this post was submitted on 01 Sep 2023
25 points (100.0% liked)

Android

407 readers
5 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

πŸ”—Universal Link: !android@lemdro.id


πŸ’‘Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.


Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

πŸ’¬Matrix Chat

πŸ’¬Telegram channels / chats

πŸ“°Our communities below


Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

Chat and More


founded 1 year ago
MODERATORS
 

OEM ROM:

  • just works / ootbe
  • proprietary features
  • project mainline: security updates and some system components updated independently of OEM after EOL
  • safety net / play integrity
  • look & feel is on a higher level than an average custom ROM
  • years after EOL, majority of apps will still support the ROM, kitkat is loosing support from play services this year, majority of apps target lolipop.

Custom ROM:

  • fun with tinkering
  • risks, worries, time spent
  • more updates
  • hit & miss -> either better or worse battery life, these are often targeting middle-school boys fanatic about anime, overclocking destroys heat management and battery life, safety net can stop working any day
  • sketchy hacks to get some services for free etc.
  • nice hacks to get 80% battery charging limit, underclock, automate tasks
  • huge fragmentation and duplication of effort that leads nowhere among tons of ROMS, competition among them does not do any good currently as they have no incentive to compete
  • unlocked bootloader -> less security when it's confiscated; but some people are able to lock the bootloader on a custom ROM.
  • on one hand increased privacy, but not many people audit custom ROMS, so they pose higher security and privacy risks.

I just scratched the surface, but I think custom ROMS have failed people like me who value having no worries about safety net limiting their contactless payments, cards for public transportation within apps, those who value battery life and love underclocks, professional look instead of kitsch, peace of mind, features out of the box like dolby atmos, additional features from the OEM like gesture screenshots, scrolling screenshots and a lot other features.

Let me know if I'm wrong in the comments.

top 15 comments
sorted by: hot top controversial new old

Long-term custom ROM user here.

Regarding security: as always, it depends on your threat model. If you fear a government actor getting access to your phone, a locked bootloader won't slow them down.

Regarding privacy: I've had both VPN logs and external Wireshark running against traffic going in&out of my custom ROM phones & sometimes I still do it for fun. If you know what you're getting into (e.g. LoS still using some Google services) then a Custom ROM usually holds far fewer surprises than some questionable OEM ROM (and which is terrifyingly scarce regarding changelogs while still having OTA update power).

tl;dr: stick with well-known ROMs & you get ... not the best of both worlds ... but a "good enough" of both worlds.

[–] kratoz29@lemm.ee 5 points 1 year ago (1 children)

I flashed a custom ROM even before the first year of life of my device and never looked back πŸ˜…

[–] WeLoveCastingSpellz@lemmy.fmhy.net 3 points 1 year ago (1 children)

I picked my current device for it to be compatible with a custom ROM

[–] kratoz29@lemm.ee 2 points 1 year ago

This is the way.

/e/OS is a fork of lineage os and replaces google play services with microg and open source apps annnd it doesn't break safetynet

[–] ChristianWS@lemmy.eco.br 4 points 1 year ago* (last edited 1 year ago) (1 children)

I just flash LineageOS even when the device is currently supported by the OEM. I buy the hardware from them, not the software.

Edit: Like, the vast majority of actual custom ROMs users are either using Pixel Experience or LineageOS, there are a bunch of other ROMs, but those are mostly "purpose built" for enthusiasts of what they offer. Like, GrapheneOS is for security reasons, and things like that.

There is a bit of headache installing custom ROMs, but once you install it, it is usually pretty stable. Also, I don't get the locked vs unlocked bootloader thing in regards to security. The device is stolen and outside your hands, it is doubtful that a thief would go through the steps of flashing a ROM, but wouldn't be smart enough on how to make the device unusable if it had a bootloader locked. Either way you are screwed.

[–] possiblylinux127@lemmy.zip 1 points 1 year ago (1 children)

If the bootloader is locked it won't let the theif bypass the screen lock delay. This will make it much harder if not impossible to get you data. They will have to factory reset it to make it of any value

On the other hand if it isn't locked they can just boot into a brute forcing program and brute force you pin. They also could modify the os since it isn't encrypted. The modification would collect your pin for later or could be full malware that sends data to them over the internet

[–] ChristianWS@lemmy.eco.br 1 points 1 year ago (1 children)

Yeah, and thieves are definitely going to use your data rather than sell it anyway

[–] possiblylinux127@lemmy.zip 1 points 1 year ago (1 children)

Its hard to say what an advisary can do or what they are. I want general protection a wide range of threats

[–] ChristianWS@lemmy.eco.br 1 points 1 year ago (1 children)

I understand there are use cases that require high security, like a whistleblower. But at the same, security is about minimizing risks that are likely to happen, you pay attention and obey traffic laws, you don't stay inside your house forever fearing a car accident.

[–] possiblylinux127@lemmy.zip 1 points 1 year ago

True but I don't want to have to concern myself with what happens if I lose my device.

I want a basic level of security

[–] jacktherippah@lemdro.id 3 points 1 year ago* (last edited 1 year ago)
  • If you're going custom ROMs, always go with an official custom ROM. Go with a well - trusted one that is consistent with updates, not an official ROM that may be dropped at a moment's notice.
  • Always choose devices that have long - term support and are consistent with security patches like the Google Pixels (5 years). Do not choose brands like Xiaomi as their lackluster updates mean that you will receive late security updates, and proprietary drivers for the components in your device will go out of date in 2 years. Your phone will be insecure and cannot be made secure when those 2 years end.
[–] possiblylinux127@lemmy.zip 2 points 1 year ago

I just use lineage os and its nice. I don't use google stuff so I run mostly stock

[–] sounddrill@lemmy.antemeridiem.xyz 1 points 1 year ago (1 children)

I use an mi max 2 as my daily phone

It's got crdroid 9.7

I got file based encryption so if I boot to twrp, it'll ask for my pattern