I’m planning on flashing LineageOS on my phone to debloat and to degoogle, and additionally to increase overall privacy but apparently from what I’ve heard here that it’s not private enough or even at all?
I know about it being less secure because of the opened bootloader and the higher chances of you rooting to achieve what you want with a degoogled phone, but beyond that (especially privacy-wise) I don’t know anything.
I’ve seen a video on how to degoogle it further, but surely it isn’t all I need to do.
I need some education.
Unfortunately my phone is so obscure that it isn’t supported by literally anything, but fortunately there’s an unofficial port of LineageOS I found on Telegram, and that’s the one I’ll be using. So if you’re thinking of suggesting another custom ROM, you’re out of luck. Also you can’t make me buy a Pixel - that thing ain’t supported in my country (5G and others) and it’s hella expensive as well.
Privacy isn’t binary.
LineageOS without Gapps won’t send information to Google unless you install something that does. It won’t do a whole lot to prevent apps from collecting data like GrapheneOS does so it’s up to you to evaluate the privacy implications of anything you install.
A locked bootloader protects against two attack vectors: malware modifying the operating system at runtime, and an unauthorized person with physical access installing a malicious operating system while you’re not looking (an “evil maid” attack). The former is rare on Android. The latter is rare unless you’re a high-value target or dating an abusive hacker.
Yeah I know I can’t prevent apps from collecting data that’s why I have all essentials from FOSS.
My main problem with an unlocked bootloader is I’ll have to do a lot of things to get most of my apps working (mainly banking apps and games).
Is that from installing an app or from install a malicious ROM?
That’s like impossible. It takes time to install a ROM, and my phone is always with me so that’s not happening.
Bold of you to assume I’m ever dating anyone.
Getting around Google’s attestation with an unlocked bootloader requires root - I believe the go-to is Magisk and the Play Integrity Fix module. It’s also a good idea to put the apps in question on the Magisk denylist. I’ve been using this for years with good results and would not describe it as “a lot of things”.
A malicious app could modify the OS, but it would need root permissions. There are three ways that can happen:
A malicious ROM is certainly possible. Some random person’s LineageOS fork is slightly less trustworthy than its maintainer (due to supply chain attacks).
I’m planning on using KernelSU, because I asked on the Magisk subreddit and it’s unironically what they recommended. I looked around here and it solidified my decision even more.
The recommended way for me to install it goes like
install custom recovery > install custom ROM > somehow flash preferred rooting solution in recovery > install preferred rooting solution as an app. linkLineageOS sends connectivity checks, time adjustment requests and system webview (chromium by default and not easy to change) data to google servers as far as I know. Are you sure it doesn’t send anything to google? On the other hand, there is an app Invizible Pro on FDroid, which is perfect to prevent such connections. Maybe you assume the user will install it?
Yeah, the core of DivestOS was to be a fork of LineageOS that has all the Google defaults like that changed to something else.
Privacy is a skill, point blank.