

Privacy-sensitive Android “CalyxOS” as an /e/ alternative for Fairphone 3 (FP3)?

The OS and the differences to /e/

The German news magazine Golem.de has tested CalycOS. (German)
It’s currently only available for Pixel devices, but they thionk of supporting other devices.

As an /e/ alternative (I’d call it like this), the Golem.de review seems to praise it for being:

  • easy to use for an average user
  • it has integrated Seedvault, i.e. a backup solution as easy as Googles own backup, but encrypted and into your own Nextcloud, USB device or others. A feature /e/ does not yet have.
  • it allows to lock the bootloader etc. for security reasons after flashing
  • you get updates once a month
  • optional microG and Aurora Store installation at first start, so the user can decide whether to use some Google Play store apps at least – or don’t even use microG. The auto-update in Aurora Store e.g. also does not fully work in /e/ yet.
  • supports F-Droid and automatic updates thanks to F-Droid privileged extension. /e/ also does not have this (yet). It does not even install F-Droid.
  • it has integrated many more minor privacy features like regulating internet access for apps, a display of the permissions used by apps and a panic button by integrating the ripple app. It also suggests privacy-sensitive apps by default at installation time.

IMHO, and this is fully subjective(!), /e/ is also a OS, which heavily promotes their own services (their own Nextcloud, „eCloud“ etc.) and all linked to their own /e/ account. They also have their own app store, which mixes free and proprietary (Google Play Store) apps and pulls them from some other source. Again see e.g. their Golem.de review. (German)
That’s not to say /e/ would be a bad choice – there are threads discussing other downsites of /e/, but having an alternative from a non-profit organisation that does some things differently sounds like a good thing too, in any case actually.
There are also some more fundamental, but technical differences, because eOS is AFAIK based on LineageOS, while CalyxOS is not, as far as I see.

BTW sorry for linking so many German sources.


What is stopping us/missing

Actually, someone already asked in their issue tracker whether the FP3 could be supported and they even said, they „talked about it” already.

The only thing they see missing is Android 10, which we now have (the question has been asked two months ago, so before the FP3+), and timely updates. Also, they see a loophole in the security of the FP3 with EDL flashing mode, which I’m not sure how that works in detail, but maybe could also be a solvable problem on Fairphone’s side?


What to do now…

So what would be fantastic IMHO is another partnership or cooperation between Fairphone and the Calyx Institute.

What I would suggest if you also want that: Upvote the linked CalyxOS issue for FP3 support and in the next custom OS poll from Fairphone vote for CalyxOS. (The last time the poll was done in a time, where CalyxOS was still in development. It has only really been released as v1.0 in September this year.)

12 Likes

The biggest Problem I see is that Calyx is not sure about supporting devices that don’t run the latest Android version.
So if there is no official Android 11 from Fairphone it is possible that supports stops?
Everything else looks very promising, thanks for making the Post way more detailed than what I had in mind after reading about it :slight_smile:

2 Likes

Well… I hope Fairphone will release Android 11 for the FP3/FP3+ (soon)…

But yeah, that’s why they prefer Android One, which the FP3 arguably is not, e.g. because of the problem of hardware selection that Android One does not allow. (But due to Treble, which the FP3 is, I still hope for fast updates.)

Anyway, yeah thanks. Mostly I just hope for such an OS and compatibility would be very nice.

2 Likes

I’ve actually donated to the Calyx Institute in January in order to support the seedvault development, even if at that time it didn’t seem likely to see this backup tool on Fairphones soon. But then, the test branch of /e/ already has it. Not sure how good chances are that Calyx OS comes to the FP. Upvoted the issue in gitlab anyway :wink:

4 Likes

BTW, Calyx replied me this on Twitter:

1 Like

Whonix wiki has a list of privacy/anonymity focused mobile OSes. It is a bit out of date information though.

As for backup solution you can use Nextcloud and DAVx5 to sync your contacts and photos/videos. I know it is not the same but its a start.

I’m very thankful that /e/ choose to go with Nextcloud for their own offering - as it allows to use your own hosted instance or another provider to use the tethered functions of the device: photo sharing, contact sync… Of course you can use Nextcloud apps for this, they might be even better maintained (less software bugs through bigger userbase). But the integration in /e/ comes with the stock rom. I can hand out a newly flashed device to a normal user and setting up/syncing contacts, photo upload/sharing is thought of. Going from AOSP/Lineage/Graphene is okay for me, but not people I care about.
Anyway, everybody benefits from a good ecosystem, so I’m very thankful Calyx took on Seedvault development and look forward to interesting GSIs

@rugk: are there technical reasons you propose CalyxOS explicitly for FP3 (and not for FP2, which runs - officially supported - Lineage 17.1 just fine)?

Yeah, I doubt they support devices, which only run unofficial up-to-date Android versions. And if they already have doubt whether they can provide Calyx for FP3, because Android 11 is not yet released, I doubt it gets easier with FP2.
Also does the FP2 device even get kernel patches? And then I also doubt you get a locked bootloader there etc., which they also list as a requirement.

2 Likes

I would be very interested in having CalyxOS on Fairphone 3 as well!

I did some investigation on the “Verified Boot with locked bootloader” requirement of the CalyxOS ticket, and here is what I found (see also here).

  1. Fairphone 3 does not have ‘secure boot’ enabled
  2. EDL is easily accessible, and a working EDL programmer is publicly known

(Interestingly, the CalyxOS ticket refers to a link that I was not aware of, but seems to have come to the same conclusions.)
The above two points mean that a ‘fully secure verified boot with locked bootloader’ seems not achievable.
However, I still hope to either be proven wrong, or, at least to maximize security within those constraints - and CalyxOS might be a great option here.

Strictly spoken it is possible to lock the bootloader, and to enable verified boot - I am currently running with this setup (using LineageOS 17.1).

In addition, it seems possible to override the built-in root of trust using our own key. I have been experimenting with this, and I found that, after setting avb_custom_key with my own key and with an image signed with:

  • the default google test keys: the verified boot status is green, suggesting that the built-in root of trust somehow trusts the google test keys. That is unfortunate, as these are obviously available to anyone.

  • my own custom avb_custom_key set: the verified boot status is ‘yellow’ - suggesting that the custom avb_custom_key indeed works. Unfortunately the ‘ID’ field on the yellow boot screen is empty, making it not possible to do a visual verification of the used key.

  • another avb key (other than the google test keys or my trusted user key): the system does not want to boot that image and falls back to the known good image in the other slot - suggesting that it is indeed not trusting the image.

I’d be very interested in any comments on the above, or comments/tips to further secure the verified boot process in general.

1 Like