I own a Samsung Galaxy A72 and a Galaxy Tab S6 Lite, both supported by LineageOS. I use the tablet for collage and drawing and the smartphone is to be my secondary phone, or as we call in Brazil, the “robber’s phone”, a phone that you use in case you get robbed, because I don’t want to lose my main smartphone, neither get killed for not having a phone on me for the robber… I mean… Brazil, what can I do!?
Is lineage the best option privacy and security wise for those devices? Any other alternative? Any downsides I should be aware of?
1 Like
Since I believe lineageos running phone can’t be bootloader relocked, I don’t think carrying an unlocked bootloader phone around which you expected to be robbed is a wise thing to do, from both privacy and security pov.
2 Likes
I’ll hardly be the target of a determined and skilled thief who wants to access the data my device, just who wants to wipe the device and sell it.
Still, I get your point. It would be a problem for the smartphone, sadly no ROM with the possibility of relocking the bootloader supports it. But the tablet would hardly be stolen given my use for it.
You still could degoogle and debloat rather deep with adb though, an option to consider too instead of yolo opening yourself up to the risk of anyone to grab the phone and adb pull peepee pics from it.
But data is still encrypted, so you need to unlock it first for adb tools?
also you need to have the dev option on.
also lock state of the bootloader has nothing to do with theft and a thief doesn’t need ADB, they just need the phone in AFU and the ability to do file transfer/MTP which does need an unlock. This is a physical problem that can be addressed in some ways but Golden rule being: Stay on alert at all times.
Now granted a phone that is running LineageOS iirc data is not encrypted.
files can be accessed still by something like TWRP
Exactly. All other os beside graphene with relocked bootloader is a security hole, precisely because the unlocked bootloader. Custom recovery like twrp that can be flashed via the unlocked bootloader can do really funky stuff.
Few years ago people still be able to pull a file from /data partition via twrp that stored the decryption key in plaintext. Not sure hows the situation now with tpm and whatnot.
But it might be without TWRP, some OEMs don’t even support it