DivestOS: long term device support with enhanced privacy and security

I have this realme x2 phone now and seeing how poor custom rom development is behind it (those developers can’t implement selinux enforcing and they say that if you want selinux enforcing status then someone needs to write policy for them). Of course I don’t understand how to even write those policies and it’s taken two years since the phones release to make custom rom’s which doesn’t implement basic security practices

Contrary to the date shown above, the “byline” visible in-page indicates September 5, 2021. The author is citing a list drawn from their “OnePlus 8 Pro”, and further cites a 55-page xda-developers topic [OnePlus 6 subforum] which presents the “Tomatot Debloater” collection of scripts:

https://forum.xda-developers.com/t/debloat-oos-customs-tomatot-debloater-4-1-battery-ram-privacy.3869427/

That Tomatot deblobber:

  • requires a recovery that has no signature checks and/or root
  • has no declared license
  • only removes apps, literally missing all the executable binaries, libraries, and TEE apps
  • only alters /system, not /vendor
  • removes things that shouldn’t be removed (Traceur, Tag, talkback, tts)
  • has things misidentified (atfwd as wifi display when it is really for modem AT commands)

The issue here is that nearly all newer devices supported by LineageOS have a /system and a /vendor generated at compile time.
In the case of startlte and enchilada/fajita, that /vendor is not generated and the official stock is used instead.
DivestOS deblobber can only be fully beneficial if it is able to control everything.

Right, I’m not suggesting uses of anyone else’s TOOLS, just pointing out that several motivated parties have already done extensive legwork toward developing a list of OnePlus -specific unwanted // unneeded packages.

Actually it’s a very good idea to make bounty to solve the deblobber problem in Oneplus 6/T. How much would it cost to solve this kind of a problem and how to put money inside that bounty? This feature needs to work to get as much privacy as possible.
You said earlier that you wouldn’t use OnePlus 6, because of the deblobber problem it has, so what phone are you using now if I may ask?

@chad

How much would it cost?

This is something that the Lineage maintainers would have to answer.
LuK1337 and luca020400

what phone are you using

An Essential Phone (mata).

Is there a way of contacting them? I will put some of my own money to support moving this forward.

Dammit the PH-1 phone doesn’t have a headphone jack. I have seen it multiple times and one dude told me that it’s a very good device for custom ROM’s :frowning:

i see that poco x3 pro is on suported devices.
as far as I know xiaomi devices are not capable to relock their bootloader on custom roms plus the company has edl mode locked for users.
What does the Relockable: Yes, Untested and the Status: Unknown on the downloads section mean?is it safe to relock the bootloader or it will fail to boot? Could I be able to re-unlock it aftetwards?
Thanks

I would suggest you to look at phones which doesn’t implement token based bootloader unlocking like Motorola, Xiaomi and other phone manufacturers do it, except Xiaomi Mi A series (Xiaomi Mi A1, A2, A2 lite, A3) which are Android One phones. A good example why someone shouldn’t trust buying a phone with token based bootloader unlocking is Nokia smartphones. They closed their server which was in charge of unlocking your bootloader and now there are unofficial ways to unlock the bootloader.

1 Like

@ippocratis

I haven’t bothered to buy a Xiaomi, knowing that they make you apply and wait for an unlock.

But in theory if it is like other vendors, where they give you a token or a file, you should be able to reuse that key to unlock again.

I just got a response from LuK1337. His answer got me happy :slight_smile:

I hope you will revisit this detail (unchanged since 2018?).
Having an endpoint provided by divest.org rather than by google seems preferable. For anyone who cannot trust “the hand that feeds”, just invite 'em to self-build, eh)

@ctnk
All builds of DivestOS have a toggle in the settings app to disable the captive portal check.
I will not have all devices running DivestOS phoning home to me every connection change.

1 Like

@Spyro

My grouper works fine on the 09/12 build.
You likely need to use factory reset from recovery.
TWRP seems to work better on that device.

raphael only has partial support in LineageOS official trees, once it is done I can start builds for it.

2 Likes

@SkewedZeppelin Is there some Samsung Galaxy S2 that worked after my report?

The DivestOS recovery doesn’t have the issue that It had last year (now it flashes successfully) but I tried installing the OS today (I verified checksums correctly) and it keeps in bootloop for more than 10 minutes.

However, it is marked as “Status: Tested Working” in the devices list.

@EchedeyLR, my Galaxy S II (i9100) runs with various CustomROM, from AOSP ‘N’, ‘P’, ‘Q’ to ‘R’, just not with DivestOS Mobile (bootloop).

Currently running CarbonROM 7.0 Opal Release 2021/08/30 (Android 9-Pie), which I feel is slower than an unofficial LineageOS 18.1.

Xiaomi Poco F1 (beryllium)

Overall third unsuccessful DOS installation. This time DOS build 18.1 / 11.0 / R
divested-18.1-20210913-dos-beryllium.zip

Today’s installation of DOS 18.1 2021/09/13 was done twice with OrangeFox Recovery (OFR) via adb sideload dos*.zip and via OFR 'Install' > dos*.zip

Each time the identical negative result: The F1 boots up to the Poco-logo and stays there for 120 seconds, then boots up again to the Poco-logo. Now only two seconds pass until the F1 boots into the custom recovery. Formatting /data afterwards is just as useless as deleting the /caches.

The subsequent installation of the second edition of /e/OS build Android R (beta) 2021/08/31 was a mere formality. And the FM radio is back on board and working.

Is there any fear that the Pocophone F1 (and F2 and F3?) will have to share the fate of the Pixel 4a ‘sunfish’ (and others)?

Thank you for sharing.

As you are telling me, I also have this issue only with DivestOS where I get a bootloop.

Other roms run perfectly, including back when I had LineageOS.

I was looking for a ROM without propietary applications at least using microG by default.

Divested Computing Group aka SkewedZeppelin aka Tad is uncompromising with DivestOS: not unthinkable ‘Google Play services’ or ‘microG’.

All CustomROM I’ve tried, with the exception of /e/OS, are ‘vanilla’ releases that can be retrofitted with microG (NanoDroid - Nanolx or MinMicroG Project - ‘Standard’ or ‘NoGoolag Edition’).

1 Like

Be careful with that: if you install microG later and the custom ROM has no signature spoofing enable (by default is like that in AOSP, most roms and LineageOS included) microG won’t work at all.

This is why I asked specifically for roms with it, which care about that thing which must be enabled at build time.

This is the reason why the project LineageOS4microG exists in a first place.