Just learned Graphene OS is not an option, so wondering what my next best bet might be. I know Privacy Guides won’t officially be recommending anything else, but wondering if anyone has some less official suggestions. I have heard talk of Divest OS being an option. . . .
bruh:
Normally I (and PG) would recommend DivestOS, but it seems that isn’t supported either. The next best bet would probably be LineageOS, although as nobody officially maintains that, you’ll probably only find unofficial builds, where your mileage may vary.
Oops, sorry - I was working from memory. Thought Graphene was the beginning and the end of the story. . . .
Ah, the OnePlus 7 and up have an issue with re-locking the bootloader, that’s a bummer. That being the case, we probably wouldn’t recommend a custom ROM at all, because that is a fairly significant security issue.
Based on what I’m seeing it looks like custom ROM development for the OnePlus 10 Pro is dead now that OnePlus is merely Oppo-except-outside-China, so actually you have no options, sorry. OnePlus didn’t release the kernel/source/tools necessary for it to happen.
You can sell a OnePlus 10 Pro and buy a Pixel 7 or Pixel 7a for about the same price according to what I’m seeing on Swappa.
bummer, OK. But thanks for looking into this for me. I am in France, but maybe there is an equivalent service here. Any advice about trading in Androids from a privacy perspective?
the best thing you got is Kleinanzeigen (which I think operates in france?) or eBay
at least that’s all I can think of from the top of my head
No, there should be no risk to your existing data after you factory reset your device.
If you buy a used Pixel, don’t log in to it with any of your personal information until after you wipe it and install a custom ROM yourself.
Thanks for all of your help, Jonah.
I will look into Kleinanzeigen, thank you.
Oppo is absolutely atrocious as a stock OS. I have in my household a stock Oppo from a relative and it spams a lot of notification. I should probably use ADB to manually remove apps and put F-Droid and Aurora.
deGoogle is quite a joke, use DivestOS for OnePlus phones.
Check these out.
and
I was trying to get my head round this recently and I found a three year old post on reddit by someone who seemed to know what he’s talking about which made relocking the bootloader seem less important than I’d thought.
If I’m not concerned about attacks by someone with physical access to my device, does relocking the bootloader really matter? I agree that all else being equal, being able to relock the bootloader is an improvement over not being able to. But I’ve formed the idea that there is otherwise a security vs privacy trade off here - by running a de-Googled phone with an unlocked bootloader instead of the stock OS, I lose some security (against physical attackers) but gain privacy (by not having things like Google Play Services on my phone).
Is this just a difference in opinion/priorities between me and Privacy Guides, or am I missing something fundamental?
Incidentally, while researching this I found a DivestOS page about (non-OS specific) bootloader issues which seems to suggest that being able to lock the bootloader on at least some older OnePlus devices is not necessarily a big security win, as they have various other problems. I may be misinterpreting this, but I thought I’d mention it in case it helps anyone.
@SteveR
that Reddit post paints a bad picture.
Regarding what DivestOS states about older OnePlus devices having EDL enabled, the whole current situation with 10+ is due to them trying to fix that.
It must be noted that verified boot is ONLY enforcing when locked and that verified boot can and does protect against remote attacks.
I would still personally myself rather a phone with a trustworthy aftermarket OS on it regardless of bootloader lock state.
Thanks @SkewedZeppelin. I am running DivestOS (on fajita) and I am really enjoying it. Thanks very much for your work on this!
I appreciate you may not want to respond to this, but I will ask anyway: I didn’t dare lock the bootloader when I installed DivestOS, just in case I bricked my device and because (perhaps incorrectly, given the discussion here) I wasn’t sure it would add much practical benefit. Given the bootloader issues which do exist on fajita, in your opinion, would there actually be some practical benefits to doing a reinstall with a locked bootloader in my case?
Would you mind giving an example of verified boot protecting against remote attacks? I am sure you’re right but it would help me understand if I could see how this works as everything I’ve read so far seems to concentrate on physical attacks.
Edit: Having posted this and thought about it some more (the wrong order, I know ) can I guess what the answer to the second paragraph question is? I suspect that the bootloader issues on fajita reduce the benefits of bootloader locking against a physical attacker, but they are not exploitable by a remote attacker and therefore by locking the bootloader, we enable verified boot and get the associated protection against remote attackers. Is that right?
That would indeed be correct.
I’d argue that you actually gain security, considering how OEMs are also really slow at updates, compared to something like LineageOS weekly updates
Verified Boot also puts the dm-verity kernel feature into a more strict mode AFAIK. dm-verity is a Kernel feature that is used to essentially check the integrity of the system in real time and react accordingly when something is compromised. As such, someone having fun with your system partition as part of a remote-execution-exploit could be prevented or largely hindered by having your bootloader locked, and dm-verity enforced.
Though, with OverlayFS becoming more common in android devices as a kernel feature, I guess it could be bypassed that way?
If you travel a lot and pass through a lot of checkpoints where your phone might be seized (or be detained indefinitely), then yes securing bootloader is crucial. Also they might still tell you to unlock or be stuck in limbo.
If someone gained that kind of access to the system, they most likely have already compromised userspace. By that point does it really matter if the system is compromised or not?