Not really. Stock OSes are really bad in terms of privacy, maybe with a few exceptions - I wouldn’t be able to trust them with any personal info. Just like Windows. So a custom one is a must.
To be honest I do not see any reason to use Lineage with Pixel while there is GrapheneOS… But maybe there will be some users of it: it is always better to have more free open OS
Graphene has a relatively short support, especially given that the phones for it are completwly unaffordable new so it’s effectively shorter than advertised. I am now spoiled by using a device that is not EOL so I think I will be switching when GOS’ support ends.
GOS Supports the pixel devices for the same amount of time as Google hard to keep a device secure once drivers are no longer being updated. But with Google extending support for pixel 6 and 7 series and the new 7 year guarantee on pixel 8 devices and newer this isn’t really a concern anymore. So pixel 7a and fold will be supported until 2028 and Pixel 6 and 6 pro until 2026 pixel 7, 7 pro, and 6a until 2027. Seems like plenty of time for support and that means as long as Google supports it so does GOS.
Yes, I know about them extending it. For me, for example, that means four years of official support, which is much less than a usual lifespan of my phone.
Then buy a newer one with longer support this will always be a issue since the support window is the same as Google. Once a manufacturer stops updating drivers and device firmware the said device can no longer effectively be secure because any exploit in the drivers or firmware will forever go unfixed compromisimg the devices security. Doesn’t matter what devices you buy this will always be the case it just depends on what your personal threat model is.
That support is about as long as it goes on mobile. An average poor person can’t afford to just buy new phones as soon as the support ends. Some updates is still better than no updates in this case.
Understandable I keep my phones for 2 years only, 1 year now with my 7a just had to replace a cracked screen and installed a new battery so good for another year.
A Pixel 8 on contract was free for me if I commit three years with my provider. I think I will get seven years support from GOS which is a worthy enough lifespan for an everyday smartphone
Yeah I’m in the US and those “free” phone contracts over 3 years are objectively terrible deals when you look at the total cost of $100–120/mo or more with the “free” phone on one of the big three vs buying it outright and paying $25/mo (ish) with an MVNO.
Even if you assume a total cost of $100 at Verizon with the “free” phone—which I believe is a super low estimate—and you assume $45 at Visible (shameless referral plug)—which is their most expensive tier—you’re coming out at $1980 less in contracts over 3 years which could buy you (virtually) any phone you want and then some.
$25 is already a crazy enough sum for a phone bill, what you’re talking about is outrageous. Also, I’ve heard that such devices are often carrier-locked, and that carrier-locked devices often also have locked bootloaders.
its alright, it kept my “supposed to be dead” phone to keep on running with latest stuff, i like the built in firewall, but if you’re privicy focused then this is not for you.
Once LinageOS is installed your bootloader is always unlocked so anyone who finds your phone if lost owns it. GrapheneOS and a few other ROMs I forget the names of allow the bootloader to be relocked keeping android security model intact allowing the device to still be secure.
Is the bootloader really that important for a lost phone? If someone finds your phone can’t they just tear it apart and read the storage with external tools? A locked bootloader sounds more like an anti-tampering measure and not for protecting your phone’s content after it’s lost.
It is largely an anti-tampering measure. Without it you could have things injected into the system. For example, a stalker could install a hidden tracking program as a service and then return your phone without you knowing.
Iirc it’s also a prerequisite for full-disk encryption on modern android. So, without it your user data is available to be dumped in an unencrypted state. Most phone thieves are interested in reselling the phone, so they’re provably not going to go through the effort and risk damage to the phone just to dump encrypted data from the chips directly. However, if it’s just available unencrypted from fastboot why not dump it? They could get info that could be used to blackmail or scam you or people you know. Or they could just sell the data.
Iirc it’s also a prerequisite for full-disk encryption on modern android.
How modern? It’s still working on Evolution X with Android 14 (although maybe it needs custom rom support).
It would be a bit less secure since the bootloader itself could be compromised, however (but I wouldn’t be concerned about random thieves/snooping in this case).
I did not remember correctly, kind of. From AOSP, Android 7 and later use file-based encryption (FBE) rather then full-disk encryption (FDE). FBE is dependant on verified boot, which itself requires a locked bootloader.
Custom ROMs may have back ported FDE, modified FBE, or implemented their own encryption.
No because the data is encrypted especially on Graphene OS and even on stock pixel phones data at rest is fully encrypted and pixel phones also have a onboard security chip as well. So unless you can unlock the user data it would be useless. That is why a locked bootloader is so important it is needed to ensure at rest encryption its a requirement for it.
That would be a security issue, not a privacy issue. Maybe that was what RelativeArea0 meant but if so I think that confused people because “privacy” implies somehow corpos/the state is spying on you through Lineage
LOS has privacy issues though, if I remember correctly. like, default DNS server is 8.8.8.8of google, assisted gps contacts a global server of I think qualcomm to speed up getting a GPS fix, and others I don’t remember now
That kind of data access is generally included under security not privacy (which is more about telemetry), but obviously with a state threat model privacy and security can become blurred, and that kind of data access is of concern if you are at risk of having devices seized by the state.
I was planning to move to Lineage, and eventually GrapheneOS (non Pixel at the moment) but revolut has broken compatibility by enforcing the use of the Play Integrity API, revolut is my main bank so I’m kinda blocked, for now… 🤬
I may follow suit down the road, I’m even contemplating having a second cheap phone, with a long battery life, only used for revolut, I don’t think I really have any other apps that I couldn’t survive without.
Anyone using Lineage? How is it?
I’ve got a Pixel 7 and have been wondering
Upgrading android versions did a surprise factory reset for me. Never used it again after that.
Custom Roms are only viable if official android support has dropped and you are no longer getting upgrades.
Not really. Stock OSes are really bad in terms of privacy, maybe with a few exceptions - I wouldn’t be able to trust them with any personal info. Just like Windows. So a custom one is a must.
To be honest I do not see any reason to use Lineage with Pixel while there is GrapheneOS… But maybe there will be some users of it: it is always better to have more free open OS
Graphene has a relatively short support, especially given that the phones for it are completwly unaffordable new so it’s effectively shorter than advertised. I am now spoiled by using a device that is not EOL so I think I will be switching when GOS’ support ends.
GOS Supports the pixel devices for the same amount of time as Google hard to keep a device secure once drivers are no longer being updated. But with Google extending support for pixel 6 and 7 series and the new 7 year guarantee on pixel 8 devices and newer this isn’t really a concern anymore. So pixel 7a and fold will be supported until 2028 and Pixel 6 and 6 pro until 2026 pixel 7, 7 pro, and 6a until 2027. Seems like plenty of time for support and that means as long as Google supports it so does GOS.
Yes, I know about them extending it. For me, for example, that means four years of official support, which is much less than a usual lifespan of my phone.
Then buy a newer one with longer support this will always be a issue since the support window is the same as Google. Once a manufacturer stops updating drivers and device firmware the said device can no longer effectively be secure because any exploit in the drivers or firmware will forever go unfixed compromisimg the devices security. Doesn’t matter what devices you buy this will always be the case it just depends on what your personal threat model is.
That support is about as long as it goes on mobile. An average poor person can’t afford to just buy new phones as soon as the support ends. Some updates is still better than no updates in this case.
Understandable I keep my phones for 2 years only, 1 year now with my 7a just had to replace a cracked screen and installed a new battery so good for another year.
That is an insanely short time to use a phone. Especially such a relatively expensive one.
A Pixel 8 on contract was free for me if I commit three years with my provider. I think I will get seven years support from GOS which is a worthy enough lifespan for an everyday smartphone
Is it an expensive contract? I doubt my $3/mo plan would ever have perks like this lol. Especially given that Pixels here are only sold unofficially.
Yeah I’m in the US and those “free” phone contracts over 3 years are objectively terrible deals when you look at the total cost of $100–120/mo or more with the “free” phone on one of the big three vs buying it outright and paying $25/mo (ish) with an MVNO.
Even if you assume a total cost of $100 at Verizon with the “free” phone—which I believe is a super low estimate—and you assume $45 at Visible (shameless referral plug)—which is their most expensive tier—you’re coming out at $1980 less in contracts over 3 years which could buy you (virtually) any phone you want and then some.
$25 is already a crazy enough sum for a phone bill, what you’re talking about is outrageous. Also, I’ve heard that such devices are often carrier-locked, and that carrier-locked devices often also have locked bootloaders.
I mean that’s just kinda the way it is in the US / Canada. Though I hear Canada has even higher prices for less service.
About $60 CAD per month for talk/text with 50GB data which is average for here
its alright, it kept my “supposed to be dead” phone to keep on running with latest stuff, i like the built in firewall, but if you’re privicy focused then this is not for you.
What privacy issues are you talking about?
Once LinageOS is installed your bootloader is always unlocked so anyone who finds your phone if lost owns it. GrapheneOS and a few other ROMs I forget the names of allow the bootloader to be relocked keeping android security model intact allowing the device to still be secure.
Is the bootloader really that important for a lost phone? If someone finds your phone can’t they just tear it apart and read the storage with external tools? A locked bootloader sounds more like an anti-tampering measure and not for protecting your phone’s content after it’s lost.
that’s not the problem that BL locking solves. this is solved by storage encryption. BL locking solves 2 other problems:
It is largely an anti-tampering measure. Without it you could have things injected into the system. For example, a stalker could install a hidden tracking program as a service and then return your phone without you knowing.
Iirc it’s also a prerequisite for full-disk encryption on modern android. So, without it your user data is available to be dumped in an unencrypted state. Most phone thieves are interested in reselling the phone, so they’re provably not going to go through the effort and risk damage to the phone just to dump encrypted data from the chips directly. However, if it’s just available unencrypted from fastboot why not dump it? They could get info that could be used to blackmail or scam you or people you know. Or they could just sell the data.
How modern? It’s still working on Evolution X with Android 14 (although maybe it needs custom rom support).
It would be a bit less secure since the bootloader itself could be compromised, however (but I wouldn’t be concerned about random thieves/snooping in this case).
https://source.android.com/docs/security/features/encryption/file-based
I did not remember correctly, kind of. From AOSP, Android 7 and later use file-based encryption (FBE) rather then full-disk encryption (FDE). FBE is dependant on verified boot, which itself requires a locked bootloader.
Custom ROMs may have back ported FDE, modified FBE, or implemented their own encryption.
No because the data is encrypted especially on Graphene OS and even on stock pixel phones data at rest is fully encrypted and pixel phones also have a onboard security chip as well. So unless you can unlock the user data it would be useless. That is why a locked bootloader is so important it is needed to ensure at rest encryption its a requirement for it.
That would be a security issue, not a privacy issue. Maybe that was what RelativeArea0 meant but if so I think that confused people because “privacy” implies somehow corpos/the state is spying on you through Lineage
LOS has privacy issues though, if I remember correctly. like, default DNS server is 8.8.8.8of google, assisted gps contacts a global server of I think qualcomm to speed up getting a GPS fix, and others I don’t remember now
Ah, so not that significant and fixable? GOS has an assortment of calls home as well (to their own servers at least, but still a third party).
well not sure if fixable
It could be included as both with a unlocked bootloader all user data could be easily retrived with physical access to device.
That kind of data access is generally included under security not privacy (which is more about telemetry), but obviously with a state threat model privacy and security can become blurred, and that kind of data access is of concern if you are at risk of having devices seized by the state.
deleted by creator
It’s annoying to upgrade between whole number android versions.
I used it extensively ony Samsung Galaxy S4 until Android 9 or 11. Was very good (model jflte(xx))
I was planning to move to Lineage, and eventually GrapheneOS (non Pixel at the moment) but revolut has broken compatibility by enforcing the use of the Play Integrity API, revolut is my main bank so I’m kinda blocked, for now… 🤬
My last bank did that so I switched banks my new bank app works without any play services installed on GOS.
I may follow suit down the road, I’m even contemplating having a second cheap phone, with a long battery life, only used for revolut, I don’t think I really have any other apps that I couldn’t survive without.
that’s the spirit