I dont get why anyone would use LineageOS on a phone that new and that well supported by custom roms (GraphineOS, /e/os, etc)
I like lineageOS more, because GrapheneOS includes google play, even while sandboxed i don’t like that
By default no, you install it later (as a sandboxed app)
yeah but i like microG and i read it isnt supported
True But maybe might be helpful if the phone hits EOL?
At that point using it will be less secure, the reason why GraphineOS stops supporting devices is because they focus on security. In addition the Pixel 9 will be EOL in what eight years from now? Maybe even more
Eight years, minus the few years you’d have to wait until the phone is close to affordable. And updates via LineageOS is still way better than just using a phone with no updates when it hits EOL like you normally would.
Calling the pixel 9 unaffordable when it’s literally the cheapest flagship in the market.
“Flagship” is doing a lot of work here. Most people here use cheap phones. My Pixel 7 was already $300, which is a bit hard to swallow, and it was not the newest model at the moment. Pixel 9 in the same place is close to $1k now, which is completely out of reach for a lot of people including me. That is frankly an insane sum to spend on a phone.
Anyone using Lineage? How is it?
I’ve got a Pixel 7 and have been wondering
To be honest I do not see any reason to use Lineage with Pixel while there is GrapheneOS… But maybe there will be some users of it: it is always better to have more free open OS
The only use case i guess if you prefer microG implementation v sandboxed GPS.
I think GOS model will end up being proven right from security/privacy perspective but the debate is ongoing.
GOS chief should not be in any public facing communication position though… that weaponized autism with heavy dose of paranoia is what is needed to develop GOS but not a good look objectively, and I give people a lot benefit of doubt.
I use GOS and agree with you completely some of the things GOS has done and said in the past should have never happened and hurt GOS more than it helped it. Also on the micro G front You are correct still being debated but as long as Micro G is signature spoofing it is my opinion it is not secure as signature spoofing requires kernel changes that in fact weaken Android’s security model.
Maybe an unpopular opinion here, the Android security model is based around trusting the vendor of the device or ROM more than the end-user, which I find wrong in principle. The origin of trust needs to be fully in the hands of the owner of the device. Otherwise you take away the self-determination of the users, and that should never be an option when it comes to security.
Users themselves should be able to give or take away trust however they choose, and if they are unsure on whom to trust for certain things, they should be able to delegate that trust-management to a third-party on their own accord and with the ability to revoke it at any point.
Everyone is different, and trusts entities to different degrees. For instance I would trust MicroG more to only transmit data that is absolutely required to google servers, than the gapps.
Also, modifying the kernel is already done by google, in order to provide hardware support, so patching it additionally doesn’t automatically make it more or less secure. That depends on what those patches do, and if those patches are properly maintained.
Correct but GOS reverses alot of Google patches like always on voice requires kernel privalage it is disabled on GOS etc. But kernel level signature spoofing gives way for a malicious app to spoof as micro g and infect your device and you would never know because micro g requires the same thing to function it is making itself look like Google when it is not google. So using microg opens your device up to allot more ways for it to be compromised and also makes it harder to detect or notice once it is compromised. For me the security risk of kernel level spoofing is way to high to use on a production device used everyday. Also I trust neither Google or microg I only use Foss apps I don’t have Sandboxed play services installed at all I just don’t use Google anymore.
I haven’t looked into it (because Android repos are confusing), but I assume it allows just one specific signature to spoof one other specific signature. If so then I do not see such a security issue, because it wouldn’t suddenly open this mechanism up to everyone.
Even if it would require spoofing of multiple signatures, if there is a limited list of signatures to spoof as and a whitelist of signatures for the apps that are allowed to spoof them, then it would also be limited enough, IMO.
IIUC, you don’t need to patch LineageOS anymore for MicroG: https://github.com/lineageos4microg/android_vendor_partner_gms/blob/master/README.md#microg-mobile-services
Graphene has a relatively short support, especially given that the phones for it are completwly unaffordable new so it’s effectively shorter than advertised. I am now spoiled by using a device that is not EOL so I think I will be switching when GOS’ support ends.
GOS Supports the pixel devices for the same amount of time as Google hard to keep a device secure once drivers are no longer being updated. But with Google extending support for pixel 6 and 7 series and the new 7 year guarantee on pixel 8 devices and newer this isn’t really a concern anymore. So pixel 7a and fold will be supported until 2028 and Pixel 6 and 6 pro until 2026 pixel 7, 7 pro, and 6a until 2027. Seems like plenty of time for support and that means as long as Google supports it so does GOS.
Yes, I know about them extending it. For me, for example, that means four years of official support, which is much less than a usual lifespan of my phone.
Then buy a newer one with longer support this will always be a issue since the support window is the same as Google. Once a manufacturer stops updating drivers and device firmware the said device can no longer effectively be secure because any exploit in the drivers or firmware will forever go unfixed compromisimg the devices security. Doesn’t matter what devices you buy this will always be the case it just depends on what your personal threat model is.
That support is about as long as it goes on mobile. An average poor person can’t afford to just buy new phones as soon as the support ends. Some updates is still better than no updates in this case.
A Pixel 8 on contract was free for me if I commit three years with my provider. I think I will get seven years support from GOS which is a worthy enough lifespan for an everyday smartphone
Is it an expensive contract? I doubt my $3/mo plan would ever have perks like this lol. Especially given that Pixels here are only sold unofficially.
Yeah I’m in the US and those “free” phone contracts over 3 years are objectively terrible deals when you look at the total cost of $100–120/mo or more with the “free” phone on one of the big three vs buying it outright and paying $25/mo (ish) with an MVNO.
Even if you assume a total cost of $100 at Verizon with the “free” phone—which I believe is a super low estimate—and you assume $45 at Visible (shameless referral plug)—which is their most expensive tier—you’re coming out at $1980 less in contracts over 3 years which could buy you (virtually) any phone you want and then some.
$25 is already a crazy enough sum for a phone bill, what you’re talking about is outrageous. Also, I’ve heard that such devices are often carrier-locked, and that carrier-locked devices often also have locked bootloaders.
About $60 CAD per month for talk/text with 50GB data which is average for here
I used it extensively ony Samsung Galaxy S4 until Android 9 or 11. Was very good (model jflte(xx))
It’s annoying to upgrade between whole number android versions.
its alright, it kept my “supposed to be dead” phone to keep on running with latest stuff, i like the built in firewall, but if you’re privicy focused then this is not for you.
What privacy issues are you talking about?
Once LinageOS is installed your bootloader is always unlocked so anyone who finds your phone if lost owns it. GrapheneOS and a few other ROMs I forget the names of allow the bootloader to be relocked keeping android security model intact allowing the device to still be secure.
Is the bootloader really that important for a lost phone? If someone finds your phone can’t they just tear it apart and read the storage with external tools? A locked bootloader sounds more like an anti-tampering measure and not for protecting your phone’s content after it’s lost.
If someone finds your phone can’t they just tear it apart and read the storage with external tools?
that’s not the problem that BL locking solves. this is solved by storage encryption. BL locking solves 2 other problems:
- helps keeping stolen phone from being wiped, though maybe it’s not 100%
- makes it much harder to plant malware on your phone while it’s not with you
It is largely an anti-tampering measure. Without it you could have things injected into the system. For example, a stalker could install a hidden tracking program as a service and then return your phone without you knowing.
Iirc it’s also a prerequisite for full-disk encryption on modern android. So, without it your user data is available to be dumped in an unencrypted state. Most phone thieves are interested in reselling the phone, so they’re provably not going to go through the effort and risk damage to the phone just to dump encrypted data from the chips directly. However, if it’s just available unencrypted from fastboot why not dump it? They could get info that could be used to blackmail or scam you or people you know. Or they could just sell the data.
Iirc it’s also a prerequisite for full-disk encryption on modern android.
How modern? It’s still working on Evolution X with Android 14 (although maybe it needs custom rom support).
It would be a bit less secure since the bootloader itself could be compromised, however (but I wouldn’t be concerned about random thieves/snooping in this case).
https://source.android.com/docs/security/features/encryption/file-based
I did not remember correctly, kind of. From AOSP, Android 7 and later use file-based encryption (FBE) rather then full-disk encryption (FDE). FBE is dependant on verified boot, which itself requires a locked bootloader.
Custom ROMs may have back ported FDE, modified FBE, or implemented their own encryption.
No because the data is encrypted especially on Graphene OS and even on stock pixel phones data at rest is fully encrypted and pixel phones also have a onboard security chip as well. So unless you can unlock the user data it would be useless. That is why a locked bootloader is so important it is needed to ensure at rest encryption its a requirement for it.
That would be a security issue, not a privacy issue. Maybe that was what RelativeArea0 meant but if so I think that confused people because “privacy” implies somehow corpos/the state is spying on you through Lineage
LOS has privacy issues though, if I remember correctly. like, default DNS server is 8.8.8.8of google, assisted gps contacts a global server of I think qualcomm to speed up getting a GPS fix, and others I don’t remember now
Ah, so not that significant and fixable? GOS has an assortment of calls home as well (to their own servers at least, but still a third party).
well not sure if fixable
It could be included as both with a unlocked bootloader all user data could be easily retrived with physical access to device.
That kind of data access is generally included under security not privacy (which is more about telemetry), but obviously with a state threat model privacy and security can become blurred, and that kind of data access is of concern if you are at risk of having devices seized by the state.
deleted by creator
Upgrading android versions did a surprise factory reset for me. Never used it again after that.
Custom Roms are only viable if official android support has dropped and you are no longer getting upgrades.
Not really. Stock OSes are really bad in terms of privacy, maybe with a few exceptions - I wouldn’t be able to trust them with any personal info. Just like Windows. So a custom one is a must.
I was planning to move to Lineage, and eventually GrapheneOS (non Pixel at the moment) but revolut has broken compatibility by enforcing the use of the Play Integrity API, revolut is my main bank so I’m kinda blocked, for now… 🤬
My last bank did that so I switched banks my new bank app works without any play services installed on GOS.
that’s the spirit
I may follow suit down the road, I’m even contemplating having a second cheap phone, with a long battery life, only used for revolut, I don’t think I really have any other apps that I couldn’t survive without.
How safe is Lineage?
Their devs dont really care about security so id say its not safe at all.
Any source on this?
Lineage allows people to have newer android/security patches on end-of-life phones, that’s a pretty good security argument.
That first link talks about how it requires an unlocked bootloader, therefore verified boot is disabled and the device is less secure.
While that is true, I think that’s a bit of an unfair thing to hold against it considering on most Android phones, you need to unlock the bootloader to run anything the OEM doesn’t approve, and most vendors do not support installing your own keys.
That should be a criticism against the OEM for forcing you to weaken the security of the device to have full control over it, not Lineage. That is not really their fault.
I think it would be nice of them to mention that the signing keys being held by the OEM and the OEM only is a massive security (and freedom!) weakness on it’s own, and that without being able to sign everything yourself, you can’t really be certain of the security of your device, as you cannot control everything on it.
GrapheneOS
how safe is google?
deleted by creator
I connect my glucometer (Dexcom G6) with my phone and I’m assuming lineage wouldn’t work with it.
Lineage is just Android, however, some apps (Usually banking apps are the worst offender) throw a fit running on rooted/custom roms, though it’s usually bypass able with varying amounts of effort. I would not expect a glucometer app to have issues, but I’ve seen apps throw that fit for less in the past.
Being a medical thing, I’d advise you to pickup a cheap used Android phone that’s also on the supported list to test out your app first, or at least have an alternative means of monitoring it
I did some Google searching and it came up… inconclusive, though the Dexcom website has this blurb on the compatible phones section
“You can use this app on any OS that meets the minimum requirements, but Dexcom recommends not updating to a new OS before it’s listed here.”
And the only minimum requirement for Android is that it’s v10. I also didn’t see mention of root/or “unauthorized OSes” on that page and alot of the times they will put something like that if a companies app will scan for root/custom roms
So, you might be fine
Does NFC still work? (I know that low key defeats the purpose of a privacy oriented android build but yeah)
Yes, NFC the technology works. However, certain applications, like Google Wallet can be problematic and require workarounds (not because of technology itself though)
I know that low key defeats the purpose of a privacy oriented android build but yeah
Not everyone using a custom ROM is doing it for privacy reasons. I see privacy as a perk but I mainly use custom ROMs to keep my devices around longer and to get new features.
Even for those who are concerned about privacy, I don’t think NFC is that big of a security hole. I know some people who turn it on only when they’re using it, but that’s pretty painless.
Yeah I did that with an old Motorola, it went for years. Now I have a pixel and it seems to come with a lot of features that break when installing an alternative OS
I bought a Pixel because of how universal its support is with custom OSes. What features are broken there?
I remember reading some Reddit comments about certain camera functions no longer working. I bought the pixel for the camera and I don’t want to break that functionality.
Disclaimer: I’ve never really looked into different OS’s and what they do/don’t do
afaik it should. but why do you think NFC defeats privacy? it is quite short range, isn’t it? having google services is much worse
Well, I was mostly concerned about google knowing where I’m shopping. I know using google pay is lazy buy I’m not perfect…
oh google pay, I see. but that’s not NFC’s fault, it’s useful for other things too.
speaking about it, I’m not sure google pay will work. but I never used it, so I don’t know for sure, but there’s this suspicion after what banks do
Last time I checked there was a relatively narrow selection of phones the Dexcom app works with. Pretty much just iphone, galaxy, and pixel. I just checked again and there’s a lot more now, so maybe it’ll work?
I’d give it about a 70% chance of just working
Works on GrapheneOS
Oh damn, good to know
Out of curiosity, why do you think it wouldn’t work?
It already only works on a pretty narrow selection of android phones. It seems like the Dexcom app is very picky.
Yeah… That’s how I initially got it to work on my pixel 6 pro. Since then they started supporting it.
Does it support flashing from web browser?
that’s not a feature of the ROM. that’s a tool provided by ROM maintainers. that being said, it almost certainly supports it, as in in someone makes a website that does that, it will be possible.
now, don’t get me started on how bad of an idea it is to use webusb
don’t get me started on how bad of an idea it is to use webusb
I will get you started. Please explain.
there is no way to verify the downloaded package before installation.
also I generally deem both webusb, and chrome’s broader filesystem access apis dangerous, partly because a vulnerability in the website permission checking code with this permission is much worse than with e.g. the camera.
but the more realirealistic problem is that its just too easy to grant a random website so deep permissions to your device, either by accident, by habit or because the user does not understand what is happening. just a click or two and you have just granted a ransom website full access to your drive. with webusb, they can even write a bootable anything to your pendrive.my concern here is not that you cannot make sure that the graphene website will only do what it needs to, but that the feature exists at all, because of all the other websites. I sincerely bless mozilla for not implementing these.
