DivestOS: long term device support with enhanced privacy and security

SkewedZeppelin · July 30, 2021, 11:31am

Is the problem known

First I am hearing it.

is there a solution in sight?

I don’t see what would cause it.

I have a hard time getting Pixels that are unlockable variants, so it is likely to stay that way for a few months.

vdbhb59 · August 1, 2021, 2:52am

Just to contribute, I have been using Hypatia for months now. The best tbvb.
Mull on the other hand crashes very often of late (since last 8 releases) and that too every now and then. Still I find Bromite and Cookie Browser better than Mull. No offense meant mate.

SkewedZeppelin · August 1, 2021, 8:21am

@vdbhb59

Mull on the other hand crashes very often

Device? OS?
How many addons do you have installed?
Did you change anything in about:config?
Does one tab crash or the whole thing?

vdbhb59 · August 3, 2021, 8:05am

Devices, 3. OP5, M305F, LM-F100EMW
OS: A11, A10, A10(Stock) respectively.
Only 1 addon - Ublock
No changes in about:config
The whole Mull crashes, I have 6-18 tabs open every alternate week. Minimum 6 tabs are open every day, and every week another 6 or 12 gets added and removed, 6 tabs is always on. Tabs are not pinned.

anon46495926 · August 3, 2021, 4:59pm

Sigh. I also see something similar if I open too many tabs, or too many tabs with too many “heavy” web pages. It also happens in Tor Browser, so I hadn’t reported an issue, assuming it was running out of memory.

vdbhb59 · August 4, 2021, 6:50am

In mine, I do not see memory issue, as it just crashes instead of freezing.

relan · August 4, 2021, 7:45am

Could you grab logcat immediately after the crash and share it?

anon46495926 · August 5, 2021, 1:01am

Logcat for Tor Browser crash says: Out of memory, and memory on device is very low and critical. It doesn’t freeze; it crashes. There were about 5-10 tabs open before crashing.

This time Mull had 25 tabs open before crashing! Big improvement. I won’t complain. It’s version 90.1.3 from DivestOS F-Droid repo. A couple updates newer than the latest on main F-Droid repo.

Backtrace parts of logcats are attached. Zipped with passwords, to be PM’d to @relan and @SkewedZeppelin . If more of the logcats would help, let me know.

mull-traceb.txt.zip (1.8 KB) torbrowser-traceb.txt.zip (1.5 KB)

fossys · August 8, 2021, 6:00pm

Google Pixel 4a 5G (bramble) | DivestOS 18.1 / 11.0 / R

I’ve a Google Pixel 4a 5G (bramble) available for several weeks for testing purposes. I would be pleased if I could also try out a release of DivestOS 18.1 / 11.0 / R soon. Is there a chance or rather not?

SkewedZeppelin · August 8, 2021, 6:20pm

@fossys

bramble

That is on the TODO list, but lower priority as GrapheneOS is more suitable imo.

Bradzilla117 · August 9, 2021, 8:00pm

Has DivistOS been successfully tested on OnePlus 7 Pro (guacamole)?
As for flashing this, do I install the latest lineage is 18.1 and install the divistOS on top of it?
TIA

SkewedZeppelin · August 9, 2021, 9:37pm

@Bradzilla117

As per the site, guacamole has yet to be tested.
You just flash DivestOS on its own, no need to flash anything else,
except for stock in some cases.

Bradzilla117 · August 10, 2021, 1:17am

My uncle tried flashing and was a bootloop. He has the oneplus 6t and his phone is decrypted because twrp doesn’t work on android 11 unless decrypted. He claimed he flashed stock oxygen os then divest os which caused the boot loop. His first attempt was flashing it ontop of cherish os which is a mix of oneplus (oxygen) and lineage os 18. Do you have any advice as to what I should share with him? Thanks
@SkewedZeppelin

SkewedZeppelin · August 10, 2021, 1:56am

@Bradzilla117

That is disappointing to hear.
Did it reboot after the OnePlus or DivestOS logo?

relan · August 10, 2021, 8:38am

Backtrace parts of logcats are attached

Looks like a buggy OpenGL implementation on your device:

F DEBUG   : pid: 6049, tid: 6105, name: RenderThread  >>> us.spotco.fennec_dos <<<
F DEBUG   : uid: 10094
F DEBUG   : signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr --------
F DEBUG   : Abort message: 'GL errors! frameworks/base/libs/hwui/pipeline/skia/SkiaOpenGLPipeline.cpp:127'

fossys · August 10, 2021, 1:32pm

If your installation via TWRP does not work, try Lineage-Recovery for fajita.

Also, the OnePlus 6T (fajita) has an A/B partition scheme. If this fact is not taken into account, a bootloop is the consequence. Therefore, my tip: Follow the installation instructions of the LineageOS Wiki.
Good luck!

Short version

adb reboot bootloader
fastboot devices
fastboot oem unlock
fastboot flash boot lineage-18.1-20210805-recovery-fajita.img
Pre-install instructions: adb sideload copy-partitions-20210323_1922.zip
adb sideload divested-18.1-20210807-dos-fajita.zip

After the installation DOS will probably be installed as here Divest-Recovery?

fossys · August 11, 2021, 11:22pm

microG

Maybe too opinionated of me, but I believe most users can get by without microG just fine if they gave it a try.

I know that microG services offer me more advantages than disadvantages. Besides, I trust Marvin Wissfeld, the developer of microG, who says:

However, all of microG’s services that require a connection to Google services are optional and can easily be disabled for those services that do not require a connection to Google. It is important to note that these server connections remain anonymous as long as you are not logged into a Google account with microG.

That’s why I like to recommend CustomROMs with microG services integrated into the system as well as CustomROMs that are ‘Signature Spoofing’ “ready” and where the microG NoGoolag Edition can also be installed. Security and privacy freaks continue to use GrapheneOS and DivestOS.

SkewedZeppelin · August 11, 2021, 11:39pm

I am happy that microG exists and Marvin has many contributions over the years and is an absolute pillar of this community.
If microG works for you, use it.

I just feel like too many people immediately jump to it instead of trying to first live without it.

anon46495926 · August 12, 2021, 2:26am

I wish I could find convincing arguments for whether Signature Spoofing really weakens security significantly or not. GrapheneOS used to have a negative paragraph on it:

“Our Play services app won’t have any special privileges or whitelisting in the OS like Play services or microG. There will be no support for bypassing arbitrary signature checks like the microG signature spoofing patch since it substantially compromises the OS security model and breaks other security features like verified boot. Instead, our app will be signed with a GrapheneOS Play services key and the only OS support for the app will be presenting the GrapheneOS Play services key as the Google Play services key.” Frequently Asked Questions | GrapheneOS

Now they don’t say anything about it.

I put high weight on LineageOS not supporting spoofing, since LineageOS is the basis for so many ROMs. If in doubt, better safe than sorry - no spoofing.

SkewedZeppelin · August 12, 2021, 4:55am

@anon46495926

The default signature spoofing patch lets any app request permission, however consider the following:

CalyxOS ships with a very strict version of signature spoofing that grants only the microG components the permission and only lets them spoof the Google signature.

DivestOS, if microG was enabled (it isn’t), restricts signature spoofing only to apps signed with the system key.
https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Patches/LineageOS-18.1/android_frameworks_base/0003-Harden_Sig_Spoofing.patch

Furthermore you can see here that /e/OS has not applied any additional restrictions on the permission.