I’m planning on flashing LineageOS on my phone to debloat and to degoogle, and additionally to increase overall privacy but apparently from what I’ve heard here that it’s not private enough or even at all?

I know about it being less secure because of the opened bootloader and the higher chances of you rooting to achieve what you want with a degoogled phone, but beyond that (especially privacy-wise) I don’t know anything.

I’ve seen a video on how to degoogle it further, but surely it isn’t all I need to do.

I need some education.


Unfortunately my phone is so obscure that it isn’t supported by literally anything, but fortunately there’s an unofficial port of LineageOS I found on Telegram, and that’s the one I’ll be using. So if you’re thinking of suggesting another custom ROM, you’re out of luck. Also you can’t make me buy a Pixel - that thing ain’t supported in my country (5G and others) and it’s hella expensive as well.

  • Zak@lemmy.world
    link
    fedilink
    arrow-up
    32
    arrow-down
    1
    ·
    2 months ago

    Privacy isn’t binary.

    LineageOS without Gapps won’t send information to Google unless you install something that does. It won’t do a whole lot to prevent apps from collecting data like GrapheneOS does so it’s up to you to evaluate the privacy implications of anything you install.

    A locked bootloader protects against two attack vectors: malware modifying the operating system at runtime, and an unauthorized person with physical access installing a malicious operating system while you’re not looking (an “evil maid” attack). The former is rare on Android. The latter is rare unless you’re a high-value target or dating an abusive hacker.

    • Clark@lemmy.ml
      link
      fedilink
      arrow-up
      7
      ·
      edit-2
      2 months ago

      LineageOS sends connectivity checks, time adjustment requests and system webview (chromium by default and not easy to change) data to google servers as far as I know. Are you sure it doesn’t send anything to google? On the other hand, there is an app Invizible Pro on FDroid, which is perfect to prevent such connections. Maybe you assume the user will install it?

      • SatyrSack@quokk.au
        link
        fedilink
        English
        arrow-up
        4
        ·
        2 months ago

        Yeah, the core of DivestOS was to be a fork of LineageOS that has all the Google defaults like that changed to something else.

    • PragmaticIdealist@lemmy.zipOP
      link
      fedilink
      arrow-up
      1
      ·
      2 months ago

      Yeah I know I can’t prevent apps from collecting data that’s why I have all essentials from FOSS.

      My main problem with an unlocked bootloader is I’ll have to do a lot of things to get most of my apps working (mainly banking apps and games).

      malware modifying the operating system at runtime

      Is that from installing an app or from install a malicious ROM?

      and an unauthorized person with physical access installing a malicious operating system while you’re not looking

      That’s like impossible. It takes time to install a ROM, and my phone is always with me so that’s not happening.

      The latter is rare unless you’re a high-value target or dating an abusive hacker.

      Bold of you to assume I’m ever dating anyone.

      • Zak@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        2 months ago

        Getting around Google’s attestation with an unlocked bootloader requires root - I believe the go-to is Magisk and the Play Integrity Fix module. It’s also a good idea to put the apps in question on the Magisk denylist. I’ve been using this for years with good results and would not describe it as “a lot of things”.

        Is that from installing an app or from install a malicious ROM?

        A malicious app could modify the OS, but it would need root permissions. There are three ways that can happen:

        • The app exploits a privilege escalation bug in the OS. This can happen even if you don’t have root access yourself.
        • The app exploits a bug in a superuser permission manager (e.g. Magisk) to gain root privileges without prompting you.
        • A previously legitimate app you’ve given root privileges to gets a malicious update (a supply chain attack).

        A malicious ROM is certainly possible. Some random person’s LineageOS fork is slightly less trustworthy than its maintainer (due to supply chain attacks).

        • PragmaticIdealist@lemmy.zipOP
          link
          fedilink
          arrow-up
          2
          ·
          2 months ago

          Getting around Google’s attestation with an unlocked bootloader requires root - I believe the go-to is Magisk and the Play Integrity Fix module.

          I’m planning on using KernelSU, because I asked on the Magisk subreddit and it’s unironically what they recommended. I looked around here and it solidified my decision even more.

          The recommended way for me to install it goes like install custom recovery > install custom ROM > somehow flash preferred rooting solution in recovery > install preferred rooting solution as an app. link