DivestOS: long term device support with enhanced privacy and security

Thanks, it would be helpful to put the checksums directly on the download page.
But I cannot find a checksum for the recovery file.

1 Like

Links have been added.


That’s good, thank you.


I like the info’ on the site, the smaller number of default installed apps, hosts file blocking, and minimal microG/UnifiedNLP/location setup. There’s a lot more features I don’t know enough to fully appreciate. I’d prefer Orbot included in VPN mode from the start, but I could always download to PC and local install that apk before turning on cell and wifi. No offense to f-droid, but I don’t usually install the privileged extension.

On Nexus 6 shamu (listed as Untested), microphone does not work when making a call. This is a show stopper for a phone obviously. Simple voice recorder from f-droid records voice OK. Phone permissions settings show phone Microphone as “never accessed”. I rebooted a couple times as suggested some places but no luck so far. Oddly there is a voice “echo” in the earpiece or speaker, but no voice is heard at the other phone in a call. Lineage 17.1 was working.

Comment/Question on bootloader relocking: Post-install instructions say “Relock your bootloader. This is an absolute necessary for maximum security. Be sure to flash our recovery first!” This is to prevent “recurring” system modifications from malicious apps or remote or local attacks, if I understand correctly. However, soon after startup F-droid auto-runs and checks for updates. So I’m trusting a few things before I have time to get the bootloader relocked? Oh well, if I can’t trust f-droid, who can I trust?! :smiley:

1 Like

Relocking your bootloader cannot protect from apps, Verified Boot will however protect against that on devices where it is supported/enabled.
It however for example can protect against someone with physical access from flashing a modified keyguard that saves your password or other nefarious things.

As for the microphone on shamu, that is likely broken by the deblobber.
For shamu it removes libmotaudioutils.so and libspeakerbundle.so
Can you post the output of:
abd logcat -b all -d | grep -i -e dlopen -e .so

1 Like

GPG signatures are now available in all .sha512sum files.
Fingerprint: B874 4D67 F9F1 E14E 145D FD8E 7F62 7E92 0F31 6994
Key (2020 #1):


1 Like

adb^… gives 919 lines, which is a lot to post here. Any other way? To be clear I did not install the “extra” deblobber because it was shown as “broken”. Only recovery and ROM.

1 Like

sorry the \ was clobbered to escape the .
abd logcat -b all -d | grep -i -e dlopen -e \.so

the extra firmware deblobber zip is there for archival purposes and shouldn’t be used. you are correct there.

1 Like

logcat-b-all-d-so-quoted.txt.gz.zip (3.8 KB)

The file is really gzip format… grep -i dlopen gave no results. This is from grep -i “\.so”. Let me know if you really need the unquoted version. It’s about 1k lines versus 200. HTH.

1 Like

There is a new version uploaded for shamu with a potential fix.
You can install the incremental via the updater.


Success! And incremental update worked too. :smiley:


BTW there’s already a project called glassrom that does this

How is yours different

Full disclosure: I’m the lead developer of glassrom

We’re already implementing most of your features
Deblobbed: we don’t ship DRM and other such blobs

Increase security: glassrom ports 90% of the grapheneos security patch set. Also glassrom fixes anywhere from 23k-63k security vulnerabilities per device (see past and current work)

Privacy: we disable analytics but otherwise let users decide on the hosts file

Free space eraser: not implemented. Instead glassrom uses hardware based data destruction, memory poisoning and key wrapping which are much better ways than free space wiping and can even resist cold boot and forensic based attacks

Malware scanner: not implemented and will never be

Browser: glassrom ships a modified version of bromite with the vanadium hardened patch set. It does not send any data to google and is significantly more secure than Firefox, protecting against non linear buffer overflows which even official chromium doesn’t

Fdroid privileged extension and a heavily cleaned and updated unifiednlp is shipped


Deblobbed: we don’t ship DRM and other such blobs

I was unable to find your source code that does so.
#!OS also claims to do the same, but I too didn’t find their source for deblobbing.
Here is the DivestOS deblobber with ~800 blobs.

23k-63k security vulnerabilities per device

You are going to need to provide strong evidence to back such a claim up.
I only know of a few auto-patchers, and mine has the most patches. And at most it can patch ~400 per device.

hardware based data destruction

Do you mean discard/continuous trim? DivestOS does that too

decide on the hosts file

How are you replacing the HOSTS file? Do you read it from /data instead of /system?

memory poisoning

DivestOS also does this via both via command line and GrapheneOS patches where possible

key wrapping

The thing Android already does? Or something else?


This browser? https://github.com/GlassROM/browser
Code over the wall.

significantly more secure than Firefox

Chromium is indeed more secure then Gecko-based browser and it is explicitely mentioned on our site.

heavily cleaned and updated unifiednlp

Source? Oh wait this “Android Studio automatic cleanup”?

What even is this?

Going through your sparse sources, the biggest difference is that DivestOS attempts to apply all of its changes automatically to any given device of any Android version. Because 5 years ago when I was supporting a handful of devices it got too tedious, and I ended up automating as much as possible.

1 Like

Memory poisoning is a fairly new feature that just recently dropped in the 4.14 common kernel

I doubt you have a device that uses this

Also you are enabling kernel lockdown when selinux already does that

Same for page alloc shuffle, init_on_free/alloc. I don’t think tuna has a port of any of those on 3.10

The arm/arm64 kernel argument is kpti=on yet you also specify pti=on. Why?

Slub_debug=Z and init_on_alloc/free conflict with each other yet you enable them

You’re just sticking in flags that are NOPs

No I don’t ship a hosts file nor do I read it from /data. The hosts file is not meant for adblocking. Userspace applications like pdnsf are much more user friendly and handle this better

You can check the current glassrom kernel sources for those patches. There’s no automated “black magic” cve patcher

The patch to updater is just to allow developers to test updater functionality without running a full updater server

Memory poisoning

The Copperhead/GrapheneOS patches add page sanitization to 3.10, 3.18, 4.4, and 4.9 kernels when possible. slub_debug=FZP is available for all others.

You’re just sticking in flags that are NOPs

All of those kernel flags are set to support all devices, whether or not the device kernel actually supports the feature.

And why tuna specifically?
It isn’t possible to run mainline on all of these last I checked.

The patch to updater

That is localhost, you run the update server from your phone?

You can check the current glassrom kernel sources for those patches. There’s no automated “black magic” cve patcher

Linux only has ~2500 CVEs to date. Even if you multiply that by 10x, how do you get 63,000 vulnerabilities that you patch?

I kindly encourage you to please take the time to go through the DivestOS sources, use it in the FOSS spirit and ultimately improve your project with it.

@SkewedZeppelin, FYI, on shamu, Silence just crashes after very quick display of a splash screen. QKSMS works OK. FairEmail is now default, but I still prefer K-9 Mail (and it is listed on the website). I’m giving FairEmail a try, but it is even less successful at getting yahoo, etc. emails over Orbot (probably user error!)…

How is yours different

@anupritaisno1, From a user view, more devices are supported (including a couple of mine :grin: ), the website listed at github/lab works, and they’re not using javascript (ad) filled sites like reddit and xda-developers. “onion available” stands out from the crowd too. However, there is no visible means of (financial) support, and some are suspicious it could be a front for nefarious purposes… :smirk:

Silence just crashes after very quick

I’ve seen that happen. The cause is that Silence starts up on boot and it will fail to initialize if there is no SIM detected on that first run. Just clear the app data.

visible means of (financial) support

I originally planned to have it as a “name your price” for downloads.
Not involving money make it less obligations for me :slight_smile:
I will always welcome patches however.

Thank you for pointing out that thread, I’d not seen it.


Yes, that worked.

I was wrong. Because of testing in the same room… In “real” calls, the other person can not hear me now. :frowning:

Good day @SkewedZeppelin,

Firstly - great job on creating DivestOS!


Obviously you are for keeping a very low digital footprint (as are we), but I wish to speak with you privately concerning a development project, DivestOS and providing support for your own project(s) - On your terms of course.

Are you able to PM me?

Best regards to you

PS *Edit

Just out of interest:


If you’d like to donate to DivestOS to support the cost of the servers/domains/electricity/coffee/etc. consider sending BTC to our address below.

So - which one (if any) go towards you and your own efforts?

Hello @SkewedZeppelin,

I’d like to give a little feedback.

I tried to get DivestOS working on a Samsung Galaxy S3 (i9305) and a S5 (klte).
As recovery I use TWRP and I installed it via sideload, after wiping the phone.

On the S3 it works fine and smooth so far, but the S5 starts new again and again after a few seconds of booting.
LineageOS runs without problems on the same device.

Is there something I can do to get it working?