Should I use LineageOS over Stock OS?

Hey folks,

I’ve made a firm commitment to prioritize my privacy. My threat model isn’t exceptionally high, but I simply want to keep my personal data secure and private. I don’t have anything to hide, but I also don’t want to share everything with Google, Microsoft, and the like.

I’m currently using a Nothing Phone 1, which allows me to disable most Google-related services. However, there are a few stubborn ones like Carrier Services, Google Play Services, and Google Phone that I can’t completely get rid of (even the Google Play Store is history).

As a university student who values privacy more than the average person, I’m contemplating making the leap to install LineageOS. I’m aware of the concerns highlighted in the Privacy Guides. One concern is that installing LineageOS might leave me with an open bootloader and a potential security vulnerability.

Now, here’s where I’d appreciate your advice:

On my laptop and desktop, I’m already running Fedora Workstation with everything finely tuned. My primary concern is ensuring the privacy of my phone.

I came across this information:

“Unfortunately, OEMs are only obliged to support Verified Boot on their stock Android distribution. Only a few OEMs, like Google, support custom AVB key enrollment on their devices. Moreover, some AOSP derivatives such as LineageOS or /e/ OS do not support Verified Boot, even on hardware that supports it for third-party operating systems. It’s advised to check for support before buying a new device. AOSP derivatives that don’t support Verified Boot are not recommended.”

On the service front, I’ve already transitioned to privacy-respecting alternatives for the tools I use:

• Google Contacts/Phone/Messages → Simple Contacts/Phone/Messages
• Google Drive → Tresorit (I’m using the essential version, not the paid one)
• Google Photos → entePhotos (End-to-End Encryption and Open Source)
• Google Authenticator → enteAuth (Free and Open Source Software, End-to-End Encryption, with encrypted cloud backups)
• Gmail → Skiff
• Chrome → Brave
• Play Store → F-Droid/Aurora Store

What are your thoughts and recommendations in my situation? Any advice or insights are much appreciated.

I figured as much. Currently, I’ve done what I can to restrict their permissions.

It’s an interesting thing, really. The Nothing Phone 1 comes with no bloatware. The only risk to privacy is the added “Google Services” and “Default Google Apps,” which I’ve mostly managed to get rid of.

So, from my perspective, flashing LineageOS on my phone seems like a significant privacy improvement in exchange for a potential physical security risk.

To be honest, given that I don’t have a high threat model, I don’t think anyone is likely to steal my phone and attempt to hack it to extract information, at least not now, perhaps in the future.

So, for online privacy, I’m pretty much ready to switch to LineageOS without reservations. What do you think?

And thank you for your comprehensive response.

It doesn’t support the Nothing Phone 1 though?

Alright, unfortunately Divest OS isn’t available for my device. My next best bet is Lineage OS.

Thank you for your answers.

You could remove Google apps via USB debugging, Michael Bazzel claims it gets you 80-95% there. Lets say going to Lineage gets you 97% Privacy and Divest at 99% there.

I don’t know what their policy is, but they don’t list the device as supported. Devices - DivestOS Mobile

@anon4510900
I don’t compile every device LineageOS does.

It takes one to five hours for me to bring up a device from Lineage to ensure all the added DivestOS features/changes work as they should, along with the added work of documenting the changes on the website, and update/mirror server handling. And once added that is an on-going commitment from me to keep it updated and fix any compile or runtime issues that happen in the future as I basically never drop support for a device.

Nothing Phone 1/spacewar is however on my TODO list.

Oh, that’s good to hear. Then I’ll be waiting for DivestOS to publish for my device for jumping ship from my NothingOS(Stock).

Thank you for the information.