I install Lineage on the phones of the elderly at local care homes and any people who are interested in prolonging the life of their old phones.
Poor people can't afford a new phone every two years.
When in your 80's you dont need or want the constant nagging of apps pestering you when all you want to do is text and call your family and friends.
I use abd to delete/disable every unnecessary useless app and leave them with just 3 apps. Text, phone and contacts. No data or wifi either. A dumb smart phone. Much better than the ageist demeaning Doro big button phones.
They are all amazed how beautifully simple the phones are and with just one or two taps they can text or call anyone.
Have you ever watched an elderly person trying to navigate the complexity of a modern smart phone.
Not so smart!
> They are all amazed how beautifully simple the phones are and with just one or two taps
Wouldn't they prefer one or even no taps?
> Have you ever watched an elderly person trying to navigate the complexity of a modern smart phone
Assuming that's a question, then "yes!" It is not at any level designed for what they want to do. The "mother of all demos" talked about children but not seniors. Ever since Engelbart, no one has cared either. Despite the boomers (with boomer cash) ageing out . . .
> Adults (moreso as we age) are scared to press things they don't understand.
I have one outlier in my family. He's old, understands less and less about tech. like while ten years ago he was still able to understand how there are multiple Windows open on his laptop belonging to multiple apps, nowadays he starts confusing minimizing and closing apps, can't tell apart wether a program is running or it's just the pinned launch-icon, uses edge, Firefox and chrome interchangably and gets confused.... But at the same time, he still wants to figure everything out himself on both laptop and smartphone which resulted in hilarious mess-ups sometimes. I don't know if it isn't worse than a child. At a certain age a child might still get scared by some of the prompts, I've seen firsthand an 8yo going "oh no this costs money, abort" in panic. I'm not so sure my relative would do that when they think they know what they're doing...
>When in your 80's you dont need or want the constant nagging of apps pestering you when all you want to do is text and call your family and friends.
I'm nowhere near 80 or retirement and I have the same sentiment. Add datamining concerns to the list. The modern smart phone can stay off my lawn. I get enough Internet here at my desk.
This. I really like the idea of a pocket supercomputer like modern smartphone hardware. But I despise the software ecosystems that apple and google have built for them, with constant surveillance, lock-in, ads, tracking, horrible UIs and centralization.
True. I like the analogy. The sad thing is that this is purely a software limitation. The hardware would be capable of so much more, it is more powerful than desktop computers of just a couple of years ago.
for the way I use computers these days, it could very easily replace my laptop with a proper monitor and docking solution (but not my tower server/gaming machine)
yeah mine was a way to build anxiety via doom scrolling and downloading time wasting games. When I'm on a laptop/desktop, I'm usually actually working or killing time, but since I don't have one with me at all times, it's much easier to limit time wastage.
When I first got my first cell phone (a Samsung Galaxy Note 10+), I found the idea of multiple pages of apps off-putting, so deleted everything which didn't seem necessary, and what couldn't be deleted moved into the various extant folders.
I've kept with this since, and hope to never need another phone (when this one dies, I'll just get a small camera, or a tablet with a rear camera).
i'm of the same mind. I set limits. I don't play games on my phone (except maybe in exceptional circumstances like on an airplane) and I don't use it for social media (only exception is facebook messenger because so many family members use it). I find when I draw fences around things like that it helps a lot to get back time from time stealing activities. I treat my phone as a tool and not as entertainment, otherwise I'd be spending all my free time doom scrolling and playing puzzle games on it. yeah I used to do that a few years back until I cataloged my hours and it was truly scary how much time was wasted.
I wish there were more incentives for people to develop accessible software experiences. Navigating the digital world is really hard for the elderly but it doesn't have to be that way. I guess this problem will eventually go away as digital native generations are all that exist, but it does feel like we've left a lot of the populace behind (and then bemoan that they don't understand us).
Apple has claimed to be at the forefront of design for decades,but their UIs look just as garbage as many others at elderly font sizes.
It would actually be nice if they shipped a small phone to get regular developers to care about constrained layouts, and then shipped a Pro Max Tab whatever that was the same proportions, but with everything scaled up.
Oh how things changed when iPhone 5 (4'') was considered normal phone and anything from 5'' up was a phablet. Now you have basic phones starting from 6''.
I had an iPhone 4 and then a 5c (same size as the 5). The 4 was usually fine, sometimes a bit cramped, but the 5c really hit the sweet spot for screen size and one-handed usability. Someday I hope someone makes a decent modern phone just like the 5c.
Exactly! I had really hoped that would catch on, but I only ever saw it on some Nokia Winphones and cheaper Androids. The glass back is one of my least favorite features of modern phones and metal isn't much better (pick your poison: shatter, dent, or scratch). The 5c was also a bit of a callback to Apple's white polycarbonate era and some of my absolute favorite Macs.
I even saw some renders of a translucent replacement back for the 5c inspired by the original fruit iMacs[1]. (Shut up and take my money!)
FWIW, Samsung used a plastic back for their basic Galaxy S21. I like it personally (less slippery than my old S7 Edge), but it seems to have been controversial among the user base, and they switched back to glass for later versions.
Thanks for the tip! I'll have to watch and see if it gets Lineage eventually as I don't really care for Samsung's software, but by the time I'm ready to replace my OnePlus it might be a contender.
THE SE 1 was damn near perfect. Great size, no camera bump, headphone jack, great battery life, fantastic all-metal build quality, fingerprint sensor...
> Apple has claimed to be at the forefront of design for decades,but their UIs look just as garbage as many others at elderly font sizes.
They also claim to be against waste and ecologically responsible, yet adopt the worst anti-consumer and anti-environment market practices they can get away with. Hell, they invented some.
The digital native generation will also age and will face challenges such as difficulty reading small text, accurately pressing keys on the screen, or executing intricate hand gestures. However, they will all have Neuralink implants, and everything will be decided for them by AI algorithms anyway.
> I use abd to delete/disable every unnecessary useless app and leave them with just 3 apps. Text, phone and contacts. No data or wifi either. A dumb smart phone. Much better than the ageist demeaning Doro big button phones.
I've used an MDM with a kiosk mode for a similar effect. I won't recommend the one I'm currently using because the kiosk launcher crashes every couple of days; still looking for one that works well, and I've tried most of the ones I could find that weren't "call us for pricing"
I don't own a phone that LineageOS supports or I'd try it.
Not everything is an ism. Doro makes phones for people with poor eyesight. Most of those people are old. Glancing at their product catalogue, it doesn't seem much different from what you're doing with Lineage OS. Not everyone will have a geeky son to make a customised Lineage phone. Doro fills a niche. Be thankful someone does.
> Not everything is an ism. Doro makes phones for people with poor eyesight. Most of those people are old. Glancing at their product catalogue, it doesn't seem much different from what you're doing with Lineage OS. Not everyone will have a geeky son to make a customised Lineage phone. Doro fills a niche. Be thankful someone does.
My father has a Doro handset. I recommended it to him based on a misunderstanding of the advertisement* and have regretted it every since.
The user interface is confusingly designed, with nested menus ten levels deep in which pressing the wrong button can just delete your message, contact etc. without waiting for confirmation. The screen is tiny and low resolution - I have 20/20 eyesight and still can't see what the status icons are supposed to be! It is so awkward to change the ring volume and unclear what mode the phone's in, that my father doesn't trust it not to ring at concerts, so leaves it at home.
All that leads me to the opinion that Doro is just predating on older users and their carers with the idea of being simple and accessible, whilst actually doing absolutely no real UX research. Yet, their 'dumbphones' approach the price of some basic smartphones which have hardware orders of magnitude more powerful.
* This was back when 2G was new, and I incorrectly assumed that it would imply some level of internet capability on any handset new enough to support it. The device in question does not have any internet support.
That looks really nice. Little things like the reversible charging plug are absolutely critical (one elderly relative has broken a considerable number of devices by forcing the USB Micro-B cables in the wrong way round - coloured stickers to mark the plugs are obligatory).
NFC tags to identify physical objects when one can't read the label are an excellent idea.
The team at WayAround have done a good job of integrating slightly-custom-for-small-premium NFC tags with their smartphone app and optional dedicated reader. Non-technical customers can buy tags designed for clothing buttons, magnets, stickers, clips and more. Techies can use generic tags + magic string.
I had a look at doro phones for my parents and all the review were bad for a quite expensive price. The best I found for older people are second hands iphones (I'm an android guy myself)
Take something as simple and necessary like Messenger or WhatsApp. Try to use it with no previous knowledge, texting, calling, turning on camera during call. All the text the UI displays, how it is worded. It's ridiculously unintuitive, not inclusive, a real barrier.
There should be law to mandate the UI of any app beyond a userbase of 100M. If you say that would severely restrict apps becoming that big, yeah that would be kind of the point.
Recently I was helping someone in my life who'd gone through a stroke (not too old or tech-unsavvy) to learn a password manager and go through various websites' password reset flows. It really forced me to confront the reality of what you described, i.e. that computing really has become an inscrutable, confusing mess where nothing makes sense and we've just come to accept it.
It used to feel like being "tech savvy" meant thinking logically as the system designers would have, but now I think it just means being conditioned through years of abuse into knowing the unwritten rules of how to skillfully outmaneuver bullshit interfaces and dark patterns.
This is one of the reasons I'm putting my hopes into passkeys. The login flow couldn't be simpler. You could even give someone a physical key snd tell them that's what they use to log in, so they can keep their logins safe like they do their house key.
You'll always need a password and some difficult second factor for your Apple/Google account, but when you've got that sorted, the rest becomes do much easier.
I kind of agree with this. Whatsapp for example, has become so incredibly big in many different parts of the world that it has become a sort of de facto standard for communication to the point where government agencies even use it to communicate information to citizens via chatbots. It feels to me like there is a need for formal standardization but how would you go about enforcing that?
My elderly parents especially have problems with buttons that need 2 steps to press them. E.g. in Whatsapp if the other party wants to start a video call, a small button will pop up that just shakes around and needs to be pulled up.
They usually don't even notice that button. And if they do, they certainly don't understand that it needs to be pulled up...
Another big issue is that buttons and input fields are often not clearly recognizable as one.
This is one of my own personal gripes with modern interfaces. Interactive widgets are often indistinguishable from non-interactive elements.
I'm only in my 40s, still very hands on in tech and I still struggle with some applications. It's gotten to the point where I now loathe most web-based and mobile applications.
I don’t see why people get so shocked about this proposal.
There are laws to force architects to make their buildings accessible to people with disabilities, so I don’t see why it would be shocking to force companies that generate revenues from apps with a certain amount of user base to make their apps accessible.
What is this plethora of options people have for banking, paying rent, getting documents from their doctor... And this isn't just an issue with phone apps either.
When I visit my bank account online I'm met with full page advertisements for other services from the bank and I have to hunt around to find the tiny gray 'No thanks' text before I can even get to my accounts. And from there, I'm met with constantly changing UI patterns and abstract hieroglyphic icons instead of plain text like it should be.
> What is this plethora of options people have for banking, paying rent, getting documents from their doctor... And this isn't just an issue with phone apps either.
There are a lot of ways to pay bills. You named one that you happen not to like.
Care to explain further why there should be zero regulations on the UX of monopoly applications used by ~15%+ of world population? Good luck on trying to avoid the 3 top messaging applications in today's world. How is this different from regulating content moderation?
It's like telling a wheelchair user to just use another station or form of transport. If you have global reach, you have global responsibilites. And the end goal wouldn't even be regulated apps - it should simply be too complex to create apps with such a reach. Forcing open protocols instead of proprietary gardens. This is what the messaging interoperability of EU's DMA act is also supporting.
> Care to explain further why there should be zero regulations on the UX of monopoly applications used by ~15%+ of world population?
Because there isn't a monopoly on chat apps. What you're asking for sounds like rules for the sake of more rules. I can think of more than half a dozen chat apps offhand: Signal Messenger, Whatsapp iMessage, all manner of IRC clients, Slack, Teams, stock SMS, Discord, Matrix/Element, Telegram, Session, and so on and so on.
We're not talking web search here, the market for chats is diverse and competitive. You got walled gardens, open source, and everything in between with a bunch of different UI's.
Out of your examples there is like 3 over 100m MAU all other are negligible. Try to tell your peers you prefer "all manner of IRC clients". But regardless, don't you think an app used by 100m+ people should be regulated in this way? Can elderly or disabled persons choose what messenger they want to use to connect to most people? And don't tell "AI will solve it", the industry will not want these interfaces to be simple, they want to maximise profits. Black patterns should be discouraged.
Yes, they can choose one of hundreds of text messaging apps. If not someone can help them. If your bar for a product is that a disabled person has to be able to use it easily, no exceptions, then you are going to destroy a lot of products, from mountain bikes to headphones to pepper grinders.
There is some level of a fix to this: which is to have an option that turns icons into their alt text. The camera icon becomes the word "camera", to flip the camera becomes the word "flip", the call icon becomes the word "call" and so on.
It's low effort to implement: just add the appropriate tags if they're not there, throw some i18n at it, then test it on different screen sizes.
This can probably happen on the OS level with some design guidelines.
Can LineageOS do major upgrades without needing support? (so once it's installed you never need to reinstall, and you can keep it safely up-to-date forever by clicking a button every so often - like Silverblue)
No. Not even Google Pixel can promise error-free major upgrade jumps e.g from Android 12 to 13.
But on LineageOS you can update through all the updates for the major Android version (mostly ASB fixes and some new features here and there) by clicking a button from the Updater menu, courtesy of Android's A-B dynamic partitioning update system.
Has anyone here looked at the security of Lineage? I know it's a rebrand/fork of Cyanogen, but I don't actually know much about it as a project.
It seems to be the only image that works with Waydroid (the Android environment for Linux tablets), but I am not super comfortable entering my passwords into a project I don't know much about.
If you are concerned with security, you might be interested in GrapheneOS. It has some nice added security features, but only works with Pixel phones.
This article has some good info about the security of LineageOS, although the biggest complaint comes from the physical security implications of unlocking the bootloader.
I think you'll be fine for that purpose, it's a large reputable open source project. It's not impossible that someone has sneaked in a bug or exploit, but I don't think any overt attempts would make it in. Similar to Linux or other large open source projects.
LineageOS prioritizes device compatibility and maintainability over security. I do not think this is a good tradeoff to make as normal people don't care about such security until it is too late.
... and where users are going to use it to do EVERYTHING in their daily digital lives, from doing financial transactions and accessing work email, to playing data-exfiltrating "free" games and surfing porn. And where the only actually viable location for backing up the data stored on it is some Big Tech conglomerate's cloud.
Surely having some vulnerabilities patched is better than having none patched. I don't think the crowd running Lineage is doing so in lieu of the latest iPhone.
Lineage is more about convenience and longevity rather than security and privacy. As another commenter said, Graphene is most suitable for this task if it's a major concern.
Take a random device like Google Pixel [1] it runs on a 4.4 kernel, long outdated and no longer maintained by Google. You can explore the code [2] however you are not going to be getting critical security updates (such as those issued by Qualcommm or any closed source blobs/firmware etc, and those released as per the pixel/android security bulletins).
Lineage is more about 'hacking' a kernel and making it work with the latest AOSP when the official software support ends. It's more vulnerable to exploits than a continuously supported device (although even devices that are 'in support' by the OEMs can often be depressingly behind things like patches etc).
Google is trying to fix this within the ecosystem (GKI, Apex etc) but at least as far as custom ROMs go...yeah, don't store state secrets on such a device ;)
> Lineage is more about convenience and longevity rather than security and privacy. As another commenter said, Graphene is most suitable for this task if it's a major concern.
Are there devices which graphene supports which aren't fully patched on lineage? AFAIK graphene is just outright not supporting devices without current kernel updates, while lineage does best effort on the long tail, meaning that on the same device they'll have the same kernel.
I am pretty hard on phones. Been using lineage for years now on google pixel unlocked phones. 5a and now 6a. I have found both to have some real durability problems. Are there any good alternatives that are unlocked to use with lineage?
I got a OnePlus 9 for this exact purpose and it was good, but not without issues. Same thing as what people said back in the early Linux days - buy what the developers have. Custom Android OS developers overwhelmingly focus on the Pixel, and the hardware is decent enough, so that's what there's an ecosystem for.
That OnePlus 9 had some weird issues that eventually got resolved but it took a while. Important to differentiate between an OS that builds for a phone and one that actually works for a phone, but there's not usually a ton of reviews for the latter.
It is a more serious project than LineageOS in the sense that they take security very seriously and they take their development more professionally too. There are no disadvantages to using GrapheneOS compared to LineageOS.
Note that this comparison is not entirely correct. For instance, LineageOS supports network-based location with UnifiedNlp. Android Auto works fine if you install GApps.
Second this. The focus on security from GrapheneOS is a breath of fresh air compared to the (historically) questionable conventions in most of the third-party Android distribution ecosystem.
As an example, Graphene even recommends not using Firefox [0]. I actually still do, but I understand their rationale and it's very well presented. The way they explain such things in clear English is very helpful and hopefully indicative of a similar amount of consideration being made elsewhere in the project.
As already mentioned, OnePlus is the usual alternative.
If you want it cheaper, I also have good experiences with Motorola phones. Unlocking requires you to register, but you can use a throwaway mail account and it has worked for me so far many times. Just make sure the device is officially supported by Lineage, I have very mixed experiences with unofficial ports.
Stay clear of anything from Xiaomi. Unlocking is a nightmare and you have to wait weeks to get your unlock code.
After OPPO/OnePlus merger, things went downhill really fast. IIRC, OPPO did something that ended up alienating some parts of Lineage/ROM developer community in general and the work on supporting newer devices was postponed until couple months ago; also, they've patched up the bootloader relock possibility [0] which was likely good for security considering it was based on some exploit.
I agree regarding Xiaomi. But they are quite cheap devices. Like $300 can get you a pretty decent phone. It's just a 7 day waiting time period and you need a Xiaomi account logged in on the phone for those 7 days. I won't say it's the end of the world.
I can only say that I did it with two phones, and every time it was a hassle. On your phone, you need to login with this "Mi account" and grant pretty much every permission there is. Then you need a Windows PC and install a dubious application, connect your mobile and then hope it works, which it might not (happened to me), in which case go to Reddit and find a download link to some older version that still works (it did).
First time I needed to wait 2 weeks. Second time, I made the mistake of using the same Mi account and had to wait 4 weeks, because I did not know each time you unlock something your waiting time doubles. If your phone for whatever reason looses the Mi account connection, everything gets reset and you start from scratch.
It's not the end of the world, but 300$ will also give you a pretty decent Motorola Moto G phone, which are way easier to unlock (all you need is a mail address, and you'll get your unlock code instantly).
I recently upgraded from a used beryllium (Poco F1) with a dying battery to a used, but pristine dubai (Edge 30) and have been very happy with that choice.
At least for Qualcomm-based phones, make sure to have the phone's stock ROM provision IP Multimedia Services (IMS) with your MNO/ISP, so that (you increase your chances that) VoLTE/VoWIFI will work also with LineageOS.
I'm not super familiar with LineageOS' funding model as a FOSS project, but I hope the community will be able to sustainably fund-raise into the future. I've been a member of their Patreon[0] for a couple of years now, I don't know much about where that money goes but I hope it helps defray the costs of development in one way or another. LineageOS is a very important thing to keep alive!
Most of the banking or payment applications baulk at getting a whiff of Lineage. You are then forced to play a cat and mouse game which is quite stressful. It is sad that ROM customisation (and rooting) is stigmatised in the Android world.
Around here using an app for two factor is widely a default. Even the government requires it for their services. It's a practical requirement, just like how a back account itself is.
What app? A standard app like Google Authenticator?
If so you can get a Yubikey and use Yubikey authenticator on a LineageOS device and it will work fine with all of those services. It follows the same standard as Google Authenticator and is a drop-in replacement.
MitID in Denmark, and many across Europe for government and/or banking.
I will install LineageOS once I need apps that my old phone no longer supports. I ordered the MitID backup key generator in case their app doesn't work, but I'd prefer not to need to carry it.
You inspired me to be slightly less lazy. In case anyone finds this, it seems like you can get BankID to work[1], at least according to comments from three years ago. Who knows if that still works or is sustainable though.
The "funny" thing is that the underlying algorithm is often still TOTP. What the banks do not like is the standard QR-code based mechanism of key distribution and the possibility to export the key.
I haven't found any apps that aren't fooled by Magisk+Zygisk, and I've got hundreds installed, including dozens of banking and finance apps. The thing that really screws me up are ad blockers. The app doesn't work, and I assume it's detecting the unlocked phone, but then realize my ad blocker is preventing certain network calls.
True, but of course Magisk is not part of LineageOS and is yet another part of the system you need to take care of (for instance, you usually need to remember to uninstall/re-install it before/after every OTA update).
Yeah it's a cat and mouse. I don't know about newer devices with HW attestation, but on older devices Magisk+Zygisk fixes many things but some apps still detect root. Then you add special widgets to block those, with the risk of breaking something. Funnily, all my bank apps, netflix/prime/disney streaming, everything works. Except recently my local supermarket loyalty app detected my root and refuses to work for "my security", have not dug into that yet, don't know if I have the motivation to... I just started using the physical card again at the store.
Installed lineageos on Mi A1 few months ago as some apps stopped offering android 9 support, this is one of the few phones that do not report unlocked bootloader to safety net so it works with banking apps too. For my surprise, the lineageos is much snappier and battery life is longer, so it's win-win. Be warned though, Google's own Android backup system is completely useless, so make sure you export your important data to actual location where you can access it like hard drive, learned this the hard way when I had to manually contact support of various places to reset my 2FA. Now I backup everything with syncthing.
I don't understand why banking apps don't work with root/ROMs. In my country, if your phone is rooted or you have a custom ROM installed, banking apps just warn you about it, saying "Your phone is rooted, if you don't know what it means your safety could be compromised", allowing you to disable further warnings.
During the late 90s, Turkish banks had to invest quite heavily on their IT infrastructure after new regulations. All that investment paid off in my opinion, as we can enjoy very high quality mobile and online banking.
Having a young population is also a big incentive for banks and government to invest in relatively newer tech.
Just like in Poland. And it’s also the reason why Poland and Turkey were top 2 countries for many years in contactless payments adoption. We were using it en masse as early as 2010-11.
Which country is that, if you don't mind me asking? My experiences have been either a) cancelling my account with no notice due to a policy change (Revolut); b) no cares whatsoever (Monzo, a UK digital bank, TSB, a UK traditional bank, or Danske Bank, a Danish traditional bank) or c) a national identity system (MITiD, a Danish single sign on) blacklisting my account instantly and requiring a single, fragile, loseable, unbackupable hardware dongle after much grilling from a local official.
I'm using lineage on a OnePlus 5. It's old but works perfectly!
The other angle to this is that going increasingly web/app based lets them shut down local branches. For my city the last permanent branch is closing soon so should I be locked out of an app the alternative would be the website which last I checked was designed for desktop browsing, or in-person service is a 6 mile journey to a 'mobile branch' available for 45 minutes a week.
I'm currently using an old PixelExperience build which takes some efforts to hide it's unlocked/custom rom status (right now it passes basic but not strong attestation). What I really wonder about is while we don't have the software environment that the OS isn't tightly coupled to the handset (i.e. generic system images) where the optimums are for security if someone doesn't regularly upgrade phones to maintain support from the original manufacturer. The most recent official android for my phone is 8, I'm running 9, so that's at least 5 and a half years old.
From a glance at XDA there's a collection of 11-14, however that brings up another issue of being able to establish trust in whoever is building your OS. Is an individual volunteer graciously building the latest version producing a recent version better than an older build from an established organization like lineage, or better than the ancient official build. Would my phone be seen as more secure by restoring older software and relocking.
There's a number of factors in balance here I'd love to hear views on from someone involved in consumer bank app security, as much as they're able.
Still more secure than using a browser on Windows, I guess. If that's acceptable, an outdated version or a custom ROM should be even more acceptable. Devs can also selectively disable features that they might deem too insecure.
I guess they want to avoid possibility of such user reading the apps memory which would be possible. Or protect a clueless user from themselves if their phone is infected with malware etc.. (Though here I agree, "I know what I'm doing" popup would be better)
That explains why I had no problems running banking apps on my A2 Lite with Android 13 (with the ROM "Derpfest" since LineageOS had problems installing).
I admire how much bloat free it is. Have it on my both phones. But to me it is what I have if I can't have what I want to have. And I want to have straight forward linux on my phone. No termux hacks and other imitations, etc. Period.
Lineage is as much standard android experience as you can get after market without any gaming/styling mods. If google was series about AOSP and sustainability they should embrace lineage and at least give a non-rooted lineage with a relocked bootloader on pixel phones a safety-net pass. Lineage has been very careful to not piss off google by not including microg or alternative webview signatures or means to circumvent device attestation. This love is not returned. If supported it would be a way also for other manufacturers to give their devices extended lifetime support (and allow bootloader relocking with lineage). Without safety net, people cannot use it for e.g. banking if they do not want to get into the cat and mouse game of magisk or trust shady indian enthusiast custom builds (like me because I am currently lazy/busy).
(I am writing this on a Redmi note 10 with lineage 21)
I never understood the banking app thing. I can use my banks website to manage my finances, using my built-from-source Gentoo Linux computer. Why must a phone then be totally locked down?
I came to my bank to discuss a mortgage and I saw them log into their environment. A nice Windows environment with bright blue title bars and big red X buttons. In other words, Windows XP for which even the long term extended support has long since passed.
I recently gave up with the cat and mouse game trying to keep my banking apps working and defected to an iPhone. If I'm going to be locked down, Apple does it better. Sorry, Google, your main advantage to me over Apple was flexibility. Of course, now I have to deal with the completely locked down App Store, which is a diseased pit of useless subscription and ad riddled apps. I do miss f-droid. Why is my only real choice between two platforms that are actively antagonistic toward me?
DivestOS is a slightly modified Lineage version that officially supports relocking on some phones (in contrast with Lineage, which I think can be relocked but explicitly tells users not to do that). It also has sandboxed implementations of both official Google services — ported from Graphene, I think – and microG.
I'm using it with microG, bootloader relocked, and it seems to pass SafetyNet this way – at least the apps that didn't work on Lineage seem to work here. (I haven't yet tried Google Pay, though – I think it will require proper GApps.)
Edit: by the way, banks requiring hardware attestation is probably a U.S. thing – in the EU and ex-USSR countries banks seem to not care about that at all (although some don't like it when you root your phone).
Yeah US companies are weirdly strict on this. The McDonalds app won't even work if installed through the Aurora store, it has a custom screen that says it won't work if it wasn't installed through the play store :D Ridiculous. It doesn't even handle payments here in Europe, you still have to pay at the kiosk.
Oh yeah you're right! McDonalds and Revolut are the only two apps that don't work on my phone no matter what I try. (Those and the phone-as-a-card-terminal apps, but that's totally reasonable.)
They set the vbmeta header flags field to 0x3, which effectively turns off all of AVB (Android Verified Boot). I'm guessing they do this because they want to allow the system partition to be writable (eg. for folks who flash additional things on top of LineageOS).
With unmodified LineageOS, if you configured the bootloader to use LineageOS' public key and relocked it, there would be no security benefit. To enable AVB's signature checks, the flags field needs to be set to 0, which requires re-signing LineageOS with your own key.
> Lineage has been very careful to not piss off google by not including microg or alternative webview signatures or means to circumvent device attestation. This love is not returned.
I wish they weren't so pedantic about that. At the moment if you even mention microg in the lineage channel you get insta-banned.
As you say their hard stance is not doing them any good with Google anyway, they're ignored either way. And MicroG is a really good solution which can replace google services like cell-based location with much more privacy-sensitive alternatives. They even implemented the corona bluetooth protocol during the pandemic! The only place it uses google's services is for push notifications, necessary because most app server infrastructure doesn't have the ability to communicate with anything else. But it does so in the most privacy-sensitive way possible.
Definitely not everything works with microG, it kinda depends on your daily usage, for me, I have 3 banking apps working by installing additional modules to have the security checks bypassed(FYI, not all these kind of app uses SafetyNet or Play Integrity), but some apps from government doesn't work so I had to give up on those, other than that it's been a pretty nice experience since about 6 years ago.
Lineage is pretty good (minimal without any bloatware), especially for increasing the device's life. But if you are looking for a secure OS, look no further than GrapheneOS
Happy user of LineageOS. Unfortunately I need a few apps that look for Play Store like Whatsapp, so I'm using LineageOS+ MicroG. Have been using an old Moto G7 for years and it has still been faster than most Samsung phones. Thinking of upgrading but I'm gonna wait until the phone physically breaks down which might still be a few years away.
If you plan on installing Lineage, I strongly recommend buying Motorola phones that can be rooted very easily.
I wanna add Xiaomi, however with the caveat that I like neither bootloader unlock procedure. Xiaomi wants to install their software on the host (I recommend a VM), you need a SIM installed, and you have to wait 7 or 14 days for the unlock to work (on MIUI at least, Android One does not have that). On Motorola you have to connect to the internet for 3 days at least and you may not interrupt it otherwise it resets (I heard 7 days max, but not sure if it resets indefinitely). You need an account on both of them btw.
The best experience is probably with Google and maybe OnePlus, but I did not have any myself recently.
You need an account for Motorola bootloader unlock, but at least a few years ago they used to email the unlock key instantly. It could have changed since, but if you see the supported devices, there are far more in Motorola compared to other OEMs.
mtkclient [0] would let you skip the whole 7/14 days thing (also: unrestricted partition dumping/flashing). Though there are chances of ending up with soft/hard brick (normally possible to revert back to working state as long as you have backups), and there may be no support for your specific chipset/device/software revision at all.
I went through a lot of trouble unlocking an old Xiaomi. mtkclient bypass methods do not work as a for all Xiaomi (or at least did not for my device). Thread: https://github.com/bkerler/mtkclient/issues/110
reading the sibling comments... the current state of smartphone software is absolutely disgusting. Great were the days of the PC, where you could just install any OS, could make and restore backups of the whole disk. With smartphones now you have to beg the manufacturer of a device you paid money for just to maybe be allowed to install a different OS. It is sad that so many people supported this shit in the past and still do.
I've found that many applications work without Play serices or simply complain but work. Whatsapp even offers an .apk for Download with a self Updater and everything else can be installed with "AuroraStore" (third party play store client).
Are you sure WA needs the play store? I use Android but with most apps disabled - no browser, no Play store, no Google services, all the Samsung crap disabled, and so on. When I need to install an app, I enable the Play store, install it, then disable the store again (using ADB). I also do a monthly update of all the apps.
WA works fine. Messenger works fine, Spotify etc., they all work. The only app I've found so far that doesn't work - logs me out five minutes after disabling the Play store - is the ChatGPT app.
Aside: my phone is so much better for my mental health since I've done this. The constant desire to research things is quieted. Now, if I really need to look something up I open TickTick and set a reminder to do it later on my laptop.
Icm not too certain on the details, but Google uses a framework separate from the play store itself to provide certain APIs. It's this part that microg replaces.
Lineage (as I known it as CyanogenMod) saved a lot of old phones for my family instead of going to dumpster. I have a Samsung tablet that has no way of getting latest certificates to go into internet.
I find their supported devices list is quite small, considering, so did your family have devices on that list, or did you experiment by flashing other hardware?
Happy user as well. I use it on a broken (no speaker, no loudspeaker) Pixel 4a salvaged into a walkman for when I am biking or at the gym. The experience is so seamless and smooth that I am considering switching my main 6a as well.
Been happily running lineageos for a couple of years now. No microg and no play store. F-droid for the apps. Interestingly, meta make WhatsApp available via a direct apk download, which helps a lot because before that I was using a play store downloader (the family is on WhatsApp). I use a per-app password to access gmail over IMAP in Kmail. Battery life is amazing, and I think I had one crash in 2 years. Thanks a lot to the lineageos team for all hard work!
Although I never had enough money as a student to get Pixel devices, I made sure to get devices with an unlockable bootloader. Xiaomi devices have been quite a good choice if you're in the market for cheaper devices with an unlockable bootloader. I cycled through Lineage OS, Pixel Experience, and Project Elixir, and I am currently using CrDroid on my 2019 phone. Still works like charm. I'm surprised at how bloatware-free the devices can be. Just flash core Gapps to get the bare minimum of Google Play Services working for apps that need GPS and push notifications. The battery backup has also been quite amazing as compared to the default MiUI ROM.
I do sympathize with other posters with their experience of Safety Net and Device Integrity checks forcing them to not use banking and payments apps, but going through XDA or Telegram clears up this confusion of which ROM passes these checks OOB without any fiddling.
I've decided that I won't play this custom ROM security nightmare game anymore and will get any Pixel device with GrapheneOS in the future. Often, it's just one guy developing each ROM for each device.
Dear LineageOS and other third party Android OS users (including waydroid),
Google wages a war against us using 3rd party apps as a proxy. They are pretending that Play Integrity API (previously SafetyNet) protects the user, and recommend it to app developers.
What can you do against this? Before trying anything to circumvent PlayIntegrityAPI/SafetyNet, start by opening a ticket (sending a mail, adding a comment on play store, whatever) to the app maker that your using, and tell them you use a more secure OS than the one provided by your manufacturer, and that their use of Play Integrity API reduces your personal security. If even 10% of 1.5M LineageOS users open tickets, that should be enough to actually get back to a manager of said app that will actually decide what to do with it.
As some small proofs that Play Integrity API IS NOT about security, but about enforcing Google/OEM monopoly on the device you own:
- Play Integrity API didn't care about permissive SELinux for a very long time (even though that's trivial and non privacy-invasive to test), I don't know whether it's still the case.
- To this day, it is still trivial for an attacker to bypass Play Integrity API. It has became annoying for the community who would rather do useful stuff. A full-time attacker just need to spend their day scouting for approved firmwares and re-use them
- I can extract the "key attestation" certificate (""ultimate level"" of Play Integrity API) of a Google-made device (a quite recent device, it has been upgraded up to Android 13), because real security is hard, and this key is still valid. Of course most other OEMs are worse in that regard, so if it's doable for Google-made devices, imagine what an attacker can do to simply target the weakest OEM. (hint: they simply publish those certificates over the internet)
tl;dr they spent all their headcount on enforcing that the firmware the user is using is the google/oem one, and none on enforcing the security of the firmware.
> A full-time attacker just need to spend their day scouting for approved firmwares and re-use them
What do you mean by that? The secure boot chain (all the way from the boot ROM) must not be broken for "hardware-backed" Play Integrity to pass. How could you reuse firmware with that in mind?
Play Integrity API passes enough for most apps, including Google Pay (the only known exception is Mc Donalds) by simply reusing the "fingerprint" of another device (the "fingerprint" is basically just a version number, except it's globally unique not just model-unique). In those cases, if the system says "sorry I don't know how to do the secure boot chain verification" rather than "the secure boot chain says it is an un-certified firmware", Play Integrity API will say all is good.
There's almost no reason to not install it after 3 years. I haven't tried banking apps but everything else works at least as good as with stock Android. In fact some apps even got tweaked, e.g. the Timer has more config options and battery life doubles. (With a Pixel of course GrapheneOS is another option)
I love the project. My current phone is a Galaxy S9, with /e/OS 1.15, which corresponds to Android 10, which is LineageOS 17.1 I believe. I link it with my Nextcloud on my home server, and it's generally a good time. I always smirk smugly when my colleagues complain about things like advertisements in their stock Gallery app.
Alternative ROMs immensely prolong the effective life of Android devices. Not only you get newer features, but my two recent phones both got noticeably more responsive and snappy when upgraded.
The only problem is that the process of installing an alternative OS on a phone is very technical -- much more than installing Linux on a PC, and even that is too much for most users.
I've bricked a couple of older phones due to very minor hardware version differences meaning fatal software results.
I'm always scared of messing up the delicate process of custom recovery installation, custom ROM installation and rooting. Some of the hardware variations are essentially unknowable outside of seeing if it works or if it's bricked.
Having said that, there are four functioning LineageOS phones in my household.
I've used LOS in the past and loved it, but in recent times with all the cars now supporting Apple and Google, it's that much harder to make the switch. It feels as if we need a dedicated "cheap" phone (obviously talking G here) just for the car to have navigation work? I've de-Googled everything recently, but this is the last thing, which seems to be unavoidable?
183 comments
[ 3.0 ms ] story [ 191 ms ] threadPoor people can't afford a new phone every two years.
When in your 80's you dont need or want the constant nagging of apps pestering you when all you want to do is text and call your family and friends.
I use abd to delete/disable every unnecessary useless app and leave them with just 3 apps. Text, phone and contacts. No data or wifi either. A dumb smart phone. Much better than the ageist demeaning Doro big button phones.
They are all amazed how beautifully simple the phones are and with just one or two taps they can text or call anyone.
Have you ever watched an elderly person trying to navigate the complexity of a modern smart phone. Not so smart!
Wouldn't they prefer one or even no taps?
> Have you ever watched an elderly person trying to navigate the complexity of a modern smart phone
Assuming that's a question, then "yes!" It is not at any level designed for what they want to do. The "mother of all demos" talked about children but not seniors. Ever since Engelbart, no one has cared either. Despite the boomers (with boomer cash) ageing out . . .
Children will press things until they figure it out. Adults (moreso as we age) are scared to press things they don't understand.
I have one outlier in my family. He's old, understands less and less about tech. like while ten years ago he was still able to understand how there are multiple Windows open on his laptop belonging to multiple apps, nowadays he starts confusing minimizing and closing apps, can't tell apart wether a program is running or it's just the pinned launch-icon, uses edge, Firefox and chrome interchangably and gets confused.... But at the same time, he still wants to figure everything out himself on both laptop and smartphone which resulted in hilarious mess-ups sometimes. I don't know if it isn't worse than a child. At a certain age a child might still get scared by some of the prompts, I've seen firsthand an 8yo going "oh no this costs money, abort" in panic. I'm not so sure my relative would do that when they think they know what they're doing...
I'm nowhere near 80 or retirement and I have the same sentiment. Add datamining concerns to the list. The modern smart phone can stay off my lawn. I get enough Internet here at my desk.
I think you have the relationship reversed. Supercomputers are closer to Super Nintendos than smartphones.
I've kept with this since, and hope to never need another phone (when this one dies, I'll just get a small camera, or a tablet with a rear camera).
It would actually be nice if they shipped a small phone to get regular developers to care about constrained layouts, and then shipped a Pro Max Tab whatever that was the same proportions, but with everything scaled up.
I even saw some renders of a translucent replacement back for the 5c inspired by the original fruit iMacs[1]. (Shut up and take my money!)
1: https://9to5mac.com/2013/04/03/concept-imagines-low-cost-iph...
They also claim to be against waste and ecologically responsible, yet adopt the worst anti-consumer and anti-environment market practices they can get away with. Hell, they invented some.
Punishment should be being forced to be blindfolded in public for 3 months and should be levied on all senior executives.
I've used an MDM with a kiosk mode for a similar effect. I won't recommend the one I'm currently using because the kiosk launcher crashes every couple of days; still looking for one that works well, and I've tried most of the ones I could find that weren't "call us for pricing"
I don't own a phone that LineageOS supports or I'd try it.
Not everything is an ism. Doro makes phones for people with poor eyesight. Most of those people are old. Glancing at their product catalogue, it doesn't seem much different from what you're doing with Lineage OS. Not everyone will have a geeky son to make a customised Lineage phone. Doro fills a niche. Be thankful someone does.
My father has a Doro handset. I recommended it to him based on a misunderstanding of the advertisement* and have regretted it every since.
The user interface is confusingly designed, with nested menus ten levels deep in which pressing the wrong button can just delete your message, contact etc. without waiting for confirmation. The screen is tiny and low resolution - I have 20/20 eyesight and still can't see what the status icons are supposed to be! It is so awkward to change the ring volume and unclear what mode the phone's in, that my father doesn't trust it not to ring at concerts, so leaves it at home.
All that leads me to the opinion that Doro is just predating on older users and their carers with the idea of being simple and accessible, whilst actually doing absolutely no real UX research. Yet, their 'dumbphones' approach the price of some basic smartphones which have hardware orders of magnitude more powerful.
* This was back when 2G was new, and I incorrectly assumed that it would imply some level of internet capability on any handset new enough to support it. The device in question does not have any internet support.
NFC tags to identify physical objects when one can't read the label are an excellent idea.
https://www.wayaround.com (custom) and https://gototags.com (generic).
There should be law to mandate the UI of any app beyond a userbase of 100M. If you say that would severely restrict apps becoming that big, yeah that would be kind of the point.
It used to feel like being "tech savvy" meant thinking logically as the system designers would have, but now I think it just means being conditioned through years of abuse into knowing the unwritten rules of how to skillfully outmaneuver bullshit interfaces and dark patterns.
I hate how accurate this is, especially on mobile
You'll always need a password and some difficult second factor for your Apple/Google account, but when you've got that sorted, the rest becomes do much easier.
They usually don't even notice that button. And if they do, they certainly don't understand that it needs to be pulled up...
Another big issue is that buttons and input fields are often not clearly recognizable as one.
I'm only in my 40s, still very hands on in tech and I still struggle with some applications. It's gotten to the point where I now loathe most web-based and mobile applications.
No thank you.
There are laws to force architects to make their buildings accessible to people with disabilities, so I don’t see why it would be shocking to force companies that generate revenues from apps with a certain amount of user base to make their apps accessible.
Gross. No thanks.
If you don't like the UI of an app, just use something else for cryin' out loud.
When I visit my bank account online I'm met with full page advertisements for other services from the bank and I have to hunt around to find the tiny gray 'No thanks' text before I can even get to my accounts. And from there, I'm met with constantly changing UI patterns and abstract hieroglyphic icons instead of plain text like it should be.
There are a lot of ways to pay bills. You named one that you happen not to like.
It's like telling a wheelchair user to just use another station or form of transport. If you have global reach, you have global responsibilites. And the end goal wouldn't even be regulated apps - it should simply be too complex to create apps with such a reach. Forcing open protocols instead of proprietary gardens. This is what the messaging interoperability of EU's DMA act is also supporting.
Because there isn't a monopoly on chat apps. What you're asking for sounds like rules for the sake of more rules. I can think of more than half a dozen chat apps offhand: Signal Messenger, Whatsapp iMessage, all manner of IRC clients, Slack, Teams, stock SMS, Discord, Matrix/Element, Telegram, Session, and so on and so on.
We're not talking web search here, the market for chats is diverse and competitive. You got walled gardens, open source, and everything in between with a bunch of different UI's.
It's low effort to implement: just add the appropriate tags if they're not there, throw some i18n at it, then test it on different screen sizes.
This can probably happen on the OS level with some design guidelines.
But on LineageOS you can update through all the updates for the major Android version (mostly ASB fixes and some new features here and there) by clicking a button from the Updater menu, courtesy of Android's A-B dynamic partitioning update system.
https://github.com/LineageOS/android_packages_apps_Seedvault
We got lots of time on our hands.
It seems to be the only image that works with Waydroid (the Android environment for Linux tablets), but I am not super comfortable entering my passwords into a project I don't know much about.
This article has some good info about the security of LineageOS, although the biggest complaint comes from the physical security implications of unlocking the bootloader.
https://madaidans-insecurities.github.io/android.html
Since it's running in an emulator, I'm less concerned about bootloader and adb. More concerned about keyloggers, malware, etc.
A device you are most likely to lose, break or get stolen by virtue of being outside of your home for much of the day.
I agree it's pretty crazy.
Take a random device like Google Pixel [1] it runs on a 4.4 kernel, long outdated and no longer maintained by Google. You can explore the code [2] however you are not going to be getting critical security updates (such as those issued by Qualcommm or any closed source blobs/firmware etc, and those released as per the pixel/android security bulletins).
Lineage is more about 'hacking' a kernel and making it work with the latest AOSP when the official software support ends. It's more vulnerable to exploits than a continuously supported device (although even devices that are 'in support' by the OEMs can often be depressingly behind things like patches etc).
Google is trying to fix this within the ecosystem (GKI, Apex etc) but at least as far as custom ROMs go...yeah, don't store state secrets on such a device ;)
[1]: https://wiki.lineageos.org/devices/sailfish/
[2]: https://github.com/LineageOS/android_kernel_google_marlin
Are there devices which graphene supports which aren't fully patched on lineage? AFAIK graphene is just outright not supporting devices without current kernel updates, while lineage does best effort on the long tail, meaning that on the same device they'll have the same kernel.
That OnePlus 9 had some weird issues that eventually got resolved but it took a while. Important to differentiate between an OS that builds for a phone and one that actually works for a phone, but there's not usually a ton of reviews for the latter.
Try a Pixel 5, 6, or 7.
It is a more serious project than LineageOS in the sense that they take security very seriously and they take their development more professionally too. There are no disadvantages to using GrapheneOS compared to LineageOS.
You can see a comparison here: https://eylenburg.github.io/android_comparison.htm
Do you have a current guide for installing it?
As an example, Graphene even recommends not using Firefox [0]. I actually still do, but I understand their rationale and it's very well presented. The way they explain such things in clear English is very helpful and hopefully indicative of a similar amount of consideration being made elsewhere in the project.
[0] https://grapheneos.org/usage#web-browsing
If you want it cheaper, I also have good experiences with Motorola phones. Unlocking requires you to register, but you can use a throwaway mail account and it has worked for me so far many times. Just make sure the device is officially supported by Lineage, I have very mixed experiences with unofficial ports.
Stay clear of anything from Xiaomi. Unlocking is a nightmare and you have to wait weeks to get your unlock code.
0. https://calyxos.org/news/2022/07/06/oneplus-android-12-reloc...
First time I needed to wait 2 weeks. Second time, I made the mistake of using the same Mi account and had to wait 4 weeks, because I did not know each time you unlock something your waiting time doubles. If your phone for whatever reason looses the Mi account connection, everything gets reset and you start from scratch.
It's not the end of the world, but 300$ will also give you a pretty decent Motorola Moto G phone, which are way easier to unlock (all you need is a mail address, and you'll get your unlock code instantly).
I recently upgraded from a used beryllium (Poco F1) with a dying battery to a used, but pristine dubai (Edge 30) and have been very happy with that choice.
At least for Qualcomm-based phones, make sure to have the phone's stock ROM provision IP Multimedia Services (IMS) with your MNO/ISP, so that (you increase your chances that) VoLTE/VoWIFI will work also with LineageOS.
[0] https://www.patreon.com/lineageos
Most of the banking or payment applications baulk at getting a whiff of Lineage. You are then forced to play a cat and mouse game which is quite stressful. It is sad that ROM customisation (and rooting) is stigmatised in the Android world.
Or use the web version instead of the app.
If so you can get a Yubikey and use Yubikey authenticator on a LineageOS device and it will work fine with all of those services. It follows the same standard as Google Authenticator and is a drop-in replacement.
I will install LineageOS once I need apps that my old phone no longer supports. I ordered the MitID backup key generator in case their app doesn't work, but I'd prefer not to need to carry it.
1. https://www.reddit.com/r/sweden/comments/ocd6v0/bankid_med_l...
Anyway I use Microg and don't have any google services on my phone so it's worth it.
Having a young population is also a big incentive for banks and government to invest in relatively newer tech.
I'm using lineage on a OnePlus 5. It's old but works perfectly!
I'm currently using an old PixelExperience build which takes some efforts to hide it's unlocked/custom rom status (right now it passes basic but not strong attestation). What I really wonder about is while we don't have the software environment that the OS isn't tightly coupled to the handset (i.e. generic system images) where the optimums are for security if someone doesn't regularly upgrade phones to maintain support from the original manufacturer. The most recent official android for my phone is 8, I'm running 9, so that's at least 5 and a half years old.
From a glance at XDA there's a collection of 11-14, however that brings up another issue of being able to establish trust in whoever is building your OS. Is an individual volunteer graciously building the latest version producing a recent version better than an older build from an established organization like lineage, or better than the ancient official build. Would my phone be seen as more secure by restoring older software and relocking.
There's a number of factors in balance here I'd love to hear views on from someone involved in consumer bank app security, as much as they're able.
(I am writing this on a Redmi note 10 with lineage 21)
I came to my bank to discuss a mortgage and I saw them log into their environment. A nice Windows environment with bright blue title bars and big red X buttons. In other words, Windows XP for which even the long term extended support has long since passed.
Only because hardware attestation is not yet a thing on desktop browsers. Google and Microsoft are working hard to change that, though.
I'm using it with microG, bootloader relocked, and it seems to pass SafetyNet this way – at least the apps that didn't work on Lineage seem to work here. (I haven't yet tried Google Pay, though – I think it will require proper GApps.)
https://divestos.org/
Edit: by the way, banks requiring hardware attestation is probably a U.S. thing – in the EU and ex-USSR countries banks seem to not care about that at all (although some don't like it when you root your phone).
They set the vbmeta header flags field to 0x3, which effectively turns off all of AVB (Android Verified Boot). I'm guessing they do this because they want to allow the system partition to be writable (eg. for folks who flash additional things on top of LineageOS).
With unmodified LineageOS, if you configured the bootloader to use LineageOS' public key and relocked it, there would be no security benefit. To enable AVB's signature checks, the flags field needs to be set to 0, which requires re-signing LineageOS with your own key.
I wish they weren't so pedantic about that. At the moment if you even mention microg in the lineage channel you get insta-banned.
As you say their hard stance is not doing them any good with Google anyway, they're ignored either way. And MicroG is a really good solution which can replace google services like cell-based location with much more privacy-sensitive alternatives. They even implemented the corona bluetooth protocol during the pandemic! The only place it uses google's services is for push notifications, necessary because most app server infrastructure doesn't have the ability to communicate with anything else. But it does so in the most privacy-sensitive way possible.
At least the good folks at https://lineage.microg.org/ provide a great fork with microg built in.
Here in UK, using microG, banking apps for Nationwide, Starling, Revolut, HSBC all work with no issues.
Generally, I face no issue using any app.
Location services and notification both work reliably.
As I replied below, everything I need works, including a number of banking apps.
I used to use Lineage OS with microG, but now I use iode, very similar.
Note, I never patched or installed something besides microG ever, so my experience is as close to pure microG experience as possible.
If you plan on installing Lineage, I strongly recommend buying Motorola phones that can be rooted very easily.
The best experience is probably with Google and maybe OnePlus, but I did not have any myself recently.
mtkclient [0] would let you skip the whole 7/14 days thing (also: unrestricted partition dumping/flashing). Though there are chances of ending up with soft/hard brick (normally possible to revert back to working state as long as you have backups), and there may be no support for your specific chipset/device/software revision at all.
0. https://github.com/bkerler/mtkclient
WA works fine. Messenger works fine, Spotify etc., they all work. The only app I've found so far that doesn't work - logs me out five minutes after disabling the Play store - is the ChatGPT app.
Aside: my phone is so much better for my mental health since I've done this. The constant desire to research things is quieted. Now, if I really need to look something up I open TickTick and set a reminder to do it later on my laptop.
My next phone will be some kind of dedicated Linux one so I can finally finish killing big tech in my life.
I do sympathize with other posters with their experience of Safety Net and Device Integrity checks forcing them to not use banking and payments apps, but going through XDA or Telegram clears up this confusion of which ROM passes these checks OOB without any fiddling.
I've decided that I won't play this custom ROM security nightmare game anymore and will get any Pixel device with GrapheneOS in the future. Often, it's just one guy developing each ROM for each device.
Google wages a war against us using 3rd party apps as a proxy. They are pretending that Play Integrity API (previously SafetyNet) protects the user, and recommend it to app developers.
What can you do against this? Before trying anything to circumvent PlayIntegrityAPI/SafetyNet, start by opening a ticket (sending a mail, adding a comment on play store, whatever) to the app maker that your using, and tell them you use a more secure OS than the one provided by your manufacturer, and that their use of Play Integrity API reduces your personal security. If even 10% of 1.5M LineageOS users open tickets, that should be enough to actually get back to a manager of said app that will actually decide what to do with it.
As some small proofs that Play Integrity API IS NOT about security, but about enforcing Google/OEM monopoly on the device you own:
- Play Integrity API didn't care about permissive SELinux for a very long time (even though that's trivial and non privacy-invasive to test), I don't know whether it's still the case.
- https://twitter.com/MishaalRahman/status/1752734296400379957 Play Integrity API punishes you for using a custom kernel
- To this day, it is still trivial for an attacker to bypass Play Integrity API. It has became annoying for the community who would rather do useful stuff. A full-time attacker just need to spend their day scouting for approved firmwares and re-use them
- I can extract the "key attestation" certificate (""ultimate level"" of Play Integrity API) of a Google-made device (a quite recent device, it has been upgraded up to Android 13), because real security is hard, and this key is still valid. Of course most other OEMs are worse in that regard, so if it's doable for Google-made devices, imagine what an attacker can do to simply target the weakest OEM. (hint: they simply publish those certificates over the internet)
tl;dr they spent all their headcount on enforcing that the firmware the user is using is the google/oem one, and none on enforcing the security of the firmware.
What do you mean by that? The secure boot chain (all the way from the boot ROM) must not be broken for "hardware-backed" Play Integrity to pass. How could you reuse firmware with that in mind?
VoLTE also has ended the lives of many devices as 3g networks have shut down. Samsung's VoLTE isn't supported in Lineage, so that vendor is gone.
There could be a few reasons.
Unfortunately I won't be able to the same on mine, because I need my banking apps to work for two-factor authentication.
Just one bank in my area allows for a hardware key and I don't have an account there.
It appears that I'm forced to have an up-to-date device with its original OS to do banking.
[0] https://privsec.dev/posts/android/choosing-your-android-base...
The only problem is that the process of installing an alternative OS on a phone is very technical -- much more than installing Linux on a PC, and even that is too much for most users.
I'm always scared of messing up the delicate process of custom recovery installation, custom ROM installation and rooting. Some of the hardware variations are essentially unknowable outside of seeing if it works or if it's bricked.
Having said that, there are four functioning LineageOS phones in my household.