I wish that LineageOS could accept the "signature spoofing" patch that is needed for microg (possibly with a toggle switch that would be "off" by default), so that we could avoid the need for the less-frequently-updated https://lineage.microg.org/ and properly install apps from Play Store without the Google Service Framework (that essentially give root access to Google on your smartphone).
(and actually I also wish they could implement the shims developed by https://grapheneos.org/usage#sandboxed-google-play in order to sandbox the google play services, so that the user could choose between approach 1 (microg with signature spoofing) and approach 2 (sandboxed GSF) on any smartphone supported by LineageOS (grapheneos only supports Pixel phones due to their ability to relock the bootloader))
I believe the reason Lineage doesn't do this (along with things like SafetyNet spoofing/passing) is to stay on the right side of Google et al. This way there's never a threat of a legal shutdown à la Vanced. If Lineage was backed by big foundations/folks with deep pockets that could change.
I have no idea why GrapheneOS takes this risk, but am grateful to them nevertheless for the code.
I'd like to edit this comment but unfortunately it's probably too late to edit - it appears I was at least partially mistaken. LOS declined to integrate MicroG because of security concerns from spoofing signatures, as per the Wikipedia article of MicroG (https://en.wikipedia.org/wiki/MicroG)
Yes, but if it was with a toggle switch (and a default value on "off"), then the user could decide and take the risk (and/or only activate it when needed), which would alleviate the risk.
Partly that, but also a lot of/all of Google Services Framework is proprietary Google code. Other implementations reverse-engineer and modify it afaik. Google probably doesn't go after them because they're small, but LOS is the largest such organization and would be an easy target if Google were to sue.
And also, even if it's technically legal, it's such lawsuits/slappsuits can entirely bring down an organization as legal fees can be very expensive. They probably want to err on the side of caution so that Google can't, and wouldn't care to, sue them.
microg replicates the API but contains no actual google code, right? Isn't that exactly what google argued was completely legal when they were sued by oracle over replicating the java API?
Yes MicroG is open source, but they probably had to reverse engineer something. However I don't know if that's the main reason, my initial comment was likely (partially?) wrong, here's an update: https://news.ycombinator.com/item?id=31171788
> Yes MicroG is open source, but they probably had to reverse engineer something.
MicroG being open source is irrelevant. The relevant point is that google play services is not, so MicroG devs could not have copied source from it. Besides the fact that the API used by other programs to interact with play services is public and that the team had no access to the play services source code US law also has a specific carve out for "interoperability" which might (I'm guessing) apply here. Google has already spent many years and many millions in court arguing that an API is not copyrightable.
IANAL but it seems hard to argue that this would be an easy legal case.
Edit: I'm no longer trusting my memory lol. Apparently security was why LOS didn't integrate it (see https://news.ycombinator.com/item?id=31171788). I'm still leaving my original reply below.
The SafetyNet part is something I read from somewhere else, though unfortunately I don't remember if that was LOS or some random developer on reddit/XDA. You can treat most of this as (oft-repeated) speculation by users.
Having the sandboxed Google Play services would be wonderful. I'm currently using LineageOS with microG and Aurora store, but quite a lot of apps do not properly run with microG. Having some kind of fallback alternative in a second user or even better a work profile would be great.
Not sure if this is acceptable to you, but Uber has a web app at <https://m.uber.com>. I seem to recall that you have to "request" access in order to use it, but it was an automated rubber-stamp thing. The only downside (besides what you'd expect for a web app vs a native app) is that you can't do fancy things like multiple destinations in one trip, or changing your destination on the fly.
I have a Oneplus 5T (dumpling) and get much less frequent updates (which puzzles me : I though they would have an automated build system i.e. that all supported devices would have exactly the same updates at the same time...)
I have been running lineage for more than a year in my OP5, I don't face any issues with it. I don't use microg. I have also rooted it with magisk, so that banking apps will work.
You can’t install paid apps and your google account can be terminated at any point for using Aurora store. So it’s out of the question for a lot of people
I'd also love to see them forking CalyxOS' Datura firewall:
https://calyxos.org/docs/tech/datura-details/
It's so much handier when you don't have to navigate through each app's settings.
I just switched to LineageOS 18 w/ MicroG and oh my lord is this stuff still complicated. I'm fairly familiar with this stuff and yet still it took me many hours to set everything up correctly. To be clear, this is not the fault of LineageOS, this is simply the state of the FOSS Android environment and the fact that Google has no interest in supporting this setup whatsoever, to put it mildly. Not only is it complicated, it also seems to change pretty much every year.
First the question is how to transfer all your application data, for which there still seems to be no surefire way. I settled on "Neo Backup", which mostly worked fine, except for Signal (of course...), and the darned Microsoft Authenticator.
So first unlock the bootloader (good luck), then you need to find the correct TWRP for your phone (and careful with 32/64 bit) and flash it via fastboot.
Then I flashed LineageOS, which worked fine. Luckily I found an image which already had the signature spoofing patch included, so I didn't have to worry about that. How do you get root? SuperSU? XPosed? Magisk? OK it seems everybody's using Magisk nowadays. OK, flashing worked fine, but now, how do you get MicroG on it? If you look at the MicroG homepage, you might think you can just install it with F-Droid, and you actually can, but many things won't work (like FCM notifications). It needs to be a system app. I tried using the F-Droid Priviliged Extension, flashed it via TWRP, which seemed to work fine but actually wasn't installed and not working at all. Now what? There's a multitude of information in forums what to do. Some say to flash NanoDroid, but the last release was in January 2021, it seems it's not updated anymore? I settled on the "MicroG installer revived" Magisk module, which worked fine (btw, there's no curated Magisk module repo anymore, you have to search the web and hope you find something that's not malicious).
Of course my banking apps refuse to run because "U ROOTED UR PHONE", I search for Magisk Hide, it doesn't exist anymore, now you need to configure a "Zygisk deny list", whatever that is. Then I also need to hide the Magisk app, my banking works now thank you very much. FCM notifications also work after I uninstall and reinstall my apps which need it...
To be clear: I'm eternally grateful to all the developers who make this possible in their spare time. This is not their fault.
I've been through much the several journey several times, each separated by enough time that I have forgotten all the little details.
I eventually found out about LineageOS for MicroG [1] which is a variant of LOS with MicroG bundled which cuts out most of the fooling around, removes the need to root my phone and works with both banking apps that I've tried.
After hesitation, I opted to go full on the "privacy above all" path - out of curiosity if it was possible and bearable.
So no root, no GFS or substitute at all. Only tracer free apps (except my bank) and using browsers.
I use a set of privacy add-ons (canvas fingerprinting etc) for wandering on the web and the "WebApps" app to isolate the web sites I use regularly and where I need to log into my account.
Then the TrackerControl app lets me allow or block connections per app and by destination.
Of course, this choice implies to renounce certain services without a web version, but I'm happy with the tradeoff (less time spent procrastining by consuming social networks content).
It's a bit annoying at first but I paid $80 for this secondhand phone (including a good new battery). Within weeks I didn't notice anymore that speed difference with a native web app.
That difference of speed exists, of course, but I'm fine with the whole tradeoff.
Not being at all a security expert, I did my best - following advice found on the net.
How far is my privacy better protected though? I can't really know - that's my only true frustration. I see very few ads and they look poorly targeted.
Well, sorry for the long post, this was just to mention another possible path: no GSF or substitute at all, no root.
If you're going to that level you should also consider your phone always compromised and unsuitable for running a banking app. Humans got by without them for a long time.
I really like LineageOS, but this is partly on them as well. They are the most popular ROM and they do very little to make this situation easier. With this situation I do not mean the install itself - actually there they do a lot, the documentation for officially supported devices is really good (and you often do not need TWRP anymore, the lineage recovery is cleaner). But I mean everything else you mention: Rooting, Play services/MicroG, fighting against the security theater. They even officially ban talking about this and other impending topics of doom like VoLTE on their subreddit.
I do like what the project achieved, but I don't understand in the slightest what they are thinking. If I were to speculate, to me it feels like a leftover from their failed attempt to make this a business to ban everything some corporate partner might dislike. But what purpose would that serve for the project now? Just baffling.
Just flash ‘LineageOS for MicroG’[1]—it already has F-Droid extension & obviously microG. Recovery images are provided right alongside, though of course you can use TWRP if you prefer but you don’t have to. IDK why you need root, but most people don’t need it. Push works just fine with microG alone, you just have to enable it in settings. Also LineageOS has an integrated backup solution now.
As far as the rooting-related problems go, there's very little reason to root an Android phone today (unlike, say, 6-8 years ago). Most of the things you used to need root for now have a working API (like VPNs).
Magisk Hide was replaced with "Zygisk DenyList". Which is fine, my main complaint is that you cannot guess from the name that it is doing essentially the same thing. The reasons for that can be read here:
I'll add to the list: Advanced Charge Controller, and the ACCA GUI app for it.
This provides fine-grained control over battery charging if the kernel/device have the required features. The user can set limits on current, voltage, and percentage, as well as pause charging when the battery gets too hot. These settings can be saved into profiles selectable with a tap or on a schedule.
Limiting charge speed/capacity can significantly extend the service life of the battery.
> Doesn't unlocking the boot loader delete everything?
Exactly. Even if the phone is already unlocked, the official LinageOS installation instructions explicitly say to do a "Format Data / Factory Reset" in recovery before sideloading the OS.
It's nice to see that Lineage OS is still a prominent alternative OS. Back when I couldn't afford new smartphones, it would allow me to keep years old devices on relatively new software (these were the CyanogenMod days). Using it opened my eyes to tinkering and the possibility of a de-googled digital life. It's a shame that due to the ongoing 3G shutdown, people won't be able to keep old devices working.
> I won't buy a phone that I can't run LineageOS on. MicroG.
I won't buy one that doesn't have an aux port. Do you know any lineage-supporting modern phones that have an aux port (and an SD slot, ideally!) by chance?
You can’t use that tool’s SD Card column right now, since its code hasn’t been updated to match the LineageOS wiki’s new data shape. (I fixed that bug locally and plan to submit a PR.)
Thanks for this link, exactly the kind of thing I was looking for. The lineageOS site is kind of impossible to use for that purpose - it uses random names that don't have anything clearly to do with the device
You can still use old devices with WiFi. If you need phone service you can configure a VoIP provider. You lose the cell network but it's still a phone. Some would even say you'd regain privacy this way.
I have tried this in the past with Google Voice. It's just too inconvenient to not be able to make calls when I'm not near a wifi. I've learned that's the #1 feature I value in a phone.
> Back when I couldn't afford new smartphones, it would allow me to keep years old devices on relatively new software
I hope you're not implying LOS is only useful for old devices.
LOS supports many relatively new devices, including many flagship phones. It also arguably offers much better experience than the default bloatware-ridden OEM OSes, which is the reason I check which currently sold devices are supported before buying a new phone.
> Our very popular privacy oriented built-in firewall, restricted networking mode, and per app data isolation features were all rewritten to account for AOSP’s new restricted networking mode and BPF. Additionally, data restriction and network isolation features were merged into a single implementation. Combined, this means that one of our largest pain points each bringup should now be easier to forward port in future revisions!
I'm so glad to hear this. Every other custom ROM's Android 12 version had to remove the "disable internet access per app" feature.
Lineage took its time to rebase to Android 12, but they did it without removing important features like this.
Is that build based on Android 12 ? If so I might be wrong about no custom ROMS adding that feature back in. Maybe grapheneOS and some other ROMS made their own patches to fix it.
On my phone running LineageOS 18.1 (Android 11) I have the following on/off options for every app: Allow network access, Wi-Fi data, Mobile data, Background data, VPN data, Unrestricted data usage (even when data saver is on)
I installed LineageOS on my old Samsung Galaxy S3 back in the day. It's currently only used as a fancy alarm clock, I got an app that requires me to solve math problems to disable alarm.
Just yesterday I was wondering if it was still supported by LineageOS, and I see that it is not. What are the chances that a new version will work on this "ancient" device?
And even if I do, would it be safe enough to use or does the hardware have serious, unfixable flaws?
Got me thinking about the obsolescence of our modern gadgets.
Since the S3 Neo is still supported, I don't see why the S3 wouldn't be. As far as safety, at a bare minimum it would only be as unsafe as the stock rom, though having newer patches to the kernel / android does mitigate a lot of vulnerabilities
The Galaxy S3 and the Galaxy S3 Neo are entirely different devices from a software engineering perspective. The device name is not a reliable indicator for this.
Depends what you want to use the phone for. If there's no network access intended, then obsolete software doesn't matter as much as the device has a much lower attack surface.
LineageOS has reached some serious stability milestones IMHO. It's also so much easier to customise and get where I want it to be than any other custom Android ROM I've tried. Most of the bugs have been worked out by this point it feels like. Anyone looking for a new daily driver OS should give Lineage a try. I love it.
Agreed. I've been running nightlies for years now, and it's very rare for something user-facing to break. This probably depends on how well the device is supported, but I've had very few minor issues on my OnePlus device.
Kudos to the LineageOS teams and all contributors! You make Android usable. Which reminds me I should definitely donate.
On most Android devices, you can flash a new recovery image on with fastboot. You can not do this with Samsung devices, Samsung has its own proprietary methodology of flashing recovery images called Odin. Samsung is a supported LineageOS vendor, but Samsung devices have an extra step to even flash the device with a pre-built ROM.
Have been on Cynogen/Lineage since 2012. Love the idea and the philosophy. Recently have been coming across safetynet issue.
Will 19 address that?
Also wondering what is the future of AOSP development, now that big companies are poaching developers (and effectively killing good projects like Magisk)
There is a workaround for safetynet (so you can run banking apps and others that don't allow unlocked bootloader) but it's a bit of a cat and mouse game. be prepared to re-apply after each upgrade, which can be as often as every other week on the stable branch.
What's the future of AOSP? There are other distros like GrapheneOS and CalyxOS that take advantage of the open-ness of "google pixel" hardware. But I think the end goal is to replace android with a linux userspace like postmarketOS and containerizing android with Waydroid.
Safety net can be worked around using Magisk (including v24.3) by enabling Zygisk, downloading UniversalSafetyNetFix and MagiskHidePropsConfig, running the "props" binary from adb shell and selecting a known factory device fingerprint. and then adding the apps to the "DenyList".
You also need to clear the data of Google Play Services and Google Play Store, and of the apps that detected root.
AIUI, Zygisk is a Google-approved variety of Magisk. The real issue with SafetyNet bypass is that it's inherently unreliable because Google could at any time require a locked bootloader running stock OEM ROM for passing SafetyNet, so any rooted device would be SOL.
From what I'm reading many newer devices require a locked bootloader, else SafetyNet will fail. So realistically I think that means only Pixel phones could work, since they support relocking the bootloader with a non-stock ROM.
Lots of phones support relocking to a user provided key (OnePlus does for sure) but it's a less trusted state than locked to the vendor key, I don't think it counts as good enough for full SafetyNet
I wonder how long until not having a safetynet approved (tm) phone is a serious hindrance in everyday life. Their effort is admirable but I can't help but think the tech world is moving in a different, darker direction.
In theory you can go here [1] and whitelist your phone to have a custom rom on your phone count as play protected. In practice it's another google service that doesn't work and you get no support for it when it doesn't work.
For me, it already is. I use Google Pay extensively, which checks SafetyNet during regular operation, and I hear the Netflix app even disappears from the Play Store if the phone fails SafetyNet. (Sure, you can install it from APKMirror or whatever, but...) I expect some other banking apps on my phone wouldn't work either.
If you are reading this, thank you for backporting to kernel 4.4! My phone is only a year and a half old.
I'll just wait for the OpenGapps to have at least an unofficial 12.0 version to upgrade, so I can keep using the minimal Gapps required and not bloat my phone with crap I'll never use like Gmail or Youtube.
It is said to have removed of iptables in favor of eBPF. Won't we loose compatibility with AFWall+? Will there be a relevant alternative? I consider it important to choose which apps can access the Internet and when.
It appears so, for now. Apps can be updated to support IPTables to eBPF wrappers, though; you'll have to see if the developer(s) behind AFWall+ will be able to get that to work. This isn't just a LineageOS issue, it should also cause problems for anyone running any other form of Android 12.
I love Lineage and used it as my main phone OS but since my carrier required in February for VoLTE to work, I can’t receive or make phone calls anymore.
You may have to call your carrier and have them change some things. I had trouble with AT&T a couple times, but then they had me turn off the phone, sent some data to it, then turn it back on. All good now.
I haven't gotten VoLTE on my XZ2 Compact with Lineage 17.1 and Telenor Sweden to work either. If I have it enabled, I can't do phone calls at all, when forcing 2G/3G calls, at least those work. But I do miss HD Voice.
If your SIM card is really old, some carriers need you to get a new SIM card for VoLTE to work, no matter what phone you have. Also, this is probably a dumb question, but are you on the latest build of LineageOS?
Is there a list of supported hardware models in conventional (non-codename) format? I am eager to find a model which isn't going to be expensive/rare (like Google Pixel) nor obsolete (pre-LTE). This is rather hard with the old LineageOS versions HCLs.
In addition to the official wiki, or running queries on the yml data yourself (it's published under the lineage OS Github account), you can also check these two third party tools:
> it's published under the lineage OS Github account
What I found there was a list of model codenames like "redfin" rather than "Google Pixel 5". Now I've already found the list I wanted, however. Thank you anyway.
My Mi9 has no official builds for LineageOS and my days of trusting random forum users for my daily driver ROMs are over. There are many Xiaomi devices that are compatible with LineageOS, but they're exactly not guaranteed to work just because their bootloader unlocks.
not exactly sure how exactly are official Lineage builds more trustful than unofficial, since it's same random forum users developing all these builds whether official or unofficial
You could run a build of the new LineageOS official Generic System Images. That way you wouldn't be relying on random xda users, though some things might just not work properly with a GSI.
How similar do the devices have to be? I have a Samsung Galaxy Note 10 Lite. LineageOS supports Galaxy Note10, Galaxy Note10+, and Galaxy Note10+ 5G. Might one of those builds work on my Galaxy Note 10 Lite?
In general, it has to be exact. There are some exceptions (e.g., the same build works on the OnePlus 3 and OnePlus 3T), but that's rare, and it will be very clearly indicated if that's the case. Unfortunately, your phone does not appear to have such an exception.
I used to run lineage, but every time there was a major version upgrade I had to reinstall, which was annoying. So I reverted to stock OS.
Has that changed? Can it upgrade between major versions now?
I've always done upgrades and they usually worked, but updating across Android versions is quite painful. You need to be wary not to accidentally keep old versions of GApps and any other system modifications installed, and not all system services migrate that easily.
At some point, a transitionary .zip was published to help users upgrade between versions. However, I'm pretty sure their official policy is still that you should do a clean install.
I think upgrading between versions works (as long as you do it in order!) but your system will be a lot more stable if you do a clean install. The same can be said for any major OS upgrade, really, be it Windows 10 to 11 or Ubuntu 20.04 to 22.04.
Unless the major upgrade is Fedora, then it works great and is well supported to update in place for many years. The one major issue I had once was my fault because a force rebooted in the middle of the install. Still got it working though.
I'm curious how secure LineageOS is. It doesn't seem to have the resources of Apple/Google to respond to vulnerabilities. I haven't even found anything on this topic at their website. Googling "lineageos security response policy" haven't found anything useful, either.
How does it compare to flagship Samsungs/Pixels/iPhones? Is it usable in, say, corporate settings that do have some security standards in the vein of "two years old iPhone OK, six years old Android not"?
Since LineageOS tracks AOSP, they get to piggyback off of Google's security efforts. They tend to release the monthly Android security patches faster than most phone vendors do for their stock ROMs.
> I'm curious how secure LineageOS is. It doesn't seem to have the resources of Apple/Google to respond to vulnerabilities.
Well, you get weekly updates, and you can see what changes are made. Most of them are security ones, and you're getting them 4/5 times a month vs once per month with stock Android in my previous experience.
For example, here you can see the changekog for the Motorola Moto G7 Plus.
I don't think this can be compatible woth corporate policies, though. As an end user, I'm more than satisfied.
Security is a bit different for different people. If you want to do browsing minimising ads/spying from rubbish lineage is there. Also one can block minimise data, improve battery life by avoiding playstore
LineageOS relies on the open source kernels and pre-existing vendor blobs to run. Qualcom drivers and such won't receive any patches, the best you can hope for is that the driver blobs are extracted by the device maintainer and put into the next build.
As for the Android stack itself, LineageOS follow the upstream Android branches very closely where it can. Most vulnerabilities in that stack will probably be shared among devices, so security issues will probably be fixed within a reasonable amount of time. Google's Android patches should also be present in the nearest weekly updates after public release.
The lack of official driver and kernel patches make the security of LineageOS a little strange. There are definitely some patches that LineageOS can apply, but in the end they rely on the vendor to publish all the necessary patches, and that can take a while.
There's also the fact to consider that out of necessity, the bootloader on the phones is unlocked. Most phones won't allow you to lock it again with your own keys (if you try, you'll often brick the device!) so it's trivial for a malicious actor to flash a new OS full of spyware and key loggers onto the system partition.
Having said that, LineageOS supplies weekly updates to my Oneplus One, even though it's showing its age. Neither Qualcom nor Oneplus will ever release any more patches for this device, so for kernel level security I'm boned. However, I still get the latest and greatest Android 11 framework security patches. This should protect the phone against the huge Bluetooth exploit found a few years back despite it being over eight years old now.
LineageOS is quite transparent about this, even showing that their device is missing patches right inside the settings (https://www.xda-developers.com/lineageos-trust-centralized-i...). I don't think you can expect much more from a project run by volunteers.
My daily driver phone receives "quarterly" security updates (sometimes off by a month or so) so I'd rate LineageOS above Xiaomi in this sense. The LOS Android stack itself should also be on par with or even better than some flagship phones.
Sadly, for the complete picture, Qualcom and other manufacturers determine how secure LineageOS can be. In general, the bootloader lock status and lacking supply of source code are a real pain for open source efforts. Some phones may see a mainline kernel with all of the recent Linux patches as a result of the postmarketOS efforts (https://wiki.postmarketos.org/wiki/The_Mainline_Kernel) but cleaning up vendor code and reverse engineering drivers isn't exactly a fast process.
GrapheneOS is able to support relocking the bootloader, but only works on Pixel devices (the bootloader lock is one of the main reasons they only work with Pixels).
I personally think the booloader lock is of dubious value. It protects against physical attacks against the device (evil maid attacks).
That's very low in the list of threats I worry about.
(Though I am using GrapheneOS, and am happy with it.)
I'd be more worried about the lag between Android security patches (and vendor blobs, which GrapheneOS gets direct with android updates, from what I can tell) and custom ROM updates.
You're much more likely to get hit by some Samsung zero day that impacts 100M active devices than something targeting a custom ROM.
(All of this is assuming you're a boring target, which most people are.)
Anyway, the main deciding factor for me between the two operating systems was device support.
I think evil maid attacks are a realistic problem for anyone regularly travelling through airports. I think there are quite a few people who would like to know when someone tampered with their phone. Certain shady governments are known for demanding you hand over your phone if you look suspicious/foreign enough.
I have no experience with GrapheneOS, but I've heard good stories so far. It's very good to hear that the Pixel devices allow re-locking of the bootloader.
Personally, I consider exploits in the Android framework itself and drive-by-exploits (like BlueFrag) to be the most important security vulnerabilities so I'm fine with LineageOS.
Not everyone might agree, though, and custom ROMs come with some security challenges or problems that stock software does not. I don't think such flaws should be left out of discussions like these.
Locking the bootloader (to enable verified boot) isn't only a protection against physical attacks. It also ensures that any deep OS exploit that occurs is not persistent since the base OS is cryptographically verified on boot. This is really important to the security model, because otherwise you have no reliable way to protect against persistent exploits or verify that you're running a genuine release of the OS you think you are.
Lineage doesn't "break" android security model. It works around OEMs that don't support installing your own keys in the bootloader. Otherwise, security model works the same as any other android.
LineageOS's first priority isn't security - it's freedom. Graphene and CalyxOS have security as the first priority - but have only a couple of phones on their support list and they deprecate old devices as soon as they stop receiving vendor updates.
Yes it does. They ship userdebug builds as production releases, pretend to support devices past their vendor EOL (which is impossible since Lineage can't provide security updates for firmware etc.), ship the F-Droid Privileged Extension (which uses an incorrect approach to implementing unattended updates), don't support locking the bootloader to enable verified boot on many supported devices, etc..
> They ship userdebug builds as production releases
`userdebug` is used to have a few specific debugging capabilities that aren't available on a `user` ROM. Note that this is not the same as the standard `userdebug`, as most security measures that would otherwise get removed are manually reinstated.
> pretend to support devices past their vendor EOL (which is impossible since Lineage can't provide security updates for firmware etc.)
So... no security fixes at all are better in your opinion?
> ship the F-Droid Privileged Extension (which uses an incorrect approach to implementing unattended updates),
Where are you getting this from? Neither F-Droid nor its privileged extension is included in the system.
> don't support locking the bootloader to enable verified boot on many supported devices
There is nothing that inherently prevents you from relocking your bootloader on LineageOS. But technically, something may go wrong at any time, so it neither is officially supported nor endorsed, and the keys necessary for relocking the bootloader are not provided.
If someone wants to, they can always just build LineageOS themselves (with all system modifications built-in, because anything else would break the signature), sign it with their own keys, and reconfigure their bootloader to use that key.
> pretend to support devices past their vendor EOL
They don't "pretend" anything. They are very clear that, after a device no longer gets kernel/driver updates from the manufacturer, they can only provide OS/framework updates.
> don't support locking the bootloader to enable verified boot on many supported devices
Can you expand on this more? My understanding was that you could do this on Pixel phones, but that no other manufacturer supports adding user keys to the bootloader.
> They ship userdebug builds as production releases
What specific security problem does this cause?
> pretend to support devices past their vendor EOL (which is impossible since Lineage can't provide security updates for firmware etc.)
This is good for security. Not everyone can afford to get a new phone as soon as the vendor drops support, and just because you can't fix everything doesn't mean that you shouldn't fix what you can.
> ship the F-Droid Privileged Extension (which uses an incorrect approach to implementing unattended updates)
What's incorrect about it?
> don't support locking the bootloader to enable verified boot on many supported devices
This isn't really their fault. On most devices, relocking the bootloader with anything non-stock has a high chance of permanently hard bricking.
Security issues can occur in both the device-agnostic Android OS code and in device-specific drivers. Some people are going to continue to use phones after the vendor drops support. Although those people won't get security updates to their device-specific drivers anymore no matter what they do, by using LineageOS instead of their stock ROM, they will get security updates to the device-agnostic Android OS code.
> They ship userdebug builds as production releases, pretend to support devices past their vendor EOL (which is impossible since Lineage can't provide security updates for firmware etc.), ship the F-Droid Privileged Extension (which uses an incorrect approach to implementing unattended updates), don't support locking the bootloader to enable verified boot on many supported devices, etc..
I'm pointing you toward how things are meant to work, not arguing with you or leading you through your research.
If you want to skip paying $150 for a Pixel to use on Graphene or Calyx or something halfway decent, and "just use Lineage how bad could it be", be my guest!
The "Support length" table at https://calyxos.org/docs/guide/device-support/ shows that CalyxOS supports a bunch of devices even after the vendor drops support. For example, support for the Pixel 4a 5G ends in October 2023, but CalyxOS plans to support it until August 2024. It's unfair to recommend against LineageOS for doing that while supporting other custom ROMs that also do it.
Also, for supported Pixels $150 or less, https://swappa.com only has the Pixel 3a, which loses manufacturer support next month, and the Pixel 4, which loses manufacturer support 6 months from now.
>Android is designed for developers. Security controls were designed to reduce the burden on developers. Security-savvy developers can easily work with and rely on flexible security controls. Developers less familiar with security are protected by safe defaults.
In addition to providing a stable platform to build upon, Android gives additional support to developers in a number of ways. The Android security team looks for potential vulnerabilities in apps and suggests ways to fix those issues. For devices with Google Play, Play Services delivers security updates for critical software libraries, such as OpenSSL, which is used to secure app communications. Android security released a tool for testing SSL (nogotofail) that helps developers find potential security issues on whichever platform they are developing.
Vs.
>Android is designed for users. Users are provided visibility into the permissions requested by each app and control over those permissions. This design includes the expectation that attackers would attempt to perform common attacks, such as social engineering attacks to convince device users to install malware, and attacks on third-party apps on Android. Android was designed to both reduce the probability of these attacks and greatly limit the impact of the attack in the event that it was successful. (Read: Handcuff users to keep them from violating developer expectations and assumptions)
>Android security continues to progress after the device is in the user's hands. Android works with partners and the public to provide patches for any Android device that is continuing to receive security updates. (Read: we work with developers (them again)* to provide patches to devices that are convenient to deliver patches to)
>More information for end users can be found in the Nexus help center, Pixel help center, or your device manufacturer’s help center. (Read: we take no responsibility for explaining how any developer's use of this power is exercised, ask them!)*
>This page outlines the goals of the Android security program, describes the fundamentals of the Android security architecture, and answers the most pertinent questions for system architects and security analysts. It focuses on the security features of Android's core platform and doesn't discuss security issues that are unique to specific apps, such as those related to the browser or SMS app. (Again, even when talking about users, the language drifts back to people we'd lump under developers... who exactly is the User here?)
Then this gem:
>Verified Boot strives to ensure all executed code comes from a trusted source (usually device OEMs), rather than from an attacker or corruption (oh, is corruption where user programs are classed under?).
It establishes a full chain of trust (for whom, OEM's again?), starting from a hardware-protected root of trust to the bootloader (whose root of trust, OEM?), to the boot partition and other verified partitions.
Sorry, but the language used to describe all of this completely lets the cat out of the bag on who the Android community holds to be the true benefactors of your "ownership" of a handset.
Straight from the source. Quiet parts emphasized and said out loud by me.
Android is the most transparently User/operator hostile piece of Open Source software I have ever had the misfortune of laying my eyes upon. The fact you basically have to be a developer to list and understand the things you need to do to get anything non-trivial done speaks volumes.
I've been using Lineage for about a month on my main phone. It's great to free up space from dozens of Moto and depreciated Google apps that I never found useful.
This is pretty cool to see! Still really odd that i couldn't just take any ROM and install it on my current phone from a slightly less popular manufacturer: https://www.ulefone.com/
Of course, phones don't work as regular desktop computers do for some reason, though i really enjoy being able to just throw Debian/Ubuntu/Rocky/Alma (or some of the BSDs as well, though support varies) at some pile of x86 consumer hardware and have it vaguely work.
The only exceptions to that have been specific components in laptops: trackpads (disabled in default config back in CentOS/Fedora for some reason), Wi-Fi drivers (needed to be compiled off of GitHub) and fingerprint scanners (no idea, never worked on *nix no matter what i did).
> Still really odd that i couldn't just take any ROM and install it on my current phone
This is because ARM uses device trees to know what hardware's on the device, versus x86 which discovers it at boot. Every rom has to be specifically built for that exact device model.
I tried Lineage on my Xiaomi 10T Pro a while back, but some of the apps I use the most (NFC pay/credit card double verification for online shopping, gasoline payment with a QR-code) just don't work with it, so I had to revert to a stock ROM. The developers seem to have a whitelist of acceptable Android versions.
This could be a Safetynet issue, which you can fix by rooting your phone and installing Magisk + the necessary module. It's not a perfect fix (Magisk can't make GPay work) but it works most of the time for me. My bank is fine with me running a rooted phone, so I can't tell you for sure if it'll fix your situation.
Congrats, and thank you to everyone involved in LineageOS!
I can't use it right now, but I have many fond memories of LineageOS (and CyanogenMod before that), and I look forward to using it again in the future!
Happy LineageOS 19 / Android 12L [0] user on a dated Samsung S7 phone. Don't forget to donate of you are a custom ROM user, it takes a ton of effort to support these older phones.
I installed LineageOS and https://calyxos.org/ several times last year on different Pixel phones. CalyxOS is easier to install and all applications worked. Then again, all applications working is probably a by-product of it being easier so there is less a chance to misconfigure something.
Highly recommend either of these as a way to keep a perfectly good Pixel working.
I've got a ten year old Nexus running as well as a modern tablet thanks to cyanogenmod/lineageos.
Is there a more valuable free open-source community project like it for anything else in the world? Because it seems incredible to have.
Hard to figure a new tablet to buy that will get that same 10 year life, some custom rom development just vanishes over time. Popularity doesn't seem to be a guarantee.
I have a second-hand Nexus 7 (repartitioned flo), probably the same as you, and I'm super happy with it thanks to Lineage OS. LineasOS 19 doesn't seem to be available for it though (yet?).
> Hard to figure a new tablet to buy that will get that same 10 year life, some custom rom development just vanishes over time. Popularity doesn't seem to be a guarantee.
If I would be buying a new tablet today, beside second hand (better for Earth, more guaranties to have a FOSS ROM running on it, and cheaper), I guess that I would go for open hardware like what Pine64 is doing: the community is dynamic, and I would not be surprised to see the device still updated in 10 years.
For phones, I guess that Fairphone is a very good option too: FOSS friendly, easily fixable, and minding about resources.
PSA: LineageOS 17.1 is no longer getting official builds, even though it has some of the recent security updates committed. So if can't upgrade immediately to 18.1, you can do a build yourselves to get the security patches.
Their IRC setup is profoundly disappointing. Joining their channel redirects unregistered users to a designated quarantine room that blocks all messages.
Why on earth do I need to manage YET ANOTHER account just to ask a question, get a response, and leave?
Unfortunately, because we get enough trolls and spammers as-is, and I don't even want to imagine what happens if we lift that restriction as well. Sorry!
Does anyone happen to know of any third-party Android 10+ distributions that work for the Motorola Moto G6 Play? They cancelled major updates for this model after just a year or so on the market.
The reason why auto-install doesn't work for major version upgrades is because Google Apps are version-specific, and LineageOS isn't allowed to ship Google Apps without paying for certification by Google (and, in fact, disregarding this _will_ result in cease-and-desist letters).
This means that ~95% of users would break their installation by pressing the "auto-update" button because they didn't update their GApps accordingly.
Also, nowadays there is the problem of requiring a certain version of the built-in firmware as well, and in case there are any incompatibilities, a major version upgrade is the perfect time to require updating that as well.
I'm still pissed at Google for locking the bootloader on my Pixel 2. I bought the phone unlocked directly from Google, specifically so that I could install a custom ROM once Google stopped supporting it. But I sent the phone in to repair a broken USB port, and apparently it was Google's policy to send back a phone with a locked bootloader any time you get a repair.
I can't even get a response from Google's support about the issue. (Although, based on what I've seen from other people in the same situation, the response would be pretty useless if I did get one.)
I'm still using the phone, because the hardware is perfectly fine for my needs, but it's slowly turning into e-waste as the software gets more and more out of date. (I replaced the battery about a month before learning about the bootloader, so it's good for another 3-4 years.)
The same thing happened to me, and I wrote an angry blog post about it[0] It is not OK for Google to lock me out of a phone that I own!
LineageOS (running on a different device) has changed the game for me. It has been a smoother, more accessible Android experience, and I'm so grateful to the developers who make it happen.
Unfortunately, Lineage has abandoned a large number of previously-supported devices, so this latest version will be met with some dismay.
The primary reason is the loss of iptables, and the older kernels that do not support eBPF.
U.S. carriers are also moving to VoLTE, and this is not supported on any Samsung devices at all. AT&T has already made the move, and published a list of allowed devices.
> Unfortunately, Lineage has abandoned a large number of previously-supported devices, so this latest version will be met with some dismay.
> The primary reason is the loss of iptables, and the older kernels that do not support eBPF.
It's worth noting that the pmOS folks are working on mainline kernel support for older devices. This is not always easy, since e.g. some devices are only supported via non-free kernel or userspace blobs. But good quality hardware might regain support at some point. If you have devices that are going unsupported because of this issue, you might want to experiment with porting them to a mainline kernel by following the instructions on the pmOS wiki.
Unrelated to the topic we're discussing, I just wanted to say that your website is super cool. Its design is so simple and appealing to my minimalist taste (and I noticed that it's open-sourced). Fantastic job!
Did they send you back a Verizon phone? Verizon Pixels have locked bootloaders due to Verizon's own policies. They say they are "unlocked" but they only mean carrier-wise. Source: Owned a Verizon Pixel 1 that I sold due to it having a locked bootloader.
Anecdotally, I purchased a 4a 5g from Google with a dead headphone jack. My replacement also had an unlocked bootloader though I think it was also new.
When you run out of uses for your smart phone you can always convert it to a wifi LAN camera using IP Webcam by Pavel Khlebovich and consume the output in VLC. I have been using an old phone for this purpose successfully for years.
I do appreciate stuff like that but I wish there were more alternatives, I don’t need a LAN camera! And I can’t think of much else I’d repurpose the hardware for either. I wish it were a lot easier to use phones as phones for a long time.
In general, I'm pretty aggressive about reselling or giving away old hardware when I no longer use it. But I do appreciate innovative uses like that, and I wouldn't be surprised to hear that some previous phone of mine is serving as a LAN camera for someone else :)
Is it running 24/7? How is the camera (sensor) holding on? Is the image quality still ok?
I had the same plans, but I was always afraid that running the camera for a long(-er) time will degrade the sensor fast, so te phones are collecting dust in a drawer now :)
On Christmas morning we had a break-in at our house.
Since then have been using an old droid connected to wifi as IP Webcam (I even bought pro actually)
There are enough settings to allow for just about any use-case.
For me, I had issues doing full HD over wifi, since the router is upstairs in a different room, but you can play around with settings for resolution and FPS until you find something stable enough for your setup.
The heating seems okay, leave it on 24/7 with no downtime.
Occasionally the phone falls off the wall due to the advanced taping mechanism keeping it there, but that's not the software's fault.
You can have it automatically run at boot. We have load shedding here often, and the phone recharges quickly enough after the 2 hour shutdown of power and can stream throughout (connected to mobile hotspot wifi - also for loadshedding reasons)
I don't buy many apps, but this one I recommend for sure.
How do you manage the battery? I would be afraid of a fire after x years being on all the time.
Note that I have no specific knowledge on the subject ; it's quite possibly a fear without any reasonable ground.
But I had a cheap speaker that I used with a Chromecast audio to listening to podcasts ; I left it always on and... I came back just in time one night, the speaker was producing a large dark smoke.
I almost put fire to one of the oldest habitation building in Paris (1704) - with a lot of apparent wood etc. :-(
Not proud of it, but good lesson. I recently read about the risk of fire in cheap replacement phone chargers. Google's ought to be of quality but... still a no-no for me.
Obviously, advice from people with knowledge on the issue will be appreciated.
I'd say most smartphones are powered on 24/7 during their regular phone lifetime. Not much would change by turning a phone into a 24/7 webcam, if viewed from that angle. Then again, CPU load would certainly be higher when used as a webcam.
Old phones with that streaming software run hot, in my experience, so this is certainly very sub-optimal for the battery and safety compared to just normal use.
Having it plugged in, OTOH, probably doesn’t matter. There’s safety IC to prevent overcharging. Actually fully draining, mechanical damage, water damage etc. are more dangerous, which can happen during normal use anyway.
Another reason why non removable batteries are crap. I have an old Nexus phone kicking around, if I were to repurpose it I’d just remove the battery and power it via USB. But you can’t do that with newer devices.
I wish there was an ability to replace smartphone batteries with a capacitor bank. Dashcam users have had these battery problems since Day 1. The solution is to replace batteries with capacitors. They are far more durable and can tolerate heating well.
It was never a publicly stated policy and, anecdotally, they seem to have stopped doing it on newer phones. But one person escalated to a manager (because the first-level support staff didn't understand the difference between carrier unlocking and bootloader unlocking), and the manager stated that it was their policy.
And, yeah, I agree that it's probably the worst of all situations. If I'd have known that a google repair would cut the phone's lifespan in half, I'd have just done the repair myself, or else hired someone local to do it.
Are you in the US? It doesn't solve the issue that you now have to deal with, but if you paid for the "repair" service, I'd have considered cancelling the payment through my bank.
I am in the US. It was a free repair (covered by the warranty), and I didn't realize the bootloader lock issue until a couple of years later. (I was running stock firmware at the time - it's only been since google dropped support for the phone that I tried to upgrade to a third-party firmware.)
You're not wrong, although I'd be a little hesitant to start that because my job is somewhat dependent on being in google's good graces (and I've definitely heard of entire companies being banned when a single employee - or even former employee's - account gets flagged.)
Also, I find it unlikely that we could compel google to do the right thing and unlock everyone's phones, even if we won. I think the more likely outcome would be a small monetary compensation that was hardly worth anyone's time (except for the lawyers).
>small monetary compensation that was hardly worth anyone's time (except for the lawyers)
I've definitely had this stance in the past, but at the same time, where there is no repercussion for the company doing this kind of stuff, it just makes them(and others) more open to it in the future.
I wonder if you could take Google to small claims court to get some kind of monetary compensation from them. You'd have to figure out how to explain what a locked bootloader is in judge-friendly terms, though.
Then again, Google would probably terminate your Google Account if you did this. And good luck suing Google for retaliation...
Yeah, someone else suggested a class action, but as you said, retaliation is likely, and I've heard of Google banning entire businesses because an ex-employee's account got flagged, and I just don't want to risk that.
Also, given that you can get a used pixel 2 for under $100, I doubt it'd be worth the trouble in the first place.
I can guess what the reason for this is: probably every phone that leaves Google must pass SafetyNet, and an unlocked bootloader will make SafetyNet fail. This cannot be circumvented, see this thread from the Magisk developer:
I should probably have clarified that I expected an unlockable phone, not an unlocked one. Unlockable meaning that it is still locked, and still passes SafteyNet, but I can flip the switch in developer options and run the fastboot command and then unlock it. That capability is what they took away.
IMO, that shouldn't cause SafteyNet to fail either, but that's a different issue...
Also, the phone was bought in 2017, and the repair happened in 2018, so I think all of it predates that SafteyNet tightening.
While that stinks, I purchased not too long ago a used Google Pixel 3 for about $70 on Swappa.com and have been happily running LineageOS without GAPPS ever since.
I didn't know that 19.1 was released until now but it looks like it can't be installed using the updater on that phone.
(and actually I also wish they could implement the shims developed by https://grapheneos.org/usage#sandboxed-google-play in order to sandbox the google play services, so that the user could choose between approach 1 (microg with signature spoofing) and approach 2 (sandboxed GSF) on any smartphone supported by LineageOS (grapheneos only supports Pixel phones due to their ability to relock the bootloader))