• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[ROM][XA2][11.0] iodéOS = LineageOS 18.1 + MicroG + adblocker [10/09/2021]

Search This thread

santoscrew

New member
Dec 7, 2010
3
1
Having trouble with wireguard here. Haven't gone in depth yet but it seems to be very spotty. Browser works sometimes but other apps won't.

If I turn it off everything runs well. Gone the ProtonVPN (which is OpenVPN based) way and it generally works.

Have not had this problem on my other phones or on this phone with the official LineageOS.
 

s4msy

New member
Actually using your Rom and I really love it. THX.

Just a few questions:
The captive Portal change to kuketz is nice, but I had some trouble to connect to train-hotspots, a user interface to change this back to google would be useful.

I heavily using wireguard, it is in your rom a little bit laggy, why? Edit: I set DNS from Automatic to None and it is now faster.
Btw. If you are focused on privacy, a kernel support for wireguard would be really a game changer because no other custom rom on XA2 has a kernel with wireguard support. And it underlines the privacy aspect.
 
Last edited:

vince31fr

Senior Member
Dec 18, 2016
850
847
Toulouse
Having trouble with wireguard here. Haven't gone in depth yet but it seems to be very spotty. Browser works sometimes but other apps won't.

If I turn it off everything runs well. Gone the ProtonVPN (which is OpenVPN based) way and it generally works.

Have not had this problem on my other phones or on this phone with the official LineageOS.

A solution is proposed below.
We'll investigate these problems with some VPNs. It's probably due to bad interactions with our blocker.

Actually using your Rom and I really love it. THX.

Just a few questions:
The captive Portal change to kuketz is nice, but I had some trouble to connect to train-hotspots, a user interface to change this back to google would be useful.

I heavily using wireguard, it is in your rom a little bit laggy, why? Edit: I set DNS from Automatic to None and it is now faster.
Btw. If you are focused on privacy, a kernel support for wireguard would be really a game changer because no other custom rom on XA2 has a kernel with wireguard support. And it underlines the privacy aspect.

We'll consider adding wireguard kernel support, but we don't promise anything ;)

About captive portal: I think that the problem may be elsewhere. The captive portal URL is used in the following way :
- if you are connected to internet, you get a reply from the captive portal URL, so you know that you really have a connection to internet. You would have trouble with wifi when you are really connected to internet, if something bad happened with kuketz.
- if you are connected to a wifi but have no access to internet through it, you get no answer from kuketz, as well as you would have no answer from google: using one or the other would not change anything.

Edit: an OTA update will be pushed within a couple of days. Maybe some problems will be fixed...
 

s4msy

New member
Forget about the captive Portal. I think I did something wrong in the past by manually setting the CP on another rom. Ive tested a lot of train hotspots the last day and it is faster (the connection progress) than Google.

Adding wireguard to the kernel is actually a good progress. First all rumors about their beta/unstable status, and now Google itself consider to add wireguard to the kernel, but I dont think it will be backported. They will start at 5.4 or later. And this version is not around the corner.
 

iodeOS

Member
Jun 17, 2020
37
20
France
www.iode.tech
We are looking for beta testers volunteers!

Hi everyone.

As you may know, before officially deploying each update on all iodé smartphones, our team spends a few days testing that the update functions as expected.
We are thus looking for volunteers to help us testing our updates. The principle is very simple: as a beta tester, your will receive a notification to install each update a few days before the official one. You will only need to install it and report to our team possible anomalies on the use of your smartphone. If you encounter nothing wrong, then just enjoy the update before everyone ?.

If you'd like to become beta tester, feel free to join our 'iodé Beta Testers' Telegram app group.

Thank you and keep your data safe with iodé!
 
Last edited:

chrisrg

Member
Oct 25, 2020
13
5
Installed interesting iodeOS 20200925-pioneer on XA2 at the weekend and enjoying trying out.
The main draw was the privacy aspect and the latest microg, but I don't have v0.2.12 on the phone; it's v0.2.11. Am I missing an update from somewhere please?
 

chrisrg

Member
Oct 25, 2020
13
5
Both of those updates arrived OTA and installed smoothly. As I'm using iode on a spare XA2 at the moment I haven't quite got it set up how I would like it. The main difficulty has been getting notifications/blinking led with email. The first incoming email after the last update triggered the notification with sound and led, next email got sound and just one flash of led. Subsequent mail, sound only. Now I'm trying K9 to see how that goes.

Question is; should I expect blinking led's to be working with this OS? Edit & answer, yes. K9 working, so back to try email again!
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 5
    iode_20174.png


    Introduction

    iodéOS is a privacy-focused operating system powered by LineageOS and based on the Android mobile platform. iodéOS aims at protecting the user's privacy with a built-in adblocker and by freeing the smartphone from snitches.

    The objectives in the conception of this ROM are threefold:

    1. To keep the stability and security level of LineageOS, by minimizing the modifications made to the system. Apart the system modifications required by the adblocker, we mainly only added a few useful options commonly found in other custom ROMs, made some cosmetic changes, modified a few default settings to prevent data leaks to Google servers.
    2. To ease a quick adoption of this ROM by new users. We especially target users that are concerned by the protection of their privacy, but are not reluctant to still use inquisitive apps like Google ones. We thus included MicroG as well as a coherent set of default apps (all open source, with one exception), and simplified the initial setup of the system. Particularly, an initialization of MicroG has been made with GCM notifications allowed by default, a privacy-friendly network location provider (DéjàVu) pre-selected, as well as Nominatim Geocoder.
    3. To provide a new and powerful way of blocking ads, malwares, data leaks of all kinds to many intrusive servers. We are developing an analyzer, tightly integrated into the system, that captures all DNS requests and network traffic, as well as a user interface (the iodé app). Compared to some other well-known adblockers, this has the advantages of:
      • Avoiding to lock the VPN for that use. You can even use another adblocker that uses VPN technology alongside our blocker.
      • Being independent of the kind of DNS server used by the system or set by an independent app: classical DNS on UDP port 53 or any other one, DNS over TLS (DoT), DNS over HTTPS (DoH), ..., as we capture the DNS requests before they are transmitted to the system function that emits the DNS request. What we do not support, is DoH when it is natively built into applications, i.e. when an app communicates directly with a DoH server, without asking name resolution to the system. It would require to decrypt HTTPS packets between such an app and the DoH server, which may create a big security hole.
      • Precisely mapping DNS requests and network packets to the Android apps that emitted (or received) them.
      • Deciding which apps have a filtered network usage (by default, all apps), and which ones can communicate with blacklisted servers.
      The iodé blocker is already perfectly usable, although still in its infancy. Many features are lacking, like the possibility of clearing statistics (for specific apps or all), forbidding the collection of statistics for some apps, personalizing the blacklist, etc. We are actively developing it, and new functionalities will be regularly added.

    Features

    Changes in LineageOS to prevent data leaks:
    • Default DNS server: Google's DNS replaced by Quad9's 'unblocked' servers.
    • A-GPS: supl.google.com replaced by supl.vodafone.com.
    • Captive portal login: connectivitycheck.gstatic.com replaced by captiveportal.kuketz.de for connectivity check.
    • Dialer: Google default option replaced by OpenStreetMap for phone number lookup.

    Pre-installed apps:
    • MicroG core apps: GmsCore, GsfProxy, FakeStore, maps API.
    • NLP backends for MicroG : DejaVuNLPBackend (default), MozillaNLPBackend, AppleNLPBackend, RadioCellsNLPBackend, NominatimNLPBackend.
    • App stores : FDroid (with F-Droid Privileged Extension) and Aurora Store.
    • Browser: our own fork of Firefox (with Qwant as default search engine and telemetry disabled) instead of Lineage’s default browser Jelly.
    • SMS: QKSMS instead of Lineage's default SMS app.
    • Email: p≡p (Pretty Easy Privacy)
    • Maps/navigation: Magic Earth GPS & Navigation (the only one free but not open source).
    • Keyboard: OpenBoard instead of AOSP keyboard.
    • PDF: Pdf Viewer Plus.
    • Personnal notes: Carnet.
    • {Ad/Malware/Data leak}-blocker: iodé.
    • News: to keep users informed about our developments, as well as a FAQ.
    • Meteo: Geometric Weather

    Pre-included FDroid repository:

    The apps that we tweak or develop (microG services, the browser based on Firefox, the News app, ...) are available through a repository that we included in FDroid (check the "Apps for iodéOS" category). For this purpose and to avoid name conflicts of some apps, we also had to make a few changes in FDroid.

    Useful options from other custom ROMs:
    • Smart charging (disables charging when a given level is reached, to protect battery health).
    • Fingerprint vibration toggle.
    • Swipe down to clear all in recent apps (Android 10 only).

    Installation Instructions

    To download and flash our latest build, see https://gitlab.com/iode/ota.
    You can also find here direct links to the latest builds.

    Supported devices

    Sources

    Bug Reporting

    You can post a message in this thread or (preferred) open an issue here.

    Credits

    LineageOS is a free, community built, aftermarket firmware distribution of android, which is designed to increase performance and reliability over stock android for your device.
    All the source code for LineageOS is available in the LineageOS Github repo. If you would like to contribute to LineageOS, please visit their Wiki for more details.
    This ROM would be nothing without the tremendous work made on MicroG, and all the other open source apps that we included. We are very grateful to their authors.

    Contributors

    Direct contributors: @iodeOS, @vince31fr
    Indirect contributors (too numerous to list): All the people that contributed to the device tree, to LineageOS, and to the included open source apps.

    Sponsoring

    You can help in the development of this ROM by paying us a coffee here: https://paypal.me/iodeOS.

    Screenshots

    Screenshot_20201202-095321_Trebuchet.png
    Screenshot_20201202-095832_Trebuchet.png
    Screenshot_20200629-132938_iod%C3%A9.png
    Screenshot_20200629-132903_iod%C3%A9.png
    Screenshot_20200629-132849_iod%C3%A9.png
    Screenshot_20200629-132232_iod%C3%A9.png
    Screenshot_20200627-154642_iod%C3%A9.png
    Screenshot_20200627-154650_iod%C3%A9.png
    2
    Downloads : iodéOS

    • 10/09/2021 (build 20210828):
      • LineageOS updated (August security patch)
      • Preinstalled apps updated
      • Backup app included: Seedvault
      • microG now uninstallable: Settings -> Apps & notifications -> Preinstalled apps
      • New default accent color (clear blue from iodé logo)
    • 03/08/2021 (build 20210729):
      • Upgrade to Android 11 / LineageOS 18.1
      • Preinstalled apps UI reworked with the introduction of categories.
      • Dark theme in the iodé blocker UI (next improvement will be hosts customization).
      • p≡p (https://f-droid.org/fr/packages/security.pEp/) is now the defaut email client, and replaces lineageOS client which is no longer maintained.
      • Preinstalled apps updated to their latest version.
      • LineageOS updated (July security patch).
    • 28/05/2021 (build 20210525):
      • Different protection levels in iodé's blocker added: in addition to the default standard blocklist, we added three lists (socials, porn, extreme) that can be activated globally or on a per-app basis (more information in the FAQ).
      • Geometric Weather app added.
      • Preinstalled apps selection at setup wizard added.
      • Preinstalled apps including microG updated to their latest version.
      • LineageOS updated (May security patch).
    • 07/03/2021 (build 20210306):
      • Blocker UI improved: performance at startup, statistics display (with sortable columns), DNS stream
      • Preinstalled apps management (uninstall / reinstall) menu added (Settings -> Apps & Notifications -> Preinstalled apps)
      • Latest lineageOS sources synced
      • Default apps updated
    • 22/01/2021 (build 20210119):
      • LineageOS sources synced
      • Prebuilt apps updated
      • Activated Camera APIv2 in Snap
      • Force auto-update of apps in FDroid to keep in sync with iodé apps. It can be disabled.
    • 02/12/2020 (build 20201127):
      • LineageOS sources synced
      • Prebuilt apps updated
      • New default wallpaper
      • Firefox browser renamed as iodé Browser and logo changed due to trademark restrictions
      • The iodé blocker can now be correctly coupled with a VPN
    • 17/11/2020 (build 20201113):
      • Qwant replaced by a customized version Firefox, actually 83.1.0-rc1: Qwant or DDG as default search engine, alternate search engines added, telemetry disabled
      • iodé app (blocker): app switches replaced by shields around app icons, aggregated apps view in report, historical data deletion for each period by long press on an app line in report, black list updated
      • LineageOS sources synced
      • Prebuilt apps updated
      • Added a iodé category in FDroid, to quickly distribute the apps we customize. We had to fork FDroid for this purpose.
    • 30/09/2020 (build 20200925):
      • Synced LineageOS sources and device tree
      • microG updated to v0.2.12.203315 plus commits up to 25/09 (in-app maps now mostly working through Mapbox)
      • Prebuilt apps updated to their latest version
      • Welcome to "News": an app to keep users informed of latest iodé developments, as well a a FAQ.
    • 05/08/2020 (build 20200805):
      • Synced LineageOS sources and device tree
      • microG updated to v0.2.11.202414 plus commits up to 05/08
      • AppleNLP backend working again
      • Prebuilt apps updated to their latest version
    • 25/07/2020 (build 20200725): first publicly available build for pioneer.

    Downloads : add-ons
    • phonesky-magisk.zip : Magisk module for NanoDroid patched Play Store, for those who really need to get access to their paid apps that don't work with microG. This module can be generally be deactivated when you have installed and ran once the paid apps.
      NB : you may have to wait a couple of hours after activating the module for being able to install paid apps.
    • phonesky-magiskV2.zip : compatibility for the upcoming iodéOS 2.0 based on Android 11. It can ben installed on iodéOS 1.x based on Android 10 too.
      IMPORTANT : install this module or deactivate the previous one before installing iodéOS 2.0, or you'll be caught in a bootloop.
    2
    ### NEW UPDATE : 05/08/2020 ###
    Also available as an OTA update.
    Quick changelog:
    • Synced LineageOS sources and device tree
    • microG updated to v0.2.11.202414 plus commits up to 05/08
    • AppleNLP backend working again
    • Prebuilt apps updated to their latest version
    1
    Nice work!

    But I have a few questions.
    1. Why didn't you use the SODP device tree and BLOBs? The BLOBs have advantages like support for RAW, but unfortunately don't support treble.
    2. Why is this is based on LineageOS? AOSP is more secure than LineageOS is.
    3. Why do you include a browser? Fennec F-Droid is slower with security patches and the user will probably forget to update the browser.
    1. Lineage official support is based on stock, not sodp. As we are based on Lineage, this is clearly the best choice.
    2. Lineage adds plenty of useful options over aosp, many people work on it and improve it, even on security aspects. If you think it is less secure that aosp, please tell us why.
    3 We included Qwant, not Fennec. Right, we should have provided screenshots with Qwant ;)
    1
    Thanks for answering.

    LineageOS is not a security focused OS.
    iodéOS is not a security focused OS: it is a privacy focused OS. Of course the two aspects are related. What we want to avoid, is to weaken the security of the base OS, that's why we limit modifications, carefully review the one we make, include a very limited set of features from other custom roms, ...

    Btw: as a security specialist that I know used to say, the only secure electronic device that exists, is the one that you leave turned off in a safety vault... There are always bugs and security holes even in the most secure code. Fortunately with open source code, vulnerabilities are the most often quickly fixed.

    From my limited understanding I think they weaken selinux policies. They don't have proper rollback protection. (I don't think aosp has that if you have an unlocked bootloader). They merge a lot of "questionable" stuff from codeauroara. They add attack surface.

    I have seen on the official LOS github repo that one person remove all the sepolicy files from a device tree with a note that they are going to create their own (sepolicy).

    Source : https://www.reddit.com/r/Copperhead..._anyone_technically_explain_why_lineageos_as/ the reply by DanielMicay a developer of GrapheneOs (used to be copperhead)
    You report here what a developer of GrapheneOS says: is he the more objective to make a comparison between its own OS and Lineage ?... ;)
    I see that he makes a lot of criticism about lineage, and it's alway easier to make criticism of an open-source project than good contributions... here is one for his project: does an OS developed by nearly a single guy (look at its github repo), can really be so secure ?... Without perhaps anyone reviewing his code ?

    No rollback protection is a feature, not a bug. If you're not happy with the last update, you can switch back to the previous release, which is fine. I don't think that anti-rollback is a feature of AOSP: OEM's are free to implement that, or not, in their AOSP-based roms.

    What is much "questionable" in codeaurora, than in any other open source repo ? New vulnerabilities may be included in any merged code, even the most secured one... Codeaurora is fed by Qualcomm, which is after all the most appropriate one to give code for their SOCs, and many people contribute to CAF.

    About attack surface, what is mentioned in your source is outdated: ffmpeg is no more included in lineage (look at e.g. this commit). Vulnerabilities are fixed when they are discovered, as in any other code.

    About sepolicy in device tree: maybe the devs of that dt based their work on a previous tree, were not happy with the existing sepolicy, and decided to create a new one, which is fine. The vast majority of the sepolicy is included in AOSP+lineage+qualcomm+... repos, only small adaptations are needed for each device. Also, there are safeguards in the common sepolicy: the so-called neverallow rules. Official lineage devices must respect these rules, which is not the case in some other custom roms, which moreover make heavy modifications of the basic AOSP sepolicy. Lineage of course modified the AOSP sepolicy to suit their needs for new features, but many people review the code, before its acceptance in gerrit, and probably after. All commits are reviewed many times. Yes, this can weaken AOSP sepolicy, but as I already said, as soon as you include new code, you include new vulnerabilities. Google does exactly the same with its code: new features, new bugs, new vulnerabilities. If it wasn't the case, why would they monthly publish "security patches" ?...

    The advantage of Lineage over all other custom roms is the number of people working on it, improving it, reviewing code, etc. Some of its developers are certainly better than many google devs, and there are many AOSP bugs and vulnerabilities that are fixed in lineage...

    Another question
    1. How do you implement signature spoofing? Does the is grant signature spoofing automatically to any app? Or do you have to allow it like a permission? (OmniRom does this)
    Patches are available here (https://github.com/microg/android_packages_apps_GmsCore/tree/master/patches). For Q, the P patch needs to be a bit adapted (some files have been moved elsewhere in the file tree).
    Signature spoofing is only granted to system apps which have android.permission.FAKE_PACKAGE_SIGNATURE in their permission file. In iodé: only GmsCore is allowed, of course.

    2. Will the os be open sourced?
    We answered here and here.