LineageOS is apparently not private? (lemmy.zip)

submitted 1 day ago by PragmaticIdealist@lemmy.zip to c/privacy@lemmy.ml

27 comments fedilink hide all child comments

I'm planning on flashing LineageOS on my phone to debloat and to degoogle, and additionally to increase overall privacy but apparently from what I've heard here that it's not private enough or even at all?

I know about it being less secure because of the opened bootloader and the higher chances of you rooting to achieve what you want with a degoogled phone, but beyond that (especially privacy-wise) I don't know anything.

I've seen a video on how to degoogle it further, but surely it isn't all I need to do.

I need some education.

Unfortunately my phone is so obscure that it isn't supported by literally anything, but fortunately there's an unofficial port of LineageOS I found on Telegram, and that's the one I'll be using. So if you're thinking of suggesting another custom ROM, you're out of luck. Also you can't make me buy a Pixel - that thing ain't supported in my country (5G and others) and it's hella expensive as well.

top 27 comments

sorted by: hot top controversial new old

[-] relaymoth@sh.itjust.works 5 points 6 hours ago

Not to be that guy but do you really trust an "unofficial port" you found on Telegram? That seems, to me, just as problematic as blindly trusting Google.

Has this port been tested for behavior that's non-standard in LineageOS? Random ports distributed in channels such as Telegram do not instill much confidence that it's legit and not riddled with spyware/malwnare.

I don't have a solution for you but I'd think twice about installing any OS that isn't distributed (or at least validated by) via official channels.

[-] utopiah@lemmy.ml 4 points 13 hours ago

to debloat and to degoogle, and additionally to increase overall privacy but apparently from what I’ve heard here that it’s not private enough or even at all?

So... there is what is theoretically possible, what's pragmatically feasible with your current skillset, what you believe you need and what you actually need.

If you rely on what is theoretically possible and what you believe you need you usually end up with burn out. If you focus on what's pragmatically feasible with your current skillset and what you actually need instead you WILL disappoint strangers on the Internet but you might remain sane and surely will learn something in the process, thus both improve your skillset AND have a better understanding of what you actually need.

[-] sefra1@lemmy.zip 21 points 23 hours ago* (last edited 23 hours ago)

IMO locked bootloader isn't that important as graphene OS devs make it sound, but I would NEVER trust a software "found on telegram".

I have used unofficial lineage OS before, but that phone was just an entertainment machine, with no personal information on it.

Graphene OS however has security features that other ROMs don't have like improved encryption.

However Pixels are too expensive, I can't afford them either. I'm thinking as an alternative getting a Nothing phone cm 1 (or something) which is much cheaper than a pixel and can run official /e/ OS

[-] PragmaticIdealist@lemmy.zip 1 points 12 hours ago

Yeah when I have the money I'm planning on buying a Poco phone as well. I heard they're good for custom ROMs (as in supported by many devs), and it's the cheapest and good option for custom ROMs.

I think I need to hurry up on that plan though because it looks like I have to do many shenanigans to open HyperOS' bootloader now.

[-] aeternum 6 points 19 hours ago

I came here to say this too. If you’re concerned about lineage not being private enough, why tf are you going to flash a rom you “found on telegram”

[-] PragmaticIdealist@lemmy.zip 2 points 12 hours ago

Yeah it kinda contradicts with my goal, but really, my ultimate goal was just to debloat my phone. I just learned degoogling from learning debloating so I thought I might as well do that. (the debloating plan I had since 2021 has brought me into this deep rabbit hole of privacy, Linux and many many more)

I'd honestly rather use anything than the stock ones at this point.

[-] Zak@lemmy.world 31 points 1 day ago

Privacy isn't binary.

LineageOS without Gapps won't send information to Google unless you install something that does. It won't do a whole lot to prevent apps from collecting data like GrapheneOS does so it's up to you to evaluate the privacy implications of anything you install.

A locked bootloader protects against two attack vectors: malware modifying the operating system at runtime, and an unauthorized person with physical access installing a malicious operating system while you're not looking (an "evil maid" attack). The former is rare on Android. The latter is rare unless you're a high-value target or dating an abusive hacker.

[-] PragmaticIdealist@lemmy.zip 1 points 11 hours ago

Yeah I know I can't prevent apps from collecting data that's why I have all essentials from FOSS.

My main problem with an unlocked bootloader is I'll have to do a lot of things to get most of my apps working (mainly banking apps and games).

malware modifying the operating system at runtime

Is that from installing an app or from install a malicious ROM?

and an unauthorized person with physical access installing a malicious operating system while you’re not looking

That's like impossible. It takes time to install a ROM, and my phone is always with me so that's not happening.

The latter is rare unless you’re a high-value target or dating an abusive hacker.

Bold of you to assume I'm ever dating anyone.

[-] Zak@lemmy.world 2 points 9 hours ago

Getting around Google's attestation with an unlocked bootloader requires root - I believe the go-to is Magisk and the Play Integrity Fix module. It's also a good idea to put the apps in question on the Magisk denylist. I've been using this for years with good results and would not describe it as "a lot of things".

Is that from installing an app or from install a malicious ROM?

A malicious app could modify the OS, but it would need root permissions. There are three ways that can happen:

The app exploits a privilege escalation bug in the OS. This can happen even if you don't have root access yourself.
The app exploits a bug in a superuser permission manager (e.g. Magisk) to gain root privileges without prompting you.
A previously legitimate app you've given root privileges to gets a malicious update (a supply chain attack).

A malicious ROM is certainly possible. Some random person's LineageOS fork is slightly less trustworthy than its maintainer (due to supply chain attacks).

[-] PragmaticIdealist@lemmy.zip 1 points 7 hours ago

Getting around Google’s attestation with an unlocked bootloader requires root - I believe the go-to is Magisk and the Play Integrity Fix module.

I'm planning on using KernelSU, because I asked on the Magisk subreddit and it's unironically what they recommended. I looked around here and it solidified my decision even more.

The recommended way for me to install it goes like install custom recovery > install custom ROM > somehow flash preferred rooting solution in recovery > install preferred rooting solution as an app. link

[-] Clark@lemmy.ml 7 points 1 day ago* (last edited 1 day ago)

LineageOS sends connectivity checks, time adjustment requests and system webview (chromium by default and not easy to change) data to google servers as far as I know. Are you sure it doesn't send anything to google? On the other hand, there is an app Invizible Pro on FDroid, which is perfect to prevent such connections. Maybe you assume the user will install it?

[-] SatyrSack@quokk.au 4 points 23 hours ago

Yeah, the core of DivestOS was to be a fork of LineageOS that has all the Google defaults like that changed to something else.

[-] mugita_sokiovt@discuss.online 1 points 19 hours ago

Privacy is a skill, point blank.

[-] infjarchninja@lemmy.ml 17 points 1 day ago* (last edited 1 day ago)

Hey PragmaticIdealist

The video guy is talking bollocks: plus he has about 50 crypto links to pay the wanker.

Honestly, I have install lineage since 2018 and installed CyanogenMod way before that.

He talks about "Removing bloatware Google packages" from Lineage, there are no bloatware google packages in lineage.

I have just plugged my oneplus 5T with lineage installed into my laptop, and typed this into my terminal: to give me a list of all the packages installed on my phone.

adb shell pm list packages -s >oneplus5-installed.txt

I have 213 packages installed. THERE ARE NO GOOGLE PACKAGES installed.

+++++++++++++++++++++++++++++++++++++

Captive Portal is simple to disable using adb. Its not scary.

I have 5 family phones with lineage installed

I have just checked Captive Portal on all 5

db shell settings get global captive_portal_mode

all 5 phones the output is:

null

+++++++++++++++++++++++++++++++++++++

you can change your dns rather than rely on your carriers DNS. I use Mullvad DNS

https://mullvad.net/en/help/dns-over-https-and-dns-over-tls

The eu has public dns servers:

https://european-alternatives.eu/category/public-dns

+++++++++++++++++++++++++++++++++++++

not much info on itel-p55-5g on xda

https://xdaforums.com/t/i-want-a-vbmeta-img-and-boot-img-for-itel-p55-5g.4737042/

if you want to find out about Lineage, use their forums or use the https://xdaforums.com/ as above and have a good look around to see what people say.

[-] PragmaticIdealist@lemmy.zip 1 points 11 hours ago

The video guy is talking bollocks: plus he has about 50 crypto links to pay the wanker.

Really. Most of the videos I've seen of him are really solid. Plus, I do think the tips he gave are good (that's why I linked it in the first place) besides this:

He talks about “Removing bloatware Google packages” from Lineage, there are no bloatware google packages in lineage.

Yeah if you didn't install GAPPS you wouldn't get any, well... Google apps in the first place. Besides this part, I do think the others make sense because they are making connections with Google.

Captive Portal is simple to disable using adb. Its not scary.

Yeah.

Also I'm wondering about whether to disable this or not, like wouldn't it break functionality?

you can change your dns rather than rely on your carriers DNS. I use Mullvad DNS

Yeah I'm also using Mullvad DNS everywhere since I discovered it in like 2024.

not much info on itel-p55-5g on xda

Yep, I already looked everywhere. The Sourceforge repo and the Telegram group was all I found.

[-] infjarchninja@lemmy.ml 3 points 10 hours ago

Hey PragmaticIdealist

I dont like him because he seems to intentionally pick controversial subjects just to get clicks.

I mean. how controversial can you get by using the headline "LineageOS is apparently not private?" and then go about trying to prove your point by not referring to Lineage.

I can only assume that loads of non techy people would be put off by his claims.

Lineage does not send any information to google nor connect to google. However the apps you choose to install could connect to google. Especially if you use closed source apps.

if you stick to open source apps via Neostore, droid-ify and F-droid basic you should be fine.

++++++++++++++++++++++++++++

It is safe to disable Captive portal if it is already enabled on your phone.

I have disabled it on my aunts and uncles phones, they dont use lineage or any AOSP roms.

My aunt likes the idea of free wi-fi when shes out. she has a list of all the in-store wifi, in my local shopping centre, already stored on her phone, this means that she automatically connects to whatever wifi she is nearest to.

Lineage phones have captive portal disabled by default.

Looks like you are half way there.

A good VPN is also a good choice

Keep at it.

[-] krolden@lemmy.ml 17 points 1 day ago

Only use official lineage releases

[-] PragmaticIdealist@lemmy.zip 1 points 11 hours ago

Ahh, such distant dreams.

I have a way of using a polished official ROM, but it's GSI, and I already have MANY answers as to why NOT use a GSI if possible.

[-] vk6flab@lemmy.radio 3 points 1 day ago

Keep your existing phone and OS.

Use it differently. Decide what information you store on it, which applications you install or disable, what permissions you grant and what services you use.

Just installing an OS to "debloat and degoogle" is not ever going to change anything unless you change your habits and you don't need to change OS to do that.

[-] Professorozone@lemmy.world 2 points 12 hours ago

I've seen articles talking about how Android will continue to perform functions you specifically tell it not to. How do you fix that by changing your habits?

[-] that_leaflet@lemmy.world 9 points 1 day ago* (last edited 9 hours ago)

It does make a difference. One amazing feature of GrapheneOS is the ability to block apps from accessing the internet. That alone makes it much harder for such apps to harm your privacy unless they also malicious.

[-] vk6flab@lemmy.radio 4 points 1 day ago

OP was talking about Lineage, not Graphene.

If an app doesn't have data it cannot share it.

If you don't install the app, it cannot breach your privacy.

You don't need direct internet access to leak information, for example, an app with access to your calendar has indirect internet access.

[-] Professorozone@lemmy.world 2 points 12 hours ago

And what exactly do you use the phone for?

It sounds like you're saying all you need to do to prevent abuse of your device is to not use the device. It can't spy on you if you leave it on the store shelf either.

[-] that_leaflet@lemmy.world 7 points 1 day ago

OP was talking about Lineage, not Graphene.

Yes, but you said don't change your OS in general.

an app with access to your calendar has indirect internet access

True, but that is something stock Android does let you control.

[-] autonomoususer@lemmy.world 3 points 1 day ago* (last edited 1 day ago)

Constantly fighting the OS is always worse than replacing it.

[-] autonomoususer@lemmy.world 2 points 1 day ago

The stock ROM fails to include a libre software license text file. We do not control it, dangerous. LineageOS helps reduce harm but the best option is to get a new phone.

[-] frongt@lemmy.zip 1 points 1 day ago

Define "private enough". If you trust that author, and that no one is going to alter the device through the unlocked bootloader, then all you have to do is not install apps or services that you consider privacy-violating.

this post was submitted on 06 Sep 2025

25 points (100.0% liked)

Privacy

41525 readers

410 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS