LineageOS is great, my one complaint is that it is almost never available for the phones I own. You basically have to get phones according to their popularity in a certain subgroup: for example currently one HTC model and two LG models are supported, but close to everything from OnePlus.
I know I can get unofficial builds, put apart from the sometimes quite severe missing features (calling or camera not or only partially working) I don't want to trust random people on a forum to provide a build of an OS without including malware. It just looks like a prime target for all the intelligence services of the world, and a nice target for hackers. With official builds there's at least some accountability somewhere to mitigate this.
> I don't want to trust random people on a forum to provide a build of an OS without including malware
Why is it some communities still work like this? With Android dev, sometimes there's even some source on GitHub, but still a forum post is the main place to find the latest version, with the actual download from some questionable-looking download site. If you're lucky they include sha hashes at least.
I've installed a handful of custom ROMs on 3 or 4 devices - most recently resurrecting my old TF101 to run modern Firefox - but I don't think I've ever seen anything like an automated build for one of these. Really, many don't even post source code.
Is there anyone doing this type of Android dev in a "modern" best practices way like most other open source (public git, CI, maybe issue tracker and pull requests)? Why doesn't this catch on more?
Becauses the cost of doing a CI of Android is astronomical.
(Especially for students)
For my own ROM [1] I spent days and a hundred of euros optimizing the cost of building by trying various cloud providers (fwiw my current best spot is scaleway GP instance with 600GB local SSD). As of today, I'm still at 6€ per builds (For standard ROM devs, that should be cut down to 2€ I'd say). There is simply no way I can afford a CI. (well if someone wants to give me money for that, please do!)
I do my best to isolate components and have at least some kind of CI where I can, but that's hard work (And doing CI is my day job, and I consider myself rather good in it)
Even android's own CI is very far from what you'd call a modern CI. They basically just build master once every hour and pray for the best, and let the build cop fix that. They do have a mechanism where they try to build CLs in batches, but "try" is the keyword.
Sure you can, for 20+€/mo if you want your builds take less than a day. That's still astronomical for the enthusiasts compared to struggling to build on their own PCs.
Because the people doing it are mostly teenagers and hobbyists who do it for free because they think it's fun. They're not professional developers, so they don't follow professional dev best practices.
Well, nowadays, for devices that started from Oreo or later, there is this thing called Project Treble where every device are guaranteed to boot AOSP of the same version.
It is possible to use that to create generic lineage image, that just works on all devices released with oreo or later.
Of course with those generic images, not everything will just work, but calling and camera are a given.
There are unofficial builds of this [1] but lineage doesn't want to endorse this approach, even though that's technically how they support all recent devices.
Project Treble images are less "generic" than they sound - they vary by stock-OS version (Nougat, Oreo, Pie, Q/10), 32-vs.-64 bits, A-only vs. A+B boot.
That's still only one source code for all of them. (Nougat never had treble) the difference there between actually one single image and five is build time. There is no additional development needed.
And that still means that with five images you target several hundreds (probably thousands) devices. More than lineage will ever support
GSIs should be closer to the goal - Lineage and other free software people should really push manufacturers to publish their GSI images to make Lineage porting easier.
> my one complaint is that it is almost never available for the phones I own
This is the reason that I've only bought Google's handsets. Easy to unlock and always excellent ROM support. Flawless LineageOS support and I have also very good experiences of GrapheneOS (former CopperheadOS).
I buy them when the next model (or the model after that) is out for a fraction of the price. Couldn't care less about getting the latest phone these days. At this level they're pretty much all the same to me.
Only thing to look out for is Google's crappy long term support and security fixes (which even GrapheneOS relies on). For my current Pixel 1 device OS updates were supposed to run out over a year ago. Still, Android 10 was "just" released for the Pixel 1...
While popularity of phones plays some part, mostly this is down to the manufacturers. HTC are well-known for providing locked-down devices; even if you're looking for a near-stock experience, HTC tends not to be recommended.
Samsung is similar in this regard, though they get away with it somewhat more than HTC due to demand.
In short, don't complain to/about Lineage. Vote with your pocket and buy more open phones.
>In short, don't complain to/about Lineage. Vote with your pocket and buy more open phones.
I agree with this wholly. Devices like iphones or the samsung devices are riddled with user-hostile features like KNOX, locked bootloaders, pre-installed payment gardens and proprietary blobs all over along with carrier locked, contractually defined handset ownership agreements.
The state of open smartphones is rather nacient, checking the wikipedia list page[0] there hasn't been a real handset launched in numbers for 3 years. I would describe the availability of these devices at best as Very Poor.
That said, HTC is much better for open firmwares than the big ones like apple or samsung. You can just ask and they will return the bootloader key. Try that with Samsung, they are horrible. Samsung is a very integrated vendor, and it can be quite challenging to develop for these very closed platforms, the software sometimes takes ages.
Case in point the Galaxy s6. The verizon locked phones still have no public bootloader unlock tooling afiak. Quite a hassle.
Currently the only Openish devices you might be able to get soonish are ( In the order of my own arbitrary bias )
There some threads here a couple weeks ago and on r/Purism, but it appears they have shipped 0 phones to customers so far. There are just a handful of pre-production units given to employees. Unfortunately it also sounds like they have spent all, or nearly all of the money they raised in crowdfunding, so how they are going to ship all the backorders is unknown.
Always in matters like this, it's about degrees of compromise.
While some will be happy with one of these three options, some will find it a step too far from mainstream, low maintenance high end options.
With this in mind, it's important to make recommendations across the spectrum, to encourage those not willing to go "all the way" to still go some of the way.
In this area, I'd look at Fairphone (not great on the high end cutting edge tech side for obvious reasons, but decent on openness), Motorola and One+ (both more mainstream high-end options but also not quite as heavy on user-hostility as some competitors).
Google are also quite good in this area, on the hardware side, but given their ownership of the software side and general practices in that area, I'd be in less of a hurry to recommend them.
Great list. There's also the option of going for a SailfishOS smartphone because you won't have to abide to FAANG tracking.
Fairphone 3 doesn't quite fit the bill, but I'd still mention it in lists like these as it is possible to unlock bootloader, the phone is modular so can be repaired, and the Fairphone 2 ran a myriad of OSes (#3 just got released, give it some time).
>HTC are well-known for providing locked-down devices
I've been using HTC devices for ages, and so far every one of them was dead-simple to unlock: Just go to the HTC developer page and enter your phone ID, get unlock code and enter on phone, done! Naturally HTC will from there on out decline responsibility for bricked phones, but which company doesn't?
If you're talking about simply unlocking the bootloader, that's as simple on most phones. I'm more referring to the general barriers put up to doing anything with your phone, either before unlocking (the OS itself is restrictively HTC-oriented) or after unlocking (S-ON, etc.)
> Naturally HTC will from there on out decline responsibility for bricked phones, but which company doesn't?
The fact that this is an accepted norm is another part of the problem. Why "naturally"? Some manufacturers (like Google, Fairphone, Motorola on a limited number of phones) don't void the warranty, but even if none did: why do you think this "naturally" an acceptable thing other than it being the norm?
If you don't damage the hardware by flashing, there's no reason it should be out of warranty. If you do "damage" it because of some malicious hardware fuse installed by the manufacturer, then it seems to me that could reasonably be considered a faulty device.
You can actually permabrick the hardware with a non-compatible or buggy flashed OS. It's an embedded device, so the Linux kernel has access to a lot of stuff that it wouldn't, e.g. on an ordinary PC.
> The fact that this is an accepted norm is another part of the problem. Why "naturally"? Some manufacturers (like Google, Fairphone, Motorola on a limited number of phones) don't void the warranty, but even if none did: why do you think this "naturally" an acceptable thing other than it being the norm?
Because I want to be allowed to install software that will damage the phone. Holding the phone manufacturer responsible for code I wrote is not in fact a natural thing to do.
> Holding the phone manufacturer responsible for code I wrote is not in fact a natural thing to do.
I'm sorry but I'm really struggling to understand what you mean by this. What hardware should I be running the code I write on without fear of voiding the warranty.
If it's the fact I wrote the code that constitutes voiding the warranty, exactly who's code should we be permitted to run on hardware we've purchased? Only code which has been written by/provided by the manufacturer themselves?
You shouldn't be running the code you write on any hardware without fear of voiding the warranty. The point of a general-purpose computer is that the code you write might do anything at all. There is no warranty to cover that, and there shouldn't be. You should get over your desire for a warranty.
I've bought a handful of used HTC devices in the past. Only "real" HTC devices are go to dev page and unlock. If they've been through a carrier that isn't T-Mobile, it's very likely permanently not unlockable. Try entering a Verizon-issued HTC or Sprint-issued HTC on the page.
But yet Samsung is the only LOS option that doesn't have Qualcomm's broken-by-design integrated baseband/application processors.
I'm certainly not trying to fanboy here (Samsung cameras suck [0]), just pointing out that all manufacturers are intrinsically inclined to deploy some user-hostile features. "Voting" with your wallet doesn't particularly move their needles.
And drilling down to the most popular phone for your country seems to turn up a fairly well supported model. I ended up with a Moto Z2 Force (https://wiki.lineageos.org/devices/nash) for pretty cheap, and I've been happy with it.
About HTC, I used to run Lineage my One/m7. After upgrading to the One/m9 I switched to AICP, and I'm very happy with it!
AICP really let me down only once: I'm semi-religiously doing the weekly security updates. Once that broke the installation, because it was a major version upgrade (I think Oreo to Nougat). I suppose I should have wiped and installed it manually, but the AICP update center just enqueued it like a regular security update.
I used AICP to extend the life of an LG G2 and was very happy with it. Many may not realize that the builds for each phone can require significant tweaking off the base ASOP builds and much of that is dependent upon vendor documentation and lockdown. That is a lot of work for a small community of devs deadicated to these types of projects. Then consider how many Android phones are out there (Samsung alone has 388 per GSM Arena)
I know I can get unofficial builds, put apart from the sometimes quite severe missing features (calling or camera not or only partially working) I don't want to trust random people on a forum to provide a build of an OS without including malware. It just looks like a prime target for all the intelligence services of the world, and a nice target for hackers. With official builds there's at least some accountability somewhere to mitigate this.