#CalyxOS posted an announcement about the departure of both the founder of the organization (Nicolas Merrill) and lead developer of CalyxOS (Chirayu Desai):
A letter to the CalyxOS community
A letter to the CalyxOS community
According to their post, it will likely be around 4 to 6 months before they resume updates with new signing keys.
CalyxOS is stuck on the 2025-06-01 patch level. The missing patches include 2 remotely exploitable Exynos cellular radio vulnerabilities fixed for Pixels in June along with many High severity issues for other components. There are a huge number of AOSP patches scheduled for disclosure in September.
Android has quarterly major releases. Android 16 QPR1 is coming in September and changes more overall than Android 16. Providing full AOSP patches requires the latest release since only High/Critical severity AOSP patches are backported. It's also needed for the Pixel driver and firmware updates.
Verified boot signing keys can't be rotated. Their plan to change all of the signing keys will require reinstalling the OS to continue receiving updates. Nicolas Merrill was the sole person with access to CalyxOS signing keys. Either he isn't handing over the signing keys or they don't trust him.
#GrapheneOS was founded as an open source project in 2014. In 2018, there was a takeover attempt on the project by Copperhead which was a for-profit company founded in late 2015. Copperhead was meant to be sponsoring the project and making it sustainable. Both Nick and Chirayu were involved in this.
Chirayu Desai was a full time employee of Copperhead. The CEO intended for him to be lead developer of a new closed source OS forked from our project. Nicolas Merrill was in active contact with Copperhead and wanted an OS made for Calyx. When the takeover failed, he hired Chiyaru to make CalyxOS.
CalyxOS never incorporated privacy or security features comparable to GrapheneOS. It was always a non-hardened OS far more similar to LineageOS and /e/. Despite being in a different space, Nick and Chirayu worked hard to undermine the continuation of our open source project alongside Copperhead.
Calyx should publish information on why Nicolas Merrill was previously demoted and what's happening with the signing keys and other infrastructure he controls. CalyxOS users deserve to know whether he's refusing to hand over keys, domains, IPs, ASN, etc. and if Calyx considers the keys compromised.
📃.xml is the SEC filing for shares issued in February 2024 by a for-profit telecommunications company founded in 2019. The owners of the company are Nicolas Merrill, Louis Rossmann and Steve Gerber. This raises a lot of questions, as does other publicly available information.
For CalyxOS users considering moving to GrapheneOS, you should know it's not only much more private and secure but also has broader app compatibility and is very easy to install.
Comparison of Android-based Operating Systems
Comparison of Android-based Operating Systems
is a high quality third party comparison. You'll likely be more than happy with it.
Many CalyxOS users have been exposed to a lot of inaccurate information about GrapheneOS and fabricated stories about our team. Our team is heavily targeted with harassment. We're open to forgiving and unbanning people who participated in this in the past if they're going to stop and do better.
