Skip to content
PrivateAI
← Back to Home
privacy guides

CalyxOS vs GrapheneOS 2026: Which Private Android OS Should You Install?

9 min readBy PrivateAI Team

Both CalyxOS and GrapheneOS set out to solve the same problem: remove Google from Android while keeping the phone functional. They arrive at very different answers about how to do that, and those differences have real consequences for security, app compatibility, and usability.

This comparison cuts through the community debates to give you a practical decision framework.

The Core Philosophical Difference

GrapheneOS treats security as the foundation. Privacy is achieved primarily by removing unnecessary software and network connections, but the underlying goal is a hardened, audited operating system with the fewest possible attack surfaces. The GrapheneOS security model assumes that even the OS developer should not be trusted unconditionally — hence the emphasis on verified boot, attestation, and hardware-backed security.

CalyxOS treats usability as the primary constraint. The goal is to provide a de-Googled Android experience that is accessible to privacy-conscious users who are not security engineers. MicroG is the centerpiece of this philosophy — it allows users to keep apps they depend on working without installing Google's actual surveillance infrastructure.

Neither philosophy is wrong. They target different users.

Security Hardening: GrapheneOS Leads

GrapheneOS has a dedicated security research team and implements hardening that goes well beyond what AOSP (the base Android Open Source Project) provides:

Memory hardening:

  • Hardware Memory Tagging (MTE) enabled on supported Pixel devices — catches memory safety bugs in real-time
  • Extended use of hardened_malloc (GrapheneOS's memory allocator with canary values and other exploit mitigations)
  • W^X (Write XOR Execute) enforcement more aggressive than stock Android

Sandboxing enhancements:

  • Per-application network permission (apps can be denied all internet access)
  • Storage scopes (apps see only files you explicitly grant them access to)
  • Contact scopes (apps see only contacts you explicitly share with them)
  • Sensor permissions (apps can be denied access to the accelerometer, gyroscope, and other sensors)

Verified boot:

GrapheneOS maintains full verified boot chain — the bootloader validates the OS signature on every boot. There is no way to tamper with the OS installation without breaking the attestation chain that can be verified by the GrapheneOS Auditor app. This hardware-backed integrity verification does not exist in CalyxOS.

Update cadence:

GrapheneOS typically ships Android security patches within 1-3 days of Google's release. CalyxOS generally ships within 1-2 weeks. For security patches, speed matters — the window between patch release and exploitation is often days.

CalyxOS security posture:

CalyxOS does not implement the additional hardening that GrapheneOS adds. It applies Google's security patches and removes Google services, but the underlying Android security model is largely unchanged. CalyxOS is substantially more secure than stock Android (by removing a major attack surface — Google's data collection infrastructure), but it is not as hardened as GrapheneOS against technical exploits.

Google Play Compatibility: The MicroG vs. Sandboxed Play Debate

This is the biggest practical difference for most users.

CalyxOS with MicroG:

MicroG is an open-source implementation of Google Play Services APIs. When an app calls a Google API (for push notifications, maps, in-app purchases, Play Integrity checks), MicroG intercepts the call and handles it where possible.

  • Push notifications: MicroG routes these through its own proxy rather than Google's Firebase (UnifiedPush protocol)
  • App compatibility: Good for apps that use common Google APIs. Poor for apps that use proprietary Google APIs that MicroG does not implement.
  • Play Integrity API: MicroG cannot pass Play Integrity checks — apps that require device integrity attestation (most banking apps, Netflix, some games) will not work without workarounds.

GrapheneOS with Sandboxed Google Play:

GrapheneOS optionally installs real Google Play Services in an isolated user profile where it has no system-level access. This is architecturally similar to running any other Android app — Google Play can access only the permissions you explicitly grant, cannot see other apps or system data, and is contained within its profile.

  • App compatibility: Excellent — essentially full Android app compatibility, including apps that use proprietary Google APIs
  • Play Integrity API: Real sandboxed Google Play can pass standard Play Integrity checks, enabling most banking apps
  • Trade-off: You are running actual Google code (sandboxed), which means Google's network requests do occur from within the sandbox. Google knows when sandboxed Play connects, but cannot access the rest of your device.

The honest verdict:

For users who need banking apps, Google Pay, or apps that fail Play Integrity checks, sandboxed Google Play on GrapheneOS works better than MicroG on CalyxOS. For users with a principled objection to running any Google code at all, MicroG's approach aligns better — but at a significant app compatibility cost.

App Stores

GrapheneOS:

  • Accrescent (GrapheneOS's recommended app store — signed packages, no Google dependency)
  • F-Droid (open source apps)
  • Sandboxed Google Play (optional)
  • Sideloading via APK

CalyxOS:

  • F-Droid (default, pre-installed)
  • Aurora Store (anonymous access to Google Play — downloads apps without a Google account)
  • MicroG Play Services (some apps from Play will function)

Both OSes support sideloading. Aurora Store on CalyxOS provides access to the full Google Play catalog anonymously, which is useful for apps not available in F-Droid.

Supported Devices

GrapheneOS: Google Pixel 6 through Pixel 9 series and their variants (a-series, Pro, Pro XL, Fold). Pixel support is explicitly chosen for hardware security properties.

CalyxOS: Broader device support including all Pixel phones (6 through 9 series), Motorola Edge+ and Edge 30 Ultra, SHIFT6MQ. Older Pixels (4, 5) also supported by CalyxOS where GrapheneOS has dropped support.

If you are buying a new device for privacy specifically, Pixel 9 or Pixel 9a are the recommended base for either OS.

Installation Difficulty

GrapheneOS: Web-based installer at grapheneos.org/install/web. Requires unlocking the bootloader, flashing the OS, then re-locking the bootloader. Total process takes 30-45 minutes and follows clearly written official documentation. Technical proficiency required: moderate. If you have sideloaded an APK before, you can install GrapheneOS.

CalyxOS: Similar process using device-flasher or web installer. Comparable difficulty to GrapheneOS installation. CalyxOS's documentation is also clear and well-maintained.

Neither OS is significantly harder to install than the other. Both require comfort with following technical instructions carefully.

Who Should Choose GrapheneOS

  • Users who want maximum security hardening in addition to privacy
  • Users who need banking app compatibility (sandboxed Google Play)
  • Security researchers and professionals
  • Users who will not use any Google services and want complete removal
  • Users on the latest Pixel hardware

Who Should Choose CalyxOS

  • Users who want a more guided, beginner-friendly de-Google experience
  • Users with older Pixels or non-Pixel devices that GrapheneOS does not support
  • Users who prefer the philosophical approach of MicroG over real (sandboxed) Google code
  • Users who want a less configuration-intensive experience out of the box

The Bottom Line

If you are choosing between the two: GrapheneOS is technically superior in every meaningful security dimension and the better choice if you are on a supported Pixel. The sandboxed Google Play feature solves the app compatibility problem that kept many users on CalyxOS in previous years.

CalyxOS remains a good option for users on unsupported hardware or who want a simpler setup experience — it is dramatically better than stock Android and a legitimate privacy improvement.

Complete your de-Googled phone setup

Either OS removes Google from your phone. Add Mullvad VPN to remove your ISP from your internet activity — the Android app works on both GrapheneOS and CalyxOS.

Learn More


Frequently Asked Questions

Is CalyxOS or GrapheneOS better for privacy?

GrapheneOS provides stronger privacy and security than CalyxOS by almost every technical measure. It has a more aggressive security hardening model, a larger dedicated security team, faster update cadence, and its sandboxed Google Play implementation is technically more secure than CalyxOS's MicroG approach. CalyxOS is easier to set up and maintain for less technical users. If you are comfortable with Android configuration, GrapheneOS is the better choice. If you want a simpler experience that is still dramatically better than stock Android, CalyxOS is the better choice.

Does CalyxOS have Google Play Services?

CalyxOS uses MicroG — an open-source reimplementation of Google Play Services that allows apps requiring Google dependencies to function. MicroG intercepts calls that apps make to Google Play Services APIs and handles them locally where possible, or routes them through a privacy-preserving proxy. This is different from GrapheneOS's approach, which runs the actual Google Play Services in an isolated sandbox container. MicroG has broader philosophical alignment with the de-Google mission but less app compatibility than real sandboxed Google Play.

Can I install CalyxOS or GrapheneOS on any Android phone?

Neither OS officially supports all Android devices. GrapheneOS officially supports Google Pixel phones only — the Pixel 6 through 9 series and newer. Pixel support is chosen because of their strong hardware security features (Titan M2 chip, verified boot, hardware attestation). CalyxOS supports a wider range of devices including Pixels, some Motorola phones, and the SHIFT6MQ. Pixel phones from the 6a onward are the recommended base for either OS.

Will banking apps work on CalyxOS or GrapheneOS?

Most major US banking apps work on both CalyxOS and GrapheneOS in 2026, though the situation varies by bank and sometimes by app version. GrapheneOS with sandboxed Google Play passes the Play Integrity API check that banking apps use, which has improved compatibility significantly since 2023. CalyxOS with MicroG has more variable compatibility — some banking apps work without issue, others require workarounds. The GrapheneOS community maintains an app compatibility list that is regularly updated.

Is GrapheneOS legal?

Yes — GrapheneOS is an open-source, legally distributed Android fork that you install using Google's own official bootloader unlocking and flashing process. It does not involve piracy, unauthorized access, or circumventing any law; it is functionally similar to installing a different Linux distribution on a computer you own.

Why does GrapheneOS only support Google Pixel phones?

GrapheneOS targets Pixel hardware specifically because Pixels have the strongest hardware security features available on consumer Android devices — the Titan M2 security chip, verified boot, and hardware-backed attestation — that GrapheneOS's security model depends on. Other Android manufacturers either lock their bootloaders permanently or lack equivalent hardware security guarantees, which is why the project has not expanded support beyond Pixel devices.

Is GrapheneOS safe for everyday use?

Yes — GrapheneOS is designed specifically for daily-driver use, with sandboxed Google Play enabling compatibility with most everyday apps including banking apps. It has an active, well-regarded security team and a track record of rapid patching, making it suitable as a primary phone rather than a specialty or research device.

Do I need technical experience to install GrapheneOS?

Some comfort with following technical instructions carefully helps, but the official web installer at grapheneos.org automates most of the process — connecting your phone via USB and clicking through prompts. CalyxOS is generally considered slightly more approachable for less technical users if installation simplicity is the deciding factor.

What is the difference between GrapheneOS and stock Android?

Stock Android on a Pixel runs Google Play Services system-wide with continuous data collection — location, app usage, and device identifiers reported to Google. GrapheneOS removes Google Play Services from the operating system entirely, replacing it with an optional sandboxed version that apps can use without granting Google system-level access, alongside additional hardening like enhanced verified boot, stronger exploit mitigations, and more granular per-app permissions than stock Android offers.

Does GrapheneOS support Google Maps?

Yes, if you install sandboxed Google Play, Google Maps runs the same as it does on stock Android. Most users running GrapheneOS choose to use Organic Maps or OsmAnd instead to avoid the location tracking associated with a signed-in Google Maps session, reserving sandboxed Google Maps for situations where the offline alternatives' data gaps (real-time traffic, business reviews) matter most.

Is a Google Pixel phone itself private if I install GrapheneOS on it?

Yes — installing GrapheneOS removes Google's software-level data collection from the device entirely; the Pixel hardware itself does not phone home to Google independent of the operating system. The use of Google-manufactured hardware for a privacy-focused OS is purely about hardware security: GrapheneOS depends on Pixel hardware security features, not on Google software being present.