GrapheneOS vs CalyxOS: Which De-Googled Android Is Right for You? (2026)
If you have decided to leave stock Android behind, two names dominate the conversation: GrapheneOS and CalyxOS. Both are open-source, de-Googled operating systems that run on Google Pixel phones and ship without Google apps by default. But they make different trade-offs — one optimises for maximum security, the other for everyday compatibility. This guide compares them honestly so you can pick the right one for your needs. If you are still deciding whether to switch at all, start with GrapheneOS explained and our best privacy phone overview.
Quick verdict
There is no single winner — it depends on your priorities:
- Choose GrapheneOS if you want the strongest available security hardening and you are comfortable running Google services in an isolated sandbox (or not at all).
- Choose CalyxOS if you want broad app compatibility with push notifications out of the box and prefer a gentler setup, accepting a slightly larger attack surface in exchange.
Both are far more private than stock Android. The “right” answer is the one that matches your threat model.
What they have in common
Before the differences, it is worth being clear about how similar these projects are:
- Both are free and open-source, built on the Android Open Source Project (AOSP).
- Both ship with no Google apps or services by default.
- Both are designed primarily around Google Pixel hardware, which offers a secure element, verified boot, and long firmware-update guarantees. (CalyxOS has also listed support for a small number of non-Pixel devices over its history; GrapheneOS is Pixel-only by design. Check each project’s official device list before buying.)
- Both let you re-lock the bootloader on supported devices to preserve verified boot.
So the choice is not “private vs not private” — it is about how each one handles Google services and how much deep hardening it adds.
GrapheneOS: security first
GrapheneOS is built around exploit resistance and minimising attack surface. Its headline features include:
- A hardened memory allocator (
hardened_malloc), hardened kernel and C library that raise the cost of memory-corruption exploits. - Sandboxed Google Play (optional): the real Google Play Services and Play Store run as ordinary, fully sandboxed apps with no special system privileges — broad compatibility without giving Google privileged system access. You can also run with no Google components at all.
- Granular per-app permissions beyond stock Android, including per-app Network and Sensors toggles.
- Security-hygiene features such as a duress PIN that wipes the device, auto-reboot to the “before first unlock” state after inactivity, and USB-C port controls on a locked device.
In short, GrapheneOS prioritises the security model. It does not use microG; instead it offers the sandboxed-Play approach to compatibility.
CalyxOS: compatibility and convenience
CalyxOS targets users who want strong privacy without wrestling with app compatibility. Its distinguishing choices:
- microG — an open-source re-implementation of Google Play Services — is integrated, so apps that depend on Google services (including push notifications via a Google-services substitute) tend to work with less friction out of the box.
- The Datura firewall lets you control which apps reach the network.
- It bundles privacy-respecting defaults and the Aurora Store for installing Play Store apps anonymously, alongside F-Droid.
The trade-off is honest and worth stating: microG re-implements Google connectivity rather than fully isolating it the way GrapheneOS’s sandbox does, so the approach accepts a somewhat larger surface in exchange for convenience. For many users that is a reasonable balance; for a high-risk threat model it is a meaningful difference.
Key differences at a glance
| GrapheneOS | CalyxOS | |
|---|---|---|
| Primary focus | Maximum security / hardening | Compatibility & ease of use |
| Google-services model | Sandboxed Google Play (optional) or none | microG (re-implementation) |
| Deep hardening | Extensive (hardened malloc/kernel, exploit mitigations) | Lighter |
| Supported devices | Pixel only | Mainly Pixel; some other models historically |
| Beginner friendliness | Steeper learning curve | Generally gentler |
| Push notifications | Via sandboxed Play if installed | Via microG out of the box |
| Per-app network/sensor controls | Yes (granular) | Firewall (Datura); fewer hardening toggles |
Which one should you choose?
- Pick GrapheneOS if security is your top priority — a higher threat model, sensitive work, or simply wanting the most hardened build available. You are fine installing sandboxed Play only when needed, or going fully Google-free. See GrapheneOS explained for the full hardening breakdown.
- Pick CalyxOS if you want a de-Googled phone that “just works” with your apps and notifications, with a gentler setup, and you accept the microG trade-off. It is an excellent first step away from Google — see how to de-Google your Android.
Either way, remember that a de-Googled OS hardens the device; it does not anonymise your network traffic. Pair it with a VPN or Tor, and define what you are actually protecting against with a clear threat model.
Frequently asked questions
Is GrapheneOS more secure than CalyxOS? GrapheneOS puts more emphasis on deep security hardening — a hardened memory allocator, exploit mitigations, and stricter sandboxing — and avoids microG. CalyxOS is privacy-focused but lighter on that exploit-level hardening, prioritising compatibility instead. For a high threat model, GrapheneOS is generally the stronger security choice.
Does CalyxOS use Google services? Not the real ones by default. CalyxOS includes microG, an open-source re-implementation of Google Play Services, so apps that expect Google connectivity (such as push notifications) can work without installing Google’s own proprietary services.
Which phones support GrapheneOS and CalyxOS? Both are designed around recent Google Pixel devices, which meet their hardware-security requirements. GrapheneOS is Pixel-only. CalyxOS has historically listed a few non-Pixel models as well. Always check each project’s official device list (grapheneos.org and calyxos.org) before buying.
Is microG safe? microG is open-source and widely used, and it lets you avoid Google’s proprietary services while keeping app compatibility. It is a reasonable privacy trade-off for most people, but because it re-implements Google connectivity rather than fully isolating it, it represents a somewhat larger surface than GrapheneOS’s sandboxed approach. Match the choice to your threat model.
Editorial comparison based on the documented designs of GrapheneOS (hardened_malloc, sandboxed Google Play, per-app network/sensor permissions) and CalyxOS (microG, Datura firewall, Aurora Store). Device support and feature details change over time — verify current specifics on grapheneos.org and calyxos.org. Commercial links carry the rel=“sponsored nofollow” attribute; an affiliate commission may apply at no extra cost to you.