Kuketz Review: /e/

Really enjoy the Kuketz deep dives of different custom android ROMs. This is his latest on /e/:


Can du post a TLDR for non-native sprecher?

I tried low level German DuoLingo so long ago…

Here is the translated conclusion:

  1. Conclusion

We remember the opening quote:

/e/OS is a complete, fully “deGoogled”, mobile ecosystem

I would agree with this if /e/ didn’t enable microG by default. When microG is enabled, be aware that some connections will be made to Google servers. My definition of deGoogled is: Complete independence from Google services and infrastructure. Aside from the default microG initialization, the developers have done a good job of freeing /e/ from Google.

To designate /e/ as privacy-friendly, the unique OTA ID (Unique Device Identifier) ​​submitted during each update check would have to be removed. I consider such adjustments to be questionable in a system that specializes in protecting privacy.

When it comes to data protection, /e/ performs quite well. However, when it comes to security, you have to turn a blind eye and hope that everything goes well. Not only is the delayed delivery of security updates (6 weeks or more) worth mentioning, but above all the slow updating of the WebView components. If no updates are provided here for over 6 months, one can speak of a significant security risk. Summarized:

  • (Severely) delayed delivery of (security) updates and the WebView components
  • Older devices do not receive full security updates from proprietary components such as bootloaders or firmware
  • No Verified Boot support except for very few devices

/e/ is primarily aimed at privacy-conscious users who want to continue using their older devices as they may no longer be provided with the latest Android versions and security updates by the manufacturer. However, you should be aware that security gaps can also undermine data protection if exploited by an attacker. Focusing solely on data protection is therefore no guarantee that this is actually guaranteed. Additional measures are required, including an up-to-date system that receives timely security updates. There is still a lot of catching up to do with /e/.