I’m planning on flashing LineageOS on my phone to debloat and to degoogle, and additionally to increase overall privacy but apparently from what I’ve heard here that it’s not private enough or even at all?
I know about it being less secure because of the opened bootloader and the higher chances of you rooting to achieve what you want with a degoogled phone, but beyond that (especially privacy-wise) I don’t know anything.
I’ve seen a video on how to degoogle it further, but surely it isn’t all I need to do.
I need some education.
Unfortunately my phone is so obscure that it isn’t supported by literally anything, but fortunately there’s an unofficial port of LineageOS I found on Telegram, and that’s the one I’ll be using. So if you’re thinking of suggesting another custom ROM, you’re out of luck. Also you can’t make me buy a Pixel - that thing ain’t supported in my country (5G and others) and it’s hella expensive as well.
Not to be that guy but do you really trust an “unofficial port” you found on Telegram? That seems, to me, just as problematic as blindly trusting Google.
Has this port been tested for behavior that’s non-standard in LineageOS? Random ports distributed in channels such as Telegram do not instill much confidence that it’s legit and not riddled with spyware/malwnare.
I don’t have a solution for you but I’d think twice about installing any OS that isn’t distributed (or at least validated by) via official channels.
to debloat and to degoogle, and additionally to increase overall privacy but apparently from what I’ve heard here that it’s not private enough or even at all?
So… there is what is theoretically possible, what’s pragmatically feasible with your current skillset, what you believe you need and what you actually need.
If you rely on what is theoretically possible and what you believe you need you usually end up with burn out. If you focus on what’s pragmatically feasible with your current skillset and what you actually need instead you WILL disappoint strangers on the Internet but you might remain sane and surely will learn something in the process, thus both improve your skillset AND have a better understanding of what you actually need.
Nothing will be private enough for some people.
There will always be people who will scoff and puff about what is working for you or what works best for you in your attempt to regain privacy. What’s important is for you to assess your threat profile, what you want to accomplish, and if LineageOS helps you with that. Just the other day people were scoffing at people buying physical movies and not backing them up in 1-2-3 format. Like, who has the fucking time and energy for that? And it’s stupid. It’s like scoffing at people who buy books because eventually the binding may fail or the book could get wet so they should’ve scanned it into a PDF. Or when people scoff at Proton users instead of being glad people are weaning off Google. It never ends and it gets worse the further you go down the hole. Ignore them.
What other options do you have for your phone at the moment besides Lineage? Regular Android? Better off having Lineage.
IMO locked bootloader isn’t that important as graphene OS devs make it sound, but I would NEVER trust a software “found on telegram”.
I have used unofficial lineage OS before, but that phone was just an entertainment machine, with no personal information on it.
Graphene OS however has security features that other ROMs don’t have like improved encryption.
However Pixels are too expensive, I can’t afford them either. I’m thinking as an alternative getting a Nothing phone cm 1 (or something) which is much cheaper than a pixel and can run official /e/ OS
Yeah when I have the money I’m planning on buying a Poco phone as well. I heard they’re good for custom ROMs (as in supported by many devs), and it’s the cheapest and good option for custom ROMs.
I think I need to hurry up on that plan though because it looks like I have to do many shenanigans to open HyperOS’ bootloader now.
I came here to say this too. If you’re concerned about lineage not being private enough, why tf are you going to flash a rom you “found on telegram”
Yeah it kinda contradicts with my goal, but really, my ultimate goal was just to debloat my phone. I just learned degoogling from learning debloating so I thought I might as well do that. (the debloating plan I had since 2021 has brought me into this deep rabbit hole of privacy, Linux and many many more)
I’d honestly rather use anything than the stock ones at this point.
Privacy isn’t binary.
LineageOS without Gapps won’t send information to Google unless you install something that does. It won’t do a whole lot to prevent apps from collecting data like GrapheneOS does so it’s up to you to evaluate the privacy implications of anything you install.
A locked bootloader protects against two attack vectors: malware modifying the operating system at runtime, and an unauthorized person with physical access installing a malicious operating system while you’re not looking (an “evil maid” attack). The former is rare on Android. The latter is rare unless you’re a high-value target or dating an abusive hacker.
Yeah I know I can’t prevent apps from collecting data that’s why I have all essentials from FOSS.
My main problem with an unlocked bootloader is I’ll have to do a lot of things to get most of my apps working (mainly banking apps and games).
malware modifying the operating system at runtime
Is that from installing an app or from install a malicious ROM?
and an unauthorized person with physical access installing a malicious operating system while you’re not looking
That’s like impossible. It takes time to install a ROM, and my phone is always with me so that’s not happening.
The latter is rare unless you’re a high-value target or dating an abusive hacker.
Bold of you to assume I’m ever dating anyone.
Getting around Google’s attestation with an unlocked bootloader requires root - I believe the go-to is Magisk and the Play Integrity Fix module. It’s also a good idea to put the apps in question on the Magisk denylist. I’ve been using this for years with good results and would not describe it as “a lot of things”.
Is that from installing an app or from install a malicious ROM?
A malicious app could modify the OS, but it would need root permissions. There are three ways that can happen:
- The app exploits a privilege escalation bug in the OS. This can happen even if you don’t have root access yourself.
- The app exploits a bug in a superuser permission manager (e.g. Magisk) to gain root privileges without prompting you.
- A previously legitimate app you’ve given root privileges to gets a malicious update (a supply chain attack).
A malicious ROM is certainly possible. Some random person’s LineageOS fork is slightly less trustworthy than its maintainer (due to supply chain attacks).
Getting around Google’s attestation with an unlocked bootloader requires root - I believe the go-to is Magisk and the Play Integrity Fix module.
I’m planning on using KernelSU, because I asked on the Magisk subreddit and it’s unironically what they recommended. I looked around here and it solidified my decision even more.
The recommended way for me to install it goes like
install custom recovery > install custom ROM > somehow flash preferred rooting solution in recovery > install preferred rooting solution as an app. link
LineageOS sends connectivity checks, time adjustment requests and system webview (chromium by default and not easy to change) data to google servers as far as I know. Are you sure it doesn’t send anything to google? On the other hand, there is an app Invizible Pro on FDroid, which is perfect to prevent such connections. Maybe you assume the user will install it?
Yeah, the core of DivestOS was to be a fork of LineageOS that has all the Google defaults like that changed to something else.
Privacy is a skill, point blank.
Only use official lineage releases
Ahh, such distant dreams.
I have a way of using a polished official ROM, but it’s GSI, and I already have MANY answers as to why NOT use a GSI if possible.
Hey PragmaticIdealist
The video guy is talking bollocks: plus he has about 50 crypto links to pay the wanker.
Honestly, I have install lineage since 2018 and installed CyanogenMod way before that.
He talks about “Removing bloatware Google packages” from Lineage, there are no bloatware google packages in lineage.
I have just plugged my oneplus 5T with lineage installed into my laptop, and typed this into my terminal: to give me a list of all the packages installed on my phone.
adb shell pm list packages -s >oneplus5-installed.txt
I have 213 packages installed. THERE ARE NO GOOGLE PACKAGES installed.
+++++++++++++++++++++++++++++++++++++
Captive Portal is simple to disable using adb. Its not scary.
I have 5 family phones with lineage installed
I have just checked Captive Portal on all 5
db shell settings get global captive_portal_mode
all 5 phones the output is:
null
+++++++++++++++++++++++++++++++++++++
you can change your dns rather than rely on your carriers DNS. I use Mullvad DNS
https://mullvad.net/en/help/dns-over-https-and-dns-over-tls
The eu has public dns servers:
https://european-alternatives.eu/category/public-dns
+++++++++++++++++++++++++++++++++++++
not much info on itel-p55-5g on xda
https://xdaforums.com/t/i-want-a-vbmeta-img-and-boot-img-for-itel-p55-5g.4737042/
if you want to find out about Lineage, use their forums or use the https://xdaforums.com/ as above and have a good look around to see what people say.
The video guy is talking bollocks: plus he has about 50 crypto links to pay the wanker.
Really. Most of the videos I’ve seen of him are really solid. Plus, I do think the tips he gave are good (that’s why I linked it in the first place) besides this:
He talks about “Removing bloatware Google packages” from Lineage, there are no bloatware google packages in lineage.
Yeah if you didn’t install GAPPS you wouldn’t get any, well… Google apps in the first place. Besides this part, I do think the others make sense because they are making connections with Google.
Captive Portal is simple to disable using adb. Its not scary.
Yeah.
Also I’m wondering about whether to disable this or not, like wouldn’t it break functionality?
you can change your dns rather than rely on your carriers DNS. I use Mullvad DNS
Yeah I’m also using Mullvad DNS everywhere since I discovered it in like 2024.
not much info on itel-p55-5g on xda
Yep, I already looked everywhere. The Sourceforge repo and the Telegram group was all I found.
Hey PragmaticIdealist
I dont like him because he seems to intentionally pick controversial subjects just to get clicks.
I mean. how controversial can you get by using the headline “LineageOS is apparently not private?” and then go about trying to prove your point by not referring to Lineage.
I can only assume that loads of non techy people would be put off by his claims.
Lineage does not send any information to google nor connect to google. However the apps you choose to install could connect to google. Especially if you use closed source apps.
if you stick to open source apps via Neostore, droid-ify and F-droid basic you should be fine.
++++++++++++++++++++++++++++
It is safe to disable Captive portal if it is already enabled on your phone.
I have disabled it on my aunts and uncles phones, they dont use lineage or any AOSP roms.
My aunt likes the idea of free wi-fi when shes out. she has a list of all the in-store wifi, in my local shopping centre, already stored on her phone, this means that she automatically connects to whatever wifi she is nearest to.
Lineage phones have captive portal disabled by default.
Looks like you are half way there.
A good VPN is also a good choice
Keep at it.
Define “private enough”. If you trust that author, and that no one is going to alter the device through the unlocked bootloader, then all you have to do is not install apps or services that you consider privacy-violating.
The stock ROM fails to include a libre software license text file. We do not control it, dangerous. LineageOS helps reduce harm but the best option is to get a new phone.
Keep your existing phone and OS.
Use it differently. Decide what information you store on it, which applications you install or disable, what permissions you grant and what services you use.
Just installing an OS to “debloat and degoogle” is not ever going to change anything unless you change your habits and you don’t need to change OS to do that.
I’ve seen articles talking about how Android will continue to perform functions you specifically tell it not to. How do you fix that by changing your habits?
It does make a difference. One amazing feature of GrapheneOS is the ability to block apps from accessing the internet. That alone makes it much harder for such apps to harm your privacy unless they also malicious.
OP was talking about Lineage, not Graphene.
If an app doesn’t have data it cannot share it.
If you don’t install the app, it cannot breach your privacy.
You don’t need direct internet access to leak information, for example, an app with access to your calendar has indirect internet access.
And what exactly do you use the phone for?
It sounds like you’re saying all you need to do to prevent abuse of your device is to not use the device. It can’t spy on you if you leave it on the store shelf either.
OP was talking about Lineage, not Graphene.
Yes, but you said don’t change your OS in general.
an app with access to your calendar has indirect internet access
True, but that is something stock Android does let you control.
Constantly fighting the OS is always worse than replacing it.
