LineageOS is an open source alternative to the Android operating system. The official version supports over 150 phone models.
We've been publishing posts about how Google has way too much of your information and using the Android operating system puts everything you do right inside of their ecosystem. What could possibly go wrong? How can you ever expect privacy under these conditions? We believe that using a smartphone doesn't mean you have to be somebody else's product or a study subject of the Digital Panopticon.
This article is the beginning of a What to Do, How to Do It series that Ethical Developer Group will publish, showing readers practical steps they can choose to regain their digital privacy, one step at a time. Much of this article is about the Why than the How, as it is important to show how the options that one could consider and why I made my decision.
I wanted my smartphone to:
- Be fully functional without using Google's (spyware) services
- Maintain compatibility with at least most Android apps
- Respect my privacy
- Be reasonably "hardened" against intrusion
- Remain updated as OS vulnerabilities are found
LineageOS meets all of these requirements. I flashed a LineageOS ROM onto my phone about a month ago and I have no regrets! It's not a perfect solution, but it's much better than running stock Android.
Before I continue with why I did this and the steps I took, I want to share some background on the approach I used in the past and some options that the reader may want to consider consider.
My Previous Flash: CopperheadOS
In mid-2017 I bought a used Nexus 6P (code-named Angler) because I wanted a secure phone. I didn't pick it because Google built an ultra-secure device that respects privacy. Nexus devices did get a some credit for security in the press, but respecting user privacy would run counter to Google's entire business model. I picked it up because it was one of the few devices that CopperheadOS could be loaded onto.
CopperheadOS is called "A security and privacy focused mobile operating system compatible with Android apps." It takes advantage of the Android Open Source Program, which gives developers access to source code and allows developers to experiment with Android and build their own operating systems. The Copperhead team removed proprietary code and services from the Android operating system, replacing necessary components with open-source equivalents and adding features to achieve a hardened, secure operating system.
I think the phone had the stock ROM on it for about a week before I loaded CopperheadOS. While the OS offers over-the-air updates, by the Spring of 2018 the OS hadn't received any updates in multiple months. So, I loaded the latest version of the ROM, creating a how-to video showing others how to set up the prerequisites and perform the flash in Ubuntu, recording the process as I did it on a recently-acquired Linux laptop.
A few months after that, Copperhead had some kind of company meltdown and once again the OS updates ceased. It appears that they are up and running, again, as I write this, but it would be a lot tougher to flash my phone now. Here are the current options to obtain CopperheadOS:
- Download the source and compile it yourself
- Buy a phone from Copperhead with their OS preloaded ($949 - $1,199)
- Mail a compatible phone to Copperhead and have them flash it for you ($399.99)
Because CopperheadOS is still an open source project, it is still possible to run it on your phone without paying hundreds of dollars. I considered a foray into compiling the OS from source, but most users aren't going to be interested in that process. Plus, my time is limited. Further, I'm not comfortable with whatever happened between the co-owners last year and I don't trust that they would keep the OS updated. So, I decided to take another route.
Other routes to gaining digital privacy include using smartphones that are designed specifically for that purpose.
Other Privacy Phone Options
There are several options for privacy phones in the marketplace. In the near future I may upgrade to a purpose-built device, but in February of 2019 I chose to go with the no-cost option of flashing the phone I already had. Here's a quick list of the consumer options I'm aware of. I'm only going to give a cursory listing of features and cost, for now. I'll write another article analyzing these phones and eventually I'll buy at least one of them to use and review.
Silent Circle's Black Phones. $800 (if my memory is correct). I'm only including this because it was the first consumer privacy-based phone that I knew about a few years ago. They were offering octo-core hardware running SilentOS, a modified Android OS segregating data and apps into compartments to provide security. I'm saddened to say that they no longer sell phones. For consumers, they offer Silent Phone software for secure communications. Note that secure notifications provide some degree of privacy, but they won't help when your phone's OS and apps are spying on you from a dozen other angles. For businesses, there may still be some options for building phones using their operating system, but nothing is being offered off-the-shelf for consumers at this time.
Sirin Labs Finney. $999. This is an exotic piece of hardware with a security-hardened version of Android, a built-in cold storage crytocurrency wallet, runs blockchain DApps, and has a mini "safe screen" that pops up.
Blackberry KEY 2 $449.99 (Amazon). You thought they were dead, right? Blackberry is still in business, often providing secure business apps on phones made by others. They are also offering modern Android-based hardware. The KEY 2 features Android 8.1, a physical keyboard, and a small but otherwise standard touchscreen.
Kryptall K-iPhone $4,699 (I didn't find a retail store, but it was apparently $6500 Australian when it was first offered). This is an iPhone with modified firmware to make encrypted phone calls using their very own special network accessible via WiFi. It can use cellular networks as well, for unencrypted calls.
Darkmatter KATIM Phone $?? (I couldn't find a price). Darkmatter is a serious cyber security firm in the United Arab Emirates. Their phone is another hardened version of Android coupled with some high-end, water and dust-resistant hardware incorporating a hardware switch that shuts off the microphones and cameras. The device also includes features that will wipe all of the user's data if tampering is detected. It also includes a suite of apps. A ruggedized version has been used in military exercises.
Purism Librem 5 $649 (preorder price). This phone isn't due to ship until Q3 of 2019, but it covers everything I'd like to see in a secure/private smartphone. It features hardware switches to shut off the camera, microphone, WiFi/Bluetooth, and baseband systems. It will run PureOS, which is not based on Android or iOS (finally!). The user will be able to load a number of other GNU/Linux operating systems, if they choose. The battery is replaceable, too. The open source operating system, hardware, and flexible features make this phone a really good choice for a long-term device that doesn't have to be replaced in a year or two. It's also a phone that can be maintained even if PureOS is abandoned by the Purism developers.
So, I've covered some really neat options that are (or will soon be) available in the early 2019 marketplace. I'm likely to pursue a Librem 5 or similar device sometime this year. Meanwhile, however, I chose a no-cost flash for my existing phone.
After extensive research, I found that the best, well-supported option for my current phone was to flash it with a LineageOS ROM. LineageOS has a long pedigree, as it is based on the Cyanogen Mod that I first encountered and used on some Android 2 devices I owned years ago. I was really impressed with the improvement those ROMs made for the functionality of those devices. Like Cyanogen, LineageOS is an improvement over stock Android, providing a number of useful features, some of which are extremely important for privacy:
- It includes Privacy Guard, giving the user increased awareness and control over app permissions and behaviors.
- It can be loaded with or without Google Apps. Like any privacy-oriented user, I chose not to install GApps!
- It supports encryption of stored data.
- LineageOS requests statistic collection, but the user can simply deny it.
- By default, it enforces SELinux, meaning that there are built-in limits to what a malicious piece of software can do.
- Root access is disabled by default. Again, this limits what malicious software can do, though the user still has the option to root the device.
- It is compatible with over 150 devices, so many users will find that their device is already covered.
- It runs Android apps. Though the Google Play store isn't installed without GApps, most of what a user really needs can be obtained via F-Droid's Free and Open Source Software (FOSS) store.
- It defeats planned obsolescence by bringing a version of the latest Android operating system to hardware that might not otherwise be supported.
- Updates to fix discovered vulnerabilities and make other OS improvements are provided that the user can download and apply at any time. These "over the air" updates pop up every week for my phone.
- LineageOS has a large community of developers. Some phones, mine included, get daily builds posted.
LineageOS takes advantage of Google's Android Open Source Program (AOSP). Using an operating system that is based on anything from Google's ecosystem will not result in the ultimate, uber-secure platform. However, using AOSP maximizes the open-source nature of the operating system while leaving out the Google Apps makes this phone a much better set of compromises than any stock device using an unmodified Android OS.
My installation process
I'm not going to copy and paste the instructions I used here, but will instead point you to the sites whose instructions were useful to me (thanks to all those who created this content!). Some of the links below are specific to my Nexus 6P (codenamed Angler) and my use of Linux/Ubuntu. So be sure to follow the trail that starts with the Builds page for your specific device on the LineageOS.org site.
- First, anybody who is interested should go to LineageOS' official site to learn more about it: https://lineageos.org
- Once there, the Download link will take the user to a list of devices.
- The Builds page for my device included installation instructions for my device (if you aren't using a Nexus6P, be sure to find the appropriate link for your device!).
- To get adb and fastboot working on my machine, I followed the Linux instructions found in the Wiki (this link includes installation instructions for Windows and MacOS, too).
- Under Ubuntu I ran into some errors with adb related to udev rules saying something like "AdbCommandRejectedException: insufficient permissions for device: user in plugdev group; are your udev rules wrong?" I found a way to fix them on the Ask Ubuntu website.
- I had to set up TWRP recovery, finding the right version for my device here: https://dl.twrp.me/angler/
- From there I continued the installation instructions in the third bullet above. Everything installed smoothly.
- Once the phone was up and running, I found out that it wasn't recognizing my SIM card and couldn't connect to my cellular network. I can't find the link, now, but I found a forum with the solution: I shut off the pattern and fingerprint secure login features and rebooted the phone. After that, the SIM was recognized. Then I set up the pattern and fingerprint security functions again.
The operating system has been running smoothly on my phone. I'm running most all the same apps I was running on CopperheadOS, and everything seems operational and stable. At a glance, one wouldn't know the difference between this and a phone with a stock version of Android 8.1. It's only when one reaches for Gmail, Google Maps, Google's search engine, or other GApps when the user will know the difference.
I have to say that I'm happy to see that it is receiving updates on a weekly basis. This gives me some comfort that this OS is being updated as Android vulnerabilities are found.They tend to be 400+ MB at a time, but I've been deleting them a couple updates back to save space (though my Nexus 6P has 64 GB of storage).
In my first screenshot above, you might notice some interesting apps. You might also wonder how I synchronize my calendar and contact information. The fact is that I've made some compromises in overall functionality, but I have all of the functions that I really need my smartphone to have. In future posts, I will share some of the apps that I use and how to synchronize data without using Google's cloud.
As we continue our efforts to instruct users who wish to leave the digital Panopticon, we are interested in any feedback we can provide. Please don't hesitate to comment below, contact us, sign up for email updates and sign up to be a user on this site.
Posted from my blog with SteemPress : https://edgcert.com/2019/03/20/flash-lineageos/