I’m having some conflicts when it comes to lineage and similar OS. While, yes, they might be better from a privacy perspective (if you put the effort into it) and allow you to keep your phone longer, I simply do not trust that the OS can’t be tampered with. For many devices, there is a single person maintaining that version of lineage. Who guarantees that they don’t pipe important information to some server in a more or less clever way?
This should not be misunderstood as an argument for closed source. The problems I’m having with this type of open source is that the code differs from device to device, it is (at least as far as I know) possible to change enough of the code to become malicious while adapting it to another device, I don’t have the capacities to make sure that the code is actually safe, and they are not regularly audited. Hell, in some cases they are even provided without checksums.
So you trade the spying eyes against a possible barn door of insecurities.
Therefore, I much rather use audited ROMs like Graphene or Calyx, but they (mostly) require a device from the company that I am trying to avoid. It’s such a weird situation…
I’m having some conflicts when it comes to lineage and similar OS. While, yes, they might be better from a privacy perspective (if you put the effort into it) and allow you to keep your phone longer, I simply do not trust that the OS can’t be tampered with. For many devices, there is a single person maintaining that version of lineage. Who guarantees that they don’t pipe important information to some server in a more or less clever way? This should not be misunderstood as an argument for closed source. The problems I’m having with this type of open source is that the code differs from device to device, it is (at least as far as I know) possible to change enough of the code to become malicious while adapting it to another device, I don’t have the capacities to make sure that the code is actually safe, and they are not regularly audited. Hell, in some cases they are even provided without checksums. So you trade the spying eyes against a possible barn door of insecurities.
Therefore, I much rather use audited ROMs like Graphene or Calyx, but they (mostly) require a device from the company that I am trying to avoid. It’s such a weird situation…