• Free Palestine 🇵🇸@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    1 year ago

    No, it definitely isn’t. Stop spreading false information and potentially giving people a false sense of security. LineageOS isn’t even as secure as stock Android, it’s definitely not as secure as GrapheneOS as GOS has many security improvements compared to the AOSP. Some examples are the hardened C Library, hardened memory allocator, improved SELinux policies, secure app spawning, hardened browser (Vanadium) which is also used for WebView, etc. LineageOS doesn’t even allow you to relock the bootloader, meaning anyone can modify the system because Android Verified Boot only works with a locked bootloader. It doesn’t have any of the security features that GrapheneOS adds on top of AOSP, it also lacks basic security features from AOSP. It’s ok for tinkering, but I would never use Lineage on a production device. You can read the section about LineageOS of this blog post: https://madaidans-insecurities.github.io/android.html#lineageos

    Quote:

    A common ROM that has many of these issues is LineageOS:

    • LineageOS uses userdebug builds by default. This adds many debugging features as additional attack surface. It also weakens various SELinux polices and exposes root access via ADB, which, as previously discussed, is not a good idea.
    • LineageOS requires an unlocked bootloader, therefore disabling verified boot, which is essential to verify the integrity of the operating system.
    • It does not implement rollback protection. This allows an attacker to downgrade the system to an older version and then exploit already patched vulnerabilities. The default updater even allows you to downgrade versions yourself.
    • Most LineageOS builds also do not include firmware updates, which prevents users from getting new patches to fix vulnerabilities. Instead, it gives a pop-up advising users to flash updates manually that most people will simply ignore.

    This is a non-exhaustive list. There are more issues than just those listed above. LineageOS (and most other custom ROMs) are focused on customising the device and not privacy or security. Of course, you could build LineageOS yourself to fix many of these issues, but most users will not be capable of doing so.