I have seen some video online and majority of the people like fdroid but there are many people blaming fdroid for lowering security .
One might say âbecause they are jelly on F-Droids successâ but jokes aside read Privacy On Phone
Break the loop! 
The guy made some fair points against
F-Droid, eslecially in what they lack to make to make things better EXCEPT, i dont recall seeing a mention about how f-droid is a small voluntary group while Google & Apple are Umbrella companies worth trillions.
Also, Google has trackers in every one of their apps plus others distributed on their store and he seriously had the nerve to talk about how apps cant help/remove or block trackers?
Heres the thing, none of this is new. Us older generations (in case some are younger) went through this with Computers very early on. Microsoft (The closed source) was allowing their software makers to include malicious virus & trojans to apparently combat pirating.
Barely anyone knew about it until that gaming company that made addons for microsofts flight simulators i believe it was had an error with their âanti-piratingâ trojan which wiped tons of their customers drives.
But many of us knew all about it but the time i thought pdople might have started paying attention, smartphones came along and of course we were crazy conspiracists again lol
He tried to soften what GSF could do also.
Hd mentioned the OTA updates without needing our appproval sure.
Most noticed Google could do this when a covid exposure app magically appeared in their settings. Idgaf what anyone says, if i can upgrade a new software feature into your OS like that remotely, then i can control your phone like its in my hand by just implementing olâ script kiddy trojan/rat code in there.
To be perfectly honest, and here is the main point of mine. F-Droid offers FOSS only, so you or others can always see for yourself or get an experienced programmers approval if you want. In some cases I do get the developer version over f-droids but thats because in those cases i actually know the dev much better.
Now, Google and ESPECIALLY not Apple will let you look through their code to audit it. And thats what makes ghe biggest diffence too me.
If he had offered some solutions maybe instead of just kissing Googles ass and refrencing GrapheneOS which while great only supports 1 line of phones, then it wouldnt have been bad. Too me, he just wasted everyones time. Bugs have always been around as well as malicious attacks which even those smart big tech companies have yet to solve so honestly it was basically a scare tactic to those with less tech knowledge.
Btw, Google has been robbed of VOIP and Google Fi services so easily lmao
But hey, they make more than they lose by selling your data so i justified ir.
Sorry for my crappy type job, tried to do this quickly using a stylus.
We should stop whining about privacy, as long as we are not ready to pay for it.
One guy with a BIG MOUTH berates entities that âmark upâ their product. Dah! Thatâs how they put bread on their plates.
The same guy, who is all over F-Droid and Reddit, berates other developments and promotes his own and very questionable one. He claims such and such kernel was releaseed in 2018. Letâs take a look at his âownâ work:
His âsoftwareâ is lineage with a layer of some hardening commits. He has no control over Lineageâs code and in most cases, Lineages kernels are over 1-2 year old, i.e., outdated.
Example: Lineageâs kernel for Oneplus 8s is 4.19.157 ( https://github.com/LineageOS/android_kernel_oneplus_sm8250/blob/lineage-19.1/Makefile). The current upstream version is 4.19.257. Thatâs almost 2 years of skipping updates, and that is true for most of their kernels.
And here is updated upstream kernel, 4.19.257: https://android-review.googlesource.com/c/kernel/common/+/2213237/1
And by the way, it DOES NOT matter when kernel was released. What matters is that it is actively maintained.
@optimumpro
Did you completely overlook the CVE patcher I spent 5 years making? It does the maintenance.
And the page on my website that documents how it isnât actually secure, along with noting the kernel versions you mention above?
Arenât you shipping a Chromium 104.0.5112.97 in your latest OS? That is 3 versions behind with 25 known security issues, including one being abused in the wild.
You also claim your project is directly better because you supported the OnePlus 5 one month before I did. Yet to this day I provide it updates every single month, and you donât?
I donât see how what I do is very questionable, when it is well documented and all open source.
Meanwhile you keep coming back here trying to make some point except your own OS is poorly documented and proprietary.
We can go back and forth on this forever, I donât know what you want to achieve.
CVE commits represent a very small portion of kernel updates. There have been literally thousands of upstream commits that are missing in lineage and your kernel. They have to do with numerous issues including performance, usability, features etc., etc., etc., etc⌠.
More importantly, and here is where your âDivestOS is the most secure româ claim falls apart:
Among those thousands of missing commits, there are hundreds that fix various âoverflowsâ and âmemory leaksâ that represent open doors for exploitation. Without those commits, and even with CVE updates, your kernel is WHOLLY INSECURE.
Chromium webview: No, my roms always include the latest at the time webview (currently 105.x). This may not be reflected in the description, but if users go to Developer settings, they can verify that.
I have never claimed that my project is âdirectly betterâ. You have just made it up.
I support devices that I support and the fact that there is no longer support for Oneplus 5 has no bearing on the quality of my work.
And finally, as I have already said, your âprojectâ isnât even a project, but rather a limited number of scripts that sit on top of LineageOS of which you have ZERO control. So, my point stands: your big mouth is NOT supported by the work you do.
CVE commits represent a very small portion of kernel updates
You mean as I document in the README?
When Linux 4.9 is EOL come January, youâre welcome to use my program to keep your OnePlus 6 kernels patched.
Chromium webview
I extracted the webview.apk from version 24 of your OnePlus 8 Pro OS yesterday. It was 104.
LineageOS of which you have ZERO control
You are extremely hung up on this point.
your big mouth is NOT supported by the work you do.
Except it is?
Why is DivestOS listed here? Why isnât Jaguar listed?
- Android Recommendations: GrapheneOS and DivestOS - Privacy Guides
- Avoid The Hack: 2 Best Privacy Friendly Operating System Picks for Mobile | Avoid the Hack (avoidthehack!)
- DivestOS - Wikipedia
Do you offer anything else to users who donât use your proprietary OS? Like these things?
- About - DivestOS Mobile
- Index of /unofficial-openwrt-builds/mvebu-linksys
- Our Apps - DivestOS Mobile
- Software - Divested Computing
- Dnsbl - Divested Computing
Edit: Youâre not even my competition, I donât support root or similar. Why do you even keep comparing these projects when they clearly have different goals in mind?
You can do whatever you want with your âprojectâ. What you canât do is open your Big Mouth and berate other developers (without recourse), especially that:
I have proven that your kernels, for example, have missed thousands of upstream commits for the past 2 years. In other words they are outdated. So, you basically take an obsolete kernel and patch it with CVE scripts, which represent a very small portion of updates and still leave that kernel severely outdated.
You canât even maintain a discussion without promoting your âprojectâ with numerous redundant links. I hope users can easily spot informercial where infomercial is - your posts.
I have no desire to argue with you. The only reason I posted here a few times was because of your Big Mouth and transparent self-promotion.
Best regards.
P.S. I have never compared your project with mine. You have made it up again.
In other words they are outdated.
Yes, they are! The goal of DivestOS is to support end-of-life devices!
That is an inherent limitation of them.
And again I clearly document this: Patch Levels - DivestOS Mobile
You are intentionally confusing end of life of a device with end of life of software. They are not the same: Software (Kernel and Android code) get updated all the time regardless of the deviceâs end of life. As I have already said, it doesnât matter when kernel was released, what matters is that kernel sources are continuously updated.
I havenât read a description of your project in its entirety, but I am pretty sure no one will find a statement, which youâve just admitted to, that:
Kernels used in DivestOS are 2 year old, miss thousands of upstream commits and therefore OBSOLETE , except for a small portion of updates represented by CVE patches, which nonetheless leave your kernels and the entire roms INSECURE.
Guys, sorry to interrupt your interesting discussion, but maybe we should focus on how to convince users that fdroid and foss apps are better in terms of security and privacy to regular non-tech users?
My humble suggestion is that blaming and bashing each other or pointing out weak points is not supporting this.
2 Likes
I completely agree that please take the bashing on PM if needed, or on chit-chat.
Though optimumpro, your work has been questionable and bashed upon for years now, as you keep hiding your main work. You had stopped sharing the source code for OP5 and also you went very rude with people. You copied a lot of stuff from others while claiming all that as YOURS in XDA. So as I said and others are saying, please keep this to the topic. I am not going to respond even if you reply. Everyone on XDA and places can go and check OP5 and OnePlus threads against your ROMs and then say.
For Skewed, I still say, as a humble request, please do not literally advertise DivestOS and products everywhere. It just puts questions to start thinking about why advertising for everything.
How did we get to a place where criticism and debate is not a good way to compare and contrast things like ROMs?
Iâd like this mini debate to continue until a post has been edited 9 times and has at least one whole sentence all caps and bold. Joke. We can declare victory by knockout already.
There is a line between spam posting for publicising a ROM, and useful posting information to clarify errors or mis-statements or vulnerabilities, while mentioning your ROM also. Anyone who views a few forums knows a few bad examples of the former. IMO Skewed is a good example of the latter.
In this mini debate my scorecard is for SZ, by technical knockout. Optimumpro doesnât even know their âshockingâ statements are already on SZâs website.
2 Likes
This is not about me or my software or his software. This is about being obnoxious and bad-mouthing other developers, when his own lacks elemental security that he is bragging about.
3, 5, 7 already. How many more? LolsâŚ
Anyways, as for myself, when I used to make Xtended ROMs for OP5 along with Mukesh, I used to replace for myself almost whatever possible with FOSS/FLOSS and remove as much dependent proprietary stuff as possible.
If I may suggest something - I came into this thread to read more about good practices for Android and to find some recommendation for my non-technical friends. Iâm ok with discussing missing patches details, but why not move such discussion to a more technical thread?
I assume my non-technical friends if reading this thread might think - wow⌠this open source/FOSS is âpiece of shâŚtâ - lacking latest patches and maybe fdroid is insecure too. I have also seen couple of other posts which if read by someone not capable to judge impact and risk related to it could have build very bad impression about software which is not accurate, and will push them into GPlay repository âbecause it has only positive reviews on youtubeâ (due to smart censorship and monetization rules there).
So guys - I encourage you to discuss kernel and patching, but maybe forum admin should create subforum named âdevelopmentâ and start thread with some positive but detailed description - âadditional kernel patches for âŚâ
You maybe do not realize your discussion is read by many people which build their opinions and knowledge on your âbashingâ and due to lack of technical knowledge attribute topics discussed to whole ecosystem. Itâs just the matter of language, but your language is crucial for whole community and itâs users. Fdroid is repositiory easy to use for non-tech folks, and to keep them involved - they need some level of trust and I just want to make sure you can step in and build that trust too.
Feel free to suggest âimprovementsâ or âupgradesâ - either to kernel or userspace apps, itâs just a matter of wording (sorry, Im not a native english speaker but hope you understand what I mean).
Be specific and focus on details. Donât use generalization and instead pointing out whatâs missing - point out what could be done to make world better. Show others how they can help or contribute.
Your opinions are important but may result something opposite you wanted.
Well theyâre getting to see how the sausage is made. Most folks donât want to know because they assume itâs gruesome. (Actually, Iâve made sausage and I think itâs more hilariously phallic than gruesome, but letâs not disgress 
Tough skin helps. Linus himself littered maillists with awful language that wouldnât pass public relations tests, so the kernel began this way.
I found the detail early on in this thread. FDroidâs privacy is dependent on: a) the user and b) the OS. FDroid running on stock or OEM Android canât provide the kind of privacy asked for even in the hands of a contentious user. Thatâs the general takeaway I got from this thread.
So FDroid apps running on a OSes that have Googleâs âphone homeâ completely removed is what privacy contentious users want. Which OS would that be? Well that conversation evidently causes lots of colorful debate.
Personally, I still think a PinePhone OS & app manager or similar device moves the mark even further towards what âhardcoreâ users really want, but thereâs substantial barriers to their general use. And this is an FDroid forum, not a Android alternative forum. But there you have it â some specific details.
Indeed, since Brax is tutoring those lemmings under Google, Apple, etc, he would have to be on their platforms to be able to share his knowledge to unwitting flocks about their privacy issues. Surely, Google, Apple, etc likely would be viewing him as a wolf wearing sheep clothes sneaking within the fences of their sheep pasture but Google, Apple, etc actually are the bigger badder wolves. Brax phone may not be for us but more for Braxâs audience cuz those gullibilities are what heâs zeroing at. At least, Brax is teaching his audience something that Google, Apple, etc never would.