In this guide, we walk through the steps to get CalyxOS up and running on your de-googled device. We'll cover the initial setup, installing and configuring apps, migrating contacts and other data, customizing the environment, and hardening your device for added privacy and security.

TIP: Visit the CalyxOS website for more helpful information and to review their user guide.

Guided Setup Video

Option: Follow along in this guided video as Mat explains how to initialize and configure CalyxOS

Table of Contents

  1. Insert SIM Card
  2. Initial Power-on
  3. Configure MicroG
  4. App Repositories
  5. Pre-installed Apps
  6. Install New Apps
  7. Personal Customization
  8. Harden Your Device
  9. Transfer Contacts and Personal Data
  10. Other Resources

Insert SIM Card

When migrating from an Android device, moving the SIM card to your de-googled phone and rebooting the device is all you have to do to begin using it.  In some cases, your mobile carrier will request the IMEI number of the new phone. The IMEI number is found in Settings > About phone > IMEI

If this is your first time installing a SIM card, follow our tutorial for detailed instructions.

NOTE: If migrating from an iPhone, you will likely need to request a new SIM card from your mobile carrier.

TIP: Before inserting a SIM card into your degoogled device, see our article about how to remain anonymous while using a SIM card. For the ultimate privacy-focused phone service, check out JMP.chat. Our customers receive a phone number and one month of free service.

TIP: When a SIM card is installed for the first time, Access Point Names (APNs) will populate automatically into the device's settings, allowing mobile data and MMS texts to work properly. If mobile data is not working, contact your carrier to verify correct APNs.

Initial Power-on

When powering on the device for the first time, go through these steps

  1. Power On: Press and hold the power button on the side of the phone. You can safely ignore the message "Your device is loading a different operating system."
  2. Welcome: At the welcome screen, tap Start
  3. Language: Select your preferred language
  4. Internet: Connect to available Wi-Fi network and enter password if required
  5. Turn on Cellular Data (if applicable): If you have a SIM card installed and are not connected to a Wi-Fi network, you will have the option of using cellular data to complete the setup process. As always, charges may apply.
  6. SIM card missing (if applicable): If you do not have a SIM card installed, you will get this screen with the option to install one at this point or "Setup eSIM".
  7. Date and Time: Set your time zone and adjust current date and time if needed
  8. Restore apps and data: This is only applicable if you have a backup from a previous CalyxOS phone. Then you can restore it at this step.
  9. Location services: We recommend giving apps permission to the device's location data. Optionally you may set up location data permissions within the individual app settings later.
  10. Fingerprint setup (if applicable): To use your fingerprint sensor to unlock the screen, you will need to provide your fingerprint. This step is optional and I recommend against providing bio-metric information to be stored on the device.
  11. Protect your phone: Set up a PIN, password or pattern to unlock the screen.  This is an optional step however it will prevent unauthorized access to your phone by another individual.
  12. microG: microG is an open source replacement for Google Play Services. Unlike Play Services, microG does not have any advertising or location tracking and communicates anonymously to Google servers. Although it is a pragmatic balance between privacy and functionality, remember that if you choose to enable microG your device will communicate directly with Google servers.
    • Google Services Compatibility - Generally speaking, apps that perform financial transactions like ebay, doordash, banking, shopping, and ride sharing, will require this setting to be enabled. If you do not plan to use your device to make purchases, you may consider disabling this setting.
    • Push Notification Support - Enabling this setting allows apps to register for push notifications with Google. This registers your device to Google services, without device-specific unique identifiers. Some apps like Signal and Telegram have push notification built in and do not rely on this support. If you prefer your device not being registered with Google servers and are willing to sacrifice the convenience (or annoyance) of push notifications, then you may consider disabling this setting.
    • Network location - Keeping this enabled, the device will use Mozilla Location Services to quickly pinpoint your location and enhance location services on the device.
  13. Additional Apps: Calyx Institute has curated an impressive list of privacy-respecting apps that can be immediately installed during set up. It is recommended to install all apps in the list. You can remove the ones you don't use later.
  14. Theme: Select your preference of dark or light theme.
  15. Navigation: Choose between Gesture or the 3-button navigation.

Configure MicroG

If you chose to enable the MicroG software, you'll be wise to configure it to restrict as much communication with Google as possible.

  1. Swipe up to expose the app drawer and tap microG Settings app.
  2. Self Check: Select this section and ensure all boxes are checked
  3. Google Accounts: If you have a Google account and need to sign in, go to Account and sign in with your credentials. It is recommended that you do not use this feature as it will connect your device and identity with Google. Instead of relying on Google services, find alternatives that accomplish the same goal but respect your privacy.
  4. Google Device Registration and Cloud Messaging: If you choose to install apps that send push notifications that depend on Google Cloud Messaging, then leave Google Device Registration and Cloud Messaging enabled. 
  5. Google Safety Net: Some apps from the Google Play Store depend on Google Safety Net to ensure the operating system is properly secured. For example banking apps like Square and Paypal, or shopping apps like Amazon require it. It is recommended to leave this disabled, and only enable it if an app requires it.

App Repositories

TIP: Use F-Droid and Aurora Store just like you would Apple Store or Google Play Store. Search for apps, download, and install. Both repositories will keep you aware of app updates as well.

F-Droid: F-Droid is pre-installed on your device and contains only free and open source apps. Apps can be browsed, downloaded and installed from F-Droid without the need to register an account.

Aurora Store: Aurora Store is included in CalyxOS's suggested free software applications. It is an unofficial free open-source software (FOSS) alternative to Google's Play Store. It provides anonymous access to apps on Google Play Store and does not require a Google account.

Follow these steps to configure Aurora Store:

  1. Open Aurora Store from the app drawer
  2. At the Welcome screen, tap Next at the bottom
  3. It is best to leave Session installer selected. Tap Next
  4. Select your preferred theme and tap Next
  5. Select your preferred accent color and tap Next
  6. At the App Links screen, choose Enable and tap + Add link, then check the box by each link. Tap Add. Press the back arrow. Tap Next
  7. At the Permissions screen, grant permissions for all items listed. Tap Finish
  8. At the Log in screen, select Anonymous

Pre-installed Apps

TIP: If you are new to Android, swiping up with one finger will access the app drawer. All installed apps will be accessible in the app drawer.

CalyxOS includes a suite of pre-installed apps.

  • Backup (Seedvault) - Use this to make backups of your user data
  • Calculator - A straightforward calculator app
  • Calendar - To start using, go to app settings to add a calendar
  • Camera - Open-source camera app capable of capturing still images and video
  • Chromium - The open-source and privacy-friendly web browser; this is NOT google Chrome
  • Clock - An open source clock app; includes an alarm, timer, and stopwatch
  • Contacts - The standard Android open source contacts app
  • F-Droid - Replaces Google Play Store as your primary app repository
  • Files - A simple file browser
  • Firewall (Datura) - Very useful firewall app developed by Calyx Institute; use it to limit apps' network communications
  • Gallery - A straightforward and easy to use photo gallery
  • Messaging - The open-source SMS/MMS text messaging app
  • Music - Open source music player; sorts music by artist, album and playlists
  • Phone - The standard open-source phone dialer app
  • Recorder - A simple voice recorder app
  • Settings - The system settings app
  • Work profile - Useful when setting up multiple user profiles, this icon provides an easy way to access and switch between "owner" and "work"

Install New Apps

TIP: Before installing new apps from F-Droid and Aurora Store, see our complete list of recommended apps.

Simple Rules to Follow...

  1. Use privacy-friendly apps: There are viable open-source privacy-friendly alternatives to the apps you have previously used.
  2. Stay away from Big Tech: Apps made by Google, Facebook, Microsoft, Apple and other Big Tech corporations should be avoided based on their standard practice of selling your personal data for profit and tracking everything you do.
  3. The less apps on your device, the better the privacy. Ask yourself, "Do I really need this app?". If there is a software program you can install on a PC or laptop instead, that is a better option.
  4. Instead of installing a company's app, access their website from a web browser; For quick access, use the browser's Add to Home screen feature to create an app icon.
  5. Install apps from these sources, in this order:
    • F-Droid: The best place to find apps is on F-Droid, a repository that curates privacy-friendly open-source alternative apps.
    • Aurora Store: If you cannot find a solution on F-Droid, the next step is to search Aurora Store, an open source app that connects to Google Play Store anonymously.
    • Direct Download: Not all apps have to be installed using a repository. There are several excellent apps available for download directly from their developer's website.
  6. If the app you installed complains about not being connected to Google Play Store, ask yourself "Do I honestly need this app?" If the answer is No, delete it. If the answer is Yes, then it requires microG, which must be enabled during initial setup.

NOTE: If you previously disabled microG, but realize later a specific app you installed requires it to run, the fastest way to install it is to perform a factory reset of the device. This means going through the setup process again, but this time leaving microG enabled. To factory reset the device, go to Settings app > System > Reset options > Erase all data (factory reset) > Erase all data.

Personal Customization

Make CalyxOS feel more like your phone with these recommended settings.

  • Enable Adaptive brightness: Adaptive brightness may be disabled by default. To enable it, open Settings app > Display > Adaptive brightness > tap toggle button to enable
  • Customize home screen: Select Settings app > Wallpaper & style to change home screen appearance (download our favorite wallpapers at https://digitalprivacy.shop/wallpaper)
  • Add apps to home screen: From the app drawer, hold a finger down on an app icon; begin to drag the icon with your finger (the home screen will appear); drag the icon to the preferred location and release
  • System navigation: Choose between gestures or 3-button navigation by going to Settings app > System > Gestures > System navigation
  • Add widgets: Add a clock or other widget. Hold your finger on an empty area of the home screen; In the pop-up menu tap Widgets; Select desired widget
  • Display settings: Go to Settings app > Display to adjust brightness, lock screen, screen timeout, theme, font size, auto-rotate, screen saver, and more

Harden Your Device

Follow the steps below to enjoy the most private and secure experience on your device.

  1. Disable Connectivity Check: CalyxOS connects to the Google service, connectivitycheck.gstatic.com, to determine if the device can connect to the internet. Turn it off by going to Settings > Network & internet > Connectivity check.
  2. Reduce App Dependency: The fewer apps on your phone, the more secure and private it will be. I challenge you to only install what you need. This will increase available storage space and reduce the potential for leaked data through random apps.
  3. Review App Permissions: Apps don't always need the permissions they request. Go to Settings > Apps & notifications > See All ## Apps. Then select each app and review permission settings. Change to Approve, Deny, or Ask Every Time as necessary.
  4. Configure Datura Firewall: In the app drawer select Firewall. Scan through the list of apps and decide whether to grant communication through four catagories: (1) background network access, (2) Wi-Fi data, (3) mobile data, or forcing app access through a (4) VPN service installed on your device.  Completely blocking access to the internet will block an app from sending data and disable trackers. However, you may prevent an app that requires internet access from functioning properly (i.e. Telegram, Signal, Brave, etc).
  5. Setup Multiple User Profiles: If you must install proprietary (closed source) apps that are questionable in terms of privacy (i.e. for your job), create a "Work" profile and isolate them from your personal data. Learn more.
  6. Activate Private DNS: Why is DNS important? Learn more. Go to Settings > Network & internet > Private DNS. Select Private DNS provider hostname and enter base.dns.mullvad.net. Or follow our guide to select a specific DNS resolver of your choice.
  7. Install a VPN: A virtual private network encrypts the data being sent from your device by tunneling to a VPN server, effectively cloaking your data and preventing ISP interception. Additionally, to the downstream recipient, your device's location will appear to be the location of the VPN server. This feature is useful when accessing websites that restrict access from specific countries. For a no-cost alternative that uses the TOR network, I recommend Orbot, available on F-Droid by enabling "Guardian Project" repository. There are also three free VPN services available on F-Droid: the CalyxVPN, RiseUpVPN, or ProtonVPN. However paid VPNs offer more features and higher speeds.
  8. Regularly Disable Network Transmission: Get in the habit of disabling Location, NFC, Wi-Fi, Bluetooth, Camera, and Microphone when not in use. You can easily disable them by swiping down from the top of your home screen to access the Quick Settings tiles. For added security, place the device in a Faraday bag when not in use.

Transfer Contacts and Personal Data

If you are coming from an iPhone and want to migrate your contacts, photos, and other personal data, follow the guide Transferring Personal Data from iPhone. Or if you are coming from an Android device, follow the guide Transferring Personal Data from Android.

Other Resources

The CalyxOS website is full of useful information. Please refer to their User Guide for more information. To chat with a member of the CalyxOS team, join any of their community Matrix channels.

De-register iMessages

If you are migrating from an Apple iPhone to an Android, you'll need to de-register iMessages in order to get text messages from other iPhone users. Go to Apple's "Deregister iMessages" webpage and follow the instructions.