[CLOSED] - [ROM][Unofficial][12.1][microG][signed]hardened LineageOS 19.1 Oneplus 7T Pro

Status
Not open for further replies.
Search This thread
By:
Advanced…
MSe1969

MSe1969

Senior Member
Dec 16, 2016
2,538
4,700
Frankfurt Rhine-Main metropolitan region
Moto G
Sony Xperia Z1 Compact
  • Like
Reactions: nico21311 and steadfasterX
E

ewong3

Senior Member
May 28, 2015
232
48
thank you sir - wondered if you will work on los20 or are you planning device upgrade (after all op11 is out already!)?
 
RayfG

RayfG

Senior Member
Jan 28, 2016
525
148
outa space
Hey mates, does anybody have the same issue, that Aurora store is not working? I can`t log in.... no way. I did clear the cache etc.....
 
MSe1969

MSe1969

Senior Member
Dec 16, 2016
2,538
4,700
Frankfurt Rhine-Main metropolitan region
Moto G
Sony Xperia Z1 Compact
RayfG said:
Hey mates, does anybody have the same issue, that Aurora store is not working? I can`t log in.... no way. I did clear the cache etc.....
Click to expand...
Click to collapse
Please have a look to the XDA support thread of AuroraStore. Seems you can still use it with your own (fake) account, but as the amount of users making use of AuroraStore has meanwhile reached the "critical mass" to get big G's "attention", their dummy accounts are now aggressively blocked...
 
  • Like
  • Sad
Reactions: RayfG, nico21311 and steadfasterX
RayfG

RayfG

Senior Member
Jan 28, 2016
525
148
outa space
MSe1969 said:
Please have a look to the XDA support thread of AuroraStore. Seems you can still use it with your own (fake) account, but as the amount of users making use of AuroraStore has meanwhile reached the "critical mass" to get big G's "attention", their dummy accounts are now aggressively blocked...
Click to expand...
Click to collapse
Thank you for telling me about. Today i got signed in
and i could update some apps. I am looking forward for news about lineagemicrog 20 whatever.
Thank you.
 
MSe1969

MSe1969

Senior Member
Dec 16, 2016
2,538
4,700
Frankfurt Rhine-Main metropolitan region
Moto G
Sony Xperia Z1 Compact
New build with June 2023 ASB patches available

Here comes a new build, which will soon also offered via the updater app:
  • ASB Security string 2023-06-05
  • Some kernel patches
  • Mulch Webview 114.0.5735.61
  • microG on 0.2.28.231657-5
  • FakeStore 0.2.0
  • AuroraStore 4.2.3
Please note, that this update of microG comes with a change in regards to the coarse location functionality:
The support of plug-in modules has been dropped, coarse location is now provided internally by making use of the Mozilla location service. Consequently, the modules shipped by default with this build have been dropped, too.

Happy flashing!
M.
 
  • Like
Reactions: alleykat2561, nico21311 and steadfasterX
alleykat2561

alleykat2561

Senior Member
Aug 30, 2010
82
21
66
CC, TX
Nexus 7 (2013)
Google Nexus 5
Hello all. I've been using MSe1969's 18.1 on my 7Tpro. I'm wanting to finally "update" it to 19.1 in this thread. The instructions state update firmware to Android 12 for Oneplus 7T pro. I don't remember using Oxygen Updater app for 18.1 . The AuroraStore doesn't find the Oxygen Updater app. Do any of you have a direct link to the Android 12 firmware? My phone model is the HD1917 global.
 
MSe1969

MSe1969

Senior Member
Dec 16, 2016
2,538
4,700
Frankfurt Rhine-Main metropolitan region
Moto G
Sony Xperia Z1 Compact
alleykat2561 said:
Hello all. I've been using MSe1969's 18.1 on my 7Tpro. I'm wanting to finally "update" it to 19.1 in this thread. The instructions state update firmware to Android 12 for Oneplus 7T pro. I don't remember using Oxygen Updater app for 18.1 . The AuroraStore doesn't find the Oxygen Updater app. Do any of you have a direct link to the Android 12 firmware? My phone model is the HD1917 global.
Click to expand...
Click to collapse
The below thread is an excellent source for OP7T Pro firmware:
forum.xda-developers.com

[OnePlus 7T Pro][ROM][OTA][Oxygen OS] Repo of Oxygen OS Builds

As OnePlus doesn't always provide download links for all of their OxygenOS ROMs & OTA update zips, we've created an index to put the links in one post so that they're easy to find. Note: This is not a support thread for issues you may have with...
forum.xda-developers.com forum.xda-developers.com
 
alleykat2561

alleykat2561

Senior Member
Aug 30, 2010
82
21
66
CC, TX
Nexus 7 (2013)
Google Nexus 5
MSe1969 said:
The below thread is an excellent source for OP7T Pro firmware:
forum.xda-developers.com

[OnePlus 7T Pro][ROM][OTA][Oxygen OS] Repo of Oxygen OS Builds

As OnePlus doesn't always provide download links for all of their OxygenOS ROMs & OTA update zips, we've created an index to put the links in one post so that they're easy to find. Note: This is not a support thread for issues you may have with...
forum.xda-developers.com forum.xda-developers.com
Click to expand...
Click to collapse
I was in that thread last night, and I believe it's the same thread I used for 18.1

Would this be the one for android 12?
11.0.9.1: OnePlus7TProOxygen_14.O.35_GLO_0350_2206171507
 
MSe1969

MSe1969

Senior Member
Dec 16, 2016
2,538
4,700
Frankfurt Rhine-Main metropolitan region
Moto G
Sony Xperia Z1 Compact
alleykat2561 said:
I was in that thread last night, and I believe it's the same thread I used for 18.1

Would this be the one for android 12?
11.0.9.1: OnePlus7TProOxygen_14.O.35_GLO_0350_2206171507
Click to expand...
Click to collapse
No, take this last entry under the "Global" button:
HD1913_11_F.22 (delivered to OOS 11 users): HD1913_11.F.22_3220_202303231815
MD5: 3d15c9a772241e92cfb0c74acac2d739

It is confusing, that the Global also uses "HD1913" in its build number (and not HD1917), but see e.g. this post from the thread:
forum.xda-developers.com

[OnePlus 7T Pro][ROM][OTA][Oxygen OS] Repo of Oxygen OS Builds

As OnePlus doesn't always provide download links for all of their OxygenOS ROMs & OTA update zips, we've created an index to put the links in one post so that they're easy to find. Note: This is not a support thread for issues you may have with...
forum.xda-developers.com forum.xda-developers.com

I have a HD1913 and I obviously can't give you any 100% assurance, but since nobody has complained in the thread so far, I guess, all is OK, if you proceed as advised by me. Or, just ask in the thread to be on the 100% safe side.
 
  • Like
Reactions: alleykat2561
alleykat2561

alleykat2561

Senior Member
Aug 30, 2010
82
21
66
CC, TX
Nexus 7 (2013)
Google Nexus 5
MSe1969 said:
No, take this last entry under the "Global" button:
HD1913_11_F.22 (delivered to OOS 11 users): HD1913_11.F.22_3220_202303231815
MD5: 3d15c9a772241e92cfb0c74acac2d739

It is confusing, that the Global also uses "HD1913" in its build number (and not HD1917), but see e.g. this post from the thread:
forum.xda-developers.com

[OnePlus 7T Pro][ROM][OTA][Oxygen OS] Repo of Oxygen OS Builds

As OnePlus doesn't always provide download links for all of their OxygenOS ROMs & OTA update zips, we've created an index to put the links in one post so that they're easy to find. Note: This is not a support thread for issues you may have with...
forum.xda-developers.com forum.xda-developers.com

I have a HD1913 and I obviously can't give you any 100% assurance, but since nobody has complained in the thread so far, I guess, all is OK, if you proceed as advised by me. Or, just ask in the thread to be on the 100% safe side.
Click to expand...
Click to collapse
Thanks for the reply! This is what confused me, I couldn't find a listing for HD1917.
 
alleykat2561

alleykat2561

Senior Member
Aug 30, 2010
82
21
66
CC, TX
Nexus 7 (2013)
Google Nexus 5
MSe1969 said:
No, take this last entry under the "Global" button:
HD1913_11_F.22 (delivered to OOS 11 users): HD1913_11.F.22_3220_202303231815
MD5: 3d15c9a772241e92cfb0c74acac2d739

It is confusing, that the Global also uses "HD1913" in its build number (and not HD1917), but see e.g. this post from the thread:
forum.xda-developers.com

[OnePlus 7T Pro][ROM][OTA][Oxygen OS] Repo of Oxygen OS Builds

As OnePlus doesn't always provide download links for all of their OxygenOS ROMs & OTA update zips, we've created an index to put the links in one post so that they're easy to find. Note: This is not a support thread for issues you may have with...
forum.xda-developers.com forum.xda-developers.com

I have a HD1913 and I obviously can't give you any 100% assurance, but since nobody has complained in the thread so far, I guess, all is OK, if you proceed as advised by me. Or, just ask in the thread to be on the 100% safe side.
Click to expand...
Click to collapse
I went ahead and used your firmware link. Followed all the instructions in your thread to a "T".
Sideloaded your 19.1 over my 18.1 version. Happy to report everything went smooth as butter, lol.
All my data intact. Whole process took 25mins once all the required files were in place on my pc.
Thank you for the 19.1 version! Really appreciated!
Now I show to have an HD1911, lol.
 
  • Like
Reactions: MSe1969
T

TSKNF

Member
Sep 11, 2019
15
8
Thank you for the great work.

I have a question regarding being "signed".

Can I close the bootloader and everything runs? OTA updates go through without problems?

That I would lose all data once in this step is known to me.

Thanks a lot
 
MSe1969

MSe1969

Senior Member
Dec 16, 2016
2,538
4,700
Frankfurt Rhine-Main metropolitan region
Moto G
Sony Xperia Z1 Compact
TSKNF said:
Thank you for the great work.

I have a question regarding being "signed".

Can I close the bootloader and everything runs? OTA updates go through without problems?

That I would lose all data once in this step is known to me.

Thanks a lot
Click to expand...
Click to collapse
The ROM Signature keys have nothing to do with bootloader locking. This is to make sure, that nobody can compile a ROM with the publicly known test keys and some "crafted" privileged apps to offer them afterwards as 'cool functional' updates to others, as they would not install on any signed ROM

To be honest, I don't know, whether you can re-lock your BL. I as developer don't want to lock it, and since the hotdog is my daily driver, I am not keen to "test" it, as I don't want to perform a factory reset...

The "security chain" of a Stock ROM usually works as follows:
- The (stock) recovery only allows to update the Stick ROM/firmware - that is why you want to replace the recovery, when aiming at flashing a Custom ROM
- The boot loader in locked state does not allow to flash anything (hence you cannot replace the recovery), that's why you want to unlock it

Further check mechanism may be in place on top. So if you re-lock the BL, it either stil boots fine, or it does not boot any more and you would need to unlock the BL, which results in a factory reset.
 
  • Like
Reactions: alleykat2561 and TSKNF
steadfasterX

steadfasterX

Recognized Developer
Nov 13, 2013
6,146
15,403
127.0.0.1
OnePlus 7T Pro
MSe1969 said:
The ROM Signature keys have nothing to do with bootloader locking. This is to make sure, that nobody can compile a ROM with the publicly known test keys and some "crafted" privileged apps to offer them afterwards as 'cool functional' updates to others, as they would not install on any signed ROM

To be honest, I don't know, whether you can re-lock your BL. I as developer don't want to lock it, and since the hotdog is my daily driver, I am not keen to "test" it, as I don't want to perform a factory reset...

The "security chain" of a Stock ROM usually works as follows:
- The (stock) recovery only allows to update the Stick ROM/firmware - that is why you want to replace the recovery, when aiming at flashing a Custom ROM
- The boot loader in locked state does not allow to flash anything (hence you cannot replace the recovery), that's why you want to unlock it

Further check mechanism may be in place on top. So if you re-lock the BL, it either stil boots fine, or it does not boot any more and you would need to unlock the BL, which results in a factory reset.
Click to expand...
Click to collapse
Well as mentioned long time ago it is possible - or better said: it was... ;)

See here:
https://forum.xda-developers.com/t/...ty-lock-your-bootloader.4290485/post-85164951

Of course it would require some work on your site if you want to provide what I did.

The thing is all this became obsolete now that Oneplus decided to remove that feature after they merged their codebase with Oppo bs. One of the reasons why i never buy OP again.

Here some background:

OnePlus Android 12 firmware - relocking no longer works

OnePlus Android 12 firmware - relocking no longer works
calyxos.org calyxos.org

So bootloader lock will not work anymore on latest firmware anyways.

And mixing firmware is not as easy as it sounds - and is questionable reg security as well. Besides the fact that i tried all possible combinations of mixing the bootloader files..

So the only options are keeping it lockable on older firmware (which opens security issues and ofc reqhires compatible ROM builds) or having the latest firmware patches but no lockable bootloader (which is the way to go imho).
 
  • Like
Reactions: MSe1969 and alleykat2561
MSe1969

MSe1969

Senior Member
Dec 16, 2016
2,538
4,700
Frankfurt Rhine-Main metropolitan region
Moto G
Sony Xperia Z1 Compact
Last edited:
  • Like
Reactions: RayfG, alleykat2561, nico21311 and 1 other person
RayfG

RayfG

Senior Member
Jan 28, 2016
525
148
outa space
MSe1969 said:
New build with June 2023 ASB patches available

Here comes a new build, which is also offered via the updater app:
  • ASB Security string 2023-07-05
  • Some kernel patches
  • Mulch Webview 114.0.5735.196
Happy flashing!
M.

P.S.: Work on Lineage 20.0 is in progress, stay tuned...
Click to expand...
Click to collapse
Dude, these are great news. I appreciate your outstanding work and i am very keen on the new Version. Thank you very very much.
 
  • Like
Reactions: alleykat2561 and MSe1969
MSe1969

MSe1969

Senior Member
Dec 16, 2016
2,538
4,700
Frankfurt Rhine-Main metropolitan region
Moto G
Sony Xperia Z1 Compact
New build with July 2023 ASB patches available - quick fix microG

Hi all,
I have pushed another update, which will soon be offered by the updater app, too:

With the recent change to include the Mozilla Location services (MLS) directly into the microG code also comes the requirement to obtain an API key for MLS, which I don't have right now (I have requested one, but I am not sure whether and if yes, when I would get it). I have therefore included the original microG apk and use the now foreseen way to specify certain default settings, so one of the two reasons for me to build microG from source has gone.
 
  • Like
Reactions: nico21311 and alleykat2561
Status
Not open for further replies.

Similar threads

MSe1969
  • Locked
[CLOSED][ROM][Unofficial][11.0][microG][signed]hardened LineageOS 18.1 Oneplus 7T Pro
Replies
318
Views
37K
Oswald Boelcke
Oswald Boelcke
NurKeinNeid
  • Locked
[ROM][12L] DerpFest for OnePlus 7T Pro [OFFICIAL][hotdog]
Replies
791
Views
109K
Badger50
Badger50
MSe1969
  • Locked
[CLOSED]EOL [ROM][Unofficial][10.0][microG][signed]hardened LineageOS 17.1 Oneplus 7T Pro
Replies
277
Views
31K
Oswald Boelcke
Oswald Boelcke
mauronofrio
[RECOVERY][3.4.0-2][hotdog]Unofficial TWRP recovery for OnePlus 7T Pro Unified(Test)
Replies
370
Views
99K
A
android bot
C
[ROM][11.0][OnePlus 7T Pro] Pixel Experience [AOSP]
Replies
325
Views
65K
G
Ginosius

Top Liked Posts

24 Hours 30 Days All time
  • There are no posts matching your filters.
  • 1
    MSe1969
    MSe1969
    FINAL ANDROID 12 BUILD needed ?

    Hello all,

    normally, I have usually provided a final untested build with ASB patches, once I have started a successor thread to bring the current thread to an end. I could do the same for this thread (as already mentioned before) - however, there are two aspects to be considered:
    • Different from previous big upgrades, the upgrade from 19.1 to 20.0 is pretty straight forward, you can simply "dirty-flash" my Lineage 20.0 ROM over the 19.1 build from this thread. Recovery update and firmware update are recommended, but optional.
    • Different from before, this will really be completely untested - last time, when providing the final 18.1 build for the hotdog device, I had working updated 18.1 builds for other devices (mainly Oneplus 3T), so I had a certain assurance, that the device-independent parts worked w/o issues - this time, I don't have any other 19.1 build proven to work.

    So I would like to get some feedback from your end, whether this is really needed and wanted from your end. Based on your feedback, I'll decide whether to do a final 19.1 build with September ASB patches.

    Thanks & regards - M.
    View
    1
    alleykat2561
    alleykat2561
    MSe1969 said:
    FINAL ANDROID 12 BUILD needed ?

    Hello all,

    normally, I have usually provided a final untested build with ASB patches, once I have started a successor thread to bring the current thread to an end. I could do the same for this thread (as already mentioned before) - however, there are two aspects to be considered:
    • Different from previous big upgrades, the upgrade from 19.1 to 20.0 is pretty straight forward, you can simply "dirty-flash" my Lineage 20.0 ROM over the 19.1 build from this thread. Recovery update and firmware update are recommended, but optional.
    • Different from before, this will really be completely untested - last time, when providing the final 18.1 build for the hotdog device, I had working updated 18.1 builds for other devices (mainly Oneplus 3T), so I had a certain assurance, that the device-independent parts worked w/o issues - this time, I don't have any other 19.1 build proven to work.

    So I would like to get some feedback from your end, whether this is really needed and wanted from your end. Based on your feedback, I'll decide whether to do a final 19.1 build with September ASB patches.

    Thanks & regards - M.
    Click to expand...
    Click to collapse
    For me, I'm still on 19.1 but plan on "dirty flashing" 20.0 any day now. So no need for a final 19.1 for me. Thanks for all you do!
    View
    1
    MSe1969
    MSe1969
    alleykat2561 said:
    For me, I'm still on 19.1 but plan on "dirty flashing" 20.0 any day now. So no need for a final 19.1 for me. Thanks for all you do!
    Click to expand...
    Click to collapse
    I'll push a new 20.0 build with September ASB later today, you may want to wait till then...
    View
    1
    MSe1969
    MSe1969
    Heading towards EOL

    Okay... - so there is no real need for a final untested 19.1 build.

    Instructions on how to migrate to LineageOS 20.0 for this build and the hotdog device have already been provided, a new 20.0 build with September 2023 ASB patches is available in the LineageOS 20.0 successor thread, so nothing more to do for this build/this thread...
    View
  • 7
    MSe1969
    MSe1969
    Thread is deprecated - please visit the Lineage 20.0 successor thread

    This thread is dedicated to provide hardened Lineage-OS 19.1 builds with microG included for the OnePlus 7T Pro (hotdog) with current security patches.
    You can consider this thread as the successor of my respective LineageOS 18.1 thread.

    Features of this ROM

    Download here

    • Pre-installed microG like LineageOS for microG project (own fork)
    • Pre-installed AuroraStore, AuroraDroid and AuroraServices
    • OTA Support

      Additional security hardening features listed below:
    • Cloudflare as default DNS (instead of Google)
    • Privacy-preferred default settings
    • Optional blocking of Facebook- and Google-Tracking (Settings - Network & Internet)
    • Optional disable captive portal detection or choose from various providers (default is GrapheneOS and not Google; Settings - Network & Internet)
    • Increased max. password length of 64
    • Enhanced controls for secondary users
    • Exec spawning (ported from GrapheneOS)
    • No submission of IMSI/phone number to Google when GPS is in use
    • Default hosts file with many blocked ad/tracking sites (can be disabled)
    • Privacy-enhanced Bromite SystemWebView Mulch System Webview
    • Extra control of sensor access for additionally installed user apps (Special access under app permissions)
    • Kernel kept up to date with ASB patches of Google kernel/common 'android-4.14-q-release' branch
    • Debloated from Oneplus blobs for Soter and IFAA
    • Hardened bionic lib and constified JNI method tables
    • Optional timeout for Bluetooth and WLAN connections
    • Optional auto-reboot if device not unlocked for defined timeframe
    • Option to only use fingerprint unlock for apps and not for the device
    • Optional timeout for Bluetooth and WLAN connections
    • Per connection WiFi randomization option
    • Sensitive QS Tiles require unlocking
    • Native debugging
    • Ability to disable non-system apps from the "App info" screen
    • Scoped storage (ported from GrapheneOS)
    • Firewall UI (Settings - Network & Internet - Manage data restrictions)

    Current release levels

    Security string: 2023-08-05
    AOSP tag: 12.1.0_r22
    Mulch System Webview M115


    Source-code and build instructions

    Kernel: https://github.com/lin19-microg/android_kernel_oneplus_sm8150/tree/lin-19.1-mse
    Build manifest: https://github.com/lin19-microg/local_manifests/tree/lin-19.1-microG


    Installation Instructions​


    YOU ARE RESPONSIBLE SOLELY YOURSELF FOR ANY ACTIONS YOU DO WITH YOUR DEVICE !!!
    Please note - I won't explain any single aspect (e.g. how to install 'fastboot' on your PC or troubleshoot USB connectivity issues under Windows). Search the net and consult the search engine of your choice or look here in XDA, there is plenty of information available.

    Pre-Requisites​

    • Have fastboot and adb installed on your PC and make sure, you can connect via USB to your device in fastboot mode and via adb
    • An unlocked bootloader (see e.g. LineageOS install instructions)
    • If you come from Stock ROM, make sure to upgrade your device to the latest offered software version
    • Know, how to boot into fastboot mode (with powered off device press [Power]+[Vol.down]+[Vol.up])

    Please read carefully:​

    I refer in general to the LineageOS install instructions, but there are some deviations!
    It is recommended to really carefully go completely through the instructions below once, before doing anything. You have been warned!

    Let's go!​


    Install the dedicated Lineage 19.1 recovery for this ROM​

    For the Oneplus 7T Pro (hotdog), there is currently no fully working official TWRP available! The offered official one can't decrypt the /data partition and I am not 100% sure about the rest.
    Please download and unpack the specific Lineage revocery for this build. It has been built using this ROM's signing key. Unzip and flash this specific recovery with the below commands (your device must be in 'fastboot mode'):
    Code: 
    fastboot flash recovery_a lineage-19.1-20221222-recovery-hotdog.img
fastboot flash recovery_b lineage-19.1-20221222-recovery-hotdog.img
    Reboot now into recovery from fastboot (follow the menu options) - DO NOT boot into your OS yet.

    Make sure, your firmware is on Android 12​

    If you are already on Android 12 with Stock OxygenOS and are on the latest offered patch level, be happy and proceed with the next chapter. Same applies, if you come from a different Android 12 based Custom ROM and you know for sure, that the firmware has been updated to Android 12.
    In all other cases, you must update the firmware before proceeding. Please refer to the LineageOS documentation on upgrading the firmware - the best source right now seems to be the linked Oxygen Updater app (obtain and download the file only). If you have a European 7T Pro (HD1913), you can unpack the firmware file here and follow the README instead.
    Please note: If the touch screen does not work after booting up to the Lineage 19.1 recovery, then it is a clear sign, that you need to update the firmware (the touch screen also won't work in that case, when you boot the OS). The recovery also lets you navigate with vol-up/vol-down and select via Power key, so you can proceed. However - but if you prefer, you can temporarily also flash the LineageOS 18.1 recovery from the above linked 18.1 predecessor thread, but then make sure, that after having upgraded the firmware, you will flash the 19.1 recovery again as explained above. Reboot into the recovery after having updated the firmware.

    Install the ROM​

    If you come from my previous LineageOS 18.1 ROM, you can simply sideload the 19.1 ROM on top of my 18.1 ROM, so don't format the /data partition (unless you really want to get rid of your data). In all other cases, you have no choice than formatting /data, so continue as described in the LineageOS installation instructions with formatting /data and sideloading the ROM ZIP (download link above).
    It is normal, that you may observe at 47% progress a longer break, followed by a step 1/2 and finally 2/2 before a success message appears.

    In case you need to format /data:
    Please keep in mind, that formatting the /data partition also wipes the shared internal memory - backup first!

    DO NOT flash Gapps!
    This ROM comes with pre-installed microG. So don't attempt to flash Gapps. If Gapps is a 'must' for you, please use the official LineageOS build for this device.


    Update Instructions​


    This ROM offers OTA updates through the Updater app. Therefore, normally, no further activities necessary.
    You can however also manually update the ROM by sideloading a newer version of this ROM via recovery.


    Frequently asked Questions​


    These questions come from various threads for my hardened microG ROMs. I have listed them here, because they also apply to this ROM and are hopefully helpful.

    1. AuroraStore
    I bundle AuroraStore with my build, but I am in no way associated with its development. The first place to look for support is the AuroraStore XDA thread and its excellent FAQ Section. Nevertheless, I would like to answer some frequently asked questions in conjunction to my ROM:

    Q: AuroraStore offers an update to "Google play services" - I thought your ROM is "Google-free"?
    A: The bundled microG application spoofs the existence of Google play services. This is a necessary part of microG's design. In AuroraStore, please add the Play Services to the ignore list. You won't be able to "update" them anyhow, but better do not even try to do so!

    Q: I can't connect, Aurora claims "no network" - but I can normally use my browser and other apps to connect to the internet.
    A: If the "iptables block script" of my ROM is active, try to deactivating and immediately after re-activating it.
    If that does not help or you don't use the iptables block script of tis ROM, you may try to force-close the app or logoff/logon again. However, the Aurora support thread will be your primary point to look at!


    2. Google/Facebook iptables blocking
    Q: How does the Google/Facebook blocking work?
    A: Via the 'iptables'/'ip6tables' functionality of the Linux layer of Android, the ip4/ip6 address range of Google and Facebook is blocked on a per app base (in fact, it is generally blocked, but some apps on an internal exception list are still allowed to connect). This means, that apps (or spyware components thereof) cannot send/receive data to/from Google/Facebook. Btw, certain connections to X-mode and Palantir are also blocked, but I am not sure, whether this is enough - any qualified information to improve this are very welcome!

    Q: I like this Google/Facebook blocking approach, but my favourite <xyz> app needs to be able to connect to Google/Facebook. Can you please add this app to your exception list?
    A: Please read this comprehensive information. In short: If you have a trustworthy FOSS project aiming at connecting to Google/Facebook via Webview as 'mobile browser' with (almost) no permissions or you have a tracker-free app to connect to a proprietary service, which simply is hosted on a Google webspace, I am happy to discuss this, but I will definitely not allow any "Playstore top ten genuine spyware app".

    Q: Which apps are on your exception list?
    A: see here

    Q: But if Google is blocked for almost every app, can I still get push messages?
    A: Yes, you can! Push messages are routed and controlled through the microG functionality, which stil can connect to Google.


    3. etc/hosts ad blocking
    Q: What is the etc/hosts ad-blocking and how does it work?
    A: I deliver a monthly-updated /system/etc/hosts file from the AdAway app which lists a comprehensive selection of known ad/spyware addresses. Any attempt to connect to those sites is redirected to the local OS, so a positive connection is reported, but no content is transmitted. (See linked explanation).

    Q: Which anti-tracker lists do you use?
    A: The same defaulted by the AdAway app, plus in addition Microsoft's 'Hockey Stick' stuff.

    4. Firewall UI
    Q: What is the Firewall UI and how does it work?
    A: Under Settings - Network & Internet - Manage data restrictions, you'll find a list of all installed apps (optionally, you can also show the shipped system apps), which lets you control - per app - whether the app can connect via WiFi, Mobile data or VPN. In fact, you can in any LineageOS individually control this in the app details (Settings), this option simply gives you a comprehensive view for all apps.

    Q: How do I use it? What are the typical use-cases:
    A: It of course depends on your specific requirement, but below some very typical use-cases:
    a. Disallow internet access completely (uncheck WiFi, mobile data and VPN)
    This might be useful for an app, which does not need internet access to work, but uses internet access to e.g. nag you with ad-crap (some games on the play store, for example)
    b. Make sure, that an app only uses WiFi (in order to avoid costs when using mobile data) - uncheck mobile data
    c. Make sure, that an app only has internet, when connected via VPN - uncheck WiFi and mobile data

    5. Privacy features / data privacy of this ROM
    Q: Does this ROM protect my privacy by design/default?
    A: First of all, you will never get any "auto-protection" without having to take care, what you do!
    What this ROM provides to you in addition to an "official" LineageOS:
    • This ROM comes with microG, to avoid the necessity of having to flash the Google apps, with the "mother of all spyware" called Google Play services. So many apps with that dependency would still work, either fully, or with their core-functionality, but without "extra Google convenience" features.
    • You can optionally block Google/Facbebook connections, which can add a further protecion layer (see the specific FAQ section about that feature)
    • Many nasty ad-servers, which are embedded into shady apps or websites are blocked by default
    • Some hardening measures known from the GrapheneOS project have been added
    HOWEVER - just some examples, how you can easily screw up any privacy gain (this list is by far not even near to comprehensive):
    • You still CAN install all kinds of shady apps and use privacy-ignoring services. If you e.g. install the genuine Facebook or Instagram app, the majority of your private data on your phone will be immediately uploaded to Facebook servers, as those apps even refuse to start, if you do not grant all the sensitive permissions! (Note: Yes, afterwards, when your data has already been stolen, you can revoke those permissions again. And yes, Whatsapp seems maybe 'slightly' better in this regard, but if you really believe, that WA isn't fully integrated into the FB ecosystem, you must be living on another planet).
    • If you use the Microsoft Outlook app to connect to any "non-Microsoft" e-mail provider, your logon credentials to that other mail provider are stored on Microsoft servers factually allowing Microsoft to steal your identity. Using Microsoft e-mail services or GMail discloses all your e-mails to automated scanning for "suspicious activities"; this has nothing to do with your phone, but outlines, how you can void even the most secure device by making use of privacy-ignoring services.
    • Making use of Genuine Google-apps with microG also isn't a good idea - make use of alternatives.
    • Any app, which you install on your device, could misuse its needed privileges! So try to stick to FOSS apps.
    • And last, but not least, if you are a 'dissident' or fear otherwise any targeted or comprehensive surveillance, this ROM isn't for you either...




    Dealing with signed builds​

    Please note, that this builds is signed with an own key. When you come from a different build, you cannot directly "dirty-flash" this build. You have to perform a "clean flash".

    Bug reports:​

    If you have a problem, please create a post with these informations:
    Original Kernel shipped with this rom:
    Build Date:
    And try to get log as described here
    Please note that I can't and won't support issues with builds using a different kernel or Xposed.
    In regards to microG, I will try my best to help when it is related to this ROM (I use it myself), but any questions of the type "the YXZ-app can't do <some sort of fancy xyz Google functionality> properly" are better asked in the respective microG forums.

    Credits​

    AOSP project
    LineageOS project
    microG project
    Graphene OS project (many privacy and security features have been ported)
    csagan5 (Bromite)
    WhyOrean (Aurora)
    SkewedZeppelin (Kernel patches and some good ideas of Divest-OS)
    View
    5
    MSe1969
    MSe1969
    LineageOS 20.0 - some information

    As annouced earlier, I am working since a while on LineageOS 20.0 - the device-independent part is now (almost) ready: https://github.com/lin20-microG/

    I have so far been working with emulator images to test all the ported features and now uploaded the latest emulator image to let you test as well: https://sourceforge.net/projects/lin20-microg/files/Emulator/

    Please also perform some tests and feedback to me.
    (An easy way to get an Android emulator up & running is to download & install Android Studio - details can easily be found using the Search engine of your choice)

    A special emphasis should be on the following features:
    • Storage scopes
      (Option to enable "Scoped storage" instead of granting the Storage Permission in the app settings: This allows to grant only access to selected files and directories instead of the entire storage, so nosy apps won't be able to scan your entire storage)

    • Contact scopes
      (Option to enable "Scoped contacts" instead of granting the Contacts Permission in the app settings: This allows to grant only access to selected contacts via labels or by manually adding contacts to a defined list instead of the entire phone book, so nosy apps won't be able to scan your entire phonebook)

    • Secondary users
      (Enhanced functionalities for secondary users)

    • Firewall UI
      (Settings - Privacy - Manage data restrictions)

    I am however grateful for any feedback.

    I will soon create a hotdog build and upgrade my own device and publish the test build afterwards.

    Thanks, I'll keep you posted - M.
    View
    5
    MSe1969
    MSe1969
    In regards to LineageOS 20, you will need more patience: I am struggling right now to get the new build booting on my hotdog device...
    View
    5
    MSe1969
    MSe1969
    New build with August 2023 ASB patches available

    Here comes a new build, which is also offered via the updater app:
    • ASB Security string 2023-08-05
    • Some kernel patches
    • Mulch Webview 115.0.5790.166
    • Icon circle shape display option as fallback (see comment)
    Normally, the circle shape is the system default for Android 12, and other icon shape options are offered in the display settings. For whatever reason, after flashing a 19.1 test build two weeks ago, the "default" shape appeared as 'square' and I could not get rid of it (only change the shape to any other offered option - "device default" always became square). So I have added a further icon shape option 'Circle' to explicitly set also the 'Circle' shape, even if that is supposed to be the default. (Just in case, you would experience a similar thing...)

    Happy flashing!
    M.


    P.S.: If all works out as planned, I'll soon publish a 20.0 test build, then switch to 20.0 and offer a very last (untested) 19.1 build for September
    View
    5
    MSe1969
    MSe1969
    New build with January 2023 ASB patches available

    Here comes a new build, which is also now offered via the updater app:
    • ASB Security string 2023-01-05
    • microG on 0.2.26.223616-16
    • Firewall UI (Settings - Network & Internet - Manage data restrictions)
    • Some kernel patches
    • French translation for ported features (thanks to @bestouff @nico21311)
    Happy flashing!
    M.
    View

New posts