I’m tired of collecting phones, and frankly I’m a little money strapped and kind of want to coast by on older phones for a while. But I’m wanting to de-google as much as possible.
Of the last few phones I’ve had, all are working well. Most have been able to be kept relatively up to date with LineageOS, and a couple have /e/os/ versions available for them (one official, one community)
-
Essential Phone (Community Build e/os/…not sure if still being updated or not though.)
-
Moto One Hyper (No e/os/ build. Sadly not a popular enough phone)
-
Moto One 5G Ace (Has an e/os/ build. Currently being used as a DIY game emulator on LineageOS)
-
Motorola Edge 2023 (Current Phone. No e/os/ build. It’s essentially a canadian variant of the Motorola Edge 40 Neo…which are the only two newest phones to use the Dimensity 7030 chip, making it incompatible with the regular Edge 40 or 40 Pro e/os/ builds.
I’m using /e/os/ on my Essential phone (though not daily driver) to get a feel for the software and the Murena app/account. I’m willing to give up my game emulator to put it on the newer phone if I like it (though it would suck to lose my FFVII and Chrono Trigger playthroughs)
Ideally my Edge 2023 would have a build. But I’m not going to expect a chipset used by only two phones total to garner that much development focus (and rightly so)
Anyone have more long term experience with /e/os/ and Graphene and tell me what Graphene has stronger?
Thanks
Well, yes and no.
/e/ is more de-Googled than LineageOS, and it also replaces some GApps with its own ecosystem (whereas LineageOS just gets rid of them). I would say that this makes it slightly more private.
However, /e/ also takes a lot longer to apply updates from upstream Android. LineageOS and GrapheneOS both take a few days up to a few weeks to do this; whereas /e/ sometimes takes months.
In the past, I would have recommended DivestOS and Calyx OS, but sadly DivestOS is unmaintained and Calyx OS have temporarily stopped releasing or updating their OS.
Absolutely not.
Back when DivestOS was operational, they maintained a database of bugs, flaws, and security holes that the E Foundation and Murena refused to patch.
- MicroG isn’t a secure front-end, it still phones home to Google.
- Their native IP scrambler is just an old fork of TOR
- Their webview (the core of every phone’s ability to run a web application from Lemmy to Fruit Ninja) doesn’t have hardened measures to prevent interference.
- The bootloader stays unlocked. This means that the most essential feature for your safety, the metaphorical lock on the front door of your house, is left broken and loose.
Hell no, do not use /e/os. Use Lineage. Use Grapheme. Use Linux Mobile. Use literally anything else.
The bootloader stays unlocked. This means that the most essential feature for your safety, the metaphorical lock on the front door of your house, is left broken and loose.
Your information is out of date. For example, the Fairphone’s bootloader can be relocked and you can buy Fairphones with eOS pre-installed (and of course locked).
To find more phones that support relocking with eOS, filter this list by “verified boot”.
Can someone point me at technical info about the risks of having an unlocked bootloader? From where I stand, the risks seem completely irrelevant (to take advantage of an unlocked bootloader, the attacker would need to have full access to your OS already). AFAIK, locking of bootloaders was never designed to protect the user, but only to let cell-phone providers restrict what phone users can do.
This article explains it quite well.
An unlocked bootloader let’s any attacker change the the thing that boots your OS and the OS itself. They might not have access to your data (every modern cellphone encrypts those partitions), but replacing the OS is practically game over. It allows tracking the password (or PIN) you enter and sending it to any server once internet access is gained.
Sorry, but that page does not seem to say what you wrote. E.g. I can’t see how a remote attacker (such as a malign webpage, email, application, …) could take advantage of an unlocked bootloader without being able to see (and modify) all the data on your phone. IOW I think what you write applies only to an attacker who has physically taken your phone (temporarily).
What I wrote mostly applies to a physical takeover because that’s way easier, but privilege escalation on an a system with an unlocked bootloader can do everything I said. But if you’re hacked and privilege is escalated while you’re using the phone, it doesn’t matter if the bootloader is unlocked. You’re already pwned.
Search for “android privilege escalation” and look through the CVEs. This advisory for example says privilege escalation can lead to the creation of additional user accounts.
Also look up rootkits. The same principle applies on phones as on computers.
But my point is that a remote attacker using privilege escalation can already do all of that even with a locked bootloader. “rootkits” don’t need an unlocked bootloader.
Sorry, bootkit. Resetting to factory settings should be enough to get rid of a rootkits, but not enough to get rid of bootkits if your bootloader is unlocked. You can read about VerifiedBoot to see how it works.
Yes, if someone gets provileged access to your phone, be that remotely or locally, you’re fucked already, but being unable to get rid of the infection is an even bigger problem.
It also makes stealing phones useless if they’re off because they will be unusable without the PIN. Sure, PINs are only 4 characters but going through all possibilities still takes time if done manually. If it’s possible to do so automatically (which isn’t always the case), then 4 numbers won’t help much, I give you that.
All in all, I depends on your threat level. If you’re defending against your grandparents, probably a PJN will stop them, if it’s a three letter agency or a big corporation with endless money, good luck.
