[ROM][Unofficial][9.0.0][microG][signed]LineageOS 16.0 for Osprey

Search This thread
  • Like
Reactions: jemail and coldgin_
Last edited:
Corrected Build

Hi all,
I have pushed a new build and the Updater now offers the new build to download and install.
The download link also has been adapted in the OP and the previous post.

In the build provided yesterday, by accident, the "basic" F-Droid version, instead of the full version, had been shipped - this has lead to some issues. (When building F-Droid from source, two APKs are built and I accidentically took the wrong one) Sorry for the inconvenience.
 
  • Like
Reactions: jemail and coldgin_
How do I disable ad blocking on the rom?
You mean the hosts file?
In that case, rename the file /system/etc/hosts and create a new file /system/etc/hosts with only those entries:
Code:
127.0.0.1       localhost
::1             ip6-localhost

Either do that via adb session in recovery mode or you need to do 'adb root' and 'adb remount' first, when you connect to your live system.

If you want to permanently have it disabled, also set the "Restore hosts file during update" option in the developer settings, so no updated hosts file with further blocked ad-crap is installed during an update.
 

ily_android

Member
Dec 12, 2022
5
2
@MSe1969
Thank you very much for your ROM, it is very good! But could you check why Microsoft Remote Desktop APP doesn't work using your ROM? I had to go back to Resurection Remix (by Google services) to be able to use that app. Do you think you could fix it? I miss your ROM very much!

Thanks a lot in advance!
 
@MSe1969
Thank you very much for your ROM, it is very good! But could you check why Microsoft Remote Desktop APP doesn't work using your ROM? I had to go back to Resurection Remix (by Google services) to be able to use that app. Do you think you could fix it? I miss your ROM very much!

Thanks a lot in advance!
Can you provide some more details of what is not working? Does the app crash or refuse to work? Or can't you establish an RD session?
In general, I would need a Windows server/system, to which I could connect, which is a problem for me, as I privately do not use Windows at all...
 
  • Like
Reactions: ily_android

ily_android

Member
Dec 12, 2022
5
2
Can you provide some more details of what is not working? Does the app crash or refuse to work? Or can't you establish an RD session?
In general, I would need a Windows server/system, to which I could connect, which is a problem for me, as I privately do not use Windows at all...
The app doesn't work, it doesn't crash but it doesn't allow me to connect. I got a message that "Unable to connect" (or so I remember about 3 months ago).

And don't worry, I can give you a VPS with Windows to do your tests! If you like I can create one for you in Amazon Aws and send you the details by private message.
 
Hello ily_android,

thanks for providing the VPS to me - I was able to have a quick look:

The Microsoft RD app (as expected) does some Google & DRM BS* exercise, and this is, what makes it fail:

Code:
12-13 12:51:44.773 11776 11873 I ¯\_(ツ)_/¯ : OKHTTP [200] https://android.clients.google.com/fdfe/purchase?ot=1&doc=com.microsoft.rdc.androidx&vc=277
12-13 12:51:44.901 11776 11873 I ¯\_(ツ)_/¯ : OKHTTP [200] https://android.clients.google.com/fdfe/delivery?dtok=AB-xQnrkERAe1qQPGnXxIo_lbTtMwAixseyEkR0riFHiIROy-iMIcNVGz1j5os9BBeJWKaEex9NYPpoeuRbZA5x3l1wCwWX2GRI26N6VOs-EzoNpmVedwhRynENqqp1ZLXxiUnJQDNl-&ot=1&doc=com.microsoft.rdc.androidx&vc=277
12-13 12:51:44.930 11879 11879 F linker  : CANNOT LINK EXECUTABLE "/vendor/bin/hw/[email protected]": library "[email protected]" not found
12-13 12:51:45.083 11776 11776 I ¯\_(ツ)_/¯ : Updating Remote Desktop
. . .
12-13 12:51:49.934 11888 11888 F linker  : CANNOT LINK EXECUTABLE "/vendor/bin/hw/[email protected]": library "[email protected]" not found
12-13 12:51:54.957 11890 11890 F linker  : CANNOT LINK EXECUTABLE "/vendor/bin/hw/[email protected]": library "[email protected]" not found
12-13 12:51:59.982 11892 11892 F linker  : CANNOT LINK EXECUTABLE "/vendor/bin/hw/[email protected]": library "[email protected]" not found
12-13 12:52:04.981 11894 11894 F linker  : CANNOT LINK EXECUTABLE "/vendor/bin/hw/[email protected]": library "[email protected]" not found

However, when e.g. using the "Parallels client" (App name: com.parallels.client - also available through Aurora store on G*Play), all works straight out of the box - see below, screenshot from my osprey :

1670937903164.png


Btw, Parallels is also being discussed in the feedbacks on G*Play for the Microsoft app as the far better RD alternative for Android.

For sure, I should try to get hold of that DRM lib, which would also improve potentially other app compatibility (but e.g. Netflix app works w/o issues), but I can't promise to get that working - let's see...

How long do you want to keep that VPS alive (as this is not free of charge for you)?
To get hold of that DRM lib could take some time, as I do not have too much time to spend on this...
(We can discuss via PM)

Cheers, M.
 
  • Love
Reactions: ily_android

ily_android

Member
Dec 12, 2022
5
2
Hello ily_android,

thanks for providing the VPS to me - I was able to have a quick look:

The Microsoft RD app (as expected) does some Google & DRM BS* exercise, and this is, what makes it fail:

Code:
12-13 12:51:44.773 11776 11873 I ¯\_(ツ)_/¯ : OKHTTP [200] https://android.clients.google.com/fdfe/purchase?ot=1&doc=com.microsoft.rdc.androidx&vc=277
12-13 12:51:44.901 11776 11873 I ¯\_(ツ)_/¯ : OKHTTP [200] https://android.clients.google.com/fdfe/delivery?dtok=AB-xQnrkERAe1qQPGnXxIo_lbTtMwAixseyEkR0riFHiIROy-iMIcNVGz1j5os9BBeJWKaEex9NYPpoeuRbZA5x3l1wCwWX2GRI26N6VOs-EzoNpmVedwhRynENqqp1ZLXxiUnJQDNl-&ot=1&doc=com.microsoft.rdc.androidx&vc=277
12-13 12:51:44.930 11879 11879 F linker  : CANNOT LINK EXECUTABLE "/vendor/bin/hw/[email protected]": library "[email protected]" not found
12-13 12:51:45.083 11776 11776 I ¯\_(ツ)_/¯ : Updating Remote Desktop
. . .
12-13 12:51:49.934 11888 11888 F linker  : CANNOT LINK EXECUTABLE "/vendor/bin/hw/[email protected]": library "[email protected]" not found
12-13 12:51:54.957 11890 11890 F linker  : CANNOT LINK EXECUTABLE "/vendor/bin/hw/[email protected]": library "[email protected]" not found
12-13 12:51:59.982 11892 11892 F linker  : CANNOT LINK EXECUTABLE "/vendor/bin/hw/[email protected]": library "[email protected]" not found
12-13 12:52:04.981 11894 11894 F linker  : CANNOT LINK EXECUTABLE "/vendor/bin/hw/[email protected]": library "[email protected]" not found

However, when e.g. using the "Parallels client" (App name: com.parallels.client - also available through Aurora store on G*Play), all works straight out of the box - see below, screenshot from my osprey :

View attachment 5784201

Btw, Parallels is also being discussed in the feedbacks on G*Play for the Microsoft app as the far better RD alternative for Android.

For sure, I should try to get hold of that DRM lib, which would also improve potentially other app compatibility (but e.g. Netflix app works w/o issues), but I can't promise to get that working - let's see...

How long do you want to keep that VPS alive (as this is not free of charge for you)?
To get hold of that DRM lib could take some time, as I do not have too much time to spend on this...
(We can discuss via PM)

Cheers, M.
Wow, thank you so much for that quick fix! And don't worry about the time it may take, you and I will check it privately c:
 
  • Like
Reactions: jemail and MSe1969
Wow, thank you so much for that quick fix! And don't worry about the time it may take, you and I will check it privately c:
OK, as already indicated:
You can use the 'Parallels client' as Android app for Windows Remote desktop sessions, so that will satisfy your needs for an RD app.

I have had a look for the DRM 1.2 stuff: This has been introduced in Android 10 only, and a back-port to Android 9 seems complex and difficult. Introducing new APIs from a higjher release usually is a recipe for trouble.
It is also, in my opinion, not really necessary, as for example the Widevine 1.2 stuff is already part of the build and works (e.g. Netflix app).

I don't know, why Microsoft has chosen this DRM approach for their RD app at all (as you have to license any Windows installation anyhow, so wondering, what they want to "protect" here - to me it is as weird as McD app making use of "Safetynet", which is evenly senseless) - normally, they should test their apps for all releases, which they officially support. (Or maybe Google brings the DRM BS as part of Gapps to lower releases than 10? Really no idea . . .)

So in short - thanks for providing the Windows VPS droplet - you can safely purge it now and save the money (or use it for your own purposes), as I won't spend further work on the DRM topic. You have a solution available, no Microsoft app messing around on your device (they are as "trustworthy" as G* or FB, so avoiding them on your device is in general a good choice).
 
  • Like
Reactions: ily_android

ily_android

Member
Dec 12, 2022
5
2
OK, as already indicated:
You can use the 'Parallels client' as Android app for Windows Remote desktop sessions, so that will satisfy your needs for an RD app.

I have had a look for the DRM 1.2 stuff: This has been introduced in Android 10 only, and a back-port to Android 9 seems complex and difficult. Introducing new APIs from a higjher release usually is a recipe for trouble.
It is also, in my opinion, not really necessary, as for example the Widevine 1.2 stuff is already part of the build and works (e.g. Netflix app).

I don't know, why Microsoft has chosen this DRM approach for their RD app at all (as you have to license any Windows installation anyhow, so wondering, what they want to "protect" here - to me it is as weird as McD app making use of "Safetynet", which is evenly senseless) - normally, they should test their apps for all releases, which they officially support. (Or maybe Google brings the DRM BS as part of Gapps to lower releases than 10? Really no idea . . .)

So in short - thanks for providing the Windows VPS droplet - you can safely purge it now and save the money (or use it for your own purposes), as I won't spend further work on the DRM topic. You have a solution available, no Microsoft app messing around on your device (they are as "trustworthy" as G* or FB, so avoiding them on your device is in general a good choice).
Thank you very much for the explanation and for taking the time, I will try the application.

I just flashed your rom and it's working great! It's a relief not to have all those GAPPS, my phone runs very fast.❤️

I only have 2 observations: The first is that when I set the dark/black theme the notifications and app drawer still appear in light mode.
And the second is that it would be nice to specify in the main post (Just a suggestion) that the easy way to root is with Magisk, because using the BIN SU of LIneage OS 16, does not work.

Greetings and thanks again! 🍻
 
Thank you very much for the explanation and for taking the time, I will try the application.

I just flashed your rom and it's working great! It's a relief not to have all those GAPPS, my phone runs very fast.❤️

I only have 2 observations: The first is that when I set the dark/black theme the notifications and app drawer still appear in light mode.
And the second is that it would be nice to specify in the main post (Just a suggestion) that the easy way to root is with Magisk, because using the BIN SU of LIneage OS 16, does not work.

Greetings and thanks again! 🍻
Thanks for the positive feedback.

Regarding root - please refer to the 4th post (Further tipps & tricks). Flashing the LineageOS root addon (use 'arm' as architecture) works flawlessly on my own device - what is your issue here?

Regarding app drawer and notifications, yes - your observation is correct.
Notifications are always in light mode, and the app drawer depends on your background picture, even if you explicitly specify the dark mode - seems to be a "feature" of LineageOS 16.0 - I haven't changed anything in this area compared to the standard LineageOS code and I won't do so (this is pure "cosmetics" for me)
 
  • Like
Reactions: jemail

cannondale0815

Senior Member
Apr 21, 2009
593
220
@MSe1969 I want to thank you for keeping my mother's old Moto G3 alive with this fantastic build! I didn't have any prior experience with microG and the Aurora app store, but it's pretty neat and feature complete, all wrapped into your great LOS build. Again, keep up the good work, there are people here like me who truly appreciate your efforts! Also, happy holidays :)
 
  • Like
Reactions: jemail and MSe1969

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    New build with January 2023 ASB patches

    Hi all,
    a new build is available for download and offered in the Updater app:
    • Custom build release 2023-01-01
    • microG 0.2.26.223616-16
    Happy flashing!
    Regards, M.
  • 13
    Welcome back!

    This thread is dedicated to provide Lineage-OS 16.0 builds for the Motorola Moto G 2015 (Osprey) with current security patches.

    You can consider this thread as kind of a successor of my LineageOS 14.1 Osprey thread
    Well, and as well also a 'successor' of my LineageOS 17.1 Osprey thread !

    Sounds weird? Well, here comes the explanation:
    In May 2020, I have created this thread as a successor of my LineageOS 14.1 builds. Until December 2020, I used to provide two build flavors, one for Standard LineageOS and one with my hardened microG build. From January 2021 onwards, I have provided my hardened microG build flavor with LineageOS 17.1 in above linked thread, whilst I had asked the users of the "Standard" flavor to simply switch to the official LineageOS 17.1 builds. It has turned out, that indeed Android 10 is the boundary, of what can be done with this old device. Especially the hardening measures ask for a stronger hardware, so the builds were "still okay", but not really as agile as the 16.0 builds (especially on an 8GB device). Based on own experience and user feedback in my 17.1 thread, I have finally decided to go back to Android 9 / LineageOS 16.0 - so here we are.

    I have decided to re-enable this thread instead of creating a new one, to allow you to better search for any answers and issues.

    Until December 2020, There were two build flavors available, both signed (see further below). Both builds have aimed at providing stable and reliable "daily-driver" builds. The last "Standard LineageOS 16.0" build can still be downloaded here - I will however not offer this build flavor any more.

    The build flavor, which I offer now again in this thread is my

    Security hardened microG build
    The latest build can be downloaded here.
    It is mainly based on the work of chil360 and the main features are:
    • Fork of Hybrid-X kernel with frequently applied security patches
    • Encryption fully functional
    • Enforcing SE Policy
    • OTA support
    • Pre-installed microG and F-Droid like the LineageOS for microG project (own fork)
    • Pre-installed AuroraStore
    • eSpeak TTS engine (FOSS TTS solution)
    • Backported Audio balance (accessibility settings) from Android 10
    • Additional security hardening features listed below
    • Access to /proc/net blocked for user apps
    • Bundled netmonitor app to allow network monitoring
    • Enhanced Privacy Guard: Switches for motion sensors and other sensors
    • Cloudflare as default DNS (instead of Google)
    • Privacy-preferred default settings
    • Optional blocking of Facebook- and Google-Tracking
    • Optional disable captive portal detection
    • Firewall UI
    • Increased max. password length of 64
    • No submission of IMSI/phone number to Google/Sony when GPS is in use
    • Default hosts file with many blocked ad/tracking sites
    • Privacy-enhanced Bromite SystemWebView
    • Additional restriction options for secondary users
    • Constified JNI method tables

    Current release levels
    Custom build release: 2023-01-01
    Security string: 2022-01-05
    AOSP tag: 9.0.0_r46
    Bromite Webview: M108


    Source-code and build instructions
    Kernel: https://github.com/lin16-microg/android_kernel_motorola_msm8916/tree/mse_v1
    Build manifest: https://github.com/lin16-microg/local_manifests

    Installation Instructions

    YOU ARE RESPONSIBLE SOLELY YOURSELF FOR ANY ACTIONS YOU DO WITH YOUR DEVICE !!!

    Please note - I won't explain any single aspect (e.g. how to install 'fastboot' on your PC or troubleshoot USB connectivity issues under Windows). Search the net and consult the search engine of your choice or look here in XDA, there is plenty information available.

    Pre-Requisites
    • Get familiar with the hardware keys of the Motorola Moto G 2015 (osprey) device, especially how to enter fastboot mode (switch phone off hold power + volume down together for about 3 seconds) and recovery mode (in fastboot mode, switch with volume key to the reboot recovery option and select with power key)
    • Activate the Developer options (Settings, about phone: tap 7 times on the build number), get into the new menu Developer options and activate, if available, the option "OEM unlocking")
    • Have fastboot and adb installed on your PC and make sure, you can connect via USB to your device in fastboot mode and via adb
    • Download the most current .ZIP file of this ROM and place it to your phone's internal memory or SD card
    • Only valid for the "standard build flavor": If you wish to install Google apps (GApps), please refer to the GApps section further below
    • An unlocked bootloader (read the warnings carefully and backup your data!)

    Install TWRP recovery
    If you come from stock ROM and have just unlocked your boot loader, this is the next thing to do. If you have already a working custom recovery on your device, there is no necessity to replace it. However - I recommend to use the official TWRP recovery from the TWRP site. The following instructions are based on TWRP.
    To install TWRP, download the TWRP.img file (Note: replace "TWRP.img" in the following instructions with the real file name) from this section to your PC, connect the phone via USB to your PC, get it into 'fastboot mode' and enter the following command on your PC:
    Code:
    fastboot flash recovery TWRP.img
    Afterwards, directly boot into 'recovery mode' (enter fastboot reboot on your PC and use the right hardware keys to get into recovery mode) - I recommend not to boot the phone's Android system after having flashed TWRP. Once TWRP has been launched, you may decide to reboot your phone and install the ROM at any time later. But the first boot after flashing TWRP should be TWRP in recovery mode.

    Advanced Wipe
    ONLY perform the steps described here, if you come from Stock ROM or a different Custom ROM!

    Boot into recovery mode. In TWRP, choose "Wipe", "Advanced" and spefify "Dalvik", "System", "Cache" and "Data" to be wiped. Make sure NOT to wipe "Internal memory" or "SD Card". Swipe to confirm the deletion and get back into the main menu.

    GApps
    DO NOT attempt to flash GApps on the "microG" build variant!
    For the "Standard" variant (if you really want to flash the "historic" build from December 2020), the following applies:
    You do not need to install GApps, but you may wish to do so. In that case, download GApps from here and put the .ZIP also to the SD card or Internal memory of your device. Choose ARM as platform, Android 9.0 and the flavor of your choice. I recommend "pico", as this leaves you the most freedom to only install, what you really need; you can later still install all the Google products you want and do not need to live with pre-installed Google applications you have no use for.
    (To be more precise, I EXPLICITLY DO NOT RECOMMEND any Gapps variant larger than "nano"!)

    Install the ROM
    In the TWRP main menu, choose "Install". A file manager appears to let you navigate to your internal memory (path /sdcard) or your SD card (path /external_sd). Choose the .ZIP file of the ROM and swipe to flash.
    If you update from a previous version of the ROM, you don't need to perform a wipe. If you had GApps already installed before the update, there is no need to flash them again. They will be automatically restored during the flash process. (Note: If you wish to get rid of GApps, navigate to TWRP's file manager in the Advanced section of the main menu, go to path /system/addon.d and delete the file 70-gapps.sh, before flashing the ROM update)
    If you come from a different ROM (or stock firmware), make sure that you have performed the Wipe steps above. If you wish to install GApps, select the respective .ZIP file directly afterwards, do not boot into Android before having flashed GApps.
    When finished flashing, return to the main menu, choose "Reboot" and then "System", which will cause your phone to boot into our Lineage OS 16.0 - be patient, the first boot after flashing a new ROM takes quite long!

    microG
    Only valid for the "microG" build variant: After the first installation of this ROM, you need to setup microG.
    Please read the instructions given on the LineageOS for microG site, section "Post Install - UnifiedNlp"


    Dealing with signed builds
    Please note, that my builds are signed with an own key. When you come from a different build, you cannot directly "dirty-flash" this build. You either have to perform a "clean flash" (recommended), or flash "interim-wise" one of my migration builds.

    If you don't want to perform a "clean flash" (which means, you will loose your data), you can work with my prepared "Migration Builds". Simply flash the respective Migration Build flavor (A or B) over your existing build. If you had Gapps before, make sure to also flash the respective Gapps (correct android version!) on top before rebooting and wipe cache and dalvik.
    A migration build resets the package signatures during each boot and thus supports "dirty-flashing" from a different build.
    If you choose to go that path, make sure to immediately perform the OTA update, which will be offered by the Updater app - stay on the migration build as short as possible and UNDER NO CIRCUMSTANCES install or update any app! (if you e.g. had Gapps installed before, deactivate auto-updates).
    The migration builds are foreseen to support the following scenarios only:
    • My Lineage 14.1 (Nougat) Osprey build variant A => my LineageOS 16.0 standard build >> use migration build A
    • Any Lineage 15.1 (Oreo) LineageOS build => my LineageOS 16.0 standard build >> use migration build A
    • Any Lineage 16.0 (Pie) LineageOS build => my LineageOS 16.0 standard build >> use migration build A
    • My Lineage 14.1 (Nougat) Osprey build variant B or C => my LineageOS 16.0 microG build >> use migration build B
    • One of my previous LineageOS 16.0 microG test builds => my LineageOS 16.0 microG build >> use migration build B
    In case you come from my LineageOS 14.1 Osprey builds, please read the detail migration instructions in this thread.
    Download sources:
    Migration Build A
    Migration Build B



    Bug reports:
    If you have a problem please create a post with these information:
    Original Kernel shipped with this rom:
    Build Date:
    And try to get log as described here


    Credits
    Android Open Source project (AOSP)
    LineageOS project
    chil360
    squid2
    microG project
    csagan5 (Bromite)
    Whyorean (AuroraStore)

    XDA:DevDB Information
    [ROM][Unofficial][9.0.0][signed]LineageOS 16.0 for Osprey, ROM for the Moto G 2015

    Contributors
    MSe1969
    Source Code: https://github.com/lin16-microg/local_manifests

    ROM OS Version: 9.x Pie
    ROM Kernel: Linux 3.10.x
    Based On: LineageOS

    Version Information
    Status:
    Stable
    Stable Release Date: 2023-01-08

    Created 2020-05-06
    Last Updated 2023-01-08
    8
    Change Log

    January 8th, 2023

    • Custom build release 2023-01-01
    • microG 0.2.26.223616-16

    December 12th, 2022
    • Custom build release 2022-12-01
    • Bromite Webview 108.0.5359.106
    • microG 0.2.26.223616-2

    November 14th, 2022
    • Custom build release 2022-11-01
    • Bromite Webview 106.0.5249.163
    • microG 0.2.25.223616-10
    • F-Droid 1.15.3
    • Timezone data updated to 2022f

    October 13th, 2022
    • Custom build release 2022-10-01
    • Bromite Webview 105.0.5195.147
    • microG 0.2.24.223616-61
    • APN configurations updated

    September 11th, 2022
    • Custom build release 2022-09-01
    • Many kernel patches
    • Bromite Webview updated to 104.0.5112.91
    • microG 0.2.24.214816-30
    • Contacts app slightly 'de-Googled'

    August 12th, 2022
    • Custom build release 2022-08-01
    • Bromite Webview updated to 103.0.5060.140

    July 16th, 2022
    • Custom build release 2022-07-01

    June 16th, 2022
    • Custom build release 2022-06-01
    • Some kernel patches
    • Bromite Webview on 102.0.5005.96
    • microG updated to 0.2.24.214816-11
    • F-Droid 1.15.2

    May 9th, 2022
    • Custom build release 2022-05-01
    • Some kernel patches
    • Bromite Webview on 101.0.4951.53
    • microG updated to 0.2.24.214816-10
    • Mozilla Location provider on 1.5.0
    • F-Droid 1.15

    April 15th, 2022
    • Custom build release 2022-04-01
    • Bromite System Webview updated to 100.0.4896.57

    March 17th, 2022
    • Custom build release 2022-03-01
    • Bromite System Webview updated to 99.0.4844.58
    • microG 0.2.24.214816-2
    • AuroraStore 4.1.1

    February 19th, 2022
    • Custom build release 2022-02-01
    • F-Droid updated to 1.14, F-Droid privileged extension to 0.2.13
    • Bromite System Webview updated to 97.0.4692.106
    • microG updated to 0.2.24.214816-2

    January 22nd, 2022
    • ASB Security string 2022-01-05
    • Some kernel patches
    • Backported Audio balance (accessibility settings) from Android 10

    December 26th, 2021
    • Relaunch of LineageOS 16.0 microG builds
    • ASB Security string 2021-12-05
    • Bromite Webview 96.0.4664.54
    • microG 0.22.214516-21
    • F-Droid 1.13
    • Many kernel sec. patches
    • Updated DRM blobs

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    December 18th, 2020
    • ASB Security string 2020-12-05
    • System Webview 87.0.4280.101 (Standard variant)
    • Bromite Webview 87.0.4280.106 (microG build variant)
    • Updated microG from upstream to 0.2.14.204215-15 (picked until 720b089)
    • F-Droid updated to 1.10-alpha1-114 (microG build variant)

    November 14th, 2020
    • ASB Security string 2020-11-05
    • Additional Fix for CVE-2020-15999
    • Fix of AOSP E-Mail widget
    • System Webview 86.0.4240.185 (Standard variant)
    • Bromite Webview 86.0.4240.181 (microG build variant)
    • Updated microG with fixes in GCM and EN API (microG build variant)
    • Replaced weak F-Droid signatures with ROM's V2 signatures (microG build variant)

    October 13th, 2020
    • ASB Security string 2020-10-05
    • Bromite Webview 86.0.4240.73 (microG build variant)
    • microG 0.2.12.203315 - including "Exposure notification API" for use of Covid tracing apps (microG build variant)
    • Additional hardening: bionic and constified JNI method tables (microG build variant)

    September 13th, 2020
    • ASB Security string 2020-09-05
    • Kernel: Wireguard tag v1.0.20200908
    • System Webview 85.0.4183.101 (Standard build variant)
    • Bromite Webview 85.0.4183.86 (microG build variant)
    • Added eSpeak TTS engine (microG build variant)

    August 10th, 2020
    • ASB Security string 2020-08-05
    • Kernel: Wireguard tag v1.0.20200729
    • System Webview 84.0.4147.89 (Standard build variant)
    • Bromite Webview 84.0.4147.113 (microG build variant)
    • Location of the firewall functionality moved to Network > Data usage in Settings (microG build variant)

    July 12th, 2020
    • ASB Security string 2020-07-05
    • Kernel: Wireguard tag v1.0.20200623
    • microG: updated prebuilt GmsCore fom /e/ project to fix FCM registration issues (microG build variant)
    • F-Droid updated to 1.8 / F-Droid privileged extension updated to 0.2.11 (microG build variant)
    • Aurorastore updated to 3.2.9 / AuroraServices updated to 1.0.6 (microG build variant)

    June 10th, 2020
    • ASB Security string 2020-06-05
    • Kernel: Wireguard tag v1.0.20200520
    • Disabled NearbyMessagingService and DiscoveryService (only relevant, if genuine Gapps are used) to improve WiFi performance, when BT is used
    • System Webview on 81.0.4044.138 (Standard build variant)
    • Bromite Webview on 83.0.4103.101 (microG build variant)
    • Sepolicy: Netmonitor exception f. "Tracker Control" app (microG build variant)

    May 6th, 2020
    Initial feature list:
    • OTA Support
    • Enforcing SELinux
    • Forked Hybrid-X kernel with native Wireguard support and current sec. patches
    • System Webview on 81.0.4044.117 (Standard Build)
    • Below listed initial features apply to the "microG" build variant:
    • Pre-installed microG and F-Droid same as the LineageOS for microG project
    • Pre-installed AuroraStore (Version 3.2.8) with AuroraServices 1.0.5
    • Access to /proc/net blocked for user apps
    • Bundled netmonitor app to allow network monitoring
    • Enhanced Privacy Guard: Switches for motion sensors and other sensors
    • Cloudflare as default DNS (instead of Google)
    • Privacy-preferred default settings
    • Optional blocking of Facebook- and Google-Tracking
    • Optional disable captive portal detection
    • Firewall UI
    • No submission of IMSI/IMEI to Google when GPS is in use
    • Default hosts file with many blocked ad/tracking sites
    • Privacy-enhanced Bromite SystemWebView 81.0.4044.127
    • Additional restrictions for secondary users
    • Increased password length
    8
    Detail features of "microG" build flavor

    1. Pre-installed microG and F-Droid
    same as the LineageOS for microG project

    2. Pre-installed AuroraStore
    works w/o having to enable the "unknown sources feature"

    3. Restrict access to /proc/net for user apps
    An adapted SELinux policy prevents user apps from accessing the /proc/net pseudo file system, which can be misused to monitor and track the phone's internet traffic. For technical backgrounds, see here. For the legitimate use case of the smart phone owner him/herself monitoring the network traffic to see, what the installed apps do, the app Privacy-Friendly Network Monitor has been bundled.

    4. Enhanced Privacy Guard - Sensor permission switches
    An own sensor template to control access to motion sensors ('ask' mode) and all other sensors (allowed by default, but can be restricted) has been implemented into the Privacy Guard.

    5. Cloudflare (instead of Google) default DNS
    Cloudflare DNS has a better privacy policy than Google Public DNS and has DNS-over-TLS and DNS-over-HTTPS. In the deafult DNS settings (as fallback) and network diagnostics, the Cloudflare DNS adresses 1.1.1.1 and 1.0.0.1 are specified as defaults (instead of Google's 8.8.8.8 and 8.8.4.4)

    6. Privacy-preferred default settings
    When newly installed, the below settings are defaulted, different from standard LineageOS 16.0 (all settings can be changed at any time later):
    • Privacy Guard is enabled on install (proposal during Setup)
    • Anonymous LineageOS statistics disabled (proposal during Setup)
    • The standard browsing app does not get the location runtime permission automatically assigned
    • Sensitive information is hidden on the lock screen
    • Camera app: Location tagging disabled by default
    Further, when a lock screen protection is set (PIN, pattern, password), the Nfc, Hotspot and airplane mode tiles require authentication and cannot be set without

    7. Optional blocking of Facebook- and Google-Tracking
    Settings => Network & Internet (scroll down)
    When activated, all outgoing connection attempts to Facebook servers will be suppressed.
    Same applies to Google, but certain apps on an internal exception list will still be able to connect (AuroraStore, microG, or e.g. NewPipe, if installed)

    8. Optional disable captive portal detection
    Settings => Network & Internet (scroll down)
    When activated, the system will not ping a specific Google server any longer when establishing a WiFi connection to determine, whether a captive portal is being used.

    9. No submission of IMSI or phone number to Google/Sony when GPS is in use
    GPS also works fine, if no SIM card is present, so there obviously is no benefit for the phone holder (different from other involved parties :rolleyes:) to provide this data . . .

    10. Default hosts file with many blocked ad/tracking sites
    The system's hosts file redirects a comprehensive list of URLs known to be adware, tracking, etc. to 127.0.0.1 (ipv4) and ::1 (ipv6)

    11. Privacy-enhanced Bromite SystemWebView
    Instead of the default Chromium System Webview component, the Bromite SystemWebView is used offering more privacy, more ad blocking and less Google tracking.

    12. Firewall UI
    Settings => Security & Location - Firewall
    Lists all apps and allows to restrict Internet access per app in regards to WiFi, mobile network or VPN
    This per-app feature is a standard feature in LineageOS, but the UI to show all apps is an Extra (taken from a topic in LineageOS's Gerrit - it may, or may not, become part of the official LineageOS one day)

    13. Maximum password length increased to 64

    14. Additional restriction options for secondary users
    - Disallow app installation option
    - Disallow audio recording option

    15. Miscellaneous hardening
    - hardened bionic lib
    - constified JNI method tables
    8
    New builds with June 2020 ASB

    Hi all,
    new builds with June 2020 sec. patches are available for download - they will also be offered for OTA update by the updater app within the next 30 minutes:

    A. Standard LineageOS 16.0
    https://sourceforge.net/projects/li...0200610-UNOFFICIAL-signed-osprey.zip/download
    • Sec. string 2020-06-05
    • System Webview on 81.0.4044.138
    • Kernel: Wireguard tag v1.0.20200520
    • Disabled NearbyMessagingService and DiscoveryService (only relevant, if genuine Gapps are used) to improve WiFi performance, when BT is used

    B. Security hardened microG build
    https://sourceforge.net/projects/li...-UNOFFICIAL-microG-signed-osprey.zip/download
    • Sec. string 2020-06-05
    • Bromite Webview on 83.0.4103.101
    • Kernel: Wireguard tag v1.0.20200520
    • Sepolicy: Netmonitor exception f. "Tracker Control" app (microG build variant)

    Note:
    This month, no platform patches have been applied (only kernel has been updated with many sec. patches):
    The AOSP tag android-9.0.0_r56, which was merged already in May, did already contain all patches, which were pushed again by Google in tag android-9.0.0_r57, which represents the June 2020 ASB.
    6
    New builds with July 2020 ASB patches

    Hi all,
    new builds are up and will soon be offered also as OTA update:

    A. Standard LineageOS 16.0
    https://sourceforge.net/projects/li...0200712-UNOFFICIAL-signed-osprey.zip/download
    • ASB Security string 2020-07-05
    • Kernel: Wireguard tag v1.0.20200623

    B. Security hardened microG build
    https://sourceforge.net/projects/li...-UNOFFICIAL-microG-signed-osprey.zip/download
    • ASB Security string 2020-07-05
    • Kernel: Wireguard tag v1.0.20200623
    • microG: updated prebuilt GmsCore fom /e/ project to fix FCM registration issues (fixes also the delay with Signal messenger)
    • F-Droid updated to 1.8 / F-Droid privileged extension updated to 0.2.11
    • Aurorastore updated to 3.2.9 / AuroraServices updated to 1.0.6

    Happy flashing - cheers, M.