What’s the difference between the security updates you’d get from DivestOS/LineageOS on an end-of-life phone vs what you would get from stock Android on a modern device?
I’ve heard that the former only receives security patches for some things and none for others, making it relatively insecure, but I’m still confused about what those “things” are.
I have an old Pixel 4a 5g I’d like to flash DivestOS (a more security-focused fork of LineageOS and supports bootloader relocking) onto, and before I do that I’d just like to know what to expect in terms of security and privacy.
What is actually getting updated and what is being left behind with these updates?
Mainly you’ll be missing drivers and firmware updates.
Drivers I understand, but what do you mean by firmware?
As in Android itself?
- overview: Patch Levels - DivestOS Mobile
- system patches: Patch Counts - DivestOS Mobile
- here are all the added kernel cve patches on top of lineage for your device: divestos-build/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_redbull.sh at master - divested-mobile/divestos-build - Codeberg.org
- the deblobber removes many proprietary blobs
- many security features are added/enabled
- many high risk features are disabled/removed
- it also gets much faster Chromium updates: https://divestos.org/misc/ch-dates.txt
- see also: Comparison of Android ROMs
Your smartphone has various components like modem, wifi, bluetooth, etc.
The firmware controls how the component work so every time a bug or vulnerability is discovered the manufacturer updates the firmware.
When a device reach the EOL the manufacturer stops delivering firmware updates leaving the device vulnerable.
Thanks so much for all the different resources! Do you happen to have an Installation for Dummies guide for installation? I’m a bit lost when reading the instructions for my device. I’ll be doing it through Win10 if that helps.
Thanks for the clarification
The steps are here https://divestos.org/builds/LineageOS/bramble/install.html
Does this also relock the bootloader?
You must do that manually: Bootloader - DivestOS Mobile
Please read the website and use the search before asking any further questions: Search - DivestOS Mobile
Something I couldn’t find an answer to is whether or not I need to install the OS using a computer or if I can do it all on the phone itself.
And if I do need a computer, I have no idea what program I should be using to do it.
@Cacaca , the installation needs to be done with a computer according to the installation page. It is possible from another mobile, but it is not very common.