Hey folks,

I’ve made a firm commitment to prioritize my privacy. My threat model isn’t exceptionally high, but I simply want to keep my personal data secure and private. I don’t have anything to hide, but I also don’t want to share everything with Google, Microsoft, and the like.

I’m currently using a Nothing Phone 1, which allows me to disable most Google-related services. However, there are a few stubborn ones like Carrier Services, Google Play Services, and Google Phone that I can’t completely get rid of (even the Google Play Store is history).

As a university student who values privacy more than the average person, I’m contemplating making the leap to install LineageOS. I’m aware of the concerns highlighted in the Privacy Guides. One concern is that installing LineageOS might leave me with an open bootloader and a potential security vulnerability.

Now, here’s where I’d appreciate your advice:

On my laptop and desktop, I’m already running Fedora Workstation with everything finely tuned. My primary concern is ensuring the privacy of my phone.

I came across this information:

“Unfortunately, OEMs are only obliged to support Verified Boot on their stock Android distribution. Only a few OEMs, like Google, support custom AVB key enrollment on their devices. Moreover, some AOSP derivatives such as LineageOS or /e/ OS do not support Verified Boot, even on hardware that supports it for third-party operating systems. It’s advised to check for support before buying a new device. AOSP derivatives that don’t support Verified Boot are not recommended.”

On the service front, I’ve already transitioned to privacy-respecting alternatives for the tools I use:

• Google Contacts/Phone/Messages → Simple Contacts/Phone/Messages
• Google Drive → Tresorit (I’m using the essential version, not the paid one)
• Google Photos → entePhotos (End-to-End Encryption and Open Source)
• Google Authenticator → enteAuth (Free and Open Source Software, End-to-End Encryption, with encrypted cloud backups)
• Gmail → Skiff
• Chrome → Brave
• Play Store → F-Droid/Aurora Store

What are your thoughts and recommendations in my situation? Any advice or insights are much appreciated.

All of these are installed as privileged system apps, which is why they cannot be removed (without root access)

First, I want to point you to something I’ve written about Android Verified Boot in the past, as I believe it should inform you about it well:

it primarily goes over what Verified Boot doesn’t do, so to complement that:

• Verified boot protects from “Evil Maid” attacks where an attacker has physical access to your device and modifies it with their own malware

• Part of Verified Boot is dm-verity, a kernel feature that allows to detect modification of the system in real-time. It works when unlocked, but it isn’t enforced.

• These features work fine on a technical level, even when your device can’t be re-locked; But even if they get tripped it won’t be enforced. This means that when unlocked Verified Boot works but even if it trips the device will not take action. This is also known as the “ORANGE” Android Bootloader Stage.

If you’re looking purely at privacy, I would definitely recommend LineageOS over the stock OS any day, especially as there are hardened forks like DivestOS which allow bootloader re-locking on supported devices.

Often OEMs, especially Samsung, Xiaomi, BBK (Oppo, Oneplus, Vivo) and smaller companies compromise the price of their devices by installing bloatware which is privacy-invasive. The A-Series Samsung devices for example include a privileged facebook service (not sure about their more expensive devices).

So wiping off the privacy-invasive software is a strong start in my opinion to get your device going in a more privacy-respecting manner.

Most importantly: be aware of the risks of not being able to re-lock your bootloader as stated above.

I figured as much. Currently, I’ve done what I can to restrict their permissions.

It’s an interesting thing, really. The Nothing Phone 1 comes with no bloatware. The only risk to privacy is the added “Google Services” and “Default Google Apps,” which I’ve mostly managed to get rid of.

So, from my perspective, flashing LineageOS on my phone seems like a significant privacy improvement in exchange for a potential physical security risk.

To be honest, given that I don’t have a high threat model, I don’t think anyone is likely to steal my phone and attempt to hack it to extract information, at least not now, perhaps in the future.

So, for online privacy, I’m pretty much ready to switch to LineageOS without reservations. What do you think?

And thank you for your comprehensive response.

I think LineageOS is fine, it’s a good project that many use downstream as a base, but for security reasons and potential unpriveleged microG installation you may still wanna opt for DivestOS because it offers everything that LineageOS does but with additional security and privacy benefits.

It doesn’t support the Nothing Phone 1 though?

Alright, unfortunately Divest OS isn’t available for my device. My next best bet is Lineage OS.

Thank you for your answers.

You could remove Google apps via USB debugging, Michael Bazzel claims it gets you 80-95% there. Lets say going to Lineage gets you 97% Privacy and Divest at 99% there.

It should, DivestOS supports devices that have official LineageOS Support, no?

that’s about right, using ADB to run pm uninstall removes the app from the primary user (internal ID of 0), but it doesn’t remove the file in the system. Any new work profiles or secondary profiles will still have the app, and resetting the device restores them too.

I don’t know what their policy is, but they don’t list the device as supported. Devices - DivestOS Mobile

That’s odd, I could’ve sworn it was something along the lines of “We only support devices that are officially supported by LineageOS”. I’ll have to check it again.

@TGRush
I don’t compile every device LineageOS does.

It takes one to five hours for me to bring up a device from Lineage to ensure all the added DivestOS features/changes work as they should, along with the added work of documenting the changes on the website, and update/mirror server handling. And once added that is an on-going commitment from me to keep it updated and fix any compile or runtime issues that happen in the future as I basically never drop support for a device.

Nothing Phone 1/spacewar is however on my TODO list.

Oh, that’s good to hear. Then I’ll be waiting for DivestOS to publish for my device for jumping ship from my NothingOS(Stock).

Thank you for the information.

Ah, thanks for the clarification! I thought it was more of a “lazy” build system for lack of better words, but this shows your commitment