150 lines
10 KiB
Markdown
150 lines
10 KiB
Markdown
---
|
|
title: "Two cents about the new privacy-focused /e/ ROM"
|
|
date: 2019-06-16
|
|
url: two-cents-about-the-new-privacy-focused-e-rom
|
|
layout: post
|
|
category: Articles
|
|
image: /img/blog/two-cents-about-the-new-privacy-focused-e-rom_1.png
|
|
description: "Some personal feedbacks and opinions about my latest Android ROM trial"
|
|
---
|
|
|
|
[](/img/blog/two-cents-about-the-new-privacy-focused-e-rom_1.png)
|
|
|
|
### Introduction
|
|
|
|
So basically, I did it again... I've changed the ROM of my current smartphone.
|
|
As the _achievement_ has been posted [here](https://mastodon.social/@HorlogeSkynet/100759595382548995), the previous "mobile stack" was :
|
|
|
|
* Recovery : [TWRP](https://twrp.me/)
|
|
|
|
* ROM : [Resurrection Remix](https://www.resurrectionremix.com/) v6.0 (LineageOS 15.1 ; Android 8.1)
|
|
|
|
* [X] root
|
|
|
|
* [X] FDE
|
|
|
|
* [X] SeLinux
|
|
|
|
* [X] Xposed
|
|
|
|
A major issue was still present (and for once, it was not an IT one !) : The maintainer of the ROM moved onto another phone, and completely dropped support for the one that we have in common.
|
|
|
|
Almost a year after the last update (including Android monthly security patches), I decided to move away from RR, and give a change to a new one.
|
|
|
|
For some months now, I've heard on Mastodon about [Gaël DUVAL](https://mastodon.social/@gael)'s hard work to build a privacy-focused Android ROM.
|
|
If you already know him (from its [Mandriva](https://fr.wikipedia.org/wiki/Mandriva_Linux) GNU/Linux distribution back in the past for instance), you got it : I'm going to present you the new [/e/ project](https://e.foundation/).
|
|
|
|
Even if it is currently (and depending on your device) based on LineageOS 14.1 (Android 7.1), I'd rather have a maintained and patched Android 7, than an old holed Android 8 (security-nerd guy talking here).
|
|
|
|
### Basics and rationale
|
|
|
|
/e/ is a fork of the [LineageOS](https://lineageos.org/) project, and for the purists, LineageOS is the continuity of the old famous [CyanogenMod](https://fr.wikipedia.org/wiki/Cyanogenmod) ROM.
|
|
|
|
The main problem is : LineageOS, as many other Android ROMs, is based on some Google's services / dependencies / servers. The idea for Gaël and its team was not about re-forking Linux from scratch and building yet-another-Android ROM, but rather un-Googling an already working and great [AOSP](https://source.android.com/) project, [widely supported](https://download.lineageos.org/).
|
|
|
|
Before going deeper, I wanted you to know about the hard choice of writing this article in English.
|
|
Whereas we are talking about a French ROM, I know that an English post may have a greater audience, and this is what it currently needs.
|
|
|
|
### My 2 cents about built-in applications
|
|
|
|
If you install /e/, you'll encounter the built-in Apps store [`e.foundation.apps`](https://gitlab.e.foundation/e/apps/apps).
|
|
This very "application" propose both both free and non-free applications available to download and install, but the list is being populated by the /e/ team itself.
|
|
|
|
In my opinion, some of the built-in and shipped applications should not be there at all.
|
|
For instance, it should be up to the end-user to install **Telegram** and **Signal**.
|
|
|
|
[](/img/blog/two-cents-about-the-new-privacy-focused-e-rom_2.png)
|
|
|
|
Those applications depend on and use third-party servers, whose source code is proprietary, and non-free.
|
|
These issues have already been discussed across the Internet for a while now, so I'll stop right here about them.
|
|
|
|
As an "alternative", I'd rather see **Conversations** ([`eu.siacs.conversations`](https://f-droid.org/en/packages/eu.siacs.conversations/)) free and Open-Source application, in addition to that, encouraging decentralization as we would have to choose and join an XMPP instance (hello <https://404.city/> !).
|
|
|
|
> The discussion about this very issue is currently going on [here](https://community.e.foundation/t/default-instant-messaging-app-in-e-os-time-to-remove-telegram-and-signal/).
|
|
|
|
That's not a good point but as long as on some official ROMs, or even LineageOS, some built-in applications couldn't be _disabled_ at all, and sadly, the shipped apps store is one of them.
|
|
|
|
[](/img/blog/two-cents-about-the-new-privacy-focused-e-rom_3.png)
|
|
|
|
One could of course install [F-Droid](https://f-droid.org/), and enjoy the huge amount of free and Open-Source applications, directly built from sources before being signed.
|
|
|
|
Another issue is about FOSS applications (Etar for calendar, Qksms for SMS, Tasks, [and MANY others](https://gitlab.e.foundation/e/apps?utf8=%E2%9C%93&filter=fork)) that have been forked and shipped in.
|
|
If an upstream update is drafted out, you are required to wait for the /e/ team to tweak update their fork and publish an update for it.
|
|
As for Docker images, this could be a real issue when security patches are applied elsewhere.
|
|
If you do use these applications too, I recommend to disable (or hide them), and install their original versions from F-Droid (for instance)...
|
|
|
|
### Fully un-Google'd ROM did you say ?
|
|
|
|
> Hmm yeah, I might have...
|
|
|
|
Some weeks ago, [a very interesting write-up](https://infosec-handbook.eu/blog/e-foundation-first-look/) has been made by [InfoSec Handbook](https://infosec-handbook.eu/), and it even got [a proper response from Gaël](https://medium.com/@gael_duval/leaving-apple-google-how-is-e-actually-google-free-1ba24e29efb9).
|
|
Most of the points noted there [are being worked on](https://gitlab.e.foundation/e/management/issues?scope=all&utf8=%E2%9C%93&state=opened&search=Infosec+Handbook+Review+Issues), but I still strongly disagree with the fundamental choice of proposing a ROM with any Google Apps implementations.
|
|
|
|
/e/ is shipped (too) with a project called [microG](https://microg.org/), that is a free and Open-Source implementation of the Google's proprietary and obscure stack.
|
|
|
|
[](/img/blog/two-cents-about-the-new-privacy-focused-e-rom_4.png)
|
|
|
|
But here again, I think this should be up to the user to get (or not) such a stack.
|
|
Or, at least, it should be possible to download and flash a basic ROM, without having to build it yourself to remove a component that has been manually added by someone else...
|
|
|
|
With my previous stack explained during the introduction, I've lived more than a year without any Google API, and everything (for my usage at least) went well, so I guess it _is_ possible.
|
|
|
|
### `/data/` encryption ?
|
|
|
|
I don't know whether (but I hope !) you are used to encrypt your phone data, but this is something that I strongly recommend, as our mobiles browse the world, and represent easier targets from thieves.
|
|
|
|
Actually, while the feature works well on LineageOS or even Resurrection Remix, **it looks completely broken** on /e/ at the time of writing.
|
|
|
|
This has been bumped for the occasion [here](https://gitlab.e.foundation/e/management/issues/368).
|
|
|
|
### And what about rooting /e/ ?
|
|
|
|
Yeah, apparently, that works well.
|
|
|
|
[](/img/blog/two-cents-about-the-new-privacy-focused-e-rom_5.png)
|
|
|
|
Just after the first flash (even before trying it out !), I've side-loaded Magisk and booted it up.
|
|
It looks compatible, and we may enjoy the system-less aspect of system modules, even with /e/.
|
|
|
|
> Full disclosure : I didn't try out the (old) **SuperSU** way of rooting devices.
|
|
|
|
### Updates ?
|
|
|
|
/e/ is currently strongly maintained, and still considered as beta.
|
|
|
|
[](/img/blog/two-cents-about-the-new-privacy-focused-e-rom_6.png)
|
|
|
|
It has been a long time since I couldn't enjoy this liberty, but OTA updates are possible with /e/ !
|
|
This way, flashing "nightly" builds has never been so great :tada:
|
|
|
|
### Wait, wait, wait. Root and OTA, are you sure about it ?
|
|
|
|
> Yeah, that's an issue.
|
|
|
|
Actually, [it should not have](https://topjohnwu.github.io/Magisk/tutorials.html#ota-installation), but /e/ OTA manager **automatically reboots** the device in recovery to apply the update, so Magisk is fully-bypassed...
|
|
|
|
You can try to rely on Magisk's magic hooks without uninstalling it first, as stated in the FAQ above.
|
|
I don't think that's recommended, but I'll try soon (and surely update this post according to the result).
|
|
|
|
> EDIT 2019-07-04 : As promised, I've tried the idea above and... it does not work. So, flashing Magisk back after each OTA update is definitely required.
|
|
|
|
### Wanna join ?
|
|
|
|
[Here](https://gitlab.e.foundation/e/wiki/en/wikis/devices-list) you go.
|
|
|
|
### Conclusion
|
|
|
|
Whereas it's far from being perfect, and even more for jack-of-all-trades users, /e/ looks promising.
|
|
LineageOS was good, so it could only become greater without any traces of Google in it.
|
|
|
|
The project will need maintainers across devices, and if you are interested, [this section](https://gitlab.e.foundation/e/wiki/en/wikis/devices-list#how-to-install-e-on-your-smartphone) may help you to propose a support for yours.
|
|
|
|
Anyway, the goal of Gaël is to make this usable by _anyone_, and I think this might be achieved soon.
|
|
|
|
What is cool : You can (almost) freely disable and replace built-in application by your own, and the creation and linking operations to an /e/ account (for synchronization and so on) is fully-optional (Hey Google, what about doing the same to free your users ?).
|
|
|
|
> PS 1 : Using custom ROM on most of the phones won't solve the deeper problem of manufacturers' binaries that are **proprietary and non-free**, [as beautifully stated here](https://medium.com/@notorandit/hi-ga%C3%ABl-d888f518c62e) one more time.
|
|
|
|
> PS 2-a : :fr: Si vous êtes intéressé(e) par comment les diverses opérations de _flashing_ pourraient être effectuées, et à quoi elles correspondent, [ce lien](https://gist.github.com/HorlogeSkynet/38adefe1c2cd70cec5cee2e8d90ae8f3) pourrait vous intéresser.
|
|
> PS 2-b : :fr: Il faudrait d'ailleurs peut-être repenser, mettre à jour et ré-écrire ce document... Toute aide sera la bienvenue !
|