[SmellyGeekBoy]

I've been running LineageOS on my OnePlus 3 for a few weeks now, since the whole data collection furore. It's been absolutely fantastic and I'd wholeheartedly recommend it to anyone. Battery life has been much better and I love all the extra features in their camera app, for instance.

I'm not so sure about this though. It seems like they've disabled some very important security features. Their justification of "Lineage obviously hate freedom and are in bed with Google" doesn't sit right with me. Also there seem to be a lot of hoops to jump through just to re-enable the Play Store, which I'd consider basic functionality for any Android device.

Still, the pursuit of more freedom is a noble goal and I wish them all the best.

[jbg_]

Just to provide some context for the "very important security feature" that is disabled. The change adds a permission that allows (after explicit whitelisting by the user) an app to impersonate another app.

Specifically, it allows microG apps (which are open-source and auditable) to impersonate Google Play Services apps (which are closed-source and not auditable) and thus provide their functionality.

[Aissen]

Why not hardcode this for microG only, and not any system app ?

[SifJar]

I think it's not really in the spirit of openness/freedom to say "you can replace Google's software, but ONLY with ours"

[gjjrfcbugxbhf]

You could allow this in config though. I.e.

() No app spoofing () Microg apps can spoof Google apps () Any apps can spoof any apps

[mtgx]

They could still make it default and then allow an option in settings to allow other apps.

This would be similar to how root apps originally allowed anything to use root capabilities (with user permission), and then they made the default "Apps-only".

[jbg_]

Well, functionally that would be the same as if you just don't grant the permission to any other app than microG. Unless you don't trust that Android's permissions work properly, but then I think you have much bigger problems.

[kuschku]

If you can put an app into /system/priv-app, you can already overwrite everything.

The only thing this patch does is provide a clean API for it, so that microG doesn't have to patch your entire system every time.

[seba_dos1]

You can't install any system apps without root permissions, and at this point you can do anything, so why bother?

[kasey_junk]

Minor nitpick. Closed source software is of course audit-able. Being able to audit binaries is table stakes to even call someone an auditor.

There may be many valid reasons to prefer open source software but security audits aren’t one of them.

[Sir_Cmpwn]

I'm gonna take it on good faith that you're not a troll...

Open source software is much easier to audit than closed source software. People have a finite amount of time to do things like audit their software.

[fabrice_d]

But auditing the source is only useful if you can do reproducible builds to be sure you run the audited source.

This is rarely the case unfortunately, and for most of open source prebuilt software you use, you rely on trust and not on audit.

[Sir_Cmpwn]

That's not true. You could always, you know, run the version you compiled yourself.

[kasey_junk]

We’ve known for 30 years that’s not enough (depending on your risk characteristics).

Trusting trust is one of the seminal talks in software.

[gjjrfcbugxbhf]

There are different types of audits. Yes someone doing a full security audit is going to be happy with doing reverse engineering. But I can perform a quick check on a lot of the software that I use that it doesn't do user hostile things (like ring home on startup) this is harder to do on a binary - so given the choice I'll use the open source option.

[kasey_junk]

For those kind of checks why would you look at the source? Stick a proxy between the internet and the device to see what it does.

Seems waaaay easier than looking for the mythical badCodeGoesHere function.

[gjjrfcbugxbhf]

Because I can trivially read and run code in my head I do that all day. I don't have a clue how to set up a proxy. Also my scan over the code tells me if it is generally badly writtes and a lot more than just one example of potential bad behaviour.

[kasey_junk]

You are more prepared to run arbitrary code “in your head” than setup a simple network proxy?... uh huh

[nextos]

I also recommend it. And I'm a bit sad CopperheadOS, which was an excellent more secure alternative (they had teamed up with The Guardian Project and F-Droid [1]) contains now non-open source code of their own [2].

[1] https://guardianproject.info/2016/03/28/copperhead-guardian-...

[2] https://en.wikipedia.org/wiki/CopperheadOS

[strcat]

All of the CopperheadOS source code is still published and can be modified / redistributed. It's not Free Software anymore since that wasn't supported by the community while at the same time it was exploited by (competing) companies without giving back. The choice was either having a working business model by requiring payment for commercial use or ending CopperheadOS.

[nextos]

I know, and I totally understand the situation and your choice.

How is the collaboration with The Guardian Project and F-Droid announced in [1] going?

Don't you think Copperhead might become a really niche choice given how expensive Pixels (vs Nexus) are?

[1] https://guardianproject.info/2016/03/28/copperhead-guardian-...

[Espionage724]

They didn't really disable anything.

Signature spoofing in the past and now can only be enabled on a per-app basis by the user. So the ROM can have signature spoofing support, and the user can have 20 malicious apps installed; none of those 20 apps can spoof signatures unless the user allows it.

It's basically just another permission.

With that said though; if a user blindly-enables the permission on any app that asks, that's a pretty big security issue. But I'd rather have the choice than accommodate uninformed users...

[orf]

Can you run banking applications (or any that do root detection) on LineageOS? And does the dash charger work as expected with the OnePlus?

[keeperofdakeys]

LineageOS no longer comes with root installed, you have to install an extra zip file while flashing to enable it - https://download.lineageos.org/extras

IIRC some root detection mechanisms still check for an unlocked bootloader.

[petecox]

And from the same web page there's an uninstall script to un-root the phone.

This is handy if you only need root occasionally, e.g. Titanium Backup, and don't mind messing about in TWRP.

[rightos]

There's no root builtin, use Magisk with the Hide feature to prevent it from being detected by banking apps and such - even apps using the rather nasty SafetyNet work.

With that said, I highly question why any banking app would check root, mine doesn't and it seems to me like even if it did I could still use their website on my phone while rooted or my Windows machine with no sandboxing whatsoever. Requiring it just for the app seems pretty damn pointless.

[gant]

A lot of banking apps store cached transaction data and authentication tokens on the "protected" (not accessable to non-root from other apps) part of the data partition. If you run without encryption or with either unlocked bootloader or TWRP installed, someone could just pull that from a device in recovery mode. That's also why unlocking the bootloader wipes your data partition usually.

[kuschku]

And that matters how?

At least all German banks have to have an open API for transactions, and I can run my transactions with curl if I wanted to.

A banking app shouldn't care about how I run it, otherwise I'll just throw it out and use one of the open apps for HBCI.

[h4waii]

This should be OR. If you have FDE enabled, then the data is encrypted and it doesn't matter if your bootloader is unlocked or you have a custom recovery installed -- all caveats about the trustworthiness of the crypto and strength of your key still apply.

[compuguy]

Depends. I have a phone with LineageOS installed, and it only passes SafetyNet Basic Integrity. That's a nogo for Netflix or Android pay.

[PMan74]

> Battery life has been much better

I'm guessing this is a gut feeling as opposed to any empirical data? Either way I'm curious as to why this would be the case. Unless I misunderstand the kernel is identical between LineageOS & whatever stock OS was on the device. And it's the kernel that presumably impacts most on battery consumption.

I installed LineageOS on an old Nexus 5. The stock OS on the Nexus is already pretty clean so I can't say I noticed a massive difference (although I didn't spend much time on it)

[jbg_]

I actually tested this a little on a Nexus 5X a while back. With a clean install of a LineageOS build manually patched to include microG (before I knew about this fork), I unplugged it from the charger at 100% and left it for 8 hours without using it, at which point the battery read 98%. The same device with a clean install of stock Android from Google read 87% after 8 hours of standby after a full charge. In both cases it had good LTE signal and had no modifications from a clean install other than signing into a Google account.

[_jal]

It is a bit entertaining to think of Google's surveillance quantified via electricity - we can measure their intrusiveness in mAh.

[retSava]

To me, a fun thing to realize was that putting my phone in airplane mode wasn't enough to stop the phone from discharging a lot during the night.

Also, installing SSL Packet Capture showed me that some of my (not even considered shady) apps made a lot of things in the background, eg sending stats or other data to their mothership.

What did do the thing for me was to go into battery settings and set the device in the lowest mode, that severely restricts background work. This, plus airplane, and the device basically doesn't drop anything over a night.

I miss some option (non-root since I want to be able to use bank apps) to tell my phone to never allow anything from apps A, B, and C unless it is active and/or in foreground.

[mcny]

> I miss some option (non-root since I want to be able to use bank apps) to tell my phone to never allow anything from apps A, B, and C unless it is active and/or in foreground.

Sorry if I sound like a broken record but to me run at boot, run in background, storage (outside your own not-shared-with-other-third-party-apps sandbox), and network should all be explicitly opt-in.

[SifJar]

Google services tend to make use of wakelocks a lot I believe (I think the nlp [network location provider] service in particular), so replacing these could lead to better battery life if the replacements use less wakelocks etc.

EDIT: Realised parent comment was about regular LineageOS, not the microG fork, never mind

[omgmog]

I'm also in the same boat as SmellyGeekBoy, and can attest the same. With the Oneplus rom I saw maybe 1.5 days of battery, with Lineage I often see 2-3 days.

This is completely anecdotal however, and it's likely that the reduced battery is down to having installed different/fewer apps on Lineage.

[mtgx]

Google requests location all the time, but it's hidden under the Android OS and Android System categories.

I find it infuriating when it's obvious some app is draining my phone's battery fast, but I can't see which, because Google is allowing developers to hide that activity within those two generic categories.

[Sylos]

The Google Play Services collect a ton of data. And for that to happen, your phone has to send this data to Google, which drains battery.

[johnnywishbone]

So it allows microG apps which by their very nature are open-source to pretend they're Google Play apps?

[therealmarv]

you also have disabled important security features. Or can you encrypt your LineageOS device and update it without problems finally?

[Espionage724]

You can definitely encrypt your LOS device and update it (manual or OTA) just fine. I have a Nexus 6 and have been doing it for months now, both with official builds and a custom build I was doing.

[zanny]

I have an encrypted S5 with LoS. I believe autoupdate just doesn't work on it with TWRP period, but it might be because of the encryption. Either way, I just download updates once a month and sideload them.

[therealmarv]

ah maybe this is was my issue, I was only trying with TWRP and it always failed (I tried last time May this year).

[computerfriend]

I have an encrypted LineageOS device and can update it just fine.

[amelius]

Sounds good, but I really need some apps that only run on Android, e.g. for travel, banking, and local TV.

So I hope they will at one point support sandboxed Android apps.

[edent]

All the banking and TV apps I've used on Lineage have worked fine. They don't complain about it not being an "official" version of Android.

Some won't work if the device is rooted. That's why the latest version of Lineage doesn't come with root.