Note, GrapheneOS seems to have been able to secure partner access to Android early security releases, but this comes with the cost that the source used to make these special "01" builds is private until general availability. This might not be a tradeoff that LineageOS is willing to take; GrapheneOS has provided the option on a recommended opt-in basis.
The bad thing in general is the dependence on Google policy for all AOSP distros. Joining those programs might long term worsen the situation.
IMHO, it could be worth the fight if GrapheneOS could win their (rather legal/lobbying) battle to obtain play integrity certification by following security closely (which is a joke IMHO because EOL phones with not updates for years also get integrity). Google releasing easily diffable security only bytecode sets, seems like a security nightmare for everyone else.
All of those distros suffer from the reliance of Google to release anything, so they in one way or the other they play the game. Particularly Lineage heavily does 'self-censoring' to comply without much benefit IMHO. We really would need e.g. does not even include the keys for providing alternative web views or the ability to switch the location provider. While google has those capabilities, they only support services sending data to their own servers.
I used lineage as my daily driver since the CyanogenMod days and the HTC desire, but switched to a Google Pixel a few month back, because I felt I had lost the play integrity fight and although my great Redmi Note 10 Pro was running other like a charm thanks to lineage and the device maintainers (Daniel and Aryan), I personally could not invest time and cognitive capacity anymore.
More and more device manufacturers are locking down their bootloaders again. I hope someone can break the momentum and finds a way to break the OS duopoly.
I don't know the exact terminology, but they described what they currently have as security partner access or at least advanced access to security patches. To my knowledge they are still working on full partner access that would grant them timely access to the AOSP source code.
I'd love to see a hybrid phone with an embedded stock android for banking, pay and government apps and a regular LinageOS or Linux OS that runs on a separate partition/hw/vm.
Like "gluing" two phones together - just better ;)
It would be great to run an open OS but having to carry a separate phone for banking/paying is not really a viable option.
They were both budget brands with niche offerings. For most people, the source of the OS is immaterial. There's very little competitive advantage to selling a forked OS, and a rather large downside in terms of support costs.
I'm mostly happy with my GrapheneOS device - but it is absolutely not suitable for mass market.
> I'm mostly happy with my GrapheneOS device - but it is absolutely not suitable for mass market.
What makes you say that? I run GrapheneOS on a Pixel and had to go through the relative simple flashing process, but if GOS came preinstalled on a device anybody familiar with Android (or even iOS) would be able to use it. Compatibility with Android apps is great too.
What is the issue with the permission model. It's basically the AOSP permission model. The changes made by GrapheneOS is the user-facing toggle for the INTERNET permission, and the sensors permission.
If people do not want to interface with those features, they can simply skip them, and the permission model will be the exact same as it is on Android.
All my banking apps works fine under lineage. The only app that does not work is McDonald. I have not investigated very far, maybe it is possible to make it work.
It's great to see Android TV mentioned. Has anyone managed to build a freedom-respecting TV box with Lineage? This is a much needed alternative to "smart" TVs and streaming boxes filled with spyware and arbitrary restrictions.
Nate Johnson, one of the devs at LineageOS, maintains some official and unofficial builds. You could go from scratch using a Radxa SBC, or try to get an older streaming device (like one of the previous versions of the Chromecast). Some of these older devices even got Widevine DRM still working after installing LineageOS, if you want to use a streaming service.
Looks like LineageOS supports various iterations of the Nvidia Shield device. What I'm wondering is whether this new Catapult launcher is compatible with Android TV that comes with off the shelf Smart TVs. I've grown accustomed to the default screen on my current TV's in-built Google TV (not Android TV, although I'm not totally sure of the difference), but it does enforce at least one additional click to get to the actual functions I, and the family, use it for.
Gonna check out Catapult right now.
Edited to add note: It looks as if the latest Nvidia Shield device requires soldering a USB port onto the mainboard of the device[0]. That probably excludes a decent percentage of people who may otherwise be happy software hacking a device.
I'd be curious to see how that works out. One of the main advantages of the Pi is that it supports HDMI-CEC. However, I am seen reports that it struggles with 4K playback at more than 30fps. Even 60Hz isn't great if you have a modern TV and want to use SteamLink to play Steam games running on your PC from your couch.
You don't "streaming services" when you can open a Web browser and stream from the high seas, or download NewPipe from F-Droid, or download Jellyfin and stream local content.
Does it work well with the Google tv remote for example? Last time I used NewPipe on the tv, the ui was completely unsuited for remotes. I can't imagine using streaming services on the browser to be any better.
If you want to check supported devices together with some sustainability criteria and other ROMs, I just updated https://www.sustaphones.com/ to reflect that LOS update.
Over recent user privacy (and security) crackdowns from Google, these OS upgrades seem to be becoming more appealing. Can anyone comment on what differs Lineage from something like GrapheneOS?
That is not to say you have no freedom or extra features with Graphene, or no security with Lineage, it’s just what either project has very clearly as main target.
I do miss some features since switching to GrapheneOS (customizable on screen nav, volume rocker for cursor control), but I’m very happy with stuff like sandboxed google play services.
Graphene is probably better on the devices that support both (Pixels), but since hardware support is so (intentionally) limited, it kind of a moot point. Also the Graphene community is kind of obsessed with "security" and does not seem to place much emphasis on freedom/hackability.
Why the scare quotes? Graphene’s focus on security is legitimate and well founded. They are the only phone OS that is consistently safe from hacking by the likes of Cellebrite long after all other androids have fallen.
Let's define "more secure" as "preventing a particular behavior that is against the device owner's conscious or unconscious wishes".
It would be "more secure" to have a per-application firewall that blocks particular apps from outbound traffic over certain networks or to certain destinations. This prevents a malicious app from consuming roaming data.
LineageOS can have that, at the owner's preference. Graphene explicitly forbids it.
It would be "more secure" to allow backing up apps and all their data. This would mitigate the damage of ransomware. Graphene, again, forbids it (following google guidelines prioritizing the wishes of an app's developer over the device owner).
There are many such examples. Lineage is philosophically owned by the person who installed it onto the phone. Graphene is owned by the Graphene devs, NOT the phone owner. Sometimes the Graphene devs purposefully choose to let software on the device restrict the valid owner of that device.
>It would be "more secure" to have a per-application firewall that blocks particular apps from outbound traffic over certain networks or to certain destinations. This prevents a malicious app from consuming roaming data.
LineageOS can have that, at the owner's preference. Graphene explicitly forbids it.
Not sure what is meant by forbidding it? GrapheneOS provides per-app network access control via a user-controllable Network permission which is not implemented in AOSP or LineageOS afaik. They do not forbid using local firewall/filtering apps like RethinkDNS (to enforce mobile data only or Wi-Fi only iirc) and InviZible. They only warn that 'blocks particular apps from outbound traffic ..to certain destinations' cannot be enforced once an app has network access which makes sense to me.
>It would be "more secure" to allow backing up apps and all their data. This would mitigate the damage of ransomware. Graphene, again, forbids it (following google guidelines prioritizing the wishes of an app's developer over the device owner).
Contact scopes, storage scopes, the sensors permission and the network permission are examples that show precisely the opposite (GrapheneOS prioritises the device owner over the application developers). To my understanding, the backup app built-in to GrapheneOS even 'simulates' a device-to-device transfer mode to get around apps not being comfortable with data being exfiltrated to Google Drive. That being said, I understand they have plans to completely revamp the backup experience once they have the resources to do so.
I just read that they changed their stance, but for a long time, they were against implementing RCS and said users should be using another tool like Signal. That ignores real world scenarios where users ended up using SMS rather than RCS, which was encrypted with Google messages. Of course, there's more nuance to the discussion, but I found myself a few years ago having gone from encrypted messaging on an iPhone by default to encrypted messaging on stock Android with RCS to unencrypted messaging on GrapheneOS. I thought that was certainly less secure for myself and likely the average user.
But they did share valid concerns about their reasoning and most other aspects of the OS certainly have a great focus on security.
And having security focused settings by default. For instance, the https://localmess.github.io tracking attempt was prevented on Vanadium (a browser maintained by GOS). Another serious vulnerability from top of my mind was TapTrap (https://taptrap.click/), which was fixed by GOS [1] few months ago. Android is still vulnerable to it!
I have used both, and I can personally use my smartphone properly with both.
GrapheneOS is more strict about security, making it more secure but less accessible (at the moment you can only run GrapheneOS on Pixel phones).
I am happy with GrapheneOS' policy: that's exactly why I use GrapheneOS, to the point where I bought a Pixel just for GrapheneOS. Many people complain about GrapheneOS not supporting other phones. IMO it's the other way round: the other Android manufacturers do not support GrapheneOS.
If you really want GrapheneOS to lower their security in order to run on another phone, what you want is actually LineageOS.
A few years ago, Lineage was just a customizable tinkerer friendly AOSP. It served as a base for a lot more Android distros. It was just a smoother Android variant with features like double tap on the notification bar to sleep, better integrated root support, more built in theming options.
Graphene OS was only available for a few Pixel Devices whose source was fully available and mainly focused on security features like improved permissions and more anti tracking features.
To give an example, a company I worked for shipped it's phones with a Lineage OS base with a few patches from Graphene OS to replace default ntp and connectivity check servers.
Well, this looks nice. Tons more devices than Graphene or Postmarket supported.
Which hardware should one get to run this? Which hardware is reasonably ethical? Perhaps the Fairphone 5? There are lots of choices from Motorola and OnePlus but I know nothing about them. (Well I remember the old Moto up to Y2k.) Not sure where to buy them.
With reasonable ethical you indeed might want to look into the Fairphones. The Fairphone 6 was reviewed as being a nice improvement over the 5. I'd expect LineageOS to land on that device some time in the future, after all the prior three models are supported. You could wait for that, or settle for the 5.
If you want something cheap and easy instead of the Fairphone, the Motorola moto g 5G (2024) looks good. Supported by LineageOS 23.0 and also on the list of calyx devices, https://calyxos.org/docs/guide/device-support/#modern-device..., with vendor security updates till 2027 (though calyx is on pause, that's me only hoping the device list will still apply afterwards, would be an interesting additional option). Not available in my market though, or just hard to find with that name given the other similarly named motorola phones.
OnePlus 12R is one of the newest phones that is supported, and will get vendor updates until 2028. No headphone jack and no sd card slot though.
Ethical does not describe the OnePlus and Motorola phones. But anything used could be judged as such, since you then at least did not add to the garbage pile of unrepairable devices directly - but they are a bit new for that maybe. On the other hand, vendor security updates don't exist for many of the older devices (especially those from Motorola, they churn out new devices by the dozens and almost immediately abandon them), and the new EU regulations that force vendors to provide security updates only apply to new devices.
With Titanium Backup unmaintained, Neo Backup [1] works pretty well. It has some potential issues with restoring wifi/bluetooth/sms as those were still experimental, last I used it. But sms at least worked. I'd suggest a 2nd backup app of those, just in case.
Yes, I run Waydroid (LineageOS in a Linux container) in an Ubuntu x86_64 VM on my home PC using their default installation method, plus libhoudini via https://github.com/casualsnek/waydroid_script to be able to run arm64-only apps, and waypipe the UI to my (Linux) phone that is connected to my home LAN via Wireguard.
I used to run Waydroid directly on the phone, but the phone has terrible specs and Waydroid had become frustrating in the last few months, when it updated its LineageOS image to a new Android version. It would frequently crash or pop up an infinite series of "app is not responding" dialog boxes, even though whatever app it was was responding just fine. With my new VM + waypipe setup, Waydroid launches in ~10s instead of ~3 minutes, and everything is reasonably snappy despite now traveling over the network, so I'm happy.
The requirements are monstrous: 300GB storage, 32GB RAM. My everyday working laptop has a 240GB SSD. I've build the kernel, Firefox, and the heaviest packages which I use from sources with a fraction of those resources.
I can't even fathom what the build system is doing in order to require this amount of storage.
Waydroid runs Lineage, so it's certainly possible, but I don't know how easy it is on something like QEMU.
That being said buying a phone compatible with Lineage or Graphene (only Pixels for the latter) is well worth it. This will probably become even more important in the future if Google bans sideloading or complies with idiotic laws such client-side scanning of messages in some markets.
Every version of Lineage has rooted ADB accessible in the developer options. If you want root for apps, you must load Magisk. If root is important to you, this is your OS.
Lineage puts out all the patches that they can, every month, unlike OEMs. If current patches are important to you, this is your OS.
Lineage allows you to run it without any Google closed source code.
These are some serious advantages, depending upon what you are trying to do.
I use LineageOS on all my devices (it's actually my main criteria when buying a phone) to mainly install apps from F-Droid without relying on the Google Play Store.
It has the same familiar look and feel on all devices and by experience is way snappier than the original ROM.
Curve Pay is a viable option last I checked. I am unaware of any payment options on Amex UK app. Amex expects you to link your card with Google Wallet.
>What does not work? An LG app to control an air conditioner.
I use GrapheneOS. Thankfully I've had few things not work. Google Pay being one of them, the other is the garage door (Liftmaster)[1].
I genuinely find it disgusting. Thankfully I rent the apartment (and attached garage) so I've never given them any money. At the end of the day there's literally zero justification for a garage door opening app to brick itself if it's run on a unapproved platform. The official[2] statement states:
"Our customers rely on us to make access simple without sacrificing quality and reliability. Unauthorized app integrations, stemming from only 0.2% of myQ users, previously accounted for more than half of the traffic to and from the myQ system, and at times constituted a substantial DDOS event that consumed high quantities of resources."
AKA "we are incapable of implementing a basic ratelimit. faulty third-party clients made our AWS bill go up a bit so we are going to go on an irrational crusade against third-party integrations of any kind and expend more resources doing this than would be spent by giving users a simple API to use"
Banking apps that do not require Google Play services, such as Bank of America, run just fine. Besides, you can always open a browser and use the web version. Losing banking apps and "tap to pay" is a small price to pay for avoiding having your data constantly siphoned by Google.
Got a Xperia Z1 in 2013. Sony stopped updating it at some point in 2014-2015, which is stupid, but the hardware was still like new (which is the great thing about Sony phones) so I rooted it and managed to install it. Can't remember if it was already named "LineageOS" or "CyanogenMod" at the time. However, it lasted with me until nov. 2020 when I dropped and the screen cracked, made it to be changed but the replacement was kinda bad so used it as an excuse to get a 1ii.
I did the same with this "new" phone, that is going to be 5 years with me - since also got that only-two-years-of-updates thing, threw LineageOS on it and it's going as new.
So as I said the last time I saw a post about it in here, thanks to LineageOS I can use a phone for way more than they are set out to be forgotten. It's a great project and it's really sad Google are making things harder for them for the sake of "security".
I immediately put Lineage on all my devices. In fact, I only buy Android devices that Lineage supports. It's a uniform, degoogled Android experience that just works.
If your phone is more than a few years old it likely doesn't get updates from the manufacturer anymore. LineageOS will get you to the latest Android with security patches. Same sort of deal as with OpenWRT for a router really, you get all the features and security patches but at the loss of the firmware that the device came with and its propriety enhancements.
I have a Samsung Tablet and Samsung's version for said tablet is a giant mountain of crap, full of bloatware, so I installed LineageOS on it. Also my old phone and my old old phone run LineageOS because I'm just logged in to Google on my {current_phone}.
It's worth mentioning that newer Samsung phones and tablets have an eFuse that is blown when you unlock them. This permanently disables some functionality of their separate secure element (IIRC). If you are planning to run LineageOS forever, it would probably not be a big issue, but if you just want to try a third-party OS or ever resell the device, it could be an issue.
Also note that latest Samsung models like Z Flip 7, along with recent models such as S25 who's gonna get the OneUI 8 update will not allow unlocking anymore.
I ran LineageOS on my Moto X4 for many years. It was much faster without the OEM Moto and carrier apps, and was faster again when I installed it without Google Play Services. Same thing with an old Kindle Fire tablet, finally made it fast enough to practically use.
I haven't used custom roms in ages, but I used Lineage back when it was called Cyanogen. It had this cool thing where you could adjust brightness by swiping the top edge of the screen. (This was back in the day when you could reach that part easily!)
My personal take is that most Android devices no longer get updates pretty soon after the release (where pretty soon means 2-3 years). Google promises 7 years of support for their newer devices, but most vendors don't.
LineageOS is, besides the fact hat it is more open for non google stuff, providing Android Updates for older devices. While this does not necessarily provide better security (rooted devices are often not considered as secure), you still get the newer Androids security patches and FEATURES. Furthermore you are more open to do what you want.
To not have Google built into all alspects of your life too much. Although it still uses some essential Google services, it does take out most unnecessary stuff, which you often can optionally add later in a possibly more secure form, but sometimes can't, which will cause very specific apps using these services not to function, or these features of those apps.
And if Chat Control will be implemented in Google Android, then LineageOS also offers you a way out of that, which is a huge plus of course if you ask me.
QFT. Lineage and Graphene are the last bastions of freedom on mobile phones. Linux phones aren't quite there yet in terms of usability, and sacrifice compatibility with thousands of great apps (including many great FOSS apps) available on Android.
If you want to escape Google's monopoly, you can use LineageOS without google apps, as opposed to the malware and spyware-ridden trash that usually comes preinstalled on your phone.
Yes, that's unfortunate. But it is "easily" patchable (and a world of difference from actually running google play services with root privileges on your phone).
To a normie non-tech person, buying a several hundred dollar Google phone, only to delete Google from it sounds stupid, like you've set your money on fire.
It makes perfect sense to use it if you even remotely care about better performance, battery life and privacy. Google ships it's bloated apps which not only tracks everything and runs on privileged mode but degrades your battery life to a great extent
And it's a decently recent version with more-or-less official Nvidia Tegra drivers, too. For the variety of weird-but-ubiquitous devices that have a bootloader hack, LineageOS is the route to a working smart device that anyone can pick up and use.
> And I heard that Google stopped pushing Pixel source?
> Yes, Google has pulled back here too. Pixel kernels are now only offered as history-stripped tarballs, available privately on request, with no device trees, HALs, or configs. Thanks to projects like CalyxOS, Pixels will likely remain well supported, but they’re no longer guaranteed “day one” devices for LineageOS. Pixel devices are now effectively no easier to support than any other OEM’s devices. In short, this just makes things harder, not impossible.
These fucking bastards. How far we have fallen in ~10 years of smartphone ubiquity. I have zero hopes that this monopolising trend will ever be reversed without top-down regulation from a big bloc like the EU.
If you look at EU and its inaction over Microsoft privacy shenanigans with Win10 and 11. How it spins around Apple and cannot enforce them to fully open their mobile operating system then I sadly have little hopes they can do anything regarding Google and their recent decisions around Play store and 3rd party apps.
I wish something could be done but sadly feels like regular people have to climb mountains to protect themselves while corporations just come in by front door with lucrative deals in order to protect their status-quo
At the risk of sounding knee-jerk libertarian (though there are worse ways to sound), it seems to me that top-down, big bloc regulation is a non-trivial piece of what has gotten into this mess.
The entrenchment via regulatory capture at the baseband level, with enormous state interplay with TSMC and Qualcomm (both economic and regulatory, both publicly known and classified), makes it impossible for a seriously independent actor to enter the market, exception _maybe_ an ubercapitalist like Musk or something.
I'm much more interested to see what happens when we achieve sufficient peace that industrial complexes are no longer the primary pillar of support for chip engineering and fabrication. I suspect that this will unlock the open development, up to the kernel and beyond, that we all hope for.
You can't blame the EU for Google pulling developer support for devices or holding back security patches.
There are pros and cons to "big bloc regulation". You can go and start a phone company since so many things are standarised but the main constraint will be who you source a modem from and the lack of choice will be because of patents (see Apple vs Qualcomm).
What would baseband usage look like in a deregulated world?
I’m skeptical, but the question is honest. Without the (quite corrupt) allotment of frequencies and broadcast radio tech by the FCC and government, I’m having trouble envisioning a future that doesn’t end up back at the bcm/qcm/etc. near-monopoly … just via market collusion rather than state orchestration. Is there a better future there that I’m missing?
Note, GrapheneOS seems to have been able to secure partner access to Android early security releases, but this comes with the cost that the source used to make these special "01" builds is private until general availability. This might not be a tradeoff that LineageOS is willing to take; GrapheneOS has provided the option on a recommended opt-in basis.
https://discuss.grapheneos.org/d/27068-grapheneos-security-p...
The bad thing in general is the dependence on Google policy for all AOSP distros. Joining those programs might long term worsen the situation.
IMHO, it could be worth the fight if GrapheneOS could win their (rather legal/lobbying) battle to obtain play integrity certification by following security closely (which is a joke IMHO because EOL phones with not updates for years also get integrity). Google releasing easily diffable security only bytecode sets, seems like a security nightmare for everyone else.
All of those distros suffer from the reliance of Google to release anything, so they in one way or the other they play the game. Particularly Lineage heavily does 'self-censoring' to comply without much benefit IMHO. We really would need e.g. does not even include the keys for providing alternative web views or the ability to switch the location provider. While google has those capabilities, they only support services sending data to their own servers.
I used lineage as my daily driver since the CyanogenMod days and the HTC desire, but switched to a Google Pixel a few month back, because I felt I had lost the play integrity fight and although my great Redmi Note 10 Pro was running other like a charm thanks to lineage and the device maintainers (Daniel and Aryan), I personally could not invest time and cognitive capacity anymore.
More and more device manufacturers are locking down their bootloaders again. I hope someone can break the momentum and finds a way to break the OS duopoly.
Yeah, yesterday I got a pop-up post-update that explained the situation and asked me if I wanted the closed source blobs.
As far as I have heard they have not actually secured partner access for themselves, they just got someone who has access to break their NDA.
I don't know the exact terminology, but they described what they currently have as security partner access or at least advanced access to security patches. To my knowledge they are still working on full partner access that would grant them timely access to the AOSP source code.
The access comes from GrapheneOS' OEM partner who isn't breaking any kind of NDA.
I'd love to see a hybrid phone with an embedded stock android for banking, pay and government apps and a regular LinageOS or Linux OS that runs on a separate partition/hw/vm.
Like "gluing" two phones together - just better ;)
It would be great to run an open OS but having to carry a separate phone for banking/paying is not really a viable option.
Banking, pay and government apps should be a website and work on any device with a web browser.
Lots of them are, in fact. It's not that hard, maybe even easier. What's wrong with the rest of them that require a phone?
I would be happy if any of the big phone makers will starting adopting LineageOS or GrapheneOS as the main operating system for some of their models.
Or just leave the possibility of easy unlock the phone and publish sources.
BQ tried that with Cyanogen (the precursor to Lineage) https://www.trustedreviews.com/reviews/bq-aquaris-x5
As did WileyFox - https://www.xda-developers.com/wileyfox-to-issue-update-to-m...
They were both budget brands with niche offerings. For most people, the source of the OS is immaterial. There's very little competitive advantage to selling a forked OS, and a rather large downside in terms of support costs.
I'm mostly happy with my GrapheneOS device - but it is absolutely not suitable for mass market.
> I'm mostly happy with my GrapheneOS device - but it is absolutely not suitable for mass market.
What makes you say that? I run GrapheneOS on a Pixel and had to go through the relative simple flashing process, but if GOS came preinstalled on a device anybody familiar with Android (or even iOS) would be able to use it. Compatibility with Android apps is great too.
Off the top of my head:
Lots of banking apps don't work.
RCS has only just started working.
No "Find My Device" support.
Permissions model is difficult to understand - even I struggle with it.
Standard launcher has tiny icons which can't be adjusted.
Pop on to https://discuss.grapheneos.org/ and see the struggles which users have.
What is the issue with the permission model. It's basically the AOSP permission model. The changes made by GrapheneOS is the user-facing toggle for the INTERNET permission, and the sensors permission.
If people do not want to interface with those features, they can simply skip them, and the permission model will be the exact same as it is on Android.
> No "Find My Device" support.
I don't have any issues with it
OnePlus also shipped Cyanogen in their early days. They're still around, but they've long since pivoted to their own proprietary Android distro.
Given that Cyanogenmod was discontinued shortly after the OnePlus One released, it's hard to blame them.
I had that phone, too bad it died.
All my banking apps works fine under lineage. The only app that does not work is McDonald. I have not investigated very far, maybe it is possible to make it work.
It's great to see Android TV mentioned. Has anyone managed to build a freedom-respecting TV box with Lineage? This is a much needed alternative to "smart" TVs and streaming boxes filled with spyware and arbitrary restrictions.
Nate Johnson, one of the devs at LineageOS, maintains some official and unofficial builds. You could go from scratch using a Radxa SBC, or try to get an older streaming device (like one of the previous versions of the Chromecast). Some of these older devices even got Widevine DRM still working after installing LineageOS, if you want to use a streaming service.
https://xdaforums.com/t/official-lineageos-22-for-amlogic-gx...
This!
Looks like LineageOS supports various iterations of the Nvidia Shield device. What I'm wondering is whether this new Catapult launcher is compatible with Android TV that comes with off the shelf Smart TVs. I've grown accustomed to the default screen on my current TV's in-built Google TV (not Android TV, although I'm not totally sure of the difference), but it does enforce at least one additional click to get to the actual functions I, and the family, use it for.
Gonna check out Catapult right now.
Edited to add note: It looks as if the latest Nvidia Shield device requires soldering a USB port onto the mainboard of the device[0]. That probably excludes a decent percentage of people who may otherwise be happy software hacking a device.
[0]: https://wiki.lineageos.org/devices/sif/install/#usb-port-ins...
This is it for the non-Pro models only since they come with 3 USB-A ports
There's a build for RPi5, I didn't try it yet but intend to do it soonish.
https://konstakang.com/devices/rpi5/
I'd be curious to see how that works out. One of the main advantages of the Pi is that it supports HDMI-CEC. However, I am seen reports that it struggles with 4K playback at more than 30fps. Even 60Hz isn't great if you have a modern TV and want to use SteamLink to play Steam games running on your PC from your couch.
My usecase is watching movies from my couch, so I guess it's more than OK.
Almost all major streaming services will refuse to work on unapproved devices.
You don't "streaming services" when you can open a Web browser and stream from the high seas, or download NewPipe from F-Droid, or download Jellyfin and stream local content.
Does it work well with the Google tv remote for example? Last time I used NewPipe on the tv, the ui was completely unsuited for remotes. I can't imagine using streaming services on the browser to be any better.
In that case just go with Libreelec.
You can always Magisk your device to workaround this.
If you want to check supported devices together with some sustainability criteria and other ROMs, I just updated https://www.sustaphones.com/ to reflect that LOS update.
Over recent user privacy (and security) crackdowns from Google, these OS upgrades seem to be becoming more appealing. Can anyone comment on what differs Lineage from something like GrapheneOS?
Security & Privacy: GrapheneOS
Freedom & Features: LineageOS
That is not to say you have no freedom or extra features with Graphene, or no security with Lineage, it’s just what either project has very clearly as main target.
I do miss some features since switching to GrapheneOS (customizable on screen nav, volume rocker for cursor control), but I’m very happy with stuff like sandboxed google play services.
Graphene is probably better on the devices that support both (Pixels), but since hardware support is so (intentionally) limited, it kind of a moot point. Also the Graphene community is kind of obsessed with "security" and does not seem to place much emphasis on freedom/hackability.
Why the scare quotes? Graphene’s focus on security is legitimate and well founded. They are the only phone OS that is consistently safe from hacking by the likes of Cellebrite long after all other androids have fallen.
Let's define "more secure" as "preventing a particular behavior that is against the device owner's conscious or unconscious wishes".
It would be "more secure" to have a per-application firewall that blocks particular apps from outbound traffic over certain networks or to certain destinations. This prevents a malicious app from consuming roaming data.
LineageOS can have that, at the owner's preference. Graphene explicitly forbids it.
It would be "more secure" to allow backing up apps and all their data. This would mitigate the damage of ransomware. Graphene, again, forbids it (following google guidelines prioritizing the wishes of an app's developer over the device owner).
There are many such examples. Lineage is philosophically owned by the person who installed it onto the phone. Graphene is owned by the Graphene devs, NOT the phone owner. Sometimes the Graphene devs purposefully choose to let software on the device restrict the valid owner of that device.
>It would be "more secure" to have a per-application firewall that blocks particular apps from outbound traffic over certain networks or to certain destinations. This prevents a malicious app from consuming roaming data.
LineageOS can have that, at the owner's preference. Graphene explicitly forbids it.
Not sure what is meant by forbidding it? GrapheneOS provides per-app network access control via a user-controllable Network permission which is not implemented in AOSP or LineageOS afaik. They do not forbid using local firewall/filtering apps like RethinkDNS (to enforce mobile data only or Wi-Fi only iirc) and InviZible. They only warn that 'blocks particular apps from outbound traffic ..to certain destinations' cannot be enforced once an app has network access which makes sense to me.
>It would be "more secure" to allow backing up apps and all their data. This would mitigate the damage of ransomware. Graphene, again, forbids it (following google guidelines prioritizing the wishes of an app's developer over the device owner).
Contact scopes, storage scopes, the sensors permission and the network permission are examples that show precisely the opposite (GrapheneOS prioritises the device owner over the application developers). To my understanding, the backup app built-in to GrapheneOS even 'simulates' a device-to-device transfer mode to get around apps not being comfortable with data being exfiltrated to Google Drive. That being said, I understand they have plans to completely revamp the backup experience once they have the resources to do so.
I just read that they changed their stance, but for a long time, they were against implementing RCS and said users should be using another tool like Signal. That ignores real world scenarios where users ended up using SMS rather than RCS, which was encrypted with Google messages. Of course, there's more nuance to the discussion, but I found myself a few years ago having gone from encrypted messaging on an iPhone by default to encrypted messaging on stock Android with RCS to unencrypted messaging on GrapheneOS. I thought that was certainly less secure for myself and likely the average user.
But they did share valid concerns about their reasoning and most other aspects of the OS certainly have a great focus on security.
And having security focused settings by default. For instance, the https://localmess.github.io tracking attempt was prevented on Vanadium (a browser maintained by GOS). Another serious vulnerability from top of my mind was TapTrap (https://taptrap.click/), which was fixed by GOS [1] few months ago. Android is still vulnerable to it!
[1] - https://grapheneos.org/releases#2025070700:~:text=only%20per...
I have used both, and I can personally use my smartphone properly with both.
GrapheneOS is more strict about security, making it more secure but less accessible (at the moment you can only run GrapheneOS on Pixel phones).
I am happy with GrapheneOS' policy: that's exactly why I use GrapheneOS, to the point where I bought a Pixel just for GrapheneOS. Many people complain about GrapheneOS not supporting other phones. IMO it's the other way round: the other Android manufacturers do not support GrapheneOS.
If you really want GrapheneOS to lower their security in order to run on another phone, what you want is actually LineageOS.
A few years ago, Lineage was just a customizable tinkerer friendly AOSP. It served as a base for a lot more Android distros. It was just a smoother Android variant with features like double tap on the notification bar to sleep, better integrated root support, more built in theming options.
Graphene OS was only available for a few Pixel Devices whose source was fully available and mainly focused on security features like improved permissions and more anti tracking features.
To give an example, a company I worked for shipped it's phones with a Lineage OS base with a few patches from Graphene OS to replace default ntp and connectivity check servers.
GOS only works on Google phones
Well, this looks nice. Tons more devices than Graphene or Postmarket supported.
Which hardware should one get to run this? Which hardware is reasonably ethical? Perhaps the Fairphone 5? There are lots of choices from Motorola and OnePlus but I know nothing about them. (Well I remember the old Moto up to Y2k.) Not sure where to buy them.
With reasonable ethical you indeed might want to look into the Fairphones. The Fairphone 6 was reviewed as being a nice improvement over the 5. I'd expect LineageOS to land on that device some time in the future, after all the prior three models are supported. You could wait for that, or settle for the 5.
If you want something cheap and easy instead of the Fairphone, the Motorola moto g 5G (2024) looks good. Supported by LineageOS 23.0 and also on the list of calyx devices, https://calyxos.org/docs/guide/device-support/#modern-device..., with vendor security updates till 2027 (though calyx is on pause, that's me only hoping the device list will still apply afterwards, would be an interesting additional option). Not available in my market though, or just hard to find with that name given the other similarly named motorola phones.
OnePlus 12R is one of the newest phones that is supported, and will get vendor updates until 2028. No headphone jack and no sd card slot though.
Ethical does not describe the OnePlus and Motorola phones. But anything used could be judged as such, since you then at least did not add to the garbage pile of unrepairable devices directly - but they are a bit new for that maybe. On the other hand, vendor security updates don't exist for many of the older devices (especially those from Motorola, they churn out new devices by the dozens and almost immediately abandon them), and the new EU regulations that force vendors to provide security updates only apply to new devices.
How do backups/restores work when using LineageOS and moving to a new phone?
With Titanium Backup unmaintained, Neo Backup [1] works pretty well. It has some potential issues with restoring wifi/bluetooth/sms as those were still experimental, last I used it. But sms at least worked. I'd suggest a 2nd backup app of those, just in case.
[1] https://github.com/NeoApplications/Neo-Backup
They're seamless. Any phone that allows you true `root` can do nandroid style backups which work very similar to how iOS does backups.
Any way to get this to run in a VM? Or should I give up and buy a phone that can handle it and use it through remote desktop tools?
Yes, I run Waydroid (LineageOS in a Linux container) in an Ubuntu x86_64 VM on my home PC using their default installation method, plus libhoudini via https://github.com/casualsnek/waydroid_script to be able to run arm64-only apps, and waypipe the UI to my (Linux) phone that is connected to my home LAN via Wireguard.
I used to run Waydroid directly on the phone, but the phone has terrible specs and Waydroid had become frustrating in the last few months, when it updated its LineageOS image to a new Android version. It would frequently crash or pop up an infinite series of "app is not responding" dialog boxes, even though whatever app it was was responding just fine. With my new VM + waypipe setup, Waydroid launches in ~10s instead of ~3 minutes, and everything is reasonably snappy despite now traveling over the network, so I'm happy.
The article to which you're commenting has two whole paragraphs on the newly introduced support for virtualisation and qemu.
There is a guide on how to set up LineageOS for libvirt (i.e. QEMU) [1], but there exist no prebuilt images at this point in time.
[1] https://wiki.lineageos.org/libvirt-qemu
The requirements are monstrous: 300GB storage, 32GB RAM. My everyday working laptop has a 240GB SSD. I've build the kernel, Firefox, and the heaviest packages which I use from sources with a fraction of those resources.
I can't even fathom what the build system is doing in order to require this amount of storage.
Waydroid runs Lineage, so it's certainly possible, but I don't know how easy it is on something like QEMU.
That being said buying a phone compatible with Lineage or Graphene (only Pixels for the latter) is well worth it. This will probably become even more important in the future if Google bans sideloading or complies with idiotic laws such client-side scanning of messages in some markets.
LineageOS is an open source android distribution. Can anyone comment on who might use LineageOS and why?
Every version of Lineage has rooted ADB accessible in the developer options. If you want root for apps, you must load Magisk. If root is important to you, this is your OS.
Lineage puts out all the patches that they can, every month, unlike OEMs. If current patches are important to you, this is your OS.
Lineage allows you to run it without any Google closed source code.
These are some serious advantages, depending upon what you are trying to do.
I use LineageOS on all my devices (it's actually my main criteria when buying a phone) to mainly install apps from F-Droid without relying on the Google Play Store.
It has the same familiar look and feel on all devices and by experience is way snappier than the original ROM.
are you able to do any banking your phone?
(Lineage user here) I've had no trouble with Schwab, USAA, Discover, Amex, Mercury, PayPal, Venmo, or Stripe.
Phone is rooted with Magisk Hide and MicroG for spoofing google play services. Google Wallet does not work.
Google Wallet also doesn't work on Graphene OS.
I just looked into this and in the US there's basically no technical answer that I'd expect to be reliable.
You've got a few choices:
* magsafe wallet (~$10) without nfc shield with a physical card
* "purewrist" prepaid debit card (would be good for a kid maybe)
* garmin smartwatch that gets linked properly like Google Pay would
If you're in the EU there are a ton more options, specifically "Curve Pay" and possibly "Amex UK".
Very annoying.
Curve Pay is a viable option last I checked. I am unaware of any payment options on Amex UK app. Amex expects you to link your card with Google Wallet.
Most everything banking related works for me. 2 different credit unions, roboinvesting, paypal & paypal-alikes, credit card, car insurance, etc.
What does not work? An LG app to control an air conditioner.
Also I have to hide root from the roku app, which I use for the headphone because it works better than the headphone on the remote.
Super important stuff, no wonder they lock that down so much.
Ok I did skip one real thing for the sake of the funny. I can't do google tap to pay. That's about it.
This is all the same on a rooted standard rom as on Lineage.
>What does not work? An LG app to control an air conditioner.
I use GrapheneOS. Thankfully I've had few things not work. Google Pay being one of them, the other is the garage door (Liftmaster)[1].
I genuinely find it disgusting. Thankfully I rent the apartment (and attached garage) so I've never given them any money. At the end of the day there's literally zero justification for a garage door opening app to brick itself if it's run on a unapproved platform. The official[2] statement states:
"Our customers rely on us to make access simple without sacrificing quality and reliability. Unauthorized app integrations, stemming from only 0.2% of myQ users, previously accounted for more than half of the traffic to and from the myQ system, and at times constituted a substantial DDOS event that consumed high quantities of resources."
AKA "we are incapable of implementing a basic ratelimit. faulty third-party clients made our AWS bill go up a bit so we are going to go on an irrational crusade against third-party integrations of any kind and expend more resources doing this than would be spent by giving users a simple API to use"
[1]: https://xdaforums.com/t/root-detection-for-myq-apps.3858887/ [2]: https://chamberlaingroup.com/press/a-message-about-our-decis...
3 banking apps running fine, until revolut decided to pull a douche move. i've ended my contract with them.
2 banking apps running fine.
Banking apps that do not require Google Play services, such as Bank of America, run just fine. Besides, you can always open a browser and use the web version. Losing banking apps and "tap to pay" is a small price to pay for avoiding having your data constantly siphoned by Google.
> Besides, you can always open a browser and use the web version.
Not possible in many parts of the world where banks force you to use their app for basic banking functionality.
I use chrome and the web version.
Got a Xperia Z1 in 2013. Sony stopped updating it at some point in 2014-2015, which is stupid, but the hardware was still like new (which is the great thing about Sony phones) so I rooted it and managed to install it. Can't remember if it was already named "LineageOS" or "CyanogenMod" at the time. However, it lasted with me until nov. 2020 when I dropped and the screen cracked, made it to be changed but the replacement was kinda bad so used it as an excuse to get a 1ii.
I did the same with this "new" phone, that is going to be 5 years with me - since also got that only-two-years-of-updates thing, threw LineageOS on it and it's going as new.
So as I said the last time I saw a post about it in here, thanks to LineageOS I can use a phone for way more than they are set out to be forgotten. It's a great project and it's really sad Google are making things harder for them for the sake of "security".
I immediately put Lineage on all my devices. In fact, I only buy Android devices that Lineage supports. It's a uniform, degoogled Android experience that just works.
What devices do you use Lineage on may I ask?
Pixel 7 Pro, OnePlus 9, OnePlus 6, Minimal Phone MP01 (unofficial ROM), Samsung Gakaxy Tab S5e. Formerly: Xperia X Compact
I use moto devices, my current one is a g45. But I have also setup a second hand g30.
If your phone is more than a few years old it likely doesn't get updates from the manufacturer anymore. LineageOS will get you to the latest Android with security patches. Same sort of deal as with OpenWRT for a router really, you get all the features and security patches but at the loss of the firmware that the device came with and its propriety enhancements.
I have a Samsung Tablet and Samsung's version for said tablet is a giant mountain of crap, full of bloatware, so I installed LineageOS on it. Also my old phone and my old old phone run LineageOS because I'm just logged in to Google on my {current_phone}.
It's worth mentioning that newer Samsung phones and tablets have an eFuse that is blown when you unlock them. This permanently disables some functionality of their separate secure element (IIRC). If you are planning to run LineageOS forever, it would probably not be a big issue, but if you just want to try a third-party OS or ever resell the device, it could be an issue.
Also note that latest Samsung models like Z Flip 7, along with recent models such as S25 who's gonna get the OneUI 8 update will not allow unlocking anymore.
I ran LineageOS on my Moto X4 for many years. It was much faster without the OEM Moto and carrier apps, and was faster again when I installed it without Google Play Services. Same thing with an old Kindle Fire tablet, finally made it fast enough to practically use.
Can you tell which tablet is that? I'm lurking around and wondering if I should pick Samsung one once iPad battery dies out
I haven't used custom roms in ages, but I used Lineage back when it was called Cyanogen. It had this cool thing where you could adjust brightness by swiping the top edge of the screen. (This was back in the day when you could reach that part easily!)
My personal take is that most Android devices no longer get updates pretty soon after the release (where pretty soon means 2-3 years). Google promises 7 years of support for their newer devices, but most vendors don't.
LineageOS is, besides the fact hat it is more open for non google stuff, providing Android Updates for older devices. While this does not necessarily provide better security (rooted devices are often not considered as secure), you still get the newer Androids security patches and FEATURES. Furthermore you are more open to do what you want.
However LineageOS does to my knowledge not support bootloader re-locking on most devices, which might be a security risk (see https://grapheneos.org/install/web#locking-the-bootloader).
Google promises 7 years of support for their newer devices, but most vendors don't.
Unless you have a Pixel 6 and your security update goes missing?
(Didn't get the July security update and the October update is still missing? https://www.reddit.com/r/GooglePixel/comments/1o2bhur/where_... )
Promises... I tend to not trust promises as long as there is another Option.
And I'm a happy graphene OS user.
To not have Google built into all alspects of your life too much. Although it still uses some essential Google services, it does take out most unnecessary stuff, which you often can optionally add later in a possibly more secure form, but sometimes can't, which will cause very specific apps using these services not to function, or these features of those apps.
And if Chat Control will be implemented in Google Android, then LineageOS also offers you a way out of that, which is a huge plus of course if you ask me.
I want to use an OS that isn't loaded with spyware, so non-FOSS Android just doesn't fit the bill for me.
QFT. Lineage and Graphene are the last bastions of freedom on mobile phones. Linux phones aren't quite there yet in terms of usability, and sacrifice compatibility with thousands of great apps (including many great FOSS apps) available on Android.
for some certain models it offers updated android versions (while the company doesn't)
You might remember them by their old name, Cyanogenmod
Because aosp is basically useless on your phone - it lacks a ton of apps
If you want to escape Google's monopoly, you can use LineageOS without google apps, as opposed to the malware and spyware-ridden trash that usually comes preinstalled on your phone.
Even if you run LineageOS without Google, LineageOS still phones home to Google for DNS and captive portal checks.
https://eylenburg.github.io/android_comparison.htm
Yes, that's unfortunate. But it is "easily" patchable (and a world of difference from actually running google play services with root privileges on your phone).
That can be easily patched. If you want a full "de-google" experience, GOS is the only perfect option
Funny how the fully "de-googled" experience starts with buying a Google device.
To a normie non-tech person, buying a several hundred dollar Google phone, only to delete Google from it sounds stupid, like you've set your money on fire.
Yes, I have a Pixel with GrapheneOS.
That is going to change soon enough. GOS is working towards having their own device. It's going to take a few years at least
It makes perfect sense to use it if you even remotely care about better performance, battery life and privacy. Google ships it's bloated apps which not only tracks everything and runs on privileged mode but degrades your battery life to a great extent
You can run LineageOS on the Nintendo Switch if you want: https://wiki.lineageos.org/devices/nx/variant1/
And it's a decently recent version with more-or-less official Nvidia Tegra drivers, too. For the variety of weird-but-ubiquitous devices that have a bootloader hack, LineageOS is the route to a working smart device that anyone can pick up and use.
Somewhat related:
I could never get adb in my M1 Air (Tahoe and Sonoma too) to detect any android devices.
I have an OnePlus Nord CE 2 Lite 5G.
Same cable and everything works fine on Ubuntu and Windows machines.
The phone is not getting detected in the "System Information" either.
Tried MTP, PTP, USB Debugging, OTG everything.
Anyone faced this issue?
Your Chrome-based browser might be blocking the port that adb uses.
I'll have to do the update through my computer with ADB.
As long as it'll be the case, Lineage will never be more popular.
But thanks for the great fork. It's already enormous.
Anyone setup a Rabbit R1 with lineage?
I just want something, anything at all, for my Redmi 14C. No luck so far.
:^)
^^
> And I heard that Google stopped pushing Pixel source?
> Yes, Google has pulled back here too. Pixel kernels are now only offered as history-stripped tarballs, available privately on request, with no device trees, HALs, or configs. Thanks to projects like CalyxOS, Pixels will likely remain well supported, but they’re no longer guaranteed “day one” devices for LineageOS. Pixel devices are now effectively no easier to support than any other OEM’s devices. In short, this just makes things harder, not impossible.
These fucking bastards. How far we have fallen in ~10 years of smartphone ubiquity. I have zero hopes that this monopolising trend will ever be reversed without top-down regulation from a big bloc like the EU.
If you look at EU and its inaction over Microsoft privacy shenanigans with Win10 and 11. How it spins around Apple and cannot enforce them to fully open their mobile operating system then I sadly have little hopes they can do anything regarding Google and their recent decisions around Play store and 3rd party apps.
I wish something could be done but sadly feels like regular people have to climb mountains to protect themselves while corporations just come in by front door with lucrative deals in order to protect their status-quo
At the risk of sounding knee-jerk libertarian (though there are worse ways to sound), it seems to me that top-down, big bloc regulation is a non-trivial piece of what has gotten into this mess.
The entrenchment via regulatory capture at the baseband level, with enormous state interplay with TSMC and Qualcomm (both economic and regulatory, both publicly known and classified), makes it impossible for a seriously independent actor to enter the market, exception _maybe_ an ubercapitalist like Musk or something.
I'm much more interested to see what happens when we achieve sufficient peace that industrial complexes are no longer the primary pillar of support for chip engineering and fabrication. I suspect that this will unlock the open development, up to the kernel and beyond, that we all hope for.
You can't blame the EU for Google pulling developer support for devices or holding back security patches.
There are pros and cons to "big bloc regulation". You can go and start a phone company since so many things are standarised but the main constraint will be who you source a modem from and the lack of choice will be because of patents (see Apple vs Qualcomm).
Aren't there are a few modem vendors? MediaTek, Intel, and a bunch of Chinese players?
No? Especially since you mentioned Intel, who sold their modem business to Apple.
Care to elaborate? Intel might have been sold, but there is still Mediatek, Samsung, and the aforementioned Chinese vendors?
What would baseband usage look like in a deregulated world?
I’m skeptical, but the question is honest. Without the (quite corrupt) allotment of frequencies and broadcast radio tech by the FCC and government, I’m having trouble envisioning a future that doesn’t end up back at the bcm/qcm/etc. near-monopoly … just via market collusion rather than state orchestration. Is there a better future there that I’m missing?
Well, waiting for the eBPF backport then.. still more likely to be released than AOSP 16 QPR1 :)