[HN Gopher] LineageOS 22
___________________________________________________________________
LineageOS 22
Author : timschumi
Score : 237 points
Date : 2024-12-31 00:12 UTC (22 hours ago)
(HTM) web link (lineageos.org)
(TXT) w3m dump (lineageos.org)
| Gualdrapo wrote:
| Have I ever got a bigger paycheck I'd donate to them without
| hesitation. It's because of them (and formerly Cyanogenmod) I got
| to have my Xperia Z1 for 7+ years, and now this Xperia 1ii for 4
| years, each of them were/are doing great because of it.
|
| Hope they keep going strong.
| timschumi wrote:
| To quote from somewhere else:
|
| Just to emphasize this for anyone else who is reading this:
| Please do not feel obligated to donate.
|
| Yes, it is greatly appreciated, since it keeps the lights on a
| little while longer and allows us to provide builds and host
| continued development. However, we regard donations as having
| no strings attached, and the same applies for using the builds
| that we provide.
|
| We will be fine, at the very least for a while. Please think of
| yourself first.
| tessierashpool9 wrote:
| "Please think of yourself first." = \s ?
|
| Anyway ... I'd totally encourage everybody to donate to
| opensource projects and/or its maintainers. Whatever the
| effect may be, but I think that's just simply appropriate.
| timschumi wrote:
| Yes, donations are cool, without them there probably
| wouldn't be as many build servers (among other things).
|
| However, if donating means that you have to consider your
| current paycheck size, then it might be more appropriate to
| put that idea on the back-burner for a while.
|
| If you don't have to make that consideration and/or you
| feel strongly obligated to donate, then by all means,
| please do so.
| steelframe wrote:
| I'm still of the opinion that an Xperia Z1 Compact running
| LineageOS handily outcompetes any cycling computer that Germin
| or Wahoo has shipped in the past 10 years.
| doublepg23 wrote:
| Highly recommend the Samsung S5e Tablet with LineageOS. It's an
| amazing tablet for comics and light reading. Hard to beat its
| high res AMOLED display, incredibly light weight, and decent
| enough specs (I haven't personally seen slowdowns when using
| Lineage on a minimal install). Forgoing gapps gets you crazy
| standby time.
|
| Couple things to note is it doesn't have a headphone jack (it is
| legitimately that thin though) and you are required to use
| Windows to flash the device.
| AdmiralAsshat wrote:
| Good to know, as I still use an S5e as my comic reader. It's
| not getting security updates anymore, but to be honest it's not
| like I'm running banking software on it, so I don't care as
| much about malware risks as, say, my phone. It's still plenty
| speedy on stock firmware.
| gessha wrote:
| What would be the attack vectors for malware on a tablet? I'm
| genuinely curious how crucial updates are for older devices.
| npteljes wrote:
| For example, there could be a web-based attack that would
| target unpatched webviews. This could be a maliciously
| prepared webpage or image on the web, favicon etc, and this
| piece of data could be distributed by an ad network, for
| example. So, browsing the internet with an out of date
| browser or webview could pose this risk.
|
| Another issue is escalation. Again, we are in a speculative
| realm, but if a device is affected like how I described it
| above, it could then be the foot in the door for other
| attacks, like scanning the local network, and finding other
| devices to target, some of which might be also out of date,
| or be more trusting to a local device, than to an internet
| device. Like a router, for example, or a NAS with a
| passwordless LAN file share activated.
|
| Another usage of an exploited device is it joining into a
| botnet, that then is rented out for any purpose the buyer
| would want, distribution of files, acting as a proxy for
| others, participating in a DDOS attack.
|
| Thing is, most of this is automated actually. The devices
| on the internet are constantly scanned by automated means
| for vulnerabilities.
| bakugo wrote:
| Basically the same as a computer. If you avoid installing
| random untrusted apps, you are generally safe (i.e. don't
| install random no-name Candy Crush clones from the Play
| Store every week like some people in my family like to do).
|
| Every once in a while there's a more serious vulnerability
| that can be exploited remotely like Stagefright, but those
| are fairly rare and if you're here, you will probably hear
| about them.
| red-iron-pine wrote:
| anything internet facing has a ton. you're using it to
| browse a site that gets ad and you've got a vector --
| wouldn't be the first time legitimate sites like NBC
| (nbc.com) served 3rd party adds with malicious iframes
| embedded in 'em.
|
| mom takes her out of date tablet to check the news and bam
| she's rooted.
| goodburb wrote:
| Still using a very old Tab S 10.5 from 2014 running a bit slow
| with LOS 21 - Android 14.
|
| Started with Android 4 KitKat, stuck with Linux kernel 3.4 :)
|
| 5.4mm thickness, 3GB RAM (enough for 32-bit), 2TB SD card
| works, watching movies/shows with the AMOLED look as good as a
| recent OLED TV. Truly ahead of their time.
|
| SDR content with mDNIe dynamic enabled comes surprisingly close
| to HDR content on an HDR display, colors can be a bit too
| staturated though.
|
| After a decade, the battery lasts a week for daily hour e-book
| with black background. 3 hours of video playback. However, it
| restarts at 30% battery when running at full brightness with a
| white background. Disabling Wi-Fi significantly extends standby
| time compared to modern hardware.
|
| Caveats: Slow web browsing and no H.265 hardware decoder. 1440p
| H.264 60Mbit is the max (Display is 1600p). Most content
| providers and streaming services are slowly moving away from
| AVC, so it's stuck at 720p H.265 on CPU.
|
| Back in 2014, I couldn't have imagined using hardware that was
| over a decade old.
| wkat4242 wrote:
| Oh I have the same one. I had no idea it was supported by LOS
| now. When I last looked out wasn't. Thanks, I'll have a look
| for it.
| qingcharles wrote:
| Wow, these things are crazy cheap on eBay. Thanks for the tip.
| TwoNineFive wrote:
| The S5e is super old and many devices are likely facing battery
| age issues.
|
| I wish I had known this device was going to see long-term
| support like it received. I would have bought one at the time.
|
| The only modern tablet officially supported is the Pixel Tablet
| (tangopro). It's good enough but the screen quality isn't as
| nice as I would like. It should be supported for many years to
| come due to it's SoC being common to the Pixel 6-9 phones.
| mikae1 wrote:
| tangorpro has GrapheneOS support which would likely be a
| better choice until security updates stop coming from Google
| (and GrapheneOS) 2028-06-01.
|
| GrapheneOS installs easily via your desktop web browser with
| the Pixel device connected via USB.
| mschild wrote:
| +1 for GrapheneOS. I've dabbled in a lot of alternative
| roms over the years. There wasnt a single one that was as
| easy to install and use.
| doublepg23 wrote:
| As slow as it is on paper (in practice it's really not bad)
| and the batteries are indeed going, its AMOLED screen really
| takes the cake.
| sureglymop wrote:
| I really want to move to an android tablet but love the
| writing on an ipad pro. Does a pixel tablet support
| writing/drawing with a pen and palm detection? And more
| importantly is there any good software support (e.g. apps
| like goodnotes) for that? A pixel tablet with graphene os
| overall sounds awesome.
| notpushkin wrote:
| > required to use Windows
|
| There's an alternative flasher for Samsung's bootloader that
| works on Linux/macOS: https://github.com/Benjamin-
| Dobell/Heimdall
|
| It might not work with this particular tablet, though.
| timschumi wrote:
| There also is an updated version with fixes that never got
| merged into upstream Heimdall:
| https://git.sr.ht/~grimler/Heimdall
| doublepg23 wrote:
| Yeah, I never got Heimdall to work properly.
| 10729287 wrote:
| Thank you for the tip ! Was looking for a portable device at
| home for random browsing, it will be a nice beginning of the
| year project ! Do you recommend installing v21 or a previous
| version on this device ?
| doublepg23 wrote:
| I run a minimal install of 21 right now (no gapps) and it's
| great. Even handles browsing fine with Brave (built in ad
| blocking).
| kombine wrote:
| If only these Samsung Android tablets had a more reasonable
| screen aspect ratio..
| Scene_Cast2 wrote:
| I still buy devices based on the likelihood that they will be
| supported by LineageOS. Good to see them continuing along.
| climb_stealth wrote:
| Out of curiosity, what do you buy?
|
| I had Xiaomi last and bought another one recently and they have
| made it pretty much impossible to unlock the bootloader.
|
| Apparently limited number of unlocks at 12am Beijing time. I
| have tried a few times, read through all the complaints and the
| community forums, and Xiaomi can very kindly just fuck off.
|
| It used to be really good value for money as the hardware is
| great. But without flashing it is terrible. Crypto spam ads in
| system apps and things like that. Am going to sell it again but
| part of me can't give it to anyone in good conscience.
| chasil wrote:
| VoLTE is a huge consideration for older devices, and it is
| best to avoid Samsung.
|
| Pixels are the reference. Whatever you buy, verify VoLTE.
| climb_stealth wrote:
| Very true, yes. 4G connectivity is the main reason for me
| to upgrade. My Poco F1 doesn't support the main 4G
| frequency used in Australia. So connection and bandwidth is
| pretty crappy since 3G got sunset.
|
| Unfortunately the intersection of phones with headphone
| plug, SD card slot, decent RAM and hardware, not being
| huge, and supporting lineageos is pretty much nonexistent
| nowadays.
| Scene_Cast2 wrote:
| Oh interesting. I was planning to get a Xiaomi as my next
| phone; I recently heard that they limited the number of
| unlocks to one per person per year.
|
| I got a OnePlus and a Pixel. Before that it was a ZTE, but
| they aren't unlock-friendly these days.
| notpushkin wrote:
| > limited the number of unlocks to one per person per year
|
| I'm wondering how exactly they are gonna enforce that.
| prmoustache wrote:
| you actually have to create a xiaomi account to be able
| to unlock a xiaomi phone with their crappy bootloader
| unlocking tool (only running on windows FWIW).
|
| This is just a terrible experience, avoid this brand like
| the plague.
| notpushkin wrote:
| Yeah, I went through it once. You also have to wait for
| 30 days IIRC.
|
| There are unofficial unlock tools on Linux / macOS,
| though: https://github.com/topminipie/awesome-xiaomi-
| bootloader-unlo...
|
| The problem is, you can create as many Mi accounts as you
| want. They can make it slightly harder by verifying your
| phone number, but that's also pretty easy to circumvent.
| prmoustache wrote:
| Thanks for the pointers, when I did it, all the linux
| tools I had found had been abandonned/were not working.
| catlikesshrimp wrote:
| Don't sweat it. The link for the official tool in the
| official xiaomi site directs to an old version that
| didn't work for my old phone.
|
| I found The latest version in xdaforums, and that worked,
| thankfully.
|
| The whole xiaomi experience is very unpolished. The siteS
| are a mess for this, the tool looks like a cooked
| homebrew, and their English doesn't look official.
| climb_stealth wrote:
| I'd say stay away from it! From what I understand it mostly
| depends on what OS is running on the phone.
|
| Phones on their old Xiaomi OS can be unlocked reliably. You
| have to register an account, wait 30 days, and use the
| unlock app on a Windows computer. It's annoying but doable.
| But, the current Xiaomi HyperOS is where the insanity
| starts. It's pretty much impossible with arbitrary limits
| of global unlocks per day. The app constantly telling you
| to try again the next day and stupid stuff like that.
|
| I've had that phone sitting in a drawer for a month or so
| now. It's just not worth it. And I'm not going to put
| anything personal on their shipped OS. When system apps
| come with popup ads to install dodgy crypto apps I'm not
| going to trust it.
| rd07 wrote:
| Not TS, but I have similar thought to him. Just recently, I
| bought a used Samsung A52 4G phone, which is supported by
| LineageOS.
|
| I am not a LineageOS user, but I own a 5 year old Xiaomi
| phone. The latest Android version for that phone from Xiaomi
| is stuck at Android 9. It now runs Android 13 on /e/OS, a
| fork of LineageOS, and I have a good experience with it.
| chasil wrote:
| The biggest problem with /e/OS is the launcher (Bliss).
|
| The launcher does not seem to be able to do app shortcuts,
| particularly to make a shortcut to an incognito browser
| tab. Widgets are also confined to a separate page. [Please
| correct me if I'm wrong.] It's really trying to be an
| iPhone in some constraining ways (stressed by the Settings
| icon).
| ahmrz wrote:
| Lawnchair [1] is a pretty good alternative.
|
| [1] https://github.com/LawnchairLauncher/lawnchair
| chasil wrote:
| It needs to be in f-droid, or maybe on ffupdater.
| notpushkin wrote:
| It is on F-Droid IIRC.
|
| Edit: just checked, it's in the IzzyOnDroid repo:
| https://apt.izzysoft.de/fdroid/index/apk/app.lawnchair
| Ologn wrote:
| Samsung has its own bootloader. Some people get it to work
| with AOSP/LineageOS, but it is an extra pain. So I avoid
| Samsung for LineageOS.
|
| This is a list of support devices
|
| https://wiki.lineageos.org/devices/
|
| I installed LineageOS on a Motorola Edge a bit back.
|
| One problem is it takes a bit of time for a device to get
| officially supported by LineageOS. By the time it is, stores
| are often selling the next generation of devices.
|
| That was not the case when I bought an Edge and put LineageOS
| on it in 2021.
| 9cb14c1ec0 wrote:
| > but it is an extra pain.
|
| I've bricked several Samsung devices trying to flash
| Lineage on them. It is important to follow the Lineage
| installation instructions very closely.
| nubinetwork wrote:
| It used to be dirt easy, i remember my s5 was just
| "fastboot oem unlock" and flash the new image...
|
| Sure you'd lose knox, but nobody really uses it
| anyways... But from what lineage is saying, it seems
| Samsung made unlocking impossible on North American
| devices.
|
| I'm not sure what the law side of things is like for
| this, because I recall it being mandated that phones
| could be sim unlocked after contracts expire... someone
| should try seeing if there is a legal requirement for
| unlocked bootloaders.
|
| Edit: I wish apps would also stop whinging about
| unofficial OSes or devices being rooted... banking apps,
| mostly.
| catlikesshrimp wrote:
| > someone should try seeing if there is a legal
| requirement for unlocked bootloaders.
|
| The EU is only now applying usb chargers. They will be
| ironing appstores next. USA, maybe not with the next
| president.
| 9cb14c1ec0 wrote:
| > it seems Samsung made unlocking impossible on North
| American devices.
|
| It is possible to unlock them. It just takes about 20
| steps and multiple reboots.
| ghjfrdghibt wrote:
| My device is currently not supported, their FAQ about this
| is needlessly passive aggressive, though I can assume
| there's a reason.
| kube-system wrote:
| I used to spend so much time flashing different ROMs, and
| even cooking a few modifications of my own. These days I find
| it much easier just to buy first-party devices like a Pixel
| and just move on with my day. They seem to have the least
| 'gotchas' in my experience. Stuff is unlocked, it gets
| updates, and doesn't have bloat/malware baked in.
| SoftTalker wrote:
| Some would consider a Google device as malware out of the
| box. At least you know who is spying on you I guess.
| kube-system wrote:
| Given the fact that all phones have closed-source
| baseband firmware and are hooked up to vulnerable
| networks running ss7, they've got worse things to worry
| about if they're using a phone anyway.
| colordrops wrote:
| It's not all or nothing. That's like saying you might as
| well smoke 20 cigarettes since you are already smoking
| 10.
| zamalek wrote:
| Google is one of the lightest offenders in the ecosystem.
| Remember that any other Android device is going to have
| Google PLUS the manufacturer junkware. Pixels can also be
| de-rooted with custom firmware installed, and graphene is
| hella polished.
| KetoManx64 wrote:
| I buy uses OnePlus phones off swappa and flash LineageOS with
| microG right off the bat. For a tablet I have a Google Pixel
| Tab, which has official LOS support. Very happy with both
| prmoustache wrote:
| I managed to unlock a xiaomi redmi note 9. The bootloader
| unlock tool only work on windows and on intel based computers
| (don't ask me why). I had to reinstall temporarily a windows
| on a computer to do that.
|
| But this is really a brand to avoid at all cost anyway. Also
| these smartphones come super bloated out of the box with apps
| phoning home constantly, and super unreliables. 2 members of
| my houshold owned one and on both of them the screen started
| not accepting touch input randomly. These was on 2 different
| models.
| catlikesshrimp wrote:
| You get profiled when you sign up for unlocking a xiaomi.
|
| In order to use the official windows-only tool: You make a
| xiaomi account, wait a month or more, then put _an internet
| connected sim card_ that receives an sms verification and
| try to unlock, if it fails, you wait a day to try again.
|
| You can unlock about 3 devices at most every 6 months with
| one account.
|
| They found a balance that is easy enough for tech saavy
| users, but not too easy for the general population. Helping
| someone with his phone is a chore if you aren't charging
| money for it.
|
| Xda forums is much less interested in developing unlocking
| for xiaomis since there is this official method, and I
| can't blame them.
| zozbot234 wrote:
| The "general population" is probably better off buying an
| unlocked device on the used market. Wipe it with a new
| LineageOS install and there should be no real concerns.
| gf000 wrote:
| I have recently bought a Pixel 8 and I really like it.
| GrapheneOS is a very smooth experience, my only gripe is that
| the banking apps don't work on it, so I reverted back to
| PixelOS for the time being.
|
| But their sandboxed GApps service is truly how a mobile OS
| should work!
| asveikau wrote:
| I find any time I've put lineage on a device, the support
| lifetime is lower than I expect.
|
| In a perfect world, you would be able to bring your old device
| forward to multiple new major android releases beyond the
| support lifetime of the manufacturer, like you can with a Linux
| distro on a PC. But I guess android doesn't work that way, even
| with third parties willing to make new builds.
| timschmidt wrote:
| Often device drivers specific to the model of handset are
| only available as pre-compiled binary blobs, and will not run
| with any future kernel release without herculean effort to
| reverse engineer them and implement a shim. This effectively
| ties the hardware to a single kernel release.
|
| The practice makes ewaste of otherwise perfectly usable
| devices, and should be illegal.
| prosody wrote:
| Isn't that significantly on the Linux kernel not having
| stable driver ABIs?
| timschmidt wrote:
| I don't see how any choice the Linux developers make
| forces phone manufacturers to do anything.
|
| It's their choice to use Linux. They can abide by the
| license or not ship Linux.
|
| Not to mention that there are many more or less stable
| APIs within the kernel (which even has versioned API
| support in places) such as Video4Linux which
| manufacturers seem dead set against using.
| gf000 wrote:
| They do abide by the license, but it's also their choice
| whether to maintain cheap firmware for n years old
| devices, that they may not even have the license to
| distribute in source form.
|
| Nonetheless, android mostly solved the issue of the
| kernel's lack of stable interface via their HAL.
| realusername wrote:
| They could also contribute to the Linux kernel like
| normal companies instead of shipping half broken binary
| blobs.
| IshKebab wrote:
| That's a really backwards way of thinking about software
| distribution. It's like Debian's idea that every piece of
| software in existence should be packaged for Debian (and
| Suse, Red Hat, Fedora, Ubuntu, etc.).
|
| I don't package any of the software I write for Debian
| because I don't want to have to jump through their hoops.
| I don't blame device manufacturers for wanting to avoid
| jumping through Linux's hoops. Especially with having to
| deal with Linus.
|
| Nobody likes Apple's app review process do they? I don't
| think device driver writers should have to go through
| that.
|
| (I also wish they would open the code but not having a
| stable driver ABI clearly doesn't make that happen.)
|
| I think a _valid_ reason for not having a stable driver
| ABI is that it 's a mountain of work and makes everything
| else more difficult. But I've never heard anyone give
| that as the reason.
| gf000 wrote:
| Most of them buy parts from other companies, that often
| license the source only for inclusion.
|
| This is a very myopic view of the industry.
| AnssiH wrote:
| AFAIK the Android binary blobs are generally userspace,
| not kernel drivers.
| asveikau wrote:
| I think the interfaces we are talking about are not part
| of upstream Linux. They will bolt on half baked stuff
| regardless of the interfaces Linux provides.
| byw wrote:
| Any devices that fare better in this regard?
| pimeys wrote:
| Not really, no. For manufacturers it is faster to just
| write the drivers once for their chip, and release them
| targeting to an exact Linux kernel version rather than
| actually writing good enough code that it goes through
| the LKML process and gets merged into mainline. It costs
| money to update the drivers later on and it especially
| costs money to mainline them later on.
| b9b10eb736 wrote:
| Nobody's asking for mainline submissions though. Just
| publishing the drivers source code under a FLOSS licence
| when they stop supporting it would be enough to let the
| community take over the maintenance.
| timschumi wrote:
| The kernel side of drivers is already published under a
| FLOSS license, it's just that the code quality is usually
| subpar and the important changes are crammed into a
| tarball together with (sometimes) millions of other lines
| of changed code.
|
| The sources for the matching userspace binaries (which
| are usually the issue for Android version bumps) are
| usually under NDA by the component manufacturer and can
| not be released by the OEM independently.
| biorach wrote:
| Is the kennel driver code not available for the Community
| to take over the process of mainlining? If that gets done
| then surely the user-side code will work with all future
| kennels that contain the driver?
| timschumi wrote:
| The user-side will work with all kernels that contain the
| matching driver, but the user-side will not necessarily
| work on future Android versions without modification.
| TwoNineFive wrote:
| I have been running custom Android, mostly Cyanogen and
| Lineage, since the G1. I went G1 > Nexus 1 > Samsung S4 > S5 >
| OnePlus 5 > Pixel 8. I won't buy a phone if it's not community
| supported.
| zvr wrote:
| Can anyone recommend a supported phone that is _small_ in size?
| theandrewbailey wrote:
| Thanks for the link! LineageOS has kept my 7-ish year old Moto X4
| working like a champ for most of the time I've had it! As long as
| it keeps working, I have no intention of getting another phone.
| 9cb14c1ec0 wrote:
| Note that it can take several days or weeks for all the supported
| devices to get initial public builds made. You can track all the
| pending build jobs here:
| https://buildkite.com/lineageos/android/builds?branch=lineag...
| andrekandre wrote:
| thanks for that, i kept running in circles look for a build of
| 22 wondering if i was doing something wrong
| 9cb14c1ec0 wrote:
| I did the same for 21. Now I know better.
| ramon156 wrote:
| After another garbage update from Samsung I'm confident I should
| give it a go. I used it on a OP2 before and it was pretty good,
| but I curious how much it's matured in 3-4 years
| RadiozRadioz wrote:
| For a long time I was far too scared of being excluded from
| technological society to install this on my only phone, as much
| as I'd love to. It sickens me that banking apps, and others,
| depend on proprietary operating systems.
|
| What I do instead is have a separate device that I customize to
| my liking with Lineage, than an iPhone that I keep normal; I have
| the phone that I actually like to use, then a "normie phone"
| that's identical to everyone else's so I don't get arbitrarily
| excluded from things.
| lreeves wrote:
| I don't have an Android device but surely anything that
| excludes can just be accessed via web browser? I use my banks
| mobile website in a mobile browser all the time.
| bpev wrote:
| Many times the web browser works, but there are some cases
| where it doesn't or is just a much worse experience. Or even
| some apple-specific stuff, like my mom enjoys calling me via
| facetime.
|
| Having the second device just opens up more chances that you
| have something that works.
| prmoustache wrote:
| Sadly for those living in EU many banks forces you to
| validate online payments with a phone app only.
|
| Having said that, most bank apps still work on custom android
| images. Mine works on grapheneOS.
| bpev wrote:
| Yupyup I basically keep around an iPad mini for this purpose
| genpfault wrote:
| > SeedVault[1] and Etar have both been updated to their newest
| respective upstream version.
|
| What do folks use for backups that's actually useful (full app
| data + secondary stuff like KeyStore entries) nowadays?
|
| [1]: https://github.com/seedvault-app/seedvault/wiki/FAQ#why-
| do-s...
| KetoManx64 wrote:
| Swift Backups with root, and then Syncthing that directory of
| backupw to a home server. When I switch devices I just sync
| that directory to a new phone, install Swift Backup and do a
| restore. It's the modern Titanium Backup
| Jeaye wrote:
| Yay! Congrats on the release! Any chance I can put this on my new
| rpi5 or will that require some additonal porting? Currently
| running 21 by konstakang. I've been trying to build a controller-
| driven media machine.
| orsenthil wrote:
| Can you get this to install on Fire tablets? They are getting
| cheaper and cheaper, but the utility value without a minimal
| stock environment is very less.
| notpushkin wrote:
| There are unofficial builds if you wanna give it a shot.
| n8henrie wrote:
| Unfortunately most of the older models do not have a way to
| root them (AFAICT, I've checked in on this occasionally for
| years). I have a 2017 fire that I was able to get lineage on,
| but unfortunately it was a mostly broken "test" device. Another
| 2017 is slightly different and I fried trying to short to
| ground during the rooting process. I also have 2 slightly newer
| models that have no root available at all, and are virtually
| unusable as the stock OS has become so slow (5+ second lag
| times per tap).
| tessierashpool9 wrote:
| any insider info on the current state of affairs? is los just
| barely making by or is there still some enthusiasm. used it for a
| few years on two oneplus devices and loved it. but - the usual
| shortcomings and issues requiring workarounds or other adaptions
| finally led me to the iphone ... i hate ios ... but they just
| work and especially when traveling i didn't feel like taking any
| risks with google api integrations for maps and messengers (also
| camera is just better).
| erzhan89 wrote:
| also switched few weeks ago from Oneplus to se 2022. and
| currently testing custom roms as eos, calyx.. to find some good
| alternatives.
| panny wrote:
| Nothing against LineageOS, I used it on a Nexus5 and I really
| liked it. But these days I just buy a Sony Xperia and compile
| AOSP for myself. https://developer.sony.com/open-source/aosp-on-
| xperia-open-d...
| t14000 wrote:
| > Android 15 introduced several complex changes under the hood...
|
| > Android's move to trunk-based development, and the subsequent
| growth in size of Android's QPRs (Quarterly Platform Releases)
| have made our job magnitudes harder! As a byproduct we must
| rebase our entire code-base every 3 months.
|
| > Sadly, Google also has a habit of introducing deprecations or
| outright removing code that older devices rely on with little
| advanced notice...
|
| Google trying new tactics to move Android from open-source to
| "source available, lol"?
| zozbot234 wrote:
| > Google trying new tactics to move Android from open-source to
| "source available, lol"?
|
| It seems to be the opposite - more of AOSP internal development
| moving out into the open. QPR's are getting more frequent
| releases than the old AOSP code-drops.
|
| (Tbh I do think that AOSP has always had _way_ too much churn
| for a sensible system. A Linux phone should just work, and
| share as much of its codebase as possible with Linux systems
| running on other device classes; distributions like pmOS and
| Mobian - and quite possibly Debian Mobile in the future - are
| working towards this goal.)
| throw5959 wrote:
| Android is not "a Linux phone", it just happens to use Linux
| kernel under the hood. What you're saying was always an
| explicit anti-goal.
| surajrmal wrote:
| This is gatekeeping. Linux is a kernel. You're talking
| about userspace which is not part of the Linux kernel
| project.
| throw5959 wrote:
| What gatekeeping? I'm talking about Android project
| goals. They never intended to provide any direct
| userspace access to the Linux kernel. The Linux kernel is
| supposed to be an implementation detail that can be
| replaced without breaking app compatibility.
| gf000 wrote:
| Or maybe the Linux Desktop (used by a couple of people)
| should use more code from the android project (which is the
| biggest OS on the Earth)
|
| The latter has sane sandboxing, proper IPC, an app lifecycle
| that makes sense for embedded devices (an app in the
| background should only ever take CPU time if it has an
| explicit service with permission for that) etc.
| zozbot234 wrote:
| Plain old Linux has these features. For example:
|
| > an app in the background should only ever take CPU time
| if it has an explicit service with permission for that
|
| You can run your services in a cgroup and use "freeze" and
| "thaw" support for that purpose.
| gf000 wrote:
| It doesn't have it, because this is like security. You
| either have it everywhere, or it doesn't matter.
|
| Sure, the Linux kernel is very capable, but the "gnu"
| userspace doesn't make good use of its features. Android
| makes much better use and has a bunch of software that
| could be re-used on the former as well.
| ykonstant wrote:
| Is the reason GNU doesn't use these kernel features
| aggressively that they want to be portable? Or something
| else?
| zozbot234 wrote:
| Freezing background apps just isn't needed all that much
| if you run a fully FLOSS system. It's much more of a
| concern for proprietary software where you don't have the
| source code available. There's a similar story for
| sandboxing actually, it's not a coincidence that it's
| been getting more popular as proprietary apps have been
| made widely available via Flathub and the like.
| gf000 wrote:
| What, FLOSS systems run on unicorn blood or what?
|
| There is a reason why Pinephone and similar run hot as
| hell for a couple of hours of uptime only. But Linux
| laptops also have a terrible track record here. It has
| nothing to do with privacy, it's purely there to properly
| save energy.
|
| And come on, Linux Desktop has terrible security, just
| because no one targets the 3% marketshare doesn't mean
| that they are safe at all. Especially that security is
| independent of "proprietariness". You can have, say, an
| open source PDF reader with a vulnerability - you only
| need to open a malicious PDF file to have your system
| corrupted. Putting our heads into the sand is not a good
| idea.
| nextaccountic wrote:
| You "can" in the sense that the kernel technically
| supports, but realistically, who does that for all
| programs they use?
|
| Android userland is actually better designed in some ways
| sweden wrote:
| It should be the opposite, I am a bit confused about LineageOS'
| statement here. The Quarterly releases represent solid
| milestones towards the final Android number milestone.
|
| GrapheneOS claims that this made their rebasing much more
| efficient: instead of receiving a massive dump of all Android
| 15 at the end, developers receive incremental changes (the
| QPRs) to help them anticipate major changes in the code.
| timschumi wrote:
| GrapheneOS only supports devices that are still supported by
| the OEM, and they generally seem to have very few
| modifications that touch on frequently-changed parts of AOSP.
| In short, they can be relatively certain that nothing will
| break when they rebase, Google does the work for them.
|
| On the other hand, LineageOS runs a lot of devices at the
| very (lower) edge of compatibility, which means that (with
| Google pushing large changes quarterly instead of yearly) the
| build roster has to be reevaluated quarterly instead of
| yearly as well. This was not anticipated properly for the
| Android 14 (LineageOS 21) cycle, which resulted in 19 devices
| not being able to be built on a previously supported major
| version (and therefore dropping from the roster completely).
|
| In addition, the components that have been causing rebase
| conflicts each year now have the opportunity to cause rebase
| conflicts multiple times a year.
| reify wrote:
| Cool
|
| My old oneplus 5T battery has just failed and I have bought a
| second hand Motorola edge 20 pro, which is supported for lineage
| 22.
|
| Installing lineage has not got harder.
|
| Only three extra adb commands:
|
| fastboot flash dtbo dtbo.img
|
| fastboot flash vendor_boot vendor_boot.img
|
| and to populate the A-B slots:
|
| adb -d sideload copy-partitions-20220613-signed.zip
|
| Installation has remained pretty much the same process for years
| since I first installed it on my old Samsung S4 and motorola G3
| and more recently my old pixel 4A and pixel 6A.
|
| Long live Lineage
|
| I dont like the /e/OS launcher (Bliss) either.
|
| Lawnchair is in Droid-ify - izzyondroid repo
| nanna wrote:
| How's LineageOS with WhatsApp, Signal and random banking apps
| these days?
|
| Or let me put it another way: anyone running LineageOS but
| struggled to run any essential apps? (I don't care about games or
| whatever, I mean the apps you need to get around in life).
| Deukhoofd wrote:
| I've honestly never run into any problems with apps not working
| in the last couple of years of using it.
| FuturisticGoo wrote:
| WhatsApp and Signal run perfectly fine (WhatsApp shows a little
| warning on first run, that its an unsupported ROM, nothing
| else).
|
| As for banking apps, it depends. Some work, some don't. One way
| to test it would be to use Waydroid emulator on Linux, which
| uses Lineage OS image.
| okanat wrote:
| Whatsapp and Signal are fine. Random banking apps suck because
| their myopic and incompetent policies around custom OSes.
| Especially here in Germany where banks and even tech company
| management see internet as a magic, totally untrustworthy new
| curiosity. Combined with the overall extreme risk-averse
| society, basically none of the bank apps from big banks work
| with custom OSes. All require various levels of "hacking".
|
| They use Google SafetyNet as a security guarantee and some
| outright ban access while letting you use a completely custom
| Linux PC. There are ways to hack those API calls with various
| system level interceptors like Magisk. I keep a custom made 2FA
| code generator from my bank as a backup though.
| sunaookami wrote:
| Anecdote: I develop an app for a bank at my job in Germany
| and I was forced to implement root detection because of some
| annoying pentest. Everyone agreed that it was just security
| theater + checkbox compliance but it "had to be done"...
| cenamus wrote:
| Even the apps that work for online banking, you can't use
| them for digital payments anymore. The old integrations
| worked fine but with Google Wallet even GrapheneOS isn't
| good enough
| okanat wrote:
| I think detecting root and displaying a warning about risk
| is okay. N26 does it, so does Scalable Capital.
|
| However Sparkassen, Deutsche Bank etc all refuse to work on
| Lineage OS at all *without any actual root solution
| installed*. I actually don't want any root access, I can
| use recovery mode and even write special permission XMLs if
| certain apps need it.
|
| I just don't want bundled Google Dialer etc in stock ROMs
| that is feeding more data to Google about me and my loved
| ones. I keep my and my family's contacts in a private cloud
| solution. I don't use GMail for private e-mails. Nor Google
| Calendar. Removing these apps break stock ROMs due to
| special permission modifications Google did. Lineage OS is
| my escape but the stupid banks reliably choose stupidest
| security theather solutions that you were forced to
| implement.
| chasil wrote:
| The Wells Fargo app runs on Lineage. Google Pay does not work
| with it.
|
| My original motivation for deploying this particular phone
| was for Cisco Duo, which also runs on it.
| hollow-moe wrote:
| Apps using Safetynet / Play Integrity are still broken and will
| stay broken since Lineage won't ever be allowed to pass these
| "security" tests
| enoeht wrote:
| There might be a way via f-droid > shelter app and install
| these safetyNet apps in there.
| exe34 wrote:
| they work fine if you don't root the install. if you do root,
| banking apps and Disney plus won't work, everything else is
| fine.
| seszett wrote:
| For some banking apps, you _have_ to root the device on the
| contrary, to be able to install other apps that will make the
| banking app run on a custom ROM.
|
| It's completely absurd, but it's how it works today.
| exe34 wrote:
| yeah I just use the browser version instead.
| lufte wrote:
| Whatsapp works even if you choose not to install Google
| Services. You can download the apk directly from
| https://www.whatsapp.com/download.
| brnt wrote:
| If you install Gapps, most banking apps work fine. Only
| Revolution refused to start on account of having an unlocked
| bootloader.
| aembleton wrote:
| Can I download Twelve from somewhere? I couldn't find it on
| F-Droid.
| uneekname wrote:
| I bought a 1yo (new in box) OnePlus 11 5G last year and
| immediately installed LineageOS on it. Great, modern daily
| driver. My next phone, in many years, will also run LineageOS on
| day one.
| pimterry wrote:
| Love to see the ongoing progress here, but I'm really starting to
| worry that the growth of attestation on Android will make using
| custom ROMs like LineageOS impossible in future.
|
| Is there any way we can fight this? Feels like there must be some
| EU/US consumer rights or digital market legislation somewhere
| that could be used to more directly object to organizations like
| banks saying "your phone works just fine but we actively block
| you from using it" especially as mobile apps become more and more
| obligatory for banking. It's a huge problem just in e-waste of
| old devices that work fine but can't be used because of the lack
| of updates.
|
| Just one legal case upholding this somewhere would put a huge red
| flag over it and significantly discourage the whole trend.
| lordofgibbons wrote:
| Yeah, running GrapheneOS, this has been a big headache for me.
| And it's incredibly stupid too.
|
| The app won't work natively due to a lack of attestation, so I
| have to fire up the browser and user the service.... Exactly
| how is that more anti-abuse than just using an app without
| attestation? It's security theater and has no basis in reality.
| gjsman-1000 wrote:
| Can you scan a check from your web browser? Maybe I'm wrong,
| but probably not; frankly, it's a logistical miracle we can
| do this from our phones and the banks tolerate it, but I can
| see why they would still want to minimize all risk involved.
|
| The second reason though I can think a bank would want
| attestation is as an anti-piracy measure. With a website, you
| have HTTPS verifying the identity of the domain. With an app,
| a pirated app or a 3rd party app from any source could
| hypothetically intercept user's banking information, their
| scanned checks, or even attempt to cash their scanned checks
| itself. It's not about making sure the device is secure, as
| it is killing attempts at 3rd party, modified, or malicious
| clients. The last thing I want, or the bank wants, is some
| grandmother downloading the "Wells Fargo Bank Plus with Giant
| Legible Accessible Text" app she saw in an ad as an APK,
| installing it, and being a victim of silent fraud for years.
|
| The third reason a bank might want it, is also just simple
| stupid litigant America. If such a scheme similar to the
| above were to occur, the bank would likely be sued by victims
| arguing that the above circumstance was preventable. The
| victims would also be correct, it was preventable. The bank
| is then in the unenviable position of telling the jury that
| supporting the rights of 0.1% of phone modders was more
| important than victimized grandmothers.
|
| _Or,_ as a bank lawyer would say, just turn on attestation,
| it costs basically nothing, and then none of the above could
| happen. Better safe than sorry. After all, is the grandmother
| not also a customer, and preventing malicious clients in her
| best interest? Sure, some customers will be inconvenienced,
| but this is America, where anyone depositing more than $10K
| is subject to an interrogation.
| acaloiar wrote:
| > Can you scan a check from your web browser?
|
| Yes
|
| https://developer.mozilla.org/en-
| US/docs/Web/API/MediaDevice...
| ensignavenger wrote:
| Why would some one pirate a free banking app that they get
| for free from their bank anyway?
| fiso64 wrote:
| >The last thing I want, or the bank wants, is some
| grandmother downloading the "Wells Fargo Bank Plus with
| Giant Legible Accessible Text" app she saw in an ad as an
| APK, installing it, and being a victim of silent fraud for
| years.
|
| I don't think this happens nowadays. Android will either
| block by default or give you a million prompts and warnings
| before it allows you to install an apk from an unknown
| source. It's far, far easier to install it from google
| play. I don't think any grandmother would manage to
| accidentally ignore the first 3 pages of genuine links on
| google and then push the right buttons that enable
| sideloading.
| Semaphor wrote:
| A million prompts? It's exactly one prompt to permanently
| allow a source.
| toast0 wrote:
| > Can you scan a check from your web browser? Maybe I'm
| wrong, but probably not; frankly, it's a logistical miracle
| we can do this from our phones and the banks tolerate it,
| but I can see why they would still want to minimize all
| risk involved.
|
| ATMs just scan the checks now too, so why have the middle
| man? Usually there are limits on customer scanned deposits
| though, in the range of $5,000-$25,000. I've never heard of
| a limit on ATM deposits, although I'm sure there is one; I
| have had atms in WA decline to process warrants from CA
| state (like a check, but sometimes California has to wait
| for next fiscal year to clear it).
| NotPractical wrote:
| > With a website, you have HTTPS verifying the identity of
| the domain
|
| HTTPS does not provide any form of identity verification;
| it only provides protection from man-in-the-middle attacks.
| The only way to verify that a website is legitimate is to
| look at the domain name, and compare it to the official
| domain name. Most users don't bother. It is trivial to
| create a fake banking website that looks identical to the
| original site, but intercepts your login credentials. The
| user isn't presented with any scary warning prompts
| whatsoever upon navigating to said malicious site, making
| it more attractive from an attacker's perspective than
| creating a fake app. Once an attacker has logged in, they
| can drain out your accounts, but at least they can't
| intercept your check images I guess?
|
| > The victims would also be correct, it was preventable
|
| No, they wouldn't be correct. As long as grandma has access
| to any computing device with a web browser and the capacity
| to receive links from arbitrary sources, it is not
| preventable. Good luck convincing a court that, just
| because the bank declined to copy and paste the latest form
| of trendy boilerplate "safety" API into their app, they are
| somehow liable for their customers voluntarily sending
| their information to an attacker. Additionally, you often
| see in these "frivolous lawsuit" cases there's no other
| party to blame but the company or the customer. Here, if
| there's anyone to blame aside from the user, it's obviously
| the attacker rather than the bank, who is violating the
| Computer Fraud and Abuse Act and should be tracked down and
| prosecuted to the fullest extent of the law.
| zozbot234 wrote:
| Just buy a separate low-cost device and use that _only_ for
| your banking. It 's a total non-issue, there are way more
| nefarious uses of SafetyNet/the attestation API's.
| wkat4242 wrote:
| The problem is you need banking stuff on the go more and
| more. Here in Spain for example people often pay friends with
| a service called bizum that works through the bank's app.
|
| It's definitely not a non issue for me.
| homebrewer wrote:
| You'll have to change it often if you're worried about safety
| at all. Lineage has been keeping my phone alive for five
| years now, and although it only updates the upper layers and
| there are definitely unfixed vulns in the firmware, it's much
| better than if I'd used the stock OS that hasn't been updated
| since the beginning of 2020. Banks don't or won't understand
| this.
| xuki wrote:
| > Banks don't or won't understand this.
|
| They are not interested in that. They want attestation
| because they can "outsource" the responsibility to Google.
| pimterry wrote:
| It's not just banking. Though that's clearly the most
| inconvenient, I've heard stories of this in all sorts of
| contexts, and Google actively push it for _all_ apps in the
| play console etc now. Carrying two devices just to use basic
| things will work, but god that sounds annoying.
|
| I'm curious though, what are the more nefarious uses you're
| concerned about?
| n144q wrote:
| > It's a total non-issue
|
| Buying a separate device and _carrying_ it all the time just
| for banking _is_ a big ask for most people, even for geeks
| who hack their Android phones.
| Asooka wrote:
| What is stopping LineageOS from supporting (or faking support
| for) attestation?
| gjsman-1000 wrote:
| This is an extreme oversimplification in an "Explain like I'm
| 5" style (terminology might also not be perfectly correct,
| it's more for illustration of the basic concepts):
|
| Imagine, if inside your phone, there's your main processor
| named Bob. Bob runs all of your apps, Bob is occasionally
| stupid and gets hacked, but he means well.
|
| Also inside your phone, is another processor named Alice. Bob
| can't see her even if he can send messages to her, but Alice
| can see Bob through a one-way mirror. Alice is also located
| inside of a concrete steel bunker with no entry, no exit, and
| UV sterilization of all single-page letters coming in or out
| after examination by an officer. Alice has a special ID card
| given to her by Google, which was only given her after Google
| was satisfied in the security of the bunker.
|
| Google sends super high-secure work for Bob to do. Bob isn't
| the most trustworthy of fellows; so Google also sends a
| message asking Alice to report back on whether Bob is doing
| what he's supposed to. Alice sends her report back to Google
| with her signature on it. Google trusts that signature,
| because it previously inspected Alice and the security of her
| bunker, and knows that as long as Alice is safe and Bob can't
| harm her, Bob is doing the work intended.
|
| Now, you might say, why not just make sure Bob is stronger?
| Well, Google tried that, but with people wanting to sideload
| apps, the needs of developers, security bugs, that's all
| _extremely_ difficult. Having Alice do nothing but verify and
| sign in a super secure bunker while accepting various
| requests for oversight - that 's easy, auditable, much easier
| to secure, and rarely needs change.
|
| Where it gets even stronger is what I would call, for lack of
| a better word, "progressive lockdown." For example, when Bob
| is just starting up, Alice can check that he started up from
| an approved OS (Secure Boot). Once that's happened, the
| Secure OS might hand Alice a piece of code for the OS that is
| never allowed to change in the future while the device is
| booted (Secure Monitor / TEE). Alice doesn't have to run the
| code herself; just panic if that code ever changes. By doing
| so, the OS now has super-high-security functions for itself,
| that can always be changed out through any update, without
| Alice needing any updates, changes, or expanded attack
| surface herself. By that point, Alice can be OS-agnostic so
| it doesn't matter whether it's Bob or Kevin, and could even
| be a permanent hardware feature that never needs updates...
| oops, you've just invented TPM / Verified Boot / Titan M.
| igneo676 wrote:
| Mainly historical reasons:
|
| Back in 2009 during the Cyanogenmod days, Google issued a C&D
| to the developers to keep them from distributing Google Apps
| alongside the main ROM. IMO it was less about the app
| distribution and more to force Cyanogemod to come to the
| table and work with Google to develop ground rules on how 3rd
| party ROMs would interact with Google more broadly.
| Cyanogemod (now LineageOS) basically agreed not to step on
| Google's toes. At the time it was not to distribute Google's
| Apps inside of the ROM. Now it's to not bypass OS level
| protections like Play Integrity (formerly Safety Net)
|
| Their stance now can be found here:
| https://lineageos.org/PlayIntegrity/ . Note the part that
| says:
|
| > Any action taken to bypass Play Integrity risks a backlash
| against all custom OSes, and could cause Google to block them
| entirely from the Play Store.
|
| So long as the main players follow this advice, Google tends
| to also ignore smaller players that _are_ working around this
| via Magisk or other means. It's also possible that this
| simply becomes non-viable after some time.
|
| It's also worth noting, Google has ways to allow third
| parties to certify their devices on
| https://www.google.com/android/uncertified/ . This doesn't
| grant fully Safety Net, but it's definitely another way
| Google is working with custom ROMs to ensure you have access
| to the Play Store
| steelframe wrote:
| I run LineageOS on an Xperia Z1 Compact that I use as a cycling
| computer and GrapheneOS as my daily driver. If any business
| excludes my phone, I exclude that business.
|
| The only trouble I run into is when (pseudo-)public institutions
| such as airlines or municipal parking authorities arbitrarily
| require apps that only Apple or Google distribute through their
| DRM-infested frameworks.
___________________________________________________________________
(page generated 2024-12-31 23:02 UTC)