• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[ROM][XA2][11.0] iodéOS = LineageOS 18.1 + MicroG + adblocker [10/09/2021]

Search This thread

samhhmobil

Senior Member
May 25, 2017
347
186
Hamburg
As you can see, we prepare the jump to Android 11... Could you explain in details what you need with fbind, what do you exactly do with fbind ? There maybe a solution (selinux rules, ...).
About Root essentials : did you try to remove the blocker protection on it ? Apparently there are ads and trackers in this app, this may be th reason (and the reason why I would not recommend this app btw).
Hello @vince31fr

The need to use "fbind" results from two topics:

1.) The small storage of 32GB (just less than 20GB usable as "internal storage), but there are several Apps, which need some GB of space exactly in this internal storage (f.e. TomTom-GO, Signal-Messenger, Threema-Messenger, but — even if I hate it — WhatsApp with several GB of media data), and the internal storage of the XA2 is too small.

2.) LineageOS does not deal cleanly with "adopted storage". It's documented. Nevertheless I tried to establish that instead of using "fbind" with LOS18.1. The adopted storage was there, but every file written there was inaccessible(corrupted?) later.

fbind works cleanly with every LOS until Android10 (even with your actual iodéOS together with magisk).

Without this way of storage enhancement the XA2 is useless to me.

And the dev/author of "fbind" knows about this problem with Google's "isolated storage feature" in Android11 and has no solution yet:

Look here for "TODO.txt".

Thanks a lot,
samhhmobil

PS
Fortunately I have a second XA2 for testing such things... :)
 
Last edited:

pepepepep

New member
Jul 16, 2021
2
2
Hi,

just got a refurb XA2 and very much like the idea of iodéOS. Thank you for this project!
One obstacle I face at the moment:
I have trouble with video playback. Any video (regardless of x264 or x265) is not playing back properly. Laggy playback, no sound.
-Videos in FullHD x264 from SD card
-videos recorded by the camera (x265)
-youtube videos played back by YoutubeVanced or browser

I read to set switch in Dev settings "Disable Hardware overlay on". But when I do, this doesn't change anything. Moreover, after reboot this setting is reversed!

What am I missing? Can anyone confirm.


EDIT:
I am sorry for not having read the solution on the previous page *embarassing*
Ignore my post, I will try to update the firmware tomorrow...
 
Last edited:

vince31fr

Senior Member
Dec 18, 2016
850
846
Toulouse
*** New Update : 03/08/2021 ***

iodéOS 2.0 : based on Android 11 / LineageOS 18.1
Available as OTA (see OP)

BEWARE: the play store magisk module given in the OP (unofficially supported) needs to be updated *before* updgrading to iodéOS 2.0 to avoid a bootloop. You can find the updated version in the OP.
 
  • Like
Reactions: mx82

LolRoll

New member
Nov 19, 2010
2
0
Hi,
has anyone managed to install Magisk on the 2.0 release? Everything else works, but I just get crashes with the Magisk zip provided in the original post.
Edit: I just installed the stock Magisk from the website via TWRP and it seems to be working for now.
 
Last edited:

vince31fr

Senior Member
Dec 18, 2016
850
846
Toulouse
Hi,
has anyone managed to install Magisk on the 2.0 release? Everything else works, but I just get crashes with the Magisk zip provided in the original post.
Edit: I just installed the stock Magisk from the website via TWRP and it seems to be working for now.
The file provided in the OP is not magisk itself: it is a magisk module to be installed after installing magisk, that provides a patched play store.
 

steve8x8

Senior Member
Jul 7, 2014
408
136
Samsung Galaxy S4 Mini
OnePlus One
I had no sound from all videos and music files: no sound from youtube, music stored into the phone, videos received via whatsapp or telegram and so on. And all videos where played slowly.
All other sounds like ringtones and phone warning tones were perfectly working.
I saw on the net that other people had the same problems with LineageOS.
This is the link to the patch:
pioneer_modem_bt_dsp_50.2.A.3.22
What build were you running before? (.22 would be a downgrade from .77 for me)
 

Top Liked Posts

  • There are no posts matching your filters.
  • 5
    iode_20174.png


    Introduction

    iodéOS is a privacy-focused operating system powered by LineageOS and based on the Android mobile platform. iodéOS aims at protecting the user's privacy with a built-in adblocker and by freeing the smartphone from snitches.

    The objectives in the conception of this ROM are threefold:

    1. To keep the stability and security level of LineageOS, by minimizing the modifications made to the system. Apart the system modifications required by the adblocker, we mainly only added a few useful options commonly found in other custom ROMs, made some cosmetic changes, modified a few default settings to prevent data leaks to Google servers.
    2. To ease a quick adoption of this ROM by new users. We especially target users that are concerned by the protection of their privacy, but are not reluctant to still use inquisitive apps like Google ones. We thus included MicroG as well as a coherent set of default apps (all open source, with one exception), and simplified the initial setup of the system. Particularly, an initialization of MicroG has been made with GCM notifications allowed by default, a privacy-friendly network location provider (DéjàVu) pre-selected, as well as Nominatim Geocoder.
    3. To provide a new and powerful way of blocking ads, malwares, data leaks of all kinds to many intrusive servers. We are developing an analyzer, tightly integrated into the system, that captures all DNS requests and network traffic, as well as a user interface (the iodé app). Compared to some other well-known adblockers, this has the advantages of:
      • Avoiding to lock the VPN for that use. You can even use another adblocker that uses VPN technology alongside our blocker.
      • Being independent of the kind of DNS server used by the system or set by an independent app: classical DNS on UDP port 53 or any other one, DNS over TLS (DoT), DNS over HTTPS (DoH), ..., as we capture the DNS requests before they are transmitted to the system function that emits the DNS request. What we do not support, is DoH when it is natively built into applications, i.e. when an app communicates directly with a DoH server, without asking name resolution to the system. It would require to decrypt HTTPS packets between such an app and the DoH server, which may create a big security hole.
      • Precisely mapping DNS requests and network packets to the Android apps that emitted (or received) them.
      • Deciding which apps have a filtered network usage (by default, all apps), and which ones can communicate with blacklisted servers.
      The iodé blocker is already perfectly usable, although still in its infancy. Many features are lacking, like the possibility of clearing statistics (for specific apps or all), forbidding the collection of statistics for some apps, personalizing the blacklist, etc. We are actively developing it, and new functionalities will be regularly added.

    Features

    Changes in LineageOS to prevent data leaks:
    • Default DNS server: Google's DNS replaced by Quad9's 'unblocked' servers.
    • A-GPS: supl.google.com replaced by supl.vodafone.com.
    • Captive portal login: connectivitycheck.gstatic.com replaced by captiveportal.kuketz.de for connectivity check.
    • Dialer: Google default option replaced by OpenStreetMap for phone number lookup.

    Pre-installed apps:
    • MicroG core apps: GmsCore, GsfProxy, FakeStore, maps API.
    • NLP backends for MicroG : DejaVuNLPBackend (default), MozillaNLPBackend, AppleNLPBackend, RadioCellsNLPBackend, NominatimNLPBackend.
    • App stores : FDroid (with F-Droid Privileged Extension) and Aurora Store.
    • Browser: our own fork of Firefox (with Qwant as default search engine and telemetry disabled) instead of Lineage’s default browser Jelly.
    • SMS: QKSMS instead of Lineage's default SMS app.
    • Email: p≡p (Pretty Easy Privacy)
    • Maps/navigation: Magic Earth GPS & Navigation (the only one free but not open source).
    • Keyboard: OpenBoard instead of AOSP keyboard.
    • PDF: Pdf Viewer Plus.
    • Personnal notes: Carnet.
    • {Ad/Malware/Data leak}-blocker: iodé.
    • News: to keep users informed about our developments, as well as a FAQ.
    • Meteo: Geometric Weather

    Pre-included FDroid repository:

    The apps that we tweak or develop (microG services, the browser based on Firefox, the News app, ...) are available through a repository that we included in FDroid (check the "Apps for iodéOS" category). For this purpose and to avoid name conflicts of some apps, we also had to make a few changes in FDroid.

    Useful options from other custom ROMs:
    • Smart charging (disables charging when a given level is reached, to protect battery health).
    • Fingerprint vibration toggle.
    • Swipe down to clear all in recent apps (Android 10 only).

    Installation Instructions

    To download and flash our latest build, see https://gitlab.com/iode/ota.
    You can also find here direct links to the latest builds.

    Supported devices

    Sources

    Bug Reporting

    You can post a message in this thread or (preferred) open an issue here.

    Credits

    LineageOS is a free, community built, aftermarket firmware distribution of android, which is designed to increase performance and reliability over stock android for your device.
    All the source code for LineageOS is available in the LineageOS Github repo. If you would like to contribute to LineageOS, please visit their Wiki for more details.
    This ROM would be nothing without the tremendous work made on MicroG, and all the other open source apps that we included. We are very grateful to their authors.

    Contributors

    Direct contributors: @iodeOS, @vince31fr
    Indirect contributors (too numerous to list): All the people that contributed to the device tree, to LineageOS, and to the included open source apps.

    Sponsoring

    You can help in the development of this ROM by paying us a coffee here: https://paypal.me/iodeOS.

    Screenshots

    Screenshot_20201202-095321_Trebuchet.png
    Screenshot_20201202-095832_Trebuchet.png
    Screenshot_20200629-132938_iod%C3%A9.png
    Screenshot_20200629-132903_iod%C3%A9.png
    Screenshot_20200629-132849_iod%C3%A9.png
    Screenshot_20200629-132232_iod%C3%A9.png
    Screenshot_20200627-154642_iod%C3%A9.png
    Screenshot_20200627-154650_iod%C3%A9.png
    2
    Downloads : iodéOS

    • 10/09/2021 (build 20210828):
      • LineageOS updated (August security patch)
      • Preinstalled apps updated
      • Backup app included: Seedvault
      • microG now uninstallable: Settings -> Apps & notifications -> Preinstalled apps
      • New default accent color (clear blue from iodé logo)
    • 03/08/2021 (build 20210729):
      • Upgrade to Android 11 / LineageOS 18.1
      • Preinstalled apps UI reworked with the introduction of categories.
      • Dark theme in the iodé blocker UI (next improvement will be hosts customization).
      • p≡p (https://f-droid.org/fr/packages/security.pEp/) is now the defaut email client, and replaces lineageOS client which is no longer maintained.
      • Preinstalled apps updated to their latest version.
      • LineageOS updated (July security patch).
    • 28/05/2021 (build 20210525):
      • Different protection levels in iodé's blocker added: in addition to the default standard blocklist, we added three lists (socials, porn, extreme) that can be activated globally or on a per-app basis (more information in the FAQ).
      • Geometric Weather app added.
      • Preinstalled apps selection at setup wizard added.
      • Preinstalled apps including microG updated to their latest version.
      • LineageOS updated (May security patch).
    • 07/03/2021 (build 20210306):
      • Blocker UI improved: performance at startup, statistics display (with sortable columns), DNS stream
      • Preinstalled apps management (uninstall / reinstall) menu added (Settings -> Apps & Notifications -> Preinstalled apps)
      • Latest lineageOS sources synced
      • Default apps updated
    • 22/01/2021 (build 20210119):
      • LineageOS sources synced
      • Prebuilt apps updated
      • Activated Camera APIv2 in Snap
      • Force auto-update of apps in FDroid to keep in sync with iodé apps. It can be disabled.
    • 02/12/2020 (build 20201127):
      • LineageOS sources synced
      • Prebuilt apps updated
      • New default wallpaper
      • Firefox browser renamed as iodé Browser and logo changed due to trademark restrictions
      • The iodé blocker can now be correctly coupled with a VPN
    • 17/11/2020 (build 20201113):
      • Qwant replaced by a customized version Firefox, actually 83.1.0-rc1: Qwant or DDG as default search engine, alternate search engines added, telemetry disabled
      • iodé app (blocker): app switches replaced by shields around app icons, aggregated apps view in report, historical data deletion for each period by long press on an app line in report, black list updated
      • LineageOS sources synced
      • Prebuilt apps updated
      • Added a iodé category in FDroid, to quickly distribute the apps we customize. We had to fork FDroid for this purpose.
    • 30/09/2020 (build 20200925):
      • Synced LineageOS sources and device tree
      • microG updated to v0.2.12.203315 plus commits up to 25/09 (in-app maps now mostly working through Mapbox)
      • Prebuilt apps updated to their latest version
      • Welcome to "News": an app to keep users informed of latest iodé developments, as well a a FAQ.
    • 05/08/2020 (build 20200805):
      • Synced LineageOS sources and device tree
      • microG updated to v0.2.11.202414 plus commits up to 05/08
      • AppleNLP backend working again
      • Prebuilt apps updated to their latest version
    • 25/07/2020 (build 20200725): first publicly available build for pioneer.

    Downloads : add-ons
    • phonesky-magisk.zip : Magisk module for NanoDroid patched Play Store, for those who really need to get access to their paid apps that don't work with microG. This module can be generally be deactivated when you have installed and ran once the paid apps.
      NB : you may have to wait a couple of hours after activating the module for being able to install paid apps.
    • phonesky-magiskV2.zip : compatibility for the upcoming iodéOS 2.0 based on Android 11. It can ben installed on iodéOS 1.x based on Android 10 too.
      IMPORTANT : install this module or deactivate the previous one before installing iodéOS 2.0, or you'll be caught in a bootloop.
    2
    ### NEW UPDATE : 05/08/2020 ###
    Also available as an OTA update.
    Quick changelog:
    • Synced LineageOS sources and device tree
    • microG updated to v0.2.11.202414 plus commits up to 05/08
    • AppleNLP backend working again
    • Prebuilt apps updated to their latest version
    1
    Nice work!

    But I have a few questions.
    1. Why didn't you use the SODP device tree and BLOBs? The BLOBs have advantages like support for RAW, but unfortunately don't support treble.
    2. Why is this is based on LineageOS? AOSP is more secure than LineageOS is.
    3. Why do you include a browser? Fennec F-Droid is slower with security patches and the user will probably forget to update the browser.
    1. Lineage official support is based on stock, not sodp. As we are based on Lineage, this is clearly the best choice.
    2. Lineage adds plenty of useful options over aosp, many people work on it and improve it, even on security aspects. If you think it is less secure that aosp, please tell us why.
    3 We included Qwant, not Fennec. Right, we should have provided screenshots with Qwant ;)
    1
    Thanks for answering.

    LineageOS is not a security focused OS.
    iodéOS is not a security focused OS: it is a privacy focused OS. Of course the two aspects are related. What we want to avoid, is to weaken the security of the base OS, that's why we limit modifications, carefully review the one we make, include a very limited set of features from other custom roms, ...

    Btw: as a security specialist that I know used to say, the only secure electronic device that exists, is the one that you leave turned off in a safety vault... There are always bugs and security holes even in the most secure code. Fortunately with open source code, vulnerabilities are the most often quickly fixed.

    From my limited understanding I think they weaken selinux policies. They don't have proper rollback protection. (I don't think aosp has that if you have an unlocked bootloader). They merge a lot of "questionable" stuff from codeauroara. They add attack surface.

    I have seen on the official LOS github repo that one person remove all the sepolicy files from a device tree with a note that they are going to create their own (sepolicy).

    Source : https://www.reddit.com/r/Copperhead..._anyone_technically_explain_why_lineageos_as/ the reply by DanielMicay a developer of GrapheneOs (used to be copperhead)
    You report here what a developer of GrapheneOS says: is he the more objective to make a comparison between its own OS and Lineage ?... ;)
    I see that he makes a lot of criticism about lineage, and it's alway easier to make criticism of an open-source project than good contributions... here is one for his project: does an OS developed by nearly a single guy (look at its github repo), can really be so secure ?... Without perhaps anyone reviewing his code ?

    No rollback protection is a feature, not a bug. If you're not happy with the last update, you can switch back to the previous release, which is fine. I don't think that anti-rollback is a feature of AOSP: OEM's are free to implement that, or not, in their AOSP-based roms.

    What is much "questionable" in codeaurora, than in any other open source repo ? New vulnerabilities may be included in any merged code, even the most secured one... Codeaurora is fed by Qualcomm, which is after all the most appropriate one to give code for their SOCs, and many people contribute to CAF.

    About attack surface, what is mentioned in your source is outdated: ffmpeg is no more included in lineage (look at e.g. this commit). Vulnerabilities are fixed when they are discovered, as in any other code.

    About sepolicy in device tree: maybe the devs of that dt based their work on a previous tree, were not happy with the existing sepolicy, and decided to create a new one, which is fine. The vast majority of the sepolicy is included in AOSP+lineage+qualcomm+... repos, only small adaptations are needed for each device. Also, there are safeguards in the common sepolicy: the so-called neverallow rules. Official lineage devices must respect these rules, which is not the case in some other custom roms, which moreover make heavy modifications of the basic AOSP sepolicy. Lineage of course modified the AOSP sepolicy to suit their needs for new features, but many people review the code, before its acceptance in gerrit, and probably after. All commits are reviewed many times. Yes, this can weaken AOSP sepolicy, but as I already said, as soon as you include new code, you include new vulnerabilities. Google does exactly the same with its code: new features, new bugs, new vulnerabilities. If it wasn't the case, why would they monthly publish "security patches" ?...

    The advantage of Lineage over all other custom roms is the number of people working on it, improving it, reviewing code, etc. Some of its developers are certainly better than many google devs, and there are many AOSP bugs and vulnerabilities that are fixed in lineage...

    Another question
    1. How do you implement signature spoofing? Does the is grant signature spoofing automatically to any app? Or do you have to allow it like a permission? (OmniRom does this)
    Patches are available here (https://github.com/microg/android_packages_apps_GmsCore/tree/master/patches). For Q, the P patch needs to be a bit adapted (some files have been moved elsewhere in the file tree).
    Signature spoofing is only granted to system apps which have android.permission.FAKE_PACKAGE_SIGNATURE in their permission file. In iodé: only GmsCore is allowed, of course.

    2. Will the os be open sourced?
    We answered here and here.