Just learned Graphene OS is not an option, so wondering what my next best bet might be. I know Privacy Guides won’t officially be recommending anything else, but wondering if anyone has some less official suggestions. I have heard talk of Divest OS being an option. . . .
bruh:
2 Likes
Oops, sorry - I was working from memory. Thought Graphene was the beginning and the end of the story. . . .
Ah, the OnePlus 7 and up have an issue with re-locking the bootloader, that’s a bummer. That being the case, we probably wouldn’t recommend a custom ROM at all, because that is a fairly significant security issue.
Based on what I’m seeing it looks like custom ROM development for the OnePlus 10 Pro is dead now that OnePlus is merely Oppo-except-outside-China, so actually you have no options, sorry. OnePlus didn’t release the kernel/source/tools necessary for it to happen.
You can sell a OnePlus 10 Pro and buy a Pixel 7 or Pixel 7a for about the same price according to what I’m seeing on Swappa.
1 Like
bummer, OK. But thanks for looking into this for me. I am in France, but maybe there is an equivalent service here. Any advice about trading in Androids from a privacy perspective?
No, there should be no risk to your existing data after you factory reset your device.
If you buy a used Pixel, don’t log in to it with any of your personal information until after you wipe it and install a custom ROM yourself.
1 Like
Thanks for all of your help, Jonah.
I will look into Kleinanzeigen, thank you.
Oppo is absolutely atrocious as a stock OS. I have in my household a stock Oppo from a relative and it spams a lot of notification. I should probably use ADB to manually remove apps and put F-Droid and Aurora.
deGoogle is quite a joke, use DivestOS for OnePlus phones.
Check these out.
and
I was trying to get my head round this recently and I found a three year old post on reddit by someone who seemed to know what he’s talking about which made relocking the bootloader seem less important than I’d thought.
If I’m not concerned about attacks by someone with physical access to my device, does relocking the bootloader really matter? I agree that all else being equal, being able to relock the bootloader is an improvement over not being able to. But I’ve formed the idea that there is otherwise a security vs privacy trade off here - by running a de-Googled phone with an unlocked bootloader instead of the stock OS, I lose some security (against physical attackers) but gain privacy (by not having things like Google Play Services on my phone).
Is this just a difference in opinion/priorities between me and Privacy Guides, or am I missing something fundamental?
Incidentally, while researching this I found a DivestOS page about (non-OS specific) bootloader issues which seems to suggest that being able to lock the bootloader on at least some older OnePlus devices is not necessarily a big security win, as they have various other problems. I may be misinterpreting this, but I thought I’d mention it in case it helps anyone.
@SteveR
that Reddit post paints a bad picture.
Regarding what DivestOS states about older OnePlus devices having EDL enabled, the whole current situation with 10+ is due to them trying to fix that.
It must be noted that verified boot is ONLY enforcing when locked and that verified boot can and does protect against remote attacks.
I would still personally myself rather a phone with a trustworthy aftermarket OS on it regardless of bootloader lock state.
5 Likes
Thanks @SkewedZeppelin. I am running DivestOS (on fajita) and I am really enjoying it. Thanks very much for your work on this!
I appreciate you may not want to respond to this, but I will ask anyway: I didn’t dare lock the bootloader when I installed DivestOS, just in case I bricked my device and because (perhaps incorrectly, given the discussion here) I wasn’t sure it would add much practical benefit. Given the bootloader issues which do exist on fajita, in your opinion, would there actually be some practical benefits to doing a reinstall with a locked bootloader in my case?
Would you mind giving an example of verified boot protecting against remote attacks? I am sure you’re right but it would help me understand if I could see how this works as everything I’ve read so far seems to concentrate on physical attacks.
Edit: Having posted this and thought about it some more (the wrong order, I know 
) can I guess what the answer to the second paragraph question is? I suspect that the bootloader issues on fajita reduce the benefits of bootloader locking against a physical attacker, but they are not exploitable by a remote attacker and therefore by locking the bootloader, we enable verified boot and get the associated protection against remote attackers. Is that right?
That would indeed be correct.
1 Like
I’d argue that you actually gain security, considering how OEMs are also really slow at updates, compared to something like LineageOS weekly updates
2 Likes
If you travel a lot and pass through a lot of checkpoints where your phone might be seized (or be detained indefinitely), then yes securing bootloader is crucial. Also they might still tell you to unlock or be stuck in limbo.
1 Like
If someone gained that kind of access to the system, they most likely have already compromised userspace. By that point does it really matter if the system is compromised or not?
1 Like
Again, does it really matter? If a device gets compromised once it’s always better to just assume everything is and nuke it all. You’re already absolutely fucked anyway. Doesn’t really matter whether or not the malware is persistent. And malwares can already stay somewhat persistent in userspace anyway (eg. Pegasus). most people doesn’t reboot all the time so compromising a single session is arguably enough
1 Like
Thanks! I agree with you in general, although in practice the data on my phone is not that sensitive. I deliberately avoid putting stuff on it when I can avoid it even at home, and if I were to travel and needed something sensitive with me I’d probably follow Michael Bazzell’s (?) advice and put the sensitive data encrypted in the cloud while passing through airports. I’d also just assume that they are going to demand I unlock it - as you say, it’s that or be stuck in limbo.
Thanks, that gives me something to read up on!
1 Like
I wouldn’t say that not protecting it is a good option. But I don’t view it as a dealbreaker, especially when the alternative is using a stock ROM (which is especially bad if you don’t use a Pixel). It’s a minor security hit for an overall very large privacy, performance, and security increase in other parts (OEM android just doesn’t get updated all that often)
3 Likes