Rasing the bar for Android Recommendations #197
-
Related: https://github.com/privacyguides/privacyguides.org/discussions/58 Modern android systems only encrypts the user data - the operating system is not encrypted whatsoever. To prevent tampering, Android uses Android Verified Boot to verify the integrity of the OS. Without verified boot, anyone with physical access to an Android can quickly flash any malware they want. Again, the system isn't encrypted, so an adversary can literally just put whatever backdoor in as they please, and there is nothing to detect it. In fact, this ruins so much of Android security that I don't think anyone should be using an Android derivative without verified boot at all. LineageOS makes no attempt to support verified boot - not even on devices that support it. On a Pixel, there is no reason for a user to use Lineage - Graphene and Calyx are far superior choices. On older hardware, there is already a soft fork signed with a custom AVB key and support for verified boot (if the hardware supports it) - DivestOS. For this reason, I propose that we raise the bar for Android recommendation and not recommending any OS that does not support verified boot at all. This means that we should replace Lineage with DivestOS and add some info about the importance of verified boot on Android. |
Beta Was this translation helpful? Give feedback.
Replies: 0 comments 28 replies
-
I'm inclined to approve this, as LineageOS was never really a privacy-centric ROM. The reason it was listed is because they have a charter that assumes some quality control for officially listed ROMs and goes through their build service, which does make those ROMs a little less risky than random unofficial ROMs uploaded to xda-developers. A lot of the time people were trying to clear away the rubbish bundled with their OEM ROM. If we look at the industry in general, verified boot systems are becoming more popular, especially if we look at Windows 11 and their TPM requirement or other platforms. Should the LineageOS charter change to require verified boot, we might re-add it. That's probably unlikely though. We've always in our social media (matrix, reddit etc) advised that its best to buy hardware that is supported, rather than look for software to support the hardware you've chosen. |
Beta Was this translation helpful? Give feedback.
-
It is not just about physical access, there is way more to it: https://madaidans-insecurities.github.io/android.html I mean you can use LineageOS way more privately then third party vendor's Android (Samsung etc) or stock OS (Google pixel), but to the extend of way worse security. Aside from breaking the Android security model, LineageOS also, depending on the phone model, gets security updates delayed, nobody knows if the maintainers can be trusted (especially for the many unofficialy maintained smartphones) and some of their supported phones are dated and don't even get security updates anymore. If people understand all the risks in using it and are on a very low budget, then it is their decision to make. Tbh, I don't know if I would risk it, if I could only afford to buy a phone for 50$. But for everyone who can afford a Google Pixel the recommendation should be very clear towards a custom OS that keeps the Android security model, like GrapheneOS. If people don't want to deal with a custom OS, iPhones are still their best bet. |
Beta Was this translation helpful? Give feedback.
I'm inclined to approve this, as LineageOS was never really a privacy-centric ROM.
The reason it was listed is because they have a charter that assumes some quality control for officially listed ROMs and goes through their build service, which does make those ROMs a little less risky than random unofficial ROMs uploaded to xda-developers. A lot of the time people were trying to clear away the rubbish bundled with their OEM ROM.
If we look at the industry in general, verified boot systems are becoming more popular, especially if we look at Windows 11 and their TPM requirement or other platforms.
Should the LineageOS charter change to require verified boot, we might re-add it. That's probab…