Will flashing LineageOS on a Xiaomi phone prevent it from collecting user data and possibly sharing it with the Chinese government?

If it’s the case then it’s total crap as an encryption standard and should be ditched immediately. Hell, if the data could be accessed as easily as you said here I’d rather trust a shitty zip encryption

Tell that to samsung, or you know, literally almost every single android malware that does tampering in userspace. Again, if the malware escapes sandbox, you’re fucked with or without verified boot

I don’t know whether it’s the case like I also said in the other thread. In this case, I wouldn’t assume otherwise, as the system explicitly tell the users on every boot that their data is not safe to be kept in the device anymore.

And you can’t replace real time encryption with zip, though.

That’s why the verified boot is not just a nice to have feature. It’s a big deal. Also, the encryption shouldn’t be the first and only layer of the system defence mechanism. That would be too risky.

Luckily, it could and would be patched by Google Play system update even after the device’s EOL if that ever be the case. On the other hand, there’s no system to prevent the risk when using unlocked bootloader. The security mechanism of the device is vastly diminished.

This patches like 1-3 issues each month of the many dozen security issues declared.

Please do not rely on it.

  • December (0): none
  • November (2): CVE-2023-40100, CVE-2023-40115
  • October (2): CVE-2023-40127, CVE-2023-21252
  • September (2): CVE-2023-35670, CVE-2023-35683
  • August (7): CVE-2023-21282, CVE-2023-21132, CVE-2023-21133, CVE-2023-21134, CVE-2023-21140, CVE-2023-20965, CVE-2023-21242
  • July (3): CVE-2023-20910, CVE-2023-21240, CVE-2023-21243

Seems OK? But:

  • December had 34 core AOSP security issues
  • November: 15
  • October: 25
  • September: 20
  • August: 32
  • July: 23

The website’s current stance is that we are 100% against unverified boot, yes, unless your stock ROM is no longer receiving updates (then DivestOS with unverified boot is acceptable).

Not that I’m not open to further debate about this topic here. I’m personally very sympathetic to the idea that a privacy-respecting custom ROM like DivestOS is generally going to always be better at preserving user privacy than most stock ROMs out of the box, even if that means replacing a stock ROM that has verified boot with DivestOS and unverified boot, but this has been a very hotly debated topic within the community and our team for quite some time.


From your descriptions, you have 3 worries:

  1. Xiaomi
  2. Google
  3. Chinese government

Using LineageOS most certainly would eliminate 1 & 2. 3 depends on the integrity of LineageOS development/deployment, the apps you use, and your habits.

LineageOS is open-sourced and is code-reviewed, but do you trust this description enough to say that it doesn’t collect any private information? If you don’t (given also there are other sources who say this), then you either find an expert you can trust, or you need to become an expert yourself.

If you have a government, especially big governments, as an adversary. Your security and privacy requirements are in a different sphere from the normal consumers’ altogether. You pretty much have to limit your online activities to the necessary minimums in every way.

If the government isn’t necessarily your adversary, but you just want to limit the information that it can generally gain from you, then LineageOS most likely would help you, depending on the apps and the habits you have, of course. If you have to use a Chinese software that the Chinese government dictates terms to, it’s not as damaging as the OS doing it, but you would still have leaks.

1 Like

Fair enough

thank you for this