
In this guide, we walk through the steps to get CalyxOS up and running on your de-googled device. We'll cover the initial setup, installing and configuring apps, migrating contacts and other data, customizing the environment, and hardening your device for added privacy and security.
Table of Contents
- Insert SIM Card
- Initial Power-on
- Configure MicroG
- App Repositories
- Default Apps
- Install New Apps
- Personal Customization
- Harden Your Device
- Transfer Contacts and Personal Data
- Other Resources
Insert SIM Card
Before you insert that SIM card for the first time, check out our article about how to remain anonymous while using a SIM card. Once you're ready, follow our tutorial to install your SIM card
Initial Power-on
When powering on the device for the first time, go through these steps
- Power On: Press and hold the power button on the side of the phone. You can safely ignore the message "Your device is loading a different operating system."
- Welcome: At the welcome screen, tap Start
- Language: Select your preferred language
- Date and Time: Set your time zone and adjust current date and time if needed
- Wi-Fi: Connect to available Wi-Fi network and enter password if required
- Turn on Cellular Data: If you have a SIM card installed and are not connected to a Wi-Fi network, you will have the option of using cellular data to complete the setup process. As always, charges may apply.
- SIM card missing: If you do not have a SIM card installed, you will get this screen with the option to install one at this point or "Setup eSIM".
- Location services: Determine whether to give apps permission to the device's location data. Optionally you may set up location data permissions within the individual app settings later.
- Navigation: Choose your preferred navigation method (Gesture, 2-button, 3-button). You can change this anytime in settings.
- Fingerprint setup: To use your fingerprint sensor to unlock the screen, you will need to provide your fingerprint. This step is optional and I recommend against providing bio-metric information to be stored on the device.
- Protect your phone: Set up a PIN, password or pattern to unlock the screen. This is an optional step however it will prevent unauthorized access to your phone by another individual.
- microG: microG is an open source replacement for Google Play Services. Unlike Play Services, microG does not have any advertising or location tracking and communicates anonymously to Google servers. Although it is a pragmatic balance between privacy and functionality, remember that if you choose to enable microG your device will communicate directly with Google servers.
- Google Services Compatibility - Generally speaking, apps that perform financial transactions like ebay, doordash, banking, shopping, and ride sharing, will require this setting to be enabled. If you do not plan to use your devices to make purchases, you may consider disabling this setting.
- Push Notification Support - Enabling this setting allows apps to register for push notifications with Google. This registers your device to Google services, without device-specific unique identifiers. Some apps like Signal and Telegram have push notification built in and do not rely on this support. If you prefer your device not being registered with Google servers and are willing to sacrifice the convenience (or annoyance) of push notifications, then you may consider disabling this setting.
- Additional Apps: Calyx Institute has curated an impressive list of privacy-respecting apps that can be immediately installed during set up. You may consider installing all apps and deleting the ones you don't use later.
- Restore apps and data: This is only applicable if you have a backup from a previous CalyxOS phone. Then you can restore it at this step.
Configure MicroG
If you chose to enable the MicroG software, you'll be wise to configure it to restrict as much communication with Google as possible.
- Open Settings > MicroG
- Self Check: Select this section and ensure all boxes are checked
- Account: If you have a Google account and need to sign in, go to Account and sign in with your credentials. It is highly recommended that you do not use this feature as it will connect your device and identity with Google. Instead of relying on Google services, find alternatives that accomplish the same goal but respect your privacy.
- Google Device Registration and Cloud Messaging: If you choose to install apps that send push notifications that depend on Google Cloud Messaging, then leave Google Device Registration and Cloud Messaging enabled. However, it is recommended to choose alternative apps that don't depend on Google.
- Google Safety Net: Some apps from the Google Play Store depend on Google Safety Net to ensure the operating system is properly secured. For example banking apps like Square and Paypal, or shopping apps like Amazon require it. My recommendation is not to use banking apps or apps to make purchases.
- Location Modules: Go to Location Modules and check that at least one Network-based geolocation module and one Address lookup module are enabled. For information about installing alternative modules, see more about MicroG's Unified Network Location Providers.
- Exposure Notifications: To enable the functionality of Google's contact tracing, MicroG offers this feature. I recommend disabling this option.
App Repositories
F-Droid: This software repository serves a similar function to the Apple App Store or Google Play store. It contains only free and open source apps. Applications can be browsed, downloaded and installed from the F-Droid website or client app without the need to register an account.
Aurora Store: Aurora Store is an unofficial FOSS alternative to Google's Play Store, with an elegant design, using Aurora you can download apps, update existing apps, search for apps, get details about in-app trackers, spoof your location and much more. For those concerned with privacy, Aurora Store does not require Google's proprietary framework to operate. It works with or without Google Play Services or MicroG.
Use F-Droid and Aurora Store just like you would Apple Store or Google Play Store. Search for apps, download, and install. Both repositories will keep you aware of app updates as well.
Default Apps
CalyxOS includes a suite of default apps.
- Backup (Seedvault) - Use this to make backups of your user data
- Calculator - A straightforward calculator app
- Calendar - To start using, go to app settings to add a calendar
- Camera - Open-source camera app capable of capturing still images and video
- Chromium - The open-source and privacy-friendly web browser; this is NOT google Chrome
- Clock - An open source clock app; includes an alarm, timer, and stopwatch
- Contacts - The standard Android open source contacts app
- F-Droid - Replaces Google Play Store as your primary app repository
- Files - A simple file browser
- Firewall (Datura) - Very useful firewall app developed by Calyx Institute; use it to limit apps' network communications
- Gallery - A straightforward and easy to use photo gallery
- Messaging - The open-source SMS/MMS text messaging app
- Music - Open source music player; sorts music by artist, album and playlists
- Phone Dialer - The standard open-source phone dialer app
- Recorder - A simple voice recorder app
- Settings - The system settings app
- Work profile - Useful when setting up multiple user profiles, this icon provides an easy way to access and switch between "owner" and "work"
Install New Apps
To begin searching for and installing new apps, use F-Droid to find privacy-respecting apps; To get started, see our complete list of recommended apps.
Simple Rules to Follow...
- Use privacy-friendly apps: There are viable open-source privacy-friendly alternatives to the apps you have previously used.
- Stay away from Big Tech: Apps made by Google, Facebook, Microsoft, Apple and other Big Tech corporations should be avoided based on their standard practice of selling your personal data for profit and tracking everything you do.
- Install apps from these sources, in this order:
- F-Droid: The best place to find apps is on F-Droid, a repository that curates privacy-friendly open-source alternative apps.
- Aurora Store: If you cannot find a solution on F-Droid, the next step is to search Aurora Store, an open source app that connects to Google Play Store anonymously.
- Direct Download: Not all apps have to be installed using a repository. There are several excellent apps available for download directly from their developer's website.
- If the app you installed complains about not being connected to Google Play Store, ask yourself "Do I honestly need this app?" If the answer is No, delete it. If the answer is Yes, then it requires microG, which must be enabled during initial setup.
Personal Customization
Make CalyxOS feel more like your phone with these recommended settings.
- Install wallpapers: Select Settings app > Wallpaper & style to change home screen appearance (download our favorite wallpapers at https://digitalprivacy.shop/wallpaper)
- System navigation: Choose between gestures or 3-button navigation by going to Settings app > System > Gestures > System navigation
- Add widgets: Add a clock or other widget. Hold your finger on an empty area of the home screen; In the pop-up menu tap Widgets; Select desired widget
- Display settings: Go to Settings app > Display to adjust brightness, lock screen, screen timeout, theme, font size, auto-rotate, screen saver, and more
Harden Your Device
- Disable Connectivity Check: CalyxOS connects to the Google service, connectivitycheck.gstatic.com, to determine if the device can connect to the internet. This is highly questionable and they give no reason why this setting is enabled by default, or even why it exists. Turn it off by going to Settings > Network & internet > Connectivity check.
- Reduce App Dependency: The fewer apps on your phone, the more secure and private it will be. I challenge you to only install what you need. This will increase available storage space and reduce the potential for leaked data through random apps.
- Review App Permissions: Apps don't always need the permissions they request. Go to Settings > Apps & notifications > See All ## Apps. Then select each app and review permission settings. Change to Approve, Deny, or Ask Every Time as necessary.
- Configure Datura Firewall: In the app drawer select Firewall. Scan through the list of apps and decide whether to grant communication through four catagories: (1) background network access, (2) Wi-Fi data, (3) mobile data, or forcing app access through a (4) VPN service installed on your device. Completely blocking access to the internet will block an app from sending data and disable trackers. However, you may prevent an app that requires internet access from functioning properly (i.e. Telegram, Signal, Brave, etc).
- Setup Multiple User Profiles: If you must install proprietary (closed source) apps that are questionable in terms of privacy (i.e. for your job), create a "Work" profile and isolate them from your personal data. Learn more.
- Activate Private DNS: Why is DNS important? Learn more. Go to Settings > Network & internet > Private DNS. Select Cloudflare DNS, or input a Private DNS provider hostname.
- Install a VPN: A virtual private network encrypts the data being sent from your device by tunneling to a VPN server, effectively cloaking your data and preventing ISP interception. Additionally, to the downstream recipient, your device's location will appear to be the location of the VPN server. This feature is useful when accessing websites that restrict access from specific countries. For a no-cost alternative that uses the TOR network, I recommend Orbot, available on F-Droid by enabling "Guardian Project" repository. There are also three free VPN services available on F-Droid: the CalyxVPN, RiseUpVPN, or ProtonVPN. However paid VPNs offer more features and higher speeds.
Transfer Contacts and Personal Data
If you are coming from an iPhone and want to migrate your contacts, photos, and other personal data, follow the guide Transferring Personal Data from iPhone. Or if you are coming from an Android device, follow the guide Transferring Personal Data from Android.
Other Resources
The CalyxOS website is full of useful information. Please refer to their User Guide for more information. To chat with a member of the CalyxOS team, join any of their community Matrix channels.