[ROM][Note9][10.0] iodéOS = LineageOS 17.1 + MicroG + adblocker [22/01/2021]

vince31fr

Senior Member
Dec 18, 2016
779
752
113
Toulouse


Introduction

iodéOS is a privacy-focused operating system powered by LineageOS and based on the Android 10 mobile platform. iodéOS aims at protecting the user's privacy with a built-in adblocker and by freeing the smartphone from snitches.

The objectives in the conception of this ROM are threefold:

  1. To keep the stability and security level of LineageOS, by minimizing the modifications made to the system. Apart the system modifications required by the adblocker, we mainly only added a few useful options commonly found in other custom ROMs, made some cosmetic changes, modified a few default settings to prevent data leaks to Google servers.
  2. To ease a quick adoption of this ROM by new users. We especially target users that are concerned by the protection of their privacy, but are not reluctant to still use inquisitive apps like Google ones. We thus included MicroG as well as a coherent set of default apps (all open source, with one exception), and simplified the initial setup of the system. Particularly, an initialization of MicroG has been made with GCM notifications allowed by default, a privacy-friendly network location provider (DéjàVu) pre-selected, as well as Nominatim Geocoder.
  3. To provide a new and powerful way of blocking ads, malwares, data leaks of all kinds to many intrusive servers. We are developing an analyzer, tightly integrated into the system, that captures all DNS requests and network traffic, as well as a user interface (the iodé app). Compared to some other well-known adblockers, this has the advantages of:
    • Avoiding to lock the VPN for that use. You can even use another adblocker that uses VPN technology alongside our blocker.
    • Being independent of the kind of DNS server used by the system or set by an independent app: classical DNS on UDP port 53 or any other one, DNS over TLS (DoT), DNS over HTTPS (DoH), ..., as we capture the DNS requests before they are transmitted to the system function that emits the DNS request. What we do not support, is DoH when it is natively built into applications, i.e. when an app communicates directly with a DoH server, without asking name resolution to the system. It would require to decrypt HTTPS packets between such an app and the DoH server, which may create a big security hole.
    • Precisely mapping DNS requests and network packets to the Android apps that emitted (or received) them.
    • Deciding which apps have a filtered network usage (by default, all apps), and which ones can communicate with blacklisted servers.
    The iodé blocker is already perfectly usable, although still in its infancy. Many features are lacking, like the possibility of clearing statistics (for specific apps or all), forbidding the collection of statistics for some apps, personalizing the blacklist, etc. We are actively developing it, and new functionalities will be regularly added.

Features

Changes in LineageOS to prevent data leaks:
  • Default DNS server: Google's DNS replaced by Quad9's 'unblocked' servers.
  • A-GPS: supl.google.com replaced by supl.vodafone.com.
  • Captive portal login: connectivitycheck.gstatic.com replaced by captiveportal.kuketz.de for connectivity check.
  • Dialer: Google default option replaced by OpenStreetMap for phone number lookup.

Pre-installed apps:
  • MicroG core apps: GmsCore, GsfProxy, FakeStore, maps API.
  • NLP backends for MicroG : DejaVuNLPBackend (default), MozillaNLPBackend, AppleNLPBackend, RadioCellsNLPBackend, NominatimNLPBackend.
  • App stores : FDroid (with F-Droid Privileged Extension) and Aurora Store.
  • Browser: our own fork of Firefox (with Qwant as default search engine and telemetry disabled) instead of Lineage’s default browser Jelly.
  • SMS: QKSMS instead of Lineage's default SMS app.
  • Maps/navigation: Magic Earth GPS & Navigation (the only one free but not open source).
  • Keyboard: OpenBoard instead of AOSP keyboard.
  • PDF: Pdf Viewer Plus.
  • Personnal notes: Carnet.
  • {Ad/Malware/Data leak}-blocker: iodé.
  • News: to keep users informed about our developments, as well as a FAQ.

Pre-included FDroid repository:

The apps that we tweak or develop (microG services, the browser based on Firefox, the iodé blocker app, the News app, ...) are available through a repository that we included in FDroid (check the "Apps for iodéOS" category). For this purpose and to avoid name conflicts of some apps, we also had to make a few changes in FDroid.

Useful options from other custom ROMs:
  • Smart charging (disables charging when a given level is reached, to protect battery health).
  • Fingerprint vibration toggle.
  • Swipe down to clear all in recent apps.

Installation Instructions

To download and flash our latest build, see https://gitlab.com/iode/ota.
You can also find here direct links to the latest builds.

Supported devices

Sources

Bug Reporting

You can post a message in this thread or (preferred) open an issue here.

Credits

LineageOS is a free, community built, aftermarket firmware distribution of android, which is designed to increase performance and reliability over stock android for your device.
All the source code for LineageOS is available in the LineageOS Github repo. If you would like to contribute to LineageOS, please visit their Wiki for more details.
This ROM would be nothing without the tremendous work made on MicroG, and all the other open source apps that we included. We are very grateful to their authors.

Contributors

Direct contributors: @iodeOS, @vince31fr
Indirect contributors (too numerous to list): All the people that contributed to the device tree, to LineageOS, and to the included open source apps.

Sponsoring

You can help in the development of this ROM by paying us a coffee here: https://paypal.me/iodeOS.

Screenshots

 
Last edited:

vince31fr

Senior Member
Dec 18, 2016
779
752
113
Toulouse
Downloads : iodéOS

  • 22/01/2021 (build 20210121):
    • LineageOS sources synced (AOD and glove mode now available)
    • Prebuilt apps updated
    • Activated Camera APIv2 in Snap
    • Added AudioFX
    • Added fast charge disabler
    • Disabled broken widevine DRM L1, now fallback to L3
    • Force auto-update of apps in FDroid to keep in sync with iodé apps. It can be disabled.
  • 25/12/2020 (build 20201224): first publicly available build for Samsung Galaxy Note 9.

Downloads : add-ons
  • phonesky-magisk.zip : Magisk module for NanoDroid patched Play Store, for those who really need to get access to their paid apps that don't work with microG. This module can be generally be deactivated when you have installed and ran once the paid apps.
    NB : you may have to wait a couple of hours after activating the module for being able to install paid apps.
 

Attachments

Last edited:

CSM Fol

Senior Member
Mar 6, 2019
415
284
73
I have a question: All AOSP-based Android 10 ROM's are plagued with this issue: There is massive touch delay/sensitivity issues when playing mobile games (Source 1, Source 2).

And because this ROM is based on AOSP, is this bug also present? I don't have time to try out any custom ROM's now, so I kindly ask.
 

w41ru5

Senior Member
Jul 17, 2017
640
335
73
I have a question: All AOSP-based Android 10 ROM's are plagued with this issue: There is massive touch delay/sensitivity issues when playing mobile games (Source 1, Source 2).

And because this ROM is based on AOSP, is this bug also present? I don't have time to try out any custom ROM's now, so I kindly ask.
Get your Nope4 back :ROFLMAO:
ps: how's life Steve?
 

Synt4x.93

Senior Member
Nov 15, 2016
173
497
83
how do i decrypt this?
To avoid forced encryption on first boot and make it optional to enable from device settings with official lineage or roms based on the official trees like this. You should use vendor_overlay for a modified fstab, or modify your stock vendor fstab.
Here is the commit if the rom author would like to include it. (at the very least should warn users of data loss that they will be force encrypted.) https://github.com/synt4x93/android...mmit/67db1379fc6850228310525ffb1f4ec8df95f26e

If any users want to do this without recompiling, just put the modified fstab from that commit in /system/product/vendor_overlay/29/etc/fstab.samsungexynos9810 and set the usual permissions and format /data again.

How do you decrypt what ?
I assume he is talking about decrypting /data in recovery and is unable to do so because of forced encryption.
 
Last edited:
  • Like
Reactions: bobwhite11

FerretallicA

Member
Jul 15, 2005
34
20
28
So far so good - everything seems very stable and I haven't encountered any annoying bugs after roughly a day of use. Only issues I've had are as follows:

1. Developer mode

It says it has worked after tapping the build number repeatedly but then I don't see any Developer Options available in the settings. Am I missing something?

Scrap that, I finally found it. Under Settings -> System -> Advanced -> Developer options. Looks like the only 'problem' was my unfamiliarity with LineageOS changes to settings menus.

2. Limited USB connectivity

I can't see the phone at all when connected to a PC via USB cable and booted normally. I've gone into Developer Settings and set default USB mode to 'file sharing' but it still doesn't show up and I don't get any option to change the mode as I would normally expect. The device is detected fine in bootloader and recovery modes. I've tried different USB cables and a different laptop to help rule those possibilities out. Has anyone else encountered this problem?

3. Forced encryption

If any users want to do this without recompiling, just put the modified fstab from that commit in /system/product/vendor_overlay/29/etc/fstab.samsungexynos9810 and set the usual permissions and format /data again.
Direct file link for anyone else with the same need: https://raw.githubusercontent.com/s...8df95f26e/rootdir/etc/fstab.samsungexynos9810

To access /system I assume you need root access. Typically I would do this by flashing Magisk but I can't flash anything from recovery without a full wipe when the data partitions are encrypted. How does one get around this chicken-and-egg problem?


Fixed with a generic script
 
Last edited:

andrikv

New member
Nov 23, 2015
4
0
21
So far so good - everything seems very stable and I haven't encountered any annoying bugs after roughly a day of use. Only issues I've had are as follows:

1. Developer mode

It says it has worked after tapping the build number repeatedly but then I don't see any Developer Options available in the settings. Am I missing something?

Scrap that, I finally found it. Under Settings -> System -> Advanced -> Developer options

2. Limited USB connectivity


I can't see the phone at all when connected to a PC via USB cable and booted normally. I've gone into Developer Settings and set default USB mode to 'file sharing' but it still doesn't show up and I don't get any option to change the mode as I would normally expect. The device is detected fine in bootloader and recovery modes. I've tried different USB cables and a different laptop to help rule those possibilities out. Has anyone else encountered this problem?

3. Forced encryption



Direct file link for anyone else with the same need: https://raw.githubusercontent.com/s...8df95f26e/rootdir/etc/fstab.samsungexynos9810

To access /system I assume you need root access. Typically I would do this by flashing Magisk but I can't flash anything from recovery without a full wipe when the data partitions are encrypted. How does one get around this chicken-and-egg problem?

2. Connect Phone to PC then press "Charging this device via USB" from notification the choose file transfer

3. i flash the Disable_Dm-Verity_ForceEncrypt_11.02.2020.zip it disable the forced encryption
 

FerretallicA

Member
Jul 15, 2005
34
20
28
If anyone else wants to get their Note 9 up and running with this ROM with minimal hunting around, here's what I'd suggest (assuming coming from a stock firmware). You will end up with iode + Magisk + no 'data' encryption (so for example you can still access your Data partition from recovery).

You will need:
and also a PC for running the Odin software.

Summary of install steps
  • Update phone to latest official firmware

  • Restart phone in bootloader mode and flash TWRP with Odin. If you've never done this before there is a decent guide here: https://www.droidthunder.com/install-twrp-recovery-on-samsung

  • Restart phone in Recovery mode (TWRP).

  • Use Wipe -> Format to completely wipe the existing Data partition.

  • Copy the iode, Magisk and 'disable forced encryption' zip files to your phone. Then from TWRP install them in order of iode, Magisk and "Disable DmVerity ForceEncrypt". Do not restart the device in between each step.
 

FerretallicA

Member
Jul 15, 2005
34
20
28
2. Connect Phone to PC then press "Charging this device via USB" from notification the choose file transfer

3. i flash the Disable_Dm-Verity_ForceEncrypt_11.02.2020.zip it disable the forced encryption
2. it doesn't work. There is no such prompt on the phone. It's weird because I can see the phone just file and transfer files in recovery mode, just not when booted into the main OS. It works on pretty much every other Note 9 ROM i've tried for more than 5 minutes.

3. Thanks, I went by that route too in the end.
 

FerretallicA

Member
Jul 15, 2005
34
20
28
Having used this for over a week now, just reporting back that it has been rock solid and I get around 2.5 days of fairly average use between needing to charge.

Regarding the not showing up PC connection issue, it started working when I flashed the no-encrypt patch immediately after flashing the main ROM image. I'm not sure if it is directly related but I'm happy it's working anyway.

This is going to be my daily driver for the foreseeable future. Thanks to both Lineage and iode teams for making it easier than ever to have a stable and functional Android device with as little Google snoopery as possible. Great work!