CalyxOS

CalyxOS News

📰 Read about what we're working on, important announcements, and upcoming events.

📰

November Security update

2021-11-08

The Android 11 November Security update is finally here.

For users who can’t select the beta channel, that bug has been fixed in this update, and you’ll be able to select it again going forward.

Android 12:

  • We’re working on the port. You can follow the progress on GitLab and Gerrit. We will continue posting more updates as the port progresses.
  • Pixel 3 and newer will get the update first.
  • For the Pixel 2 and Mi A2, we’re still looking into the feasiblity of porting Android 12.

Pixel 6, 6 Pro:

  • We will be supporting it, but currently we’re working on the Android 12 port in general before we begin work specifically on the Pixel 6.

Changelog:

  • CalyxOS 2.11.0 - November 2021
  • November Security update (2021-11-01)
  • Updater: Fix beta channel
  • microG: More push notification improvements, after extensive testing
  • Chromium: 94.0.4606.85
  • F-Droid: Remove opt-in push requests feature entirely
  • Update all included apps

Security update notes

  • The Pixels 3, 3 XL, 3a, 3a XL, 4, 4 XL, 4a, 5, 4a (5G), 5a are now on Android 12, which means we need to port that before we get the full security update, to the proprietary components. For this build, we have updated the open source OS code (AOSP), and the Linux kernel. This is indicated in the Security patch level in Settings.
  • The Pixels 2 and 2 XL are not being updated by Google anymore, so they only contain the fixes to the open source components, such as the OS code and the Linux kernel. Proprietary components such as the bootloader, modem firmware, and other firmware no longer get updates.
  • The Xiaomi Mi A2 is no longer being updated by Xiaomi, so the CalyxOS releases for it only contain the fixes to the open source components, such as the OS code and the Linux kernel. Proprietary components such as the bootloader, modem firmware, and other firmware no longer get updates. Additionally, due to a Xiaomi bug wherein updating causes the device to get wiped, we have to ship the September 2020 firmware.

📰

microG push notification fixes

2021-10-13

The October update included some push notification fixes, however it turned out that they didn’t work as well as expected for everyone.

We’ve done some more fixes, and a test APK is now available.

You need to be running the October build, CalyxOS 2.10.0 to be able to install this.

You can get it from our test F-Droid repo, https://gitlab.com/CalyxOS/calyx-fdroid-repo

To add it, simply add this URL to F-Droid -> Settings -> Repositories -> Plus sign at the top right: https://calyxos.gitlab.io/calyx-fdroid-repo/fdroid/repo?fingerprint=C44D58B4547DE5096138CB0B34A1CC99DAB3B4274412ED753FCCBFC11DC1B7B6

Alternatively, you can scan the below QR code:

gitlab-calyx-fdroid-repo

The changes included have all been sent to microG upstream for integration in the codebase so that everyone can benefit.

This F-Droid repo also includes the GCam Photos Preview app to preview photos directly from Google Camera (without having to install Google Photos)

Note:

We’re in the middle of revamping our F-Droid repository setup, and this will change. In the future, we will be able to push out updates directly to the device without you having to add any custom repos

📰

October Security update

2021-10-08

The October Security update is here. It also contains some bugfixes and minor features that we had been working on.

We’re also working on Android 12, for more details see Android 12 update plans

Changelog:

  • CalyxOS 2.10.0 - October 2021
  • October Security update (2021-10-01)
  • microG: Major push notification improvements. Should work much more reliably now
  • microG: Don’t log google account details
  • Seedvault: 11-2.3
  • Seedvault: Add expert settings with an option for unlimited quota
  • Seedvault: Don’t backup on metered networks
  • Seedvault: Disable spell-checker on recovery code input
  • Seedvault: Ask for system authentication before storing a new recovery code
  • Seedvault: Prevent screenshots of recovery code
  • Seedvault: Allow launching restore through a dialer code ##RESTORE## aka ##7378673##
  • Fix navigation bar arrows setting
  • Fix global cleartext restriction (developer options) not working for some apps
  • Always allow editing all APNs
  • Settings: Show separate firmware and kernel security patch levels - For older devices (Pixel 2, A2) we may not be able to update everything.
  • Hide “Google Play services is unavailable” notification for certain apps when you choose to disable microG.
  • Stop granting location to Browser app by default
  • Launcher: Add explanatory dialog to pause apps
  • Chromium: 94.0.4606.61

Pixels except 5a:

  • Make some changes to allow installation of Google Camera directly from Aurora Store
  • You may have to logout and login from Aurora Store for this to take effect
  • Latest Google Camera should be available, version 8.2.400
  • You can install GCam Photos Preview to preview photos directly from Google Camera (without having to install Google Photos)

Pixel 2:

  • Linux 4.4.283

Mi A2:

  • Enable fingerprint swipe gesture
  • Linux 4.4.283

Security update notes

  • The Pixels 3, 3 XL, 3a, 3a XL, 4, 4 XL, 4a, 5, 4a (5G), 5a contain the full security patch, as they are still being updated by Google.
  • The Pixels 2 and 2 XL are not being updated by Google anymore, so they only contain the fixes to the open source components, such as the OS code and the Linux kernel. Proprietary components such as the bootloader, modem firmware, and other firmware no longer get updates.
  • The Xiaomi Mi A2 is no longer being updated by Xiaomi, so the CalyxOS releases for it only contain the fixes to the open source components, such as the OS code and the Linux kernel. Proprietary components such as the bootloader, modem firmware, and other firmware no longer get updates. Additionally, due to a Xiaomi bug wherein updating causes the device to get wiped, we have to ship the September 2020 firmware.

📰

Android 12 update plans

2021-10-05

Google has released Android 12 to AOSP. They are yet to release the Android 12 update for the Pixels though, stating that it’ll be available in the next few weeks.

We have started work on porting CalyxOS to Android 12. We can port the general OS changes we make (microG, work profiles, firewall to name a few) right now, and then wait for Google to release the update for the Pixels before we can start working on having builds ready.

  • Pixel 3 and above: Will receive Android 12 update after Google releases it, and we port our changes.
  • Pixel 2: Still looking into the feasibility of porting Android 12.
  • Mi A2: Same, we’re still looking into it.
  • Pixel 6: This will be supported, however it will take a while since it’s an entirely new device, and we’d also need to do the 12 port in general before we’re able to release Pixel 6 builds.
  • Other devices: We’re looking into supporting more devices, however for now we’re prioritising the Google-supported Pixels for Android 12.

You can follow the progress on GitLab and Gerrit. We will continue posting more updates as the port progresses.

We’re also working on getting the October 2021 Security update (Android 11) out for all supported devices.

📰

Introducing GCam Photos Preview

2021-09-30

The Pixels have great cameras, and Google Camera works really well on them.

However, with recent versions, Google Photos has been required to view the pictures taken directly from the Camera.

We have created an app to avoid that, called GCam Photos Preview.

It’s a tiny app that you can install in lieu of Google Photos to be able to preview captured images directly from Google Camera

Steps:

  1. Uninstall Google Photos (if you have it installed).
  2. Download and install GCamPhotosPreview.apk.
  3. Open Google Camera, try to view an image by tapping on the bottom right preview circle.
  4. If you scroll past the first image, you may be asked to grant storage permissions. That’s required to view those images.

We’ll be working on adding more features to this, and making any fixes as needed. It’s open source, contributions welcome!

Also, while we’re talking about Google Camera, the upcoming CalyxOS update includes some changes that will let you install it directly from Aurora Store :)

📰

September Security update

2021-09-09

The September Security update is here. It’s basically the last update (2.8.2/.3) with the September 2021 security patches applied on top.

Changelog:

  • CalyxOS 2.9.0 - Android 11
  • September Security update (2021-09-05)
  • Change build number to 202109290 (2021 September, CalyxOS 2.9.0) to work around an issue where latest Google Camera would crash when trying to use Night Sight
  • Updates for all included apps

Pixel 5a:

  • Fix fingerprint scanner / biometric usage in apps
  • Add a file needed for Google Camera to work

Security update notes

  • The Pixels 3, 3 XL, 3a, 3a XL, 4, 4 XL, 4a, 5, 4a (5G), 5a contain the full security patch, as they are still being updated by Google.
  • The Pixels 2 and 2 XL are not being updated by Google anymore, so they only contain the fixes to the open source components, such as the OS code and the Linux kernel. Proprietary components such as the bootloader, modem firmware, and other firmware no longer get updates.
  • The Xiaomi Mi A2 is still getting security updates, but those are Android 10 and usually released towards the end of the month, whereas CalyxOS is Android 11 and releases the updates right as they're available. This means that the A2 lags behind slightly, by a month or two, in getting security updates for proprietary components.

📰

Pixel 5a

2021-09-08

CalyxOS 2.8.3 is now available for the Pixel 5a - codename barbet.

You can download it from:

DeviceLinkSignatureSHA256
Pixel 5a (5G) (barbet) Download Signature 140b2e386be3fad46978f11937d474c979bd6643b1fe9e760b40d90404038bb5

and install it using our “device-flasher”, for instructions see Install

Changelog:

  • CalyxOS 2.8.3 - Android 11
  • August Security patch (2021-08-05)
  • Vendor: June Security patch (2021-06-05)
  • Initial build for Pixel 5a

The September 2021 Security update will be available later this week for the Pixel 5a as well as all other devices

📰

Feature update

2021-09-02

The promised feature update is here. It will be last big update for Android 11, we will not be developing any more features and instead focusing on making an Android 11 build available for the Pixel 5a, and also preparing for Android 12.

Changelog:

  • CalyxOS 2.8.2 - Android 11
  • August Security patch (2021-08-05)
  • Datura firewall: Network access toggle (the main toggle next to the app name) now prevents apps being able to bypass network isolation through DNS requests
  • Global VPN feature: Ability to use one VPN device-wide - in the main user, work profile as well as other users
  • To enable, go to Settings -> Network & internet -> VPN -> Your VPN app -> Global VPN; in the main user
  • Auto reboot feature: Configurable time interval after which the device will get automatically rebooted. Returns phone to BFU state. Settings -> Security -> Auto reboot
  • Pause apps feature: Long press an app in the Launcher and tap “Pause app” (the hourglass icon) to pause an app. A paused app will not be able to start, its notifications will be hidden.
  • Navigation bar arrows feature: Enable from Settings -> System -> Languages & input -> Show arrow keys while typing; to show left and right cursor keys when typing
  • Increase maximum password length from 16 to 64
  • Developer option: Airplane mode radios - Configure which radio to toggle when toggling Airplane Mode: Settings -> System -> Developer options -> Airplane mode radios
  • Dialer: Add an option to enable Do-not-disturb during calls
  • Dialer: Add options for in-call vibration
  • Dialer: Fix bug where the WhatsApp call option would be shown even when it wasn’t installed
  • Messaging: Allow selecting text inside a message
  • Messaging: Hide quick reply options in notifications
  • Enable permission auto-revoke for work profile apps
  • Enable Setup Wizard for newly created work profiles, allowing enabling / disabling of microG depending on user preference
  • Fix network traffic monitor preference showing incorrect values
  • Disable bluetooth by default on new installs
  • microG: v0.2.22.212658
  • Chromium: 92.0.4515.15
  • F-Droid: 1.13.1
  • Etar: Merge upstream code changes
  • Recorder: Upstream improvements
  • Updates for all other included apps
  • Updated translations for all apps, and the OS

Note: The Xiaomi Mi A2 proprietary firmware components are from September 2020, since trying to upgrade to anything newer ends up factory resetting the device.

Pixel 2:

  • Update Linux kernel to 4.4.278
  • Merge security patches
  • Note: Google has stopped updating this device. This means that they will not provide any more updates to the closed-source components, such as the bootloader, modem firmware, and other firmware. However, updates to the open source OS code and the Linux kernel can still be merged by us, and are included in this build.

Security update notes

  • The Pixels 3, 3 XL, 3a, 3a XL, 4, 4 XL, 4a, 5, 4a (5G) contain the full security patch, as they are still being updated by Google.
  • The Pixels 2 and 2 XL are not being updated by Google anymore, so they only contain the fixes to the open source components, such as the OS code and the Linux kernel. Proprietary components such as the bootloader, modem firmware, and other firmware no longer get updates.
  • The Xiaomi Mi A2 is still getting security updates, but those are Android 10 and usually released towards the end of the month, whereas CalyxOS is Android 11 and releases the updates right as they're available. This means that the A2 lags behind slightly, by a month or two, in getting security updates for proprietary components.

📰

August Security update

2021-08-05

The August update is here. It’s mostly identical to the Special Pixel 4a release (2.7.1), with the only addition being the security updates.

We’re working on some features and another update will be released later this month.

Changelog:

  • CalyxOS 2.8.0 - Android 11
  • August Security update (2021-08-05)
  • Prevent hotspot devices from bypassing VPN when “Allow clients to use VPNs” is enabled
  • Default to round icons, previous default was “Rounded Rectangle”
  • Default to rounded corners
  • Allow turning off microphone and camera status bar icons from Settings -> Status bar -> System icons
  • Chromium: 91.0.4472.164
  • Contacts: Don’t prompt to add Google Account when creating a contact for the first time
  • microG: New icon for Settings -> System integration
  • SeedVault: Restore: Always use F-Droid to install Nextcloud
  • SetupWizard: Add button to setup eSIM on missing SIM page
  • SetupWizard: Fix icons on app install page
  • SetupWizard: Turn off OEM unlocking during initial setup if bootloader is locked
  • Drop Conversations as a default included app.
  • Updates for all other included apps.
  • Updated translations for all apps, and the OS.

Pixel 2:

  • Update Linux kernel to 4.4.276

Note: The A2 proprietary firmware components are from September 2020 since trying to upgrade to anything newer ends up factory reseting the device.

Security update notes

  • The Pixels 3, 3 XL, 3a, 3a XL, 4, 4 XL, 4a, 5, 4a (5G) contain the full security patch, as they are still being updated by Google.
  • The Pixels 2 and 2 XL are not being updated by Google anymore, so they only contain the fixes to the open source components, such as the OS code and the Linux kernel. Proprietary components such as the bootloader, modem firmware, and other firmware no longer get updates.
  • The Xiaomi Mi A2 is still getting security updates, but those are Android 10 and usually released towards the end of the month, whereas CalyxOS is Android 11 and releases the updates right as they're available. This means that the A2 lags behind slightly, by a month or two, in getting security updates for proprietary components.

📰

Verifying CalyxOS builds

2021-08-04

The official CalyxOS builds are signed with our private keys. Over-the-air (OTA) updates are also signed with the same keys, and once you install the OS, only updates signed with the same key can be installed.

The builds are made from signed git tags.

Starting July 2021, all CalyxOS factory images will be signed using minisign

Why minisign? It’s dead simple, easy to use, works well with large files, and can be easily integrated with device-flasher (which will be done in a future update)

Signatures:

You can now see a new Signature column next to the download link at Get CalyxOS

You need to download both the factory zip, and the signature file (.minisig) You’ll also need the public key, minisign.pub

Then, the signature can be verified by running:

minisign -Vm sunfish-factory-2.7.1.zip -p minisign.pub
# sunfish is Pixel 4a, replace with your device

It should output:

Signature and comment signature verified
Trusted comment: CalyxOS 2.7.1 - July 2021


For more detailed instructions, see Verifying CalyxOS builds

📰

Minor update for Pixel 4a

2021-07-21

A small update is now available for the Pixel 4a (sunfish). It mostly contains bugfixes.

A feature update with all of these changes and new features will be available for all supported devices at a later date.

Changelog:

  • CalyxOS 2.7.1 - Android 11
  • Prevent hotspot devices from bypassing VPN when “Allow clients to use VPNs” is enabled
  • Default to round icons, previous default was “Rounded Rectangle”
  • Default to rounded corners
  • Allow turning off microphone and camera status bar icons from Settings -> Status bar -> System icons
  • Chromium: 91.0.4472.164
  • Contacts: Don’t prompt to add Google Account when creating a contact for the first time
  • microG: New icon for Settings -> System integration
  • SeedVault: Restore: Always use F-Droid to install Nextcloud
  • SetupWizard: Add button to setup eSIM on missing SIM page
  • SetupWizard: Fix icons on app install page
  • SetupWizard: Turn off OEM unlocking during initial setup if bootloader is locked
  • Drop Conversations as a default included app.
  • Updates for all other included apps.
  • Updated translations for all apps, and the OS.

📰

July Security update

2021-07-09

The July update is here, with some new features and bug fixes all around the place.

Changelog:

  • CalyxOS 2.7.0 - Android 11
  • July Security update (2021-07-05)
  • Translation fixes: No more non-English text when your language is set to English!
  • SeedVault: Experimental Storage backup feature - backup and restore all your photos, documents and files!
  • Aurora Store 4.0.7: Fix app installation and updates
  • microG: Fix Settings being reset
  • microG: Include Cronet: Fixes apps such as Google Maps, and many more.
  • microG: Update to v0.2.21.212158
  • Work profile: Support setting a separate PIN/Password/Pattern
  • Work profile: Fix support for biometrics in apps
  • Datura Firewall: Fix toggles being reset, and other UI adjustments
  • Datura Firewall: Store preferred sorting order
  • Fix camera / microphone indicators
  • Chromium: Update to 91.0.4472.134
  • F-Droid: Update to 1.13
  • SeedVault: Respect Settings theme, match colors
  • Updates for all other included apps.
  • Updated translations for all apps, and the OS.

Note: The A2 proprietary firmware components are from September 2020 since trying to upgrade to anything newer ends up factory reseting the device.

Security update notes

  • The Pixels 3, 3 XL, 3a, 3a XL, 4, 4 XL, 4a, 5, 4a (5G) contain the full security patch, as they are still being updated by Google.
  • The Pixels 2 and 2 XL are not being updated by Google anymore, so they only contain the fixes to the open source components, such as the OS code and the Linux kernel. Proprietary components such as the bootloader, modem firmware, and other firmware no longer get updates.
  • The Xiaomi Mi A2 is still getting security updates, but those are Android 10 and usually released towards the end of the month, whereas CalyxOS is Android 11 and releases the updates right as they're available. This means that the A2 lags behind slightly, by a month or two, in getting security updates for proprietary components.

📰

June Security update and Feature drop

2021-06-10

The June update is here, with even more features and bug fixes.

Changelog:

  • CalyxOS 2.6.1 - Android 11
  • June Security update and Feature drop (2021-06-05)
  • Work profile v2: Big improvements to work profile creation, resolving issues with certain essential system apps not being enabled in the profile, not being able to see work profile apps in the recent screen, and work needed to support future work profile features.
  • For the best experience, we would recommend deleting any profiles you created in the May build and starting over with a fresh new profile.
  • Enable SeedVault backups for work profile, from Settings (in the main user) -> System -> Backup -> Work. Do note that USB is not available in work profiles due as Android does not support that.
  • Handle microG better in work profile, enabling / disabling all of it’s companion apps as needed.
  • Firewall (Datura): Support work profile apps, improve icon and fix sorting of apps.
  • AMOLED dark mode, aka pure black background for dark theme. Enable at Settings -> Display -> Dark theme -> Pure black
  • Network traffic monitor feature, which shows network traffic indication in the status bar. Enable from Settings -> System -> Status bar -> Network traffic monitor
  • Status bar icon configuration, allowing you to choose what to show. Configure in Settings -> System -> Status bar -> System icons
  • Use rounded corners in the system where appropriate.
  • Include a Maps app in the OS, Organic Maps. You can install it from F-Droid
  • Bring in the Recorder app from LineageOS, allowing you to create sound recordings.
  • F-Droid: Handle Trichrome updates better, fixing an issue with Trichrome Library updates where they would always show up as an update even after updating.
  • Dialer: Use a restrictive WebView for Menu -> Helplines links, which clears it’s history when you’re done to avoid leaving any traces. Also add additional categories for the helplines.
  • Panic trigger (Ripple): This will no longer show up as an update in Aurora Store
  • Music (Eleven): Bug fixes and performance improvements
  • You can also create screen recordings using the built-in recorder from the quick settings (what you see down the status bar)
  • microG: Implement Font provider to support more applications, such as Google Fi
  • microG: Update to v0.2.19.211515
  • Chromium: Switch to 64-bit builds on all devices.
  • Chromium: Update 91.0.4472.88
  • Updates for all other included apps.
  • Updated translations for all apps, and the OS.

Note: A2 Firmware is from September 2020 since upgrading to versions after that requires a factory reset.

Security update notes

  • The Pixels 3, 3 XL, 3a, 3a XL, 4, 4 XL, 4a, 5, 4a (5G) contain the full security patch, as they are still being updated by Google.
  • The Pixels 2 and 2 XL are not being updated by Google anymore, so they only contain the fixes to the open source components, such as the OS code and the Linux kernel. Proprietary components such as the bootloader, modem firmware, and other firmware no longer get updates.
  • The Xiaomi Mi A2 is still getting security updates, but those are Android 10 and usually released towards the end of the month, whereas CalyxOS is Android 11 and releases the updates right as they're available. This means that the A2 lags behind slightly, by a month or two, in getting security updates for proprietary components.

📰

CalyxOS Emulator Images

2021-05-27

CalyxOS Emulator images are now available, which can be used with the Emulator present in Android Studio.

They’re mostly meant for testing apps (especially system included apps such as Datura and Seedvault). They’re not meant for general usage.

URL: https://release.calyxinstitute.org/sys-img.xml

These images are userdebug which means you can use adb root.

Additionally, these aren’t separately signed, which means all the apps are signed using publicly available AOSP “test-keys”, meaning that you can easily test code changes to system apps.

x86 and x86_64 images are available currently. arm64 images appear to be currently broken in AOSP, however we’re trying to see if we can fix them. Those will be made available when ready.

Steps

This emulator image is meant for use with Android Studio

  1. Launch Android Studio, and open Tools -> SDK Manager
  2. Click on “SDK Update Sites”, and then tap the + plus icon on the left.
  3. Type in the above url, i.e. https://release.calyxinstitute.org/sys-img.xml and under name enter “CalyxOS”
  4. Make sure the checkbox to the left of “CalyxOS” is checked, and then hit Apply or OK.
  5. You can now create an AVD with the CalyxOS image.
  6. Open “Tools -> AVD Manager”
  7. Click “Create Virtual Device” at the bottom, then select hardware.
  8. Next, on the “System Image” selection page, click on “x86 Images”.
  9. You should see the CalyxOS Images, they will show up as Target: Android 11 (CalyxOS Android System Image).
  10. Click “Download” to download the system image, and then hit next.
  11. You can now launch the AVD to run CalyxOS.

These images will get updated every month as we tag and release new builds.

sdkmanager installation

If you want to install these images using sdkmanager, the strings are:

  • "system-images;android-30;calyx;x86"
  • "system-images;android-30;calyx;x86_64"

Docker images

F-Droid has CI images which have the Android SDK pre-configured with our repos. They’re included in the docker image: registry.gitlab.com/fdroid/ci-images-client This means that this can be used to directly install the CalyxOS images and use it for testing / CI.

For more details see: https://gitlab.com/fdroid/ci-images-client

References:

📰

Community update

2021-05-27

We have changed how the setup of the various communication channels over the last week.

Matrix will be the primary medium of communication going forward.

There are now Telegram groups for all 5 Matrix channels, bridged using t2bot.io

  • On Matrix, Telegram messages will appear just like any other message.
  • On Telegram, Matrix messages will appear to be sent by “Matrix Telegram Bridge” -> @matrix_t2bot

Additionally, the Matrix channels are also bridged to IRC on Libera.chat using Matterbridge

  • On Matrix, IRC messages will appear to be sent by “SepalBot” -> @sepalbot:matrix.org
  • On IRC, Matrix messages will appear to be sent by “SepalBot”


All channels, public and unencrypted

Matrix Space

Matrix has a new spaces features, which lets you view all these rooms together.

We’ve created a CalyxOS space.

📰

Security updates

2021-05-14

Monthly security updates are an important tool to keep users safe and protect their devices. CalyxOS provides timely monthly updates for all supported devices. Let’s walk through how the process works.

TL;DR: CalyxOS integrates monthly updates ASAP. If you have a Pixel 3 or newer, you get the full security update. If you have a Pixel 2 or Mi A2, we are unable to update some proprietary components, but all of the open source parts are kept up to date.

AOSP

Android Open Source Project - the base for CalyxOS.

Google usually releases the security update on the first Monday of each month, which means it was May 3rd this month. This is available in two parts, one are the new builds for all support Pixel devices (Pixel 3 and newer currently), and the other is source code updates to AOSP.

That is where it starts for CalyxOS - we wait for the source code to be released to AOSP, and then get started on merging the changes into CalyxOS.

Proprietary bits

All current devices need a good sprinkling of proprietary code to even boot and have full hardware functionality. We cannot make any changes ourselves to these files, and thus we have to rely on the manufacturer to provide updates. Google provides monthly updates for all supported devices, which currently means the Pixel 3 and newer devices.

The proprietary bits can be divided into two parts:

1. Blobs

The various proprietary drivers needed for the device to work. This includes the parts needed to make the camera work, eSIM, graphics, amongst other things.

2. Firmware / Bootloader

The other part of the proprietary components, responsible for booting the device and also controlling the various components such as the modem.

Device status

CalyxOS currently supports 12 devices, and some of them have their own device-specific quirks.

Pixels 4a (5G), 5, 4a, 4 XL, 4, 3a XL, 3a, 3 XL, 3

These devices are still supported by Google, meaning they get timely monthly security updates, and thus we are able to include all the various security fixes in our builds. All components, both proprietary and open source are kept up to date by Google and hence we’re able provide all of that in our releases.

Pixels 2 XL, 2

Google stopped updating this device late 2020, which means that it no longer gets any updates for the proprietary components.

What we can update:

  • The OS code, as it common for all.
  • The kernel, since it’s open source.

What we cannot update further:

  • The proprietary bits, both the blobs and firmware / bootloader are stuck on the October 2020 version.

Xiaomi Mi A2

The A2 being an Android One device was a big part of why we chose to support it, since it’s still getting monthly updates. However, the monthly updates aren’t always on time, usually they’re released towards the end of the month, so it lags behind a bit compared to the rest.

What we can update:

  • The OS code, common for all.
  • The kernel, since it’s open source.

Delayed updates:

  • Proprietary blobs

We update them as soon as the update is available, but this means that it lags behind by a month or two. i.e. The May update for the A2 is still using the proprietary blobs from March 2021 since Xiaomi’s April build was delayed / pulled due to an issue, and thus we didn’t have the updates available in time.

Complicated situation:

  • Proprietary firmware / bootloader.

You might have read something about needing to install Stock Oreo 8.1 before installing CalyxOS on the Mi A2 - this was needed because newer versions wouldn’t let you relock the bootloader. We worked around this in April 2021, by including just the Oreo bootloader but newer firmware into our builds. However, the newer firmware had to be from September 2020, since due to a Xiaomi bug updating to any newer (October 2020 or March 2021, doesn’t matter) results in a factory reset. This happens with the stock OS too, if you update from September to October (or newer) it asks you to factory reset.


This covers the security update situation for all supported devices. If you have any questions, feel free to ask them on one of our chat channels.

📰

Work profiles fix

2021-05-13

The May update introduced a new Work Profile feature, allowing you to create a work profile directly from the Settings app without having to install any third party apps.

This feature is available under Settings -> System -> Multiple users - > Add user or profile -> Work profile

However, some of you may have noticed some crashes when trying to access certain functionality within the profile. We have identified the root cause and fixed it for new profiles going forward, till then you can run the following commands from your computer to fix it right away.

Run this from a computer where you have ‘adb’ installed:

adb shell pm list users

That will output something like:

Users:
        UserInfo{0:Owner:c13} running
        UserInfo{10:New Profile:1030} running
        UserInfo{11:Guest:404}

Note the 10 here, that is the user id of the Work profile.

Now, you can run the following commands to enable certain apps in the profile to fix some of the crashing. These apps are always required to be present in the profile but were missed due to an oversight which is what caused the crashes.

Replace 10 with the user id you saw above:

adb shell pm install-existing --user 10 com.android.contacts
adb shell pm install-existing --user 10 com.android.settings
adb shell pm install-existing --user 10 com.android.providers.downloads
adb shell pm install-existing --user 10 com.android.providers.downloads.ui
adb shell pm install-existing --user 10 com.android.documentsui

This is a one time fix and won’t be required in future builds.

Our apologies for the inconvenience, and thank you for understanding!

📰

May Security update

2021-05-06

With May comes another security update packed to the brim with new features.

Changelog:

  • May Security update (2021-05-05)
  • Built-in Work profile support - create a new work profile directly from Settings without having to install any third party apps.
  • Create a work profile from Settings -> System -> Multiple users -> Add user or profile -> Work profile
  • You can select which apps to include in the profile, and also turn it on and off as you want. More to come in future updates!
  • Integration of Aurora Services for Aurora Store - Supports installing updates in the background seamlessly. New installs still need confirmation.
  • Enable from: Aurora Store -> Settings -> Installation -> Installation method -> “Aurora Services”
  • Prevent certain apps from bypassing the firewall when network access is completely disabled for them (i.e. the main toggle next to each app in Datura)
  • VoLTE and Wi-Fi Calling support fixes, should now work on all carriers supported on stock
  • microG: Include ‘Alt sign in’ option to fix account login issues
  • Include option to prevent toggling quick settings when on a secure lockscreen (i.e. PIN / Password / Pattern set) - prevents using them completely
  • Settings -> Security -> “Gear icon” next to Screen lock -> Quick settings - default is allow toggling from lockscreen
  • Seedvault: Backup and restore Datura Firewall settings
  • Seedvault: Backup and restore additional settings added to CalyxOS
  • Seedvault: Call log backup speed improvements, should be a lot faster for those with a long history of calls.
  • Dialer: Allow disabling calling account selection dialog (Signal / WhatsApp calling option), from Dialer -> menu (top right) -> Settings -> Display options
  • Allow disabling Presidential alerts, from Settings -> Apps and notifications -> Advanced -> Wireless emergency alerts
  • Active Edge Gesture: Fix settings being reset
  • Enable Doze for improved battery life when using microG
  • Datura Firewall: Fix sorting bug
  • Music (Eleven): Upstream updates and bugfixes
  • Calendar (Etar): Upstream updates and bugfixes
  • Chromium: 90.0.4430.91
  • Updates for all other included apps.

A2:

  • Qualcomm code updates.

Note: A2 Firmware is from September 2020 since upgrading to versions after that requires a factory reset.

Security update notes

  • The Pixels 3, 3 XL, 3a, 3a XL, 4, 4 XL, 4a, 5, 4a (5G) contain the full security patch, as they are still being updated by Google.
  • The Pixels 2 and 2 XL are not being updated by Google anymore, so they only contain the fixes to the open source components, such as the OS code and the Linux kernel. Proprietary components such as the bootloader, modem firmware, and other firmware no longer get updates.
  • The Xiaomi Mi A2 is still getting security updates, but those are Android 10 and usually released towards the end of the month, whereas CalyxOS is Android 11 and releases the updates right as they're available. This means that the A2 lags behind slightly, by a month or two, in getting security updates for proprietary components.

📰

microG Google Account Login fix, take two

2021-04-16

CalyxOS includes microG by default, and you get three choices. You can either keep it enabled (the default), disable it, or login with a Google account.

The latter has been reported to have some issues. We tried to include a potential fix with the April build, but that didn’t work for everyone.

We have been testing a bunch of fixes and finally have something that should hopefully work for everyone. It’s based on code from Vanced microG, which from what we’ve heard seems to work for everyone.

It is now available for testing in our device-specific test F-Droid repos.

These F-Droid repositories get app updates as soon as they’re available, you can add this if you want to help us test them out.

To add it and install the update, simply add the right URL for your device to F-Droid -> Settings -> Repositories -> Plus sign at the top right

You can then try to sign-in to microG by launching it and tapping “Add Account”, and then choosing “Alt Sign in” - that will use this new method to login.

If you want to help, you can let us know what worked for you and what didn’t, through Reddit or Matrix. For more details, see Community.


F-Droid test repos:

DeviceURLQR Code
bramble https://calyxos.gitlab.io/calyx-fdroid-repo-bramble/fdroid/repo Click to view
redfin https://calyxos.gitlab.io/calyx-fdroid-repo-redfin/fdroid/repo Click to view
sunfish https://calyxos.gitlab.io/calyx-fdroid-repo-sunfish/fdroid/repo Click to view
coral https://calyxos.gitlab.io/calyx-fdroid-repo-coral/fdroid/repo Click to view
flame https://calyxos.gitlab.io/calyx-fdroid-repo-flame/fdroid/repo Click to view
bonito https://calyxos.gitlab.io/calyx-fdroid-repo-bonito/fdroid/repo Click to view
sargo https://calyxos.gitlab.io/calyx-fdroid-repo-sargo/fdroid/repo Click to view
crosshatch https://calyxos.gitlab.io/calyx-fdroid-repo-crosshatch/fdroid/repo Click to view
blueline https://calyxos.gitlab.io/calyx-fdroid-repo-blueline/fdroid/repo Click to view
taimen https://calyxos.gitlab.io/calyx-fdroid-repo-taimen/fdroid/repo Click to view
walleye https://calyxos.gitlab.io/calyx-fdroid-repo-walleye/fdroid/repo Click to view
jasmine_sprout https://calyxos.gitlab.io/calyx-fdroid-repo-jasmine_sprout/fdroid/repo Click to view


Technical:

We enable device registration and cloud messaging for microG by default to make sure that notifications work out of the box.

The fix included in the [April build](/news/2021/04/08/big-april-update/ tried to disable those two before login, and then re-enable them after login. It seemed to work in some cases, not all.

At the same time, we had heard that Vanced microG had this Huawei login button which seemed to work for everyone. We had already looked at that code once, so we decided to try that approach.

At first, we tried to spoof just the ‘brand’ reported. AOSP sets it to Android, Google sets it to Google. Didn’t work.

Next, we thought it might be the fingerprint (which contains the build info). Both brand and fingerprint are usually spoofed on custom ROMs for Google Play compatiblity, so we thought that might be it. Tried, didn’t work.

After that we decided trying to spoof all of the device details like microG does, didn’t work.

Finally, we settled on just pulling in the full code from Vanced (something we wanted to do at first but decided to see if the other approaches worked.). This is what is being shipped in the APK now.

Note: If you take a brief look at the code, it may seem like microG is sending a lot of details about your device to Google. However, if you look closer, it spoofs a lot of that (it doesn’t even have access to things like the serial number), which means most of the data it sends to Google would match exactly with other devices, making it hard to pick you out.

📰

Chromium 90 available for testing

2021-04-13

Google released Chrome 90 (90.0.4430.66) yesterday, and we have updated our Chromium fork (and the patches applied on top) to pull in all the changes, and created a new build.

It is now available for testing in our test F-Droid repo, gitlab.com/CalyxOS/calyx-fdroid-repo

This F-Droid repository gets app updates as soon as they’re available, you can add this if you want to help us test them out.

To add it, simply add this URL to F-Droid -> Settings -> Repositories -> Plus sign at the top right: https://calyxos.gitlab.io/calyx-fdroid-repo/fdroid/repo?fingerprint=C44D58B4547DE5096138CB0B34A1CC99DAB3B4274412ED753FCCBFC11DC1B7B6

Alternatively, you can scan the below QR code:

gitlab-calyx-fdroid-repo

Google usually does staged rollouts, where the new version will hit a small percentage of devices first, then some more, and so on.

We intend to do something similar, by adding it to this test repo first, and then later on adding it to an F-Droid repo hosted on our own servers which is already pre-added to your CalyxOS device.


Technical:

Google made a change in how they bundle Chrome since Android 10:

“Chrome is no longer used as a WebView implementation in Q+. We’ve moved to a new model for sharing common code between Chrome and WebView (called “Trichrome”) which gives the same benefits of reduced download and install size while having fewer weird special cases and bugs.”

However, the system handles this shared common code (called Trichrome Library) differently from a typical app, and as such F-Droid was not able to update it.

We submitted changes to F-Droid to allow updating of Trichrome, which have since been merged and are included in the April builds. That means we can know ship Chromium updates via F-Droid easily.

It turned out that F-Droid would have needed some system privileges to actually see the details about the “Trichrome Library” installation on the device so that it could actually update it. We didn’t want to grant any extra privileges to F-Droid itself, however we already have an F-Droid Privileged Extension which is meant exactly for something like this.

The changes:

📰

The Big April update

2021-04-08

April is amongst us, and with it comes a security update, but wait, there’s more.

This update contains a lot of new features and bug fixes that we’ve been hard at work over the last few months. There’s even more coming in the upcoming builds, stay tuned!

Changelog:

  • April Security update (2021-04-05)
  • VoLTE and Wi-Fi Calling support for a lot more carriers
  • microG: Potential fix for google account login issue
  • Introducing Datura Firewall - our new Firewall app
  • Makes the existing Wi-Fi / Mobile / VPN / Background data toggle easily accessible. More features to come!
  • Add a Global cleartext network traffic restriction toggle to prevent all non-TLS traffic from leaving the device (including the OS, system apps and installed apps) Settings -> System -> Developer Options -> Restrict cleartext network traffic
  • Include a Sensitive Phone Numbers list, hiding them from the call log.
  • Dialer also gets a new helpline contact list based on the above. (Dialer -> Menu -> Helpline) for easy access. Thanks LineageOS!
  • Add feature to optionally scramble the lockscreen PIN. Settings -> Security -> Screen lock -> Scramble layout
  • The “Background data” toggle is now able to restrict background network access completely (even when using Wi-Fi) and as such has been renamed
  • Wi-Fi timeout feature - like our bluetooth timeout feature, now CalyxOS users have similar functionality to automatically turn off Wi-Fi after a certain time. Settings -> Network & Internet -> Wi-Fi -> Wi-Fi preferences -> Turn off Wi-Fi automatically
  • microG: v0.2.18.204714
  • Chromium: 89.0.4389.105
  • Seedvault: Allow verifying and re-generating the 12 word recovery code
  • Ability to install Chromium (Trichrome) updates via F-Droid
  • Add caffeine, heads up, Sync, AmbientDisplay, USB Tether and AOD QS Tiles from LineageOS
  • Fix TTS Engine crash
  • Use Cloudflare DNS as the fallback in more places
  • Updates for all other included apps.

A2:

  • Merge Xiaomi’s March 2021 Security update
  • Update Kernel to 4.4.261
  • Include 10.0 Firmware (September 2020)

Note: A2 Firmware is from September since upgrading to versions after that requires a factory reset.

Security update notes

  • The Pixels 3, 3 XL, 3a, 3a XL, 4, 4 XL, 4a, 5, 4a (5G) contain the full security patch, as they are still being updated by Google.
  • The Pixels 2 and 2 XL are not being updated by Google anymore, so they only contain the fixes to the open source components, such as the OS code and the Linux kernel. Proprietary components such as the bootloader, modem firmware, and other firmware no longer get updates.
  • The Xiaomi Mi A2 is still getting security updates, but those are Android 10 and usually released towards the end of the month, whereas CalyxOS is Android 11 and releases the updates right as they're available. This means that the A2 lags behind slightly, by a month or two, in getting security updates for proprietary components.

📰

Mi A2 10.0 Firmware

2021-03-29

A new experimental build has been released for the Xiaomi Mi A2 which contains firmware from the stock 10.0 release.

You may recall flashing stock Oreo 8.1 before installing CalyxOS - we now have a way to avoid doing that, and this update contains the bits updating the firmware on your existing install from 8.1 to 10.0. For new installs, factory images will be available at a later date.

Changelog:

  • Merge Xiaomi’s March 2021 Security update
  • Update Kernel to 4.4.261
  • Include 10.0 Firmware (September 2020)

Read before installing

This update contains the bootloader and additional firmware files. While we have taken utmost care to make sure this works, and done lots of testing, incorrect or interrupted installation may lead to a non-working phone.

For testing this build, you need to enable USB Debugging on your device, and then run:

adb shell setprop sys.update.channel a2ten

And then, Settings -> System -> Updates -> Check for updates. That will begin downloading and then install the build.

If that doesn’t work, you can also try running:

adb shell cmd jobscheduler run --force app.seamlessupdate.client 1

So far in our testing it works well, but additional testing is always helpful and appreciated.

If you can wait, it will hit the beta channel later, and then the stable channel after that, you won’t have to do anything, your device will get the update automatically.

Additional details:

The way this works is that we included the bootloader (abl) from stock Oreo 8.1, and the rest from stock Q 10.0. The old bootloader is needed because that’s the only version that supports Verified Boot with a custom OS like ours, however we can safely upgrade the rest, to an extent.

You may have noticed the September 2020 date above, unfortunately that is due to a bug with all Xiaomi firmware after that. Updating to those from any older build results in needing a factory reset - you simply cannot upgrade without wiping data. This is not desirable, and hence for now we’ve included the last working firmware where this wasn’t required.

📰

Mi A2 Charging fix

2021-03-18

A build with a charging fix for the Xiaomi Mi A2 has been released.

There are no other changes, which means it’s a very small update - only 609 Kb for the incremental OTA update.

📰

March Security update and Feature drop

2021-03-04

The March Security update is now available for all supported devices.

Changelog:

  • CalyxOS 2.2.0 - Android 11
  • March Security update (2021-03-05) and feature drop
  • Chromium: 88.0.4324.181
  • Updates for all other included apps.

Security update notes

  • The Pixels 3, 3 XL, 3a, 3a XL, 4, 4 XL, 4a, 5, 4a (5G) contain the full security patch, as they are still being updated by Google.
  • The Pixels 2 and 2 XL are not being updated by Google anymore, so they only contain the fixes to the open source components, such as the OS code and the Linux kernel. Proprietary components such as the bootloader, modem firmware, and other firmware no longer get updates.
  • The Xiaomi Mi A2 is still getting security updates but those are Android 10 and usually released towards the end of the month, whereas CalyxOS is Android 11 and releases the updates right as they're available. This means that the A2 lags behind slightly, by a month or two in getting security updates for proprietary components.

📰

February Security update

2021-02-03

The February Security update is now available for all supported devices.

Changelog:

  • CalyxOS 2.2.0 - Android 11
  • February Security update (2021-02-05)
  • microG: v0.2.17.204714
  • microG: Include Services Framework (GSF)
  • Chromium: 88.0.4324.93
  • Calendar (Etar): 1.0.24
  • Keyboard: Remove non-functional proprietary gesture-typing preference.
  • Aurora Store: Fix installation issues for new installs, to fix your current app kindly re-install the app from F-Droid
  • Updates for all other included apps.

Pixel 2, 2 XL, 3, 3 XL, 3a, 3a XL, 4, 4 XL:

  • Implement Active Edge support - squeeze phone to perform action
  • Configure from Settings -> System -> Gestures -> Active Edge

Security update notes

  • The Pixels 3, 3 XL, 3a, 3a XL, 4, 4 XL, 4a, 5, 4a (5G) contain the full security patch, as they are still being updated by Google.
  • The Pixels 2 and 2 XL are not being updated by Google anymore, so they only contain the fixes to the open source components, such as the OS code and the Linux kernel. Proprietary components such as the bootloader, modem firmware, and other firmware no longer get updates.
  • The Xiaomi Mi A2 is still getting security updates but those are Android 10 and usually released towards the end of the month, whereas CalyxOS is Android 11 and releases the updates right as they're available. This means that the A2 lags behind slightly, by a month or two in getting security updates for proprietary components.

📰

Pixel 5 and Pixel 4a (5G) support

2021-01-26

The wait is over, we have builds available for the new Pixels!

These builds are Android 11 with the January 2021 Security update, and are fully working.

You can follow these instructions to install.

Note: DO NOT install the Pixel 4a (5G) / bramble build on a Pixel 4a / sunfish (or vice versa).
DeviceLinkSHA256
Pixel 5 / redfin redfin-factory-2021.01.25.15.zip cdbb9f775e9d5de913b8d35ac125e2c564dbf1df2837ca29e2b985387f9ab659
Pixel 4a (5G) / bramble bramble-factory-2021.01.25.15.zip 811e34e8200b980310a5851bf45c75097ae94642f4a20f9fbc16e0be79c440ae

Do let us know if you face any issues or bugs.

📰

New website

2020-09-01

Yippie! We have a new website. It is static generated and anyone can contribute through gerrit. See [[gitlab.com/CalyxOS/calyxos.org]] and https://review.calyxos.org/q/project:CalyxOS/calyxos.org.

In the coming weeks, we will be adding help documentation, tutorials, release change logs, and more. Stay tuned!

📰

Some phones may have stopped updating and need intervention

2020-05-08

The April 2020 build of Calyxos (build 2020.04.07.17) did not include the OTA Updater due to a misconfiguration.

This means that it will not update to the May build by itself, you need to follow two quick manual steps:

1) Open F-Droid, pull down to refresh the repositories. After the refresh completes , check the updates list. You’ll see an update for “Seamless Update Client”, install that update.

2) Open the newly updated “Updater” app. It’ll ask you “Let app always run in background?”, please hit allow, and then it will start updating the system