I have been running lineageOS on my OnePlus 2. I liked it, but Lineage has stopped supporting my phone. There are two options that I have been able to find as replacements - postmarketOS and /e/OS. Any thoughts on those or other recommendation? Anything that gets security updates, is open source, and is functional meets my needs.

  • Lunacy@lemmy.ml
    43·
    3 years ago

    don’t use permissive selinux

    LineageOS weakens SELinux policies.

    disabled nearly every function of userdebug build except for root functions over adb (that is disabled by default).

    LineageOS still uses userdebug build. Userdebug builds are primarily development builds that are supposed to be given to closed beta testers hired by a business. These builds are not considered to be secure. Security isn’t even a concern as these builds are purely for development purposes.

    The only real danger about LOS is the unlocked bootloader Disabling bootloade

    Verified boot ensures that all executed code comes from a trusted source rather than from an attacker or corruption. Moreover, Verified Boot checks for the correct version of Android with rollback protection which helps to prevent a possible exploit from becoming persistent by ensuring devices only update to newer versions of Android. Verified boot it’s not only useful against physical attacks, if a remote attacker has managed to exploit the system and gain high privileges, verified boot would revert their changes upon reboot and ensure that they cannot persist.

    Also, rollback protection can be enabled even with bootloader unlocked. However, Lineage doesn’t have rollback protection either.

    even if it is a security risk it depend a lot about your threat model and if you usually install only trusted apps and navigate on trusted sites (or usually disable JavaScript) the actual attack surfaces isn’t really a problem for the common users, and there are only theoretical risks.

    That’s not really a good argument. The majority of users have bad habits regarding good security practices, they usually install applications without check the signature, for example. You just assume that users will act in certain way, but in reality you don’t know that. It’s not real security, it’s security through obscurity. The risks are not only theorical, as I explained above.

    Community standards for LOS are actually really strict.

    Doesn’t seems so. All the problem I pointed out still remain. Also, they don’t add any relevant security or privacy improvement, instead they weaken the security android model.

    Since there are dozens of supported devices it gives users a lot of freedom.

    If you prefer/need/want to use lineageOS then go for it, it’s up to you. However, freedom it’s not equal to privacy and security.