I have been running lineageOS on my OnePlus 2. I liked it, but Lineage has stopped supporting my phone. There are two options that I have been able to find as replacements - postmarketOS and /e/OS. Any thoughts on those or other recommendation? Anything that gets security updates, is open source, and is functional meets my needs.
LineageOS don’t use permissive selinux and disabled nearly every function of userdebug build except for root functions over adb (that is disabled by default).
The only real danger about LOS is the unlocked bootloader, but it can’t be solved by LineageOS developers, since it depend deeply by manufactorer.
Still, even if it is a security risk it depend a lot about your threat model and if you usually install only trusted apps and navigate on trusted sites (or usually disable JavaScript) the actual attack surfaces isn’t really a problem for the common users, and there are only theoretical risks.
The great thing about official LOS is the support of a lot of devices (and not only Google made) and the big community approval needed for every change.
Community standards for LOS are actually really strict, and you can be pretty sure to have a stable system when you use official LOS on your device. Since there are dozens of supported devices it gives users a lot of freedom.
LineageOS weakens SELinux policies.
LineageOS still uses userdebug build. Userdebug builds are primarily development builds that are supposed to be given to closed beta testers hired by a business. These builds are not considered to be secure. Security isn’t even a concern as these builds are purely for development purposes.
Verified boot ensures that all executed code comes from a trusted source rather than from an attacker or corruption. Moreover, Verified Boot checks for the correct version of Android with rollback protection which helps to prevent a possible exploit from becoming persistent by ensuring devices only update to newer versions of Android. Verified boot it’s not only useful against physical attacks, if a remote attacker has managed to exploit the system and gain high privileges, verified boot would revert their changes upon reboot and ensure that they cannot persist.
Also, rollback protection can be enabled even with bootloader unlocked. However, Lineage doesn’t have rollback protection either.
That’s not really a good argument. The majority of users have bad habits regarding good security practices, they usually install applications without check the signature, for example. You just assume that users will act in certain way, but in reality you don’t know that. It’s not real security, it’s security through obscurity. The risks are not only theorical, as I explained above.
Doesn’t seems so. All the problem I pointed out still remain. Also, they don’t add any relevant security or privacy improvement, instead they weaken the security android model.
If you prefer/need/want to use lineageOS then go for it, it’s up to you. However, freedom it’s not equal to privacy and security.
Hello GrapheneOS propaganda account, nice to meet you. Nice security theater you are fooling everybody with.