LineageOS, CalyxOS and GrapheneOS all come with Seedvault which allows nightly remote backups. They're anything but complete, though. For folders, Syncthing might be interesting. I don't think it's possible without rooting your phone. Then, NeoBackup could do it.

Thanks. I looked into Seedvault and gather one of its challenges is a reliance on API's that are deprecated and (in the meantime) becoming intentionally degraded. Eg. Apps can exclude themselves via android:allowBackup=false.

There have been calls to modify Seedvault to impersonate D2D transfer in order to bypass the restriction. Or I wonder if I can patch the OS to ignore/override that app manifest flag? (I gather some people are patching their APK's).

I wrote a little more about this here: https://news.ycombinator.com/item?id=37774254

There's also F-Droid Basic which targets Android 13 and therefore allows unattended updates without root: https://f-droid.org/packages/org.fdroid.basic

Unattended updates will also come to the next release (1.19) of the main client.

With 7 Watts, the Snapdragon has less than half the Intel's and Apple's TDP, though. Also, the i7-1355U only became available in 2023.

The confirmed upgrades to 8 performance cores (from 4), ARMv9, PCIe 4, DDR5 RAM and possibly a higher TDP will bring significant performance gains with Gen 4.

But in principle I agree to you, I wouldn't use it yet.

Edit: Also, why leave AMD out :) https://www.cpubenchmark.net/compare/4774vs4104vs4794vs4102/...

Android offers seamless updates for apps from third party stores targeting API 29 since Android 12 via the REQUEST_INSTALL_PACKAGES permission: https://support.google.com/googleplay/android-developer/answ... https://developer.android.com/reference/android/content/pm/P... There are issues on GitLab covering this: https://gitlab.com/fdroid/fdroidclient/-/issues/1836

I'd also love to see them forking CalyxOS' Datura firewall: https://calyxos.org/docs/tech/datura-details/ It's so much handier when you don't have to navigate through each app's settings.

Can you provide any sources of CalyxOS not implementing security patches?

This shouldn't be too hard as the OS is based on AOSP and there are employed Devs working on it as you can read in the Calyx institute's annual report: https://calyxinstitute.org/documents/2021-calyx-annual-repor...

Stock OS ships security updates on the latest major version. It means that you can only get a given patch level on the same version for a given device. CalyxOS wasn't rebased on Android 12 until fairly recently. As of January 2022 (prior to the Android 12 release), their vendor patch level was 2021-10-01 which means that at the time the OS was roughly behind 3 months in updates.

They were also shipping an outdated version of Chromium (v94) during the same period (this is important since Chromium distributions for both CalyxOS/GrapheneOS are updated through OS updates - and Chromium is whitelisted by the OS to provide the WebView, even if you happen to use another browser). Considering their userbase is privacy/security-conscious, I think they should've been aware they were more vulnerable than stock OS for a while.

Looking at their source code it's also evident CalyxOS is increasingly relying on the LineageOS codebase. Not that it's a bad thing (LineageOS has its own goals but they're not necessarily aligned with security-focused projects), but it's worth noting.

> CalyX has is constantly harassing and bullying other privacy-focused projects, causing incredible harm to the privacy and security community. It also has been missing updates for 4 months recently, making it a terrible choice for anyone.

You actively harass and bully by not providing any sources for your claims. That's bad for an open, fact-based discussion and is opposed to how I percept the community. What are your claims based on? Can you provide any sources? As far as I know, CalyxOS tries to maintain a quite neutral temper: https://www.reddit.com/r/CalyxOS/comments/pmguwi/grapheneos_...

You can read the details of CalyxOS' implementation of microG here: https://calyxos.org/docs/tech/microg-details/

> Made the permission signature|privileged so only system apps signed with the right key, or privileged system apps with an explicit allowlist for this permission can use it.

> Hardcoded the signature to be spoofed instead of letting the application specify it.

> Only allowed the microG packages, GmsCore and Store to spoof signature. Both of these are included as system apps on CalyxOS so simply checking against the package name is enough.

That doesn't sound like that much of a risk to me. Esentially, it's a tradeoff between privacy and usability that microG tries to solve/soften. For example, it came in handy, when standalone Open-Source implementations of Google's contact tracing approach weren't available yet. microG quickly implemented it so official apps worked.

With CalyxOS, Signature Spoofing is only allowed for microG: https://calyxos.org/docs/tech/microg-details/

Albeit I agree with your post to a certain degree, CalyxOS is not a hobbyist project. The Calyx Institute has a working business plan and has five full time developers. Have a look at their Annual Report: https://calyxinstitute.org/about/financials-and-annual-repor...

So it says that ~6500 members are driving this by ponying up ~$511 annually. Interesting.

Don't they have the mobile data plan that they offer to people? Get a mobile hotspot and support an educational instituition.

Yes, and IIRC it's a reasonably priced MVNO setup with (mostly?) unlimited data. A friend of mine uses her Pixel4 with CalyxOS on google Fi but keeps a Calyx hotspot thingo around for traveling and it's been solid throughout North America at least.

Why not install it without internet permission?

That's what I did... I was hoping for a way around that.