CalyxOS Setup Guide

calyxos-logo

Introduction

“Everyone needs a phone. Not everyone wants to be spied on. Reclaim your privacy with CalyxOS” That is the CalyxOS slogan and it is beginning to ring true for more people. Once we realize how invasive Google and Apple are into our private lives, it is worth taking a step in a different direction. CalyxOS makes that decision easier with an intuitive set-up process and a suite of privacy-respecting apps. In this guide, I’ll walk through the steps I took to create a comfortable and functional environment on my mobile device. This guide assumes you have a new installation of CalyxOS.

Table of Contents

  1. Initial Power-on
  2. Configure MicroG
  3. Import Contacts with a vCard File
  4. App Repositories – F-Droid and Aurora Store
  5. Recommended Apps
  6. Hardening Your Device

Initial Power-on

Watch this 3-minute video to become familiar with the initial steps after powering on the new phone. Each step is described in detail below.

  • Language: Select your preferred language
  • Date and Time: Set your time zone and adjust current date and time if needed
  • Wi-Fi: Connect to available Wi-Fi network and enter password if required
  • Turn on Cellular Data: If you have a SIM card installed and are not connected to a Wi-Fi network, you will have the option of using cellular data to complete the setup process. As always, charges may apply.
  • SIM card missing: If you do not have a SIM card installed, you will get this screen with the option to install one at this point or setup ESIM.
  • Location Access: Determine whether to give apps permission to the device’s location data. Optionally you may set up location data permissions within the individual app settings later.
  • Fingerprint setup: To use your fingerprint sensor to unlock the screen, you will need to provide your fingerprint. This step is optional and I recommend against providing bio-metric information to be stored on the device.
  • Protect your phone: Set up a PIN, password or pattern to unlock the screen.  This is an optional step however it will prevent unauthorized access to your phone by another individual.
  • MicroG: This options allows apps such as Google Maps, Youtube and ride sharing services to run on your device. It will provide anonymous signature spoofing to Google Play Services, allowing more apps to function on your phone, while keeping data collection and sharing with Google to a minimum. Although it is a pragmatic balance between privacy, choice of apps, and functionality, I do not use MicroG or recommend any communication with Google, even if it is mostly anonymous.
  • Additional Apps: Calyx Institute has curated an impressive list of privacy-respecting apps that can be immediately installed during set up. Aurora Store is an app repository similar to the Google Play Store.  I recommend at a minimum installing the CalyxVPN, Signal, and Tor Browser.

Configure MicroG

microgI highly recommend leaving MicroG disabled and finding alternatives to apps that require Google Play Store to function. However, if you install the MicroG software, you’ll be wise to configure it to restrict as much communication with Google as possible.

  1. Open Settings > MicroG
  2. Self Check: Select this section and ensure all boxes are checked
  3. Account: If you have a Google account and need to sign in, go to Account and sign in with your credentials. It is highly recommended that you do not use this feature as it will connect your device and identity with Google. Instead of relying on Google services, find alternatives that accomplish the same goal but respect your privacy.
  4. Google Device Registration and Cloud Messaging: If you choose to install apps that send push notifications that depend on Google Cloud Messaging, then leave Google Device Registration and Cloud Messaging enabled. However, it is recommended to choose alternative apps that don’t depend on Google.
  5. Google Safety Net: Some apps from the Google Play Store depend on Google Safety Net to ensure the operating system is properly secured. For example banking apps like Square and Paypal, or shopping apps like Amazon require it. My recommendation is not to use banking apps or apps to make purchases.
  6. Location Modules: Go to Location Modules and check that at least one Network-based geolocation module and one Address lookup module are enabled. For information about installing alternative modules, see more about MicroG’s Unified Network Location Providers.
  7. Exposure Notifications: To enable the functionality of Google’s contact tracing, MicroG offers this feature. I recommend disabling this option.

Import Contacts with a vCard File

Exporting from iPhone: If you need to export contacts from an iPhone, and you don’t want to use a third-party app, export your iPhone contacts to the vCard VCF format via your iCloud account. The VCF format of a vCard is similar to the look and feel of an online business card and is a standard address book format.

  1. Tap Settings on your iPhone. Tap your name and then tap iCloud.
  2. Turn on the Contacts toggle switch. If this setting is turned off, contacts on the device won’t sync with your iCloud account and cannot be exported to a file.
  3. On a computer, open a web browser, go to iCloud.com, and sign in to iCloud with your Apple ID.
  4. Choose Contacts.
  5. On the Contacts screen, select the gear icon in the lower-left corner and choose Select All.
  6. After the contacts are selected, tap the gear icon again and choose Export vCard.
  7. The selected contacts are saved to your computer as a .vcf file.

Importing to Android device: Once the .vcf vCard file is on your host computer, follow these instructions.

  1. Connect Android device to computer using USB type-C cable where .vcf file is saved
  2. Pull down notifications from top of display.
  3. Tap “Android system . Charging this device via USB”
  4. Tap again where it says “Tap for more options”
  5. Settings > USB Preferences menu opens up. Select “File Transfer”
  6. The device should now be recognized by the computer.
  7. From the computer file manager or Finder, click the device’s filesystem called “Internal shared storage”.
  8. Copy the contacts .vcf file into the device’s Downloads folder.
  9. On the Android device, open Contacts App > hamburger menu > Settings > Import.
  10. Select the .vcf file from the Downloads folder.

App Repositories – F-Droid and Aurora Store

f-droidF-Droid: This software repository serves a similar function to the Google Play store. It contains only free and open source apps. Applications can be browsed, downloaded and installed from the F-Droid website or client app without the need to register for an account.

aurora-store-logoAurora Store: Aurora Store is an unofficial FOSS alternative to Google’s Play Store, with an elegant design, using Aurora you can download apps, update existing apps, search for apps, get details about in-app trackers, spoof your location and much more. For those concerned with privacy, Aurora Store does not require Google’s proprietary framework (spyware?) to operate. It works perfectly fine with or without Google Play Services or MicroG.

Use F-Droid and Aurora Store just like you would Apple Store or Google Play Store. Search for apps, download, and install. Both repositories will keep you aware of app updates as well.

Recommended Apps

To help you transition away from Big Tech and Silicon Valley spy apps, below are the apps I use and recommend. All apps are open source, free, and do not require Google Play services or MicroG.

NameFunctionSourceReplaces
Aegis Authenticator2-Factor authenticationF-DroidAuthy
AntennaPodPodcast playerF-DroidiTunes
BitChuteVideo networkApkpureYouTube
BriarP2P chatF-DroidSMS Text
Crypto PricesCryptocurrency market pricesF-DroidCoinGecko, CMC
DuckDuckGo BrowserWeb browserF-DroidChrome, Edge, Safari
ElementEncrypted groups & chatF-DroidWhatsapp
FennecWeb browserF-DroidChrome, Edge, Safari
Firefox KlarWeb browserF-DroidChrome, Edge, Safari
K-9 MailEmail clientF-Droid
LBRYVideo networkF-DroidYouTube
LibreOffice ViewerDocument viewerF-DroidMicrosoft Office
MindsSocial networkMinds.comFacebook
MuPDFPDF ViewerF-DroidAdobe Reader
NewPipeVideo playerF-DroidYouTube
OONI ProbeMeasure internet censorshipF-Droid
Open Note ScannerDocument scannerF-DroidAdobeScan
Organic MapsMaps and navigatorF-DroidGoogle Maps, Waze
ProtonVPNVPN serviceF-Droid
RiseupVPNVPN serviceF-Droid
SessionP2P chatF-DroidSMS Text
SignalEncrypted groups & chatSignal.orgWhatsapp
Telegram FOSSGroups and chatF-DroidWhatsapp
TermuxTerminalF-Droid
Tor BrowserWeb browserF-DroidChrome, Edge, Safari
TuskyMastodon clientF-DroidFacebook
VLCVideo playerF-DroidQuicktime
Weather (Privacy Friendly)Local forecastF-Droid

Hardening Your Device

[1] Reduce App Dependency! If in the past you downloaded apps but didn’t exactly use them regularly, I challenge you to change your paradigm and carefully reduce the apps on your device. This will increase available storage space, reduce the potential for leaked data through random apps, and will generally improve security.

[2] Review App Permissions: Apps don’t always need the permissions they request. Go to Settings > Apps & notifications > See All ## Apps. Then select each app and review permission settings. Change to Approve, Deny, or Ask Every Time as necessary.

[3] Configure Datura Firewall: In the app drawer select Firewall. Scan through the list of apps and decide whether to grant communication through four catagories: (1) background network access, (2) Wi-Fi data, (3) mobile data, or forcing app access through a (4) VPN service installed on your device.  Completely blocking access to the internet will block an app from sending data and disable trackers. However, you may prevent an app that requires internet access from functioning properly (i.e. Telegram, Signal, Brave, etc).

[4] Activate Private DNS: Why is DNS important? Learn more. Go to Settings > Network & Internet > Advanced > Private DNS. Select Cloudflare DNS, or input a Private DNS provider hostname.

[5] Install a VPN: A virtual private network encrypts the data being sent from your device by tunneling to a VPN server, effectively cloaking your data and preventing ISP interception. Additionally, to the downstream recipient, your device’s location will appear to be the location of the VPN server. This feature is extremely useful when accessing websites that restrict access from specific countries. There are three free VPN services available through F-Droid: the CalyxVPN, RiseUpVPN, or ProtonVPN.

Leave a Comment

Your email address will not be published. Required fields are marked *