this post was submitted on 21 Aug 2021
26 points (96.4% liked)

Open Source

32381 readers
723 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
26
Looking for a new mobile OS (lemmy.ml)
submitted 3 years ago by [email protected] to c/[email protected]
50 comments fedilink hide all child comments
 

I have been running lineageOS on my OnePlus 2. I liked it, but Lineage has stopped supporting my phone. There are two options that I have been able to find as replacements - postmarketOS and /e/OS. Any thoughts on those or other recommendation? Anything that gets security updates, is open source, and is functional meets my needs.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 3 years ago (1 children)

don’t use permissive selinux

LineageOS weakens SELinux policies.

disabled nearly every function of userdebug build except for root functions over adb (that is disabled by default).

LineageOS still uses userdebug build. Userdebug builds are primarily development builds that are supposed to be given to closed beta testers hired by a business. These builds are not considered to be secure. Security isn't even a concern as these builds are purely for development purposes.

The only real danger about LOS is the unlocked bootloader Disabling bootloade

Verified boot ensures that all executed code comes from a trusted source rather than from an attacker or corruption. Moreover, Verified Boot checks for the correct version of Android with rollback protection which helps to prevent a possible exploit from becoming persistent by ensuring devices only update to newer versions of Android. Verified boot it's not only useful against physical attacks, if a remote attacker has managed to exploit the system and gain high privileges, verified boot would revert their changes upon reboot and ensure that they cannot persist.

Also, rollback protection can be enabled even with bootloader unlocked. However, Lineage doesn't have rollback protection either.

even if it is a security risk it depend a lot about your threat model and if you usually install only trusted apps and navigate on trusted sites (or usually disable JavaScript) the actual attack surfaces isn’t really a problem for the common users, and there are only theoretical risks.

That's not really a good argument. The majority of users have bad habits regarding good security practices, they usually install applications without check the signature, for example. You just assume that users will act in certain way, but in reality you don't know that. It's not real security, it's security through obscurity. The risks are not only theorical, as I explained above.

Community standards for LOS are actually really strict.

Doesn't seems so. All the problem I pointed out still remain. Also, they don't add any relevant security or privacy improvement, instead they weaken the security android model.

Since there are dozens of supported devices it gives users a lot of freedom.

If you prefer/need/want to use lineageOS then go for it, it's up to you. However, freedom it's not equal to privacy and security.

[–] [email protected] -2 points 3 years ago* (last edited 3 years ago)

Hello GrapheneOS propaganda account, nice to meet you. Nice security theater you are fooling everybody with.