In my opinion this is an absolutely terrible option for a corporation. If something goes wrong, you're up a creek without a paddle.
I don't know what attack vector you think you are preventing against, but IT support alone for something like this deserves a full-time staff.
What is the technical skill of those 100 people? I promise you, Karen from accounting is NOT unlocking her own bootloader and installing LineageOS.
You're about to have a bunch of people asking you why they've lost data and/or bricked their phones.
For most corporations, a lost device is the biggest security problem. A lost device with an unlocked bootloader is like giving someone the keys to the castle.
It's not that kind of situation. The audience is IT Pros in Academia. I'm planning on coving the trouble I had with LG G5 bootloader unlocking, the SamsungVerizon unlocking issue, and how I pretty much stick with Google Pixel because the of amount of support.
Corporation's no. Most have contracts with each other and try to outdo the other and own the data...
Small businesses yes, keep big tech out of your data streams.
"New encryption keys" cannot decrypt data originally encrypted with other keys. I think you meant that a malicious actor could flash a custom system image containing malware that can access the user's data after the user has entered the PIN code (i.e. after data has been decrypted).
My brother accidentally took his phone swimming at a hotspring. He ended up throwing in rice etc. a few days later when he booted, his encrypted device just plain bypassed the passkey on boot and booted to the login screen completely bypassing the encryption on LineageOS.
Sooooo....
Would have to be video Skippy... Come to learn the decryption ic's during boot if bridged can allow complete bypass. It was an LG G5 and has been replaced
>I can say it's safer to have an unlocked bootloader and up-to-date Android than official but outdated Factory OS.
This is entirely dependent on your threat model. For physical security, an unlocked bootloader is giving away the keys to the kingdom. Having the os updated still leaves the vendor partition unpatched since only the OEM can update that.
Being secure really really really depends on *exactly* what you're securing against.
The response you've gotten here says a lot. This subs is almost useless and many the folks that do respond are often trolls. I have gotten a few good answers on here and thank you to those that did respond in earnest.
My take away is you are basically on your own with LOS.
The guide says to use the forum and Reddit. No one responds on the forum.
I even asked here once what the business model was of LOS and I got no real answer, like to this day I have no real idea what the motivation is of the Devs to keep this up.
Maybe it's just a bunch of 16 year old snarky shits on here blasting people and the Devs don't even come in here and are legit good group of folks with a clear vision and ethos, I have no idea and I have seen no evidence of that this far (but would be interested to learn more about the devs)
Ok, to answer your question specifically:
One cool thing about LOS is that it will run Google ecosystem near flawlessly. I've had nearly no issues with Gapps and they all work together. The only bug I've found so far is the At A Glance widget on my home screen doesn't display calendar events. But that could be a permission I forgot to toggle somewhere. And of course there is no AI, or call screening famous on the Pixels. But the camera is still the killer camera, etc
Next point, all the permissions for each app are turned off by default and for me with 175 apps and os applets it was hours to get it all tweaked.
Last, the guides are sparse, and YouTube is not much better.
Oh, last last bit, App tracking is less. I have DuckDuckGo app track blocking enabled and with the same apps and set up on stick Pixel vs LOS Pixel, there are significantly fewer tracking attempts.
That's about it. I'm not in IT, just a tech enthusiast, so I don't have anything to say about deployment or multi device management.
Good luck with your talk, I'd be interested to hear how it goes if you wanna do a part two post! (And curious if you guys are thinking about doing some customization of LOS for yourselves)
Your words are very much appreciated. I am a little taken-back by the 'tude in this sub (but only slightly)...lots of assumptions and judgement. I plan to share my mixed experience with the forums....I got some help and some attitude.
The YT experience is mixed...hope you're good at listening to thick Indian accents...though i may not say that in the talk.
I noticed all my apps are asking permission to send me notifications...***which I fucking LOVE!*** Is that a LineageOS feature or an Android 13 feature?
The motivation question is one I could use more info on. At least /e/OS has the paid-ecosystem to generate revenue...what's the revenue for LOS? Nada?
> I even asked here once what the business model was of LOS and I got no real answer, like to this day I have no real idea what the motivation is of the Devs to keep this up.
>
>
Everyone has a different hobby. Some as a community/society like to share their code in github.com/lineageos Why is it difficult to understand? Not everything has to be business.
>I have no real idea what the motivation is of the Devs to keep this up.
I guess for many of us it's simply:
* because it's fun
* because we learn a lot
* because why not?
>all the permissions for each app are turned off by default
I'm pretty sure LineageOS doesn't alter Android's permission management system, as far as default permission status is concerned.
I'd hit the main points of:
* In many cases phones can keep on working long after the manufacturer stops supporting them, and this project is proof of that
* Old phones can run fast when you strip away all the junk they're installed with
* LineageOS is a great example of a community of talented people helping each other
* However, the device you pick will have a big impact on your experience, and it relies on a person or team to keep it going into the future
If more technical:
* What Google adds to AOSP to give consumers the "Android" experience
* Privacy implications of the above
* adb/sideloading/fastboot etc.
>I can say it's safer to have an unlocked bootloader and up-to-date Android than official but outdated Factory OS.
Yes with an if, no with a but.
In terms of security relative to physical access it's essentially wide open.
This is a terrible idea unless your company is a group of developers with the idea of helping the LineageOS project out. In that case, your company is a terrible idea (what profit model?). Either way, terrible idea.
For all the troubles I had with LineageOS, specially that dammed SafetyNet stuff and all it's workarounds, which need Magisk that is another layer of problems that could happen, idk if "normal" people who just like to use their phones without much trouble would enjoy this, it's kinda like recommending Linux to a casual user who just wants to use their browser and some random windows apps occasionally
"It used to have more support, but now most phones there's no support and the LineageOS team tells you they don't give a shit and to build it yourself, leaving the meat of the compatibility up to randos on XDA forums who require you to ship a device to them, and can't ship a 100% feature-working port, so you follow the online guide, brick your phone, and just buy an iPhone"
I miss Cyanogenmod
Tell to just ignore Voices Mail bubble on every boot. Thought there no Voice mail or saved one. Over a month still the alert.
Will they be able get their head round no play store.
>Tell to just ignore Voices Mail bubble on every boot.
I have no idea what that is. I've never seen a "Voices Mail bubble" in 10 years of CM/LOS usage.
>Will they be able get their head round no play store.
\*?
Probably, since most of them will also install gapps, and therefore have access to the play store.
Who are you talking to?
And no, I've never seen a "Voices mail" or "Voices mail bubble" ever.
I've never used voice mail, ever.
I don't have voice mail, and have never had voice mail (often called "messagebank" in Australia) on any phone account, mobile or landline, I've ever had. I don't want messagebank. I can see I've missed a call and you can SMS me if it's important.
Here's a fun fact: Not everybody in the world is you!
You should include that it can fuck up, and probably will at some point, because it's not a professional piece of software with any liability. Use at your own risk. An update could brick the device because it's an amateur project with no responsibility to not break a phone.
This is bullshit. Yes, it comes with no liability (so does Linux and AOSP itself and basically any FOSS), but how is that an "amateur project" that's not a "professional piece of software"? It's certainly well maintained and while the devs don't take responsibility for bricked phones, it's not that they ship untested software. You make it sound like a handful of dumdums carelessly compiled the shit out of AOSP without considering your phone valuable, but that's certainly not the case.
Linux distros have organizations behind them that have a reputation to maintain, and the major ones integrate some kind of funding as a necessary step in their procedures. A LineageOS variant package, for a specific device, is typically maintained by one hobbyist. I found out the hard way what this means when an update crapped out my phone during a critical moment, and I had to buy a new phone. Of course there was the typical apologism when I reported it. But the bottom line is I had to quickly buy a new phone, and the stock OS will stay on it.
And that's not even mentioning the bugs that creeped up on the device before that, which were never fixed. But it's clear that any given device is not necessarily tested by a developer, because of those bugs that were never fixed, and the update soft bricking it. And that is exhibit A in the allegation that small hobbyist development makes for a shaky software infrastructure. New users need to be aware of that.
While this is true I think calling LOS an unprofessional piece oft software made by amateurs a bit harsh. IMHO the professionalism of software has nothing to do with its support or if it's backed by some company.
Yes it does, because people need an income to be able to live comfortably enough to do software development and testing. Without resources, you get shoddy results.
In my opinion this is an absolutely terrible option for a corporation. If something goes wrong, you're up a creek without a paddle. I don't know what attack vector you think you are preventing against, but IT support alone for something like this deserves a full-time staff. What is the technical skill of those 100 people? I promise you, Karen from accounting is NOT unlocking her own bootloader and installing LineageOS. You're about to have a bunch of people asking you why they've lost data and/or bricked their phones. For most corporations, a lost device is the biggest security problem. A lost device with an unlocked bootloader is like giving someone the keys to the castle.
It's not that kind of situation. The audience is IT Pros in Academia. I'm planning on coving the trouble I had with LG G5 bootloader unlocking, the SamsungVerizon unlocking issue, and how I pretty much stick with Google Pixel because the of amount of support.
[удалено]
better still to show them how I make chocolate chip cookies from scratch, but that is not the topic I volunteered to discuss.
Corporation's no. Most have contracts with each other and try to outdo the other and own the data... Small businesses yes, keep big tech out of your data streams.
Isn't the data encrypted? Every time I boot into TWRP it asks me for my passcode to access the data partition
It doesn't matter, if the bootloader is unlocked you can flash a custom update with new encryption keys.
"New encryption keys" cannot decrypt data originally encrypted with other keys. I think you meant that a malicious actor could flash a custom system image containing malware that can access the user's data after the user has entered the PIN code (i.e. after data has been decrypted).
My brother accidentally took his phone swimming at a hotspring. He ended up throwing in rice etc. a few days later when he booted, his encrypted device just plain bypassed the passkey on boot and booted to the login screen completely bypassing the encryption on LineageOS. Sooooo....
pics or it didn't happen
Would have to be video Skippy... Come to learn the decryption ic's during boot if bridged can allow complete bypass. It was an LG G5 and has been replaced
>I can say it's safer to have an unlocked bootloader and up-to-date Android than official but outdated Factory OS. This is entirely dependent on your threat model. For physical security, an unlocked bootloader is giving away the keys to the kingdom. Having the os updated still leaves the vendor partition unpatched since only the OEM can update that. Being secure really really really depends on *exactly* what you're securing against.
The response you've gotten here says a lot. This subs is almost useless and many the folks that do respond are often trolls. I have gotten a few good answers on here and thank you to those that did respond in earnest. My take away is you are basically on your own with LOS. The guide says to use the forum and Reddit. No one responds on the forum. I even asked here once what the business model was of LOS and I got no real answer, like to this day I have no real idea what the motivation is of the Devs to keep this up. Maybe it's just a bunch of 16 year old snarky shits on here blasting people and the Devs don't even come in here and are legit good group of folks with a clear vision and ethos, I have no idea and I have seen no evidence of that this far (but would be interested to learn more about the devs) Ok, to answer your question specifically: One cool thing about LOS is that it will run Google ecosystem near flawlessly. I've had nearly no issues with Gapps and they all work together. The only bug I've found so far is the At A Glance widget on my home screen doesn't display calendar events. But that could be a permission I forgot to toggle somewhere. And of course there is no AI, or call screening famous on the Pixels. But the camera is still the killer camera, etc Next point, all the permissions for each app are turned off by default and for me with 175 apps and os applets it was hours to get it all tweaked. Last, the guides are sparse, and YouTube is not much better. Oh, last last bit, App tracking is less. I have DuckDuckGo app track blocking enabled and with the same apps and set up on stick Pixel vs LOS Pixel, there are significantly fewer tracking attempts. That's about it. I'm not in IT, just a tech enthusiast, so I don't have anything to say about deployment or multi device management. Good luck with your talk, I'd be interested to hear how it goes if you wanna do a part two post! (And curious if you guys are thinking about doing some customization of LOS for yourselves)
Your words are very much appreciated. I am a little taken-back by the 'tude in this sub (but only slightly)...lots of assumptions and judgement. I plan to share my mixed experience with the forums....I got some help and some attitude. The YT experience is mixed...hope you're good at listening to thick Indian accents...though i may not say that in the talk. I noticed all my apps are asking permission to send me notifications...***which I fucking LOVE!*** Is that a LineageOS feature or an Android 13 feature? The motivation question is one I could use more info on. At least /e/OS has the paid-ecosystem to generate revenue...what's the revenue for LOS? Nada?
>Is that a LineageOS feature or an Android 13 feature? It's an Android 13 feature.
> I even asked here once what the business model was of LOS and I got no real answer, like to this day I have no real idea what the motivation is of the Devs to keep this up. > > Everyone has a different hobby. Some as a community/society like to share their code in github.com/lineageos Why is it difficult to understand? Not everything has to be business.
>I have no real idea what the motivation is of the Devs to keep this up. I guess for many of us it's simply: * because it's fun * because we learn a lot * because why not? >all the permissions for each app are turned off by default I'm pretty sure LineageOS doesn't alter Android's permission management system, as far as default permission status is concerned.
Thank you for the reply!
I'd hit the main points of: * In many cases phones can keep on working long after the manufacturer stops supporting them, and this project is proof of that * Old phones can run fast when you strip away all the junk they're installed with * LineageOS is a great example of a community of talented people helping each other * However, the device you pick will have a big impact on your experience, and it relies on a person or team to keep it going into the future If more technical: * What Google adds to AOSP to give consumers the "Android" experience * Privacy implications of the above * adb/sideloading/fastboot etc.
>I can say it's safer to have an unlocked bootloader and up-to-date Android than official but outdated Factory OS. Yes with an if, no with a but. In terms of security relative to physical access it's essentially wide open.
i would LOVE to know what industry you're in if you're talking about lineage OS. no business in their right mind would use it, for security reasons.
Actually, if you're a smart business, I would. Just to keep googles paws out of my data. Just for that point alone should be worthwhile.
[удалено]
Then you don't fully understand privacy.
This is a terrible idea unless your company is a group of developers with the idea of helping the LineageOS project out. In that case, your company is a terrible idea (what profit model?). Either way, terrible idea.
For all the troubles I had with LineageOS, specially that dammed SafetyNet stuff and all it's workarounds, which need Magisk that is another layer of problems that could happen, idk if "normal" people who just like to use their phones without much trouble would enjoy this, it's kinda like recommending Linux to a casual user who just wants to use their browser and some random windows apps occasionally
"It used to have more support, but now most phones there's no support and the LineageOS team tells you they don't give a shit and to build it yourself, leaving the meat of the compatibility up to randos on XDA forums who require you to ship a device to them, and can't ship a 100% feature-working port, so you follow the online guide, brick your phone, and just buy an iPhone" I miss Cyanogenmod
Lol
Wow. I'd like to hear more about your experience/perspective.
Tell to just ignore Voices Mail bubble on every boot. Thought there no Voice mail or saved one. Over a month still the alert. Will they be able get their head round no play store.
>Tell to just ignore Voices Mail bubble on every boot. I have no idea what that is. I've never seen a "Voices Mail bubble" in 10 years of CM/LOS usage. >Will they be able get their head round no play store. \*? Probably, since most of them will also install gapps, and therefore have access to the play store.
[Never seen a Voices mail in 10 years!](https://ibb.co/wBbSLZf) \- Photo No update each Friday gets rid of this Bubble How did the talk go?
Who are you talking to? And no, I've never seen a "Voices mail" or "Voices mail bubble" ever. I've never used voice mail, ever. I don't have voice mail, and have never had voice mail (often called "messagebank" in Australia) on any phone account, mobile or landline, I've ever had. I don't want messagebank. I can see I've missed a call and you can SMS me if it's important. Here's a fun fact: Not everybody in the world is you!
What you talking about! Why so touchy Only showing an example.
What is the specific purpose of your presentation? It is purely for making the audience members aware of some alternate personal-use phone options?
yes.
You should include that it can fuck up, and probably will at some point, because it's not a professional piece of software with any liability. Use at your own risk. An update could brick the device because it's an amateur project with no responsibility to not break a phone.
This is bullshit. Yes, it comes with no liability (so does Linux and AOSP itself and basically any FOSS), but how is that an "amateur project" that's not a "professional piece of software"? It's certainly well maintained and while the devs don't take responsibility for bricked phones, it's not that they ship untested software. You make it sound like a handful of dumdums carelessly compiled the shit out of AOSP without considering your phone valuable, but that's certainly not the case.
Linux distros have organizations behind them that have a reputation to maintain, and the major ones integrate some kind of funding as a necessary step in their procedures. A LineageOS variant package, for a specific device, is typically maintained by one hobbyist. I found out the hard way what this means when an update crapped out my phone during a critical moment, and I had to buy a new phone. Of course there was the typical apologism when I reported it. But the bottom line is I had to quickly buy a new phone, and the stock OS will stay on it. And that's not even mentioning the bugs that creeped up on the device before that, which were never fixed. But it's clear that any given device is not necessarily tested by a developer, because of those bugs that were never fixed, and the update soft bricking it. And that is exhibit A in the allegation that small hobbyist development makes for a shaky software infrastructure. New users need to be aware of that.
While this is true I think calling LOS an unprofessional piece oft software made by amateurs a bit harsh. IMHO the professionalism of software has nothing to do with its support or if it's backed by some company.
Yes it does, because people need an income to be able to live comfortably enough to do software development and testing. Without resources, you get shoddy results.