Worth noting that if you're savvy at flashing custom ROMs, you can install /e/OS (their preferred styling) on your own devices, too: https://e.foundation/get-started/
I've been using it on my old OnePlus for about a year now, and reasonably happy with it.
Every Samsung device on the compatibility page is the Exynos version only, so, that tells me anyone in the US hoping to repurpose their Snapdragon-based Galaxy phones is out of luck.
If you're not savvy at installing custom anything, and just want a setup that keeps the Android security model intact (unlike all of these LineageOS forks), check out GrapheneOS.org.
Also, there's great reasons for not providing an insecure/incomplete implementation of Google services (or destroying the Android security model with Lineage) which is discussed on GrapheneOS.org — if you're interested in learning more.
Not standard LineageOS, but LOS forks that provide microG in place of Google Apps have to support "signature spoofing" so that MicroG can impersonate the missing proprietary Google apps.
> I’d also like to point out a myths I heard regarding signature spoofing. Some people assume, that signature spoofing allows to break the Android signature security model and thus rogue applications can access private app storage. But in fact signature spoofing is only applied after installation if the permission was granted, it has no influence on the package manager security model.
Correct me if I'm wrong, but your quote then implies that it's still fine even with microg installed, right? So maybe OP is talking about something else? Or are you saying that they're misguided?
I'm not enough of an expert to say for certain, and I'm not exactly sure what parent comment means when they accuse LineageOS of "destroying" the "Android security model", but from what I've read, concerns about signature spoofing are overblown - provided the user is very selective about what apps they grant spoofing powers to.
I'm having a hard time understanding how "de-googling" and Android phone fixes this issue:
> Privacy - smartphones and their apps reporting where you are at, what you are doing, what you are looking for to third parties like Google and it’s advertising network.
Specifically the second part - their apps. Does e-os do something to prevent 3rd party apps from requiring extraneous permissions, or using those permissions to track/profile you?
I get that now the base OS itself isn't tracking/profiling you for adtech purposes, but frankly neither was your iPhone Xr. All of the creepy stuff has always been in the apps, and I don't see how this changes that.
Doing something is better than doing nothing, you're leaking less data overall even if you install all the same apps. In general though, yes, with a deGoogled phone you have to watch out for what apps you're installing and try to stick to FDroid for the most part.
There's also Warden [0], which does a decent job of stubbing out built-in trackers for your "must have" apps that are otherwise privacy-invading.
An OS that represents the user should have the option to "allow" extraneous permissions (perhaps even by default), but return junk data - mock location, fake contacts, arbitrary device identifiers, etc. And to transparently proxy network traffic as well. The point of sandboxing is that an app should not be able to know whether it has been given access to private information, plausible garbage, or a mix of both.
I have no idea if this particular OS can do this. But it's a possible difference between proprietary and Free land, and where the Free world needs to head to fight back against nonconsensual permission demands.
> An OS that represents the user should have the option to "allow" extraneous permissions (perhaps even by default), but return junk data - mock location, fake contacts, arbitrary device identifiers, etc.
Many Chinese roms have started to do this. They have option to provide fake or blank data when an app asks to access sensitive information.
I expect this to be available in stock android soon too.
All of the creepy stuff has always been in the apps, and I don't see how this changes that.
Not all of it. Google embeds a lot of creepy into Android itself, including AOSP.
But apps are a legitimate concern with an easy, sensible solution --- don't install creepy apps.
eOS offers an alternative app store with non-creepy apps.
FDroid is another popular alternative store with only open source apps.
Some things are not available on these alternative stores. For these, I use Aurora store (load the client from FDroid) which lets me install just about anything from the Google Play store without a Google login and I can see how creepy an app is before I install it. They scan apps for trackers and show the results.
Finally, if all else fails, I can't find a suitable alternative and I really, really want a particular creepy app, I use an old phone (Moto G4 Play running eOS) with no personal info stored in it. About the only thing I have found that falls into this category is some banking and payment apps.
Bottom line: Non-creepy apps are available if you take the time to look for them. One of my personal favorites is TwinMe --- peer to peer video and messaging with no personal info required. Actually works better than the creepy stuff and my iOS friends like it too
.
e Foundation is a non-profit organization created to host, develop, support and promote pro privacy tech solutions. Some partner companies handle the commercial side of the project and help finance e Foundation.
How do you make money? Where are your revenues coming from?
Most of our incoming revenue comes from private and public donations. As a non-profit, we strongly rely on individual and corporate donations."
Basic questions
Who are the "partner companies" that "handle the commercial side" and "help finance" the foundation. If the foundation has a "commercial side" is it truly a non-profit organisation.
Who pays the salaries of the persons working for the foundation. What are those salaries.
Could Google or some other entity at some stage acquire the rights or assets of the foundation. If not, what are the legal protections against that scenario.
Are the individual and corporate donations anonymous. How can we be assured that the donors have no direct or indirect influence over the hiring decisions or operations of the foundation.
Third party apps is sadly a huge problem. I honestly don’t care if my phone has email or a browser. I do have a few app, either for payment, government stuff or more specialiced apps for work which I do really need for my phone to be useful.
How are these phones with regard to an unlocked bootloader and passing Safety Net? Online banking apps refuse to launch on some de-Googled Android versions, on the grounds that the device is now supposedly insecure. The new COVID vaccine passports, which several governments have announced will exist only as an Android/iOS app producing limited-time QR codes (because paper certificates are too easily forged), might have the same demands for the Android they are running on.
This is really a problem. Ideally this would be approached in a similar way to TLS errors in browsers - scary warning, but ability to proceed anyway if you understand the risks. Certainly for banking apps etc at least
I've been using it on my old OnePlus for about a year now, and reasonably happy with it.