this post was submitted on 06 Sep 2025
24 points (87.5% liked)

Privacy

41678 readers
745 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
24
LineageOS is apparently not private? (lemmy.zip)
submitted 6 days ago by PragmaticIdealist@lemmy.zip to c/privacy@lemmy.ml
29 comments fedilink hide all child comments
 

I'm planning on flashing LineageOS on my phone to debloat and to degoogle, and additionally to increase overall privacy but apparently from what I've heard here that it's not private enough or even at all?

I know about it being less secure because of the opened bootloader and the higher chances of you rooting to achieve what you want with a degoogled phone, but beyond that (especially privacy-wise) I don't know anything.

I've seen a video on how to degoogle it further, but surely it isn't all I need to do.

I need some education.

Unfortunately my phone is so obscure that it isn't supported by literally anything, but fortunately there's an unofficial port of LineageOS I found on Telegram, and that's the one I'll be using. So if you're thinking of suggesting another custom ROM, you're out of luck. Also you can't make me buy a Pixel - that thing ain't supported in my country (5G and others) and it's hella expensive as well.

top 29 comments
sorted by: hot top controversial new old
[–] Zak@lemmy.world 30 points 6 days ago (3 children)

Privacy isn't binary.

LineageOS without Gapps won't send information to Google unless you install something that does. It won't do a whole lot to prevent apps from collecting data like GrapheneOS does so it's up to you to evaluate the privacy implications of anything you install.

A locked bootloader protects against two attack vectors: malware modifying the operating system at runtime, and an unauthorized person with physical access installing a malicious operating system while you're not looking (an "evil maid" attack). The former is rare on Android. The latter is rare unless you're a high-value target or dating an abusive hacker.

[–] Clark@lemmy.ml 8 points 6 days ago* (last edited 6 days ago) (1 children)

LineageOS sends connectivity checks, time adjustment requests and system webview (chromium by default and not easy to change) data to google servers as far as I know. Are you sure it doesn't send anything to google? On the other hand, there is an app Invizible Pro on FDroid, which is perfect to prevent such connections. Maybe you assume the user will install it?

[–] SatyrSack@quokk.au 3 points 6 days ago

Yeah, the core of DivestOS was to be a fork of LineageOS that has all the Google defaults like that changed to something else.

[–] mugita_sokiovt@discuss.online 2 points 5 days ago

Privacy is a skill, point blank.

[–] PragmaticIdealist@lemmy.zip 1 points 5 days ago (1 children)

Yeah I know I can't prevent apps from collecting data that's why I have all essentials from FOSS.

My main problem with an unlocked bootloader is I'll have to do a lot of things to get most of my apps working (mainly banking apps and games).

malware modifying the operating system at runtime

Is that from installing an app or from install a malicious ROM?

and an unauthorized person with physical access installing a malicious operating system while you’re not looking

That's like impossible. It takes time to install a ROM, and my phone is always with me so that's not happening.

The latter is rare unless you’re a high-value target or dating an abusive hacker.

Bold of you to assume I'm ever dating anyone.

[–] Zak@lemmy.world 1 points 5 days ago (1 children)

Getting around Google's attestation with an unlocked bootloader requires root - I believe the go-to is Magisk and the Play Integrity Fix module. It's also a good idea to put the apps in question on the Magisk denylist. I've been using this for years with good results and would not describe it as "a lot of things".

Is that from installing an app or from install a malicious ROM?

A malicious app could modify the OS, but it would need root permissions. There are three ways that can happen:

  • The app exploits a privilege escalation bug in the OS. This can happen even if you don't have root access yourself.
  • The app exploits a bug in a superuser permission manager (e.g. Magisk) to gain root privileges without prompting you.
  • A previously legitimate app you've given root privileges to gets a malicious update (a supply chain attack).

A malicious ROM is certainly possible. Some random person's LineageOS fork is slightly less trustworthy than its maintainer (due to supply chain attacks).

[–] PragmaticIdealist@lemmy.zip 1 points 5 days ago

Getting around Google’s attestation with an unlocked bootloader requires root - I believe the go-to is Magisk and the Play Integrity Fix module.

I'm planning on using KernelSU, because I asked on the Magisk subreddit and it's unironically what they recommended. I looked around here and it solidified my decision even more.

The recommended way for me to install it goes like install custom recovery > install custom ROM > somehow flash preferred rooting solution in recovery > install preferred rooting solution as an app. link

[–] sefra1@lemmy.zip 25 points 6 days ago* (last edited 6 days ago) (2 children)

IMO locked bootloader isn't that important as graphene OS devs make it sound, but I would NEVER trust a software "found on telegram".

I have used unofficial lineage OS before, but that phone was just an entertainment machine, with no personal information on it.

Graphene OS however has security features that other ROMs don't have like improved encryption.

However Pixels are too expensive, I can't afford them either. I'm thinking as an alternative getting a Nothing phone cm 1 (or something) which is much cheaper than a pixel and can run official /e/ OS

[–] aeternum@lemmy.blahaj.zone 7 points 5 days ago (1 children)

I came here to say this too. If you’re concerned about lineage not being private enough, why tf are you going to flash a rom you “found on telegram”

[–] PragmaticIdealist@lemmy.zip 2 points 5 days ago

Yeah it kinda contradicts with my goal, but really, my ultimate goal was just to debloat my phone. I just learned degoogling from learning debloating so I thought I might as well do that. (the debloating plan I had since 2021 has brought me into this deep rabbit hole of privacy, Linux and many many more)

I'd honestly rather use anything than the stock ones at this point.

[–] PragmaticIdealist@lemmy.zip 1 points 5 days ago

Yeah when I have the money I'm planning on buying a Poco phone as well. I heard they're good for custom ROMs (as in supported by many devs), and it's the cheapest and good option for custom ROMs.

I think I need to hurry up on that plan though because it looks like I have to do many shenanigans to open HyperOS' bootloader now.

[–] krolden@lemmy.ml 19 points 6 days ago (1 children)

Only use official lineage releases

[–] PragmaticIdealist@lemmy.zip 1 points 5 days ago

Ahh, such distant dreams.

I have a way of using a polished official ROM, but it's GSI, and I already have MANY answers as to why NOT use a GSI if possible.

[–] anarchoilluminati@hexbear.net 13 points 6 days ago

Nothing will be private enough for some people.

There will always be people who will scoff and puff about what is working for you or what works best for you in your attempt to regain privacy. What's important is for you to assess your threat profile, what you want to accomplish, and if LineageOS helps you with that. Just the other day people were scoffing at people buying physical movies and not backing them up in 1-2-3 format. Like, who has the fucking time and energy for that? And it's stupid. It's like scoffing at people who buy books because eventually the binding may fail or the book could get wet so they should've scanned it into a PDF. Or when people scoff at Proton users instead of being glad people are weaning off Google. It never ends and it gets worse the further you go down the hole. Ignore them.

What other options do you have for your phone at the moment besides Lineage? Regular Android? Better off having Lineage.

[–] infjarchninja@lemmy.ml 16 points 6 days ago* (last edited 6 days ago) (1 children)

Hey PragmaticIdealist

The video guy is talking bollocks: plus he has about 50 crypto links to pay the wanker.

Honestly, I have install lineage since 2018 and installed CyanogenMod way before that.

He talks about "Removing bloatware Google packages" from Lineage, there are no bloatware google packages in lineage.

I have just plugged my oneplus 5T with lineage installed into my laptop, and typed this into my terminal: to give me a list of all the packages installed on my phone.

adb shell pm list packages -s >oneplus5-installed.txt

I have 213 packages installed. THERE ARE NO GOOGLE PACKAGES installed.

+++++++++++++++++++++++++++++++++++++

Captive Portal is simple to disable using adb. Its not scary.

I have 5 family phones with lineage installed

I have just checked Captive Portal on all 5

db shell settings get global captive_portal_mode

all 5 phones the output is:

null

+++++++++++++++++++++++++++++++++++++

you can change your dns rather than rely on your carriers DNS. I use Mullvad DNS

https://mullvad.net/en/help/dns-over-https-and-dns-over-tls

The eu has public dns servers:

https://european-alternatives.eu/category/public-dns

+++++++++++++++++++++++++++++++++++++

not much info on itel-p55-5g on xda

https://xdaforums.com/t/i-want-a-vbmeta-img-and-boot-img-for-itel-p55-5g.4737042/

if you want to find out about Lineage, use their forums or use the https://xdaforums.com/ as above and have a good look around to see what people say.

[–] PragmaticIdealist@lemmy.zip 1 points 5 days ago (1 children)

The video guy is talking bollocks: plus he has about 50 crypto links to pay the wanker.

Really. Most of the videos I've seen of him are really solid. Plus, I do think the tips he gave are good (that's why I linked it in the first place) besides this:

He talks about “Removing bloatware Google packages” from Lineage, there are no bloatware google packages in lineage.

Yeah if you didn't install GAPPS you wouldn't get any, well... Google apps in the first place. Besides this part, I do think the others make sense because they are making connections with Google.

Captive Portal is simple to disable using adb. Its not scary.

Yeah.

Also I'm wondering about whether to disable this or not, like wouldn't it break functionality?

you can change your dns rather than rely on your carriers DNS. I use Mullvad DNS

Yeah I'm also using Mullvad DNS everywhere since I discovered it in like 2024.

not much info on itel-p55-5g on xda

Yep, I already looked everywhere. The Sourceforge repo and the Telegram group was all I found.

[–] infjarchninja@lemmy.ml 1 points 5 days ago

Hey PragmaticIdealist

I dont like him because he seems to intentionally pick controversial subjects just to get clicks.

I mean. how controversial can you get by using the headline "LineageOS is apparently not private?" and then go about trying to prove your point by not referring to Lineage.

I can only assume that loads of non techy people would be put off by his claims.

Lineage does not send any information to google nor connect to google. However the apps you choose to install could connect to google. Especially if you use closed source apps.

if you stick to open source apps via Neostore, droid-ify and F-droid basic you should be fine.

++++++++++++++++++++++++++++

It is safe to disable Captive portal if it is already enabled on your phone.

I have disabled it on my aunts and uncles phones, they dont use lineage or any AOSP roms.

My aunt likes the idea of free wi-fi when shes out. she has a list of all the in-store wifi, in my local shopping centre, already stored on her phone, this means that she automatically connects to whatever wifi she is nearest to.

Lineage phones have captive portal disabled by default.

Looks like you are half way there.

A good VPN is also a good choice

Keep at it.

[–] relaymoth@sh.itjust.works 4 points 5 days ago (1 children)

Not to be that guy but do you really trust an "unofficial port" you found on Telegram? That seems, to me, just as problematic as blindly trusting Google.

Has this port been tested for behavior that's non-standard in LineageOS? Random ports distributed in channels such as Telegram do not instill much confidence that it's legit and not riddled with spyware/malwnare.

I don't have a solution for you but I'd think twice about installing any OS that isn't distributed (or at least validated by) via official channels.

[–] PragmaticIdealist@lemmy.zip 1 points 5 days ago

Yeah I've thinking about that as well for like since I found this.

Me wanting to try out custom ROMs (because I haven't done this ever) is probably what's fueling my decision to go with it, even though it might be unsafe.

[–] utopiah@lemmy.ml 4 points 5 days ago

to debloat and to degoogle, and additionally to increase overall privacy but apparently from what I’ve heard here that it’s not private enough or even at all?

So... there is what is theoretically possible, what's pragmatically feasible with your current skillset, what you believe you need and what you actually need.

If you rely on what is theoretically possible and what you believe you need you usually end up with burn out. If you focus on what's pragmatically feasible with your current skillset and what you actually need instead you WILL disappoint strangers on the Internet but you might remain sane and surely will learn something in the process, thus both improve your skillset AND have a better understanding of what you actually need.

[–] frongt@lemmy.zip 1 points 6 days ago

Define "private enough". If you trust that author, and that no one is going to alter the device through the unlocked bootloader, then all you have to do is not install apps or services that you consider privacy-violating.

[–] autonomoususer@lemmy.world 1 points 6 days ago

The stock ROM fails to include a libre software license text file. We do not control it, dangerous. LineageOS helps reduce harm but the best option is to get a new phone.