Remove CyanogenMod #136
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#136
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Hi all,
With the recent news of CyanogenMod being discontinued (with the sites DNS being pulled - https://twitter.com/CyanogenMod/status/813086249506349056) and many of the developers moving create a new fork of CyanogenMod called Lineage (archive blog post here - http://web.archive.org/web/20161225144318/https://www.cyanogenmod.org/blog/a-fork-in-the-road), CyanogenMod should be removed from the list of recommended Mobile OSes.
I'm not sure if it would be best to straight swap CyanogenMod with Lineage with a note explaining they're getting setup at the moment or if it would be best to move one of the worth mentioning OSes up to the prime location for now.
The mobile OS section needs some serious thought and discussion, currently there are many OS's in in that section that do not provide any substantial privacy or security improvements in contrast to AOSP.
Security wise it is for example more likely that Lineage has more security issues than AOSP, due to it being packed with many features, enlarging the attack surface.
I'd like to propose to move Copperhead OS up the ladder as they are the leading Android derived operating system that has been doing serious improvements. It only supports a few devices, which makes it less usable in general but at least it takes the security mission serious. Quality over quantity?
Local root on CyanogenMod / LineageOS: updates are signed with AOSP test keys and the updater downloads the updates into shared storage. Any app with shared storage access can replace the update and therefore replace the entire OS.
There are a bunch of similar, obvious security holes resulting from various changes they make. The root implementation (su client / daemon / SELinux policy) adds a major hole in the security model. They roll back a whole bunch of the OS security model by poking holes in mitigations and the SELinux policy. It's far better to use a production build of AOSP, but of course that only runs on Nexus/Pixel and doesn't have releases or an update channel. I submitted some fixes / reports for their root implementation with someone else but I have no interest in trying to help them while they refuse to sign their releases and keep intentionally breaking the security model.
How would everyone feel about adding AOKP? They actually REMOVED the stats collection from the rom!
aokp.co
AOSP doesn't have analytics (just local stats for the OS features), so that's already the baseline. Are they doing production (user) builds that are signed with release keys and don't have security features ripped out / disabled, including verified boot and the standard SELinux policies? I don't think it makes much sense to push things that are taking steps backwards from the baseline. Ubuntu Mobile and SailfishOS already don't shape up well vs. AOSP in terms of security and likely have some analytics, although not nearly to the extent of Google Play.
They are based on Lineage OS
I do not know the answer to these questions. The devs can be contacted here:
https://plus.google.com/communities/114009911819515408480
If it's based on Lineage, it has serious security issues.
How is that? Lineage is the fork of CM and you are currently RECOMMENDING Cyanogenmod.
What security issues does Lineage have that CM doesn't?
I'm not recommending it. I'm talking about Lineage and CyanogenMod as one thing.
@Shifterovich
What do you think about starting this section from scratch?
I understand that people like convenience, aka want a ROM to run on all devices.
But I don't think that should be our focus. It should be privacy.
@kewde
We focus on tools that work on most devices and provide some degree of privacy rather than elite tools that work on one device and provide slightly higher degree of privacy. The reason why Tor is first and I2P second is popularity. I'd list some popular and somewhat good for privacy ones first, and then those which don't support many devices but are slightly better for privacy.
BTW, https://unaos.com/ is going to be open-source once it's released iirc.
@Shifterovich
I understand, I believe the initial reason for enlisting Lineage (old CM) is the fact that it, in any case is a better alternative to whatever ROM is provided by the vendor in terms of audit-ability. It also comes without GApps (Google stuff) and has slightly increased privacy benefits (I presume, feel free to correct me here). I am not completely aware of the situation, I believe the Android landscape is very fragmented and that most security related upgrades come from AOSP and then drip down to other vendors, for what's it's worth we might dig a bit into how lineage deals with patching vulnerabilities. I have mixed feelings about the security of all Android forks, I believe a warning message above the mobile operating system could be of value, stating that the Android ecosystem has few people working on improving the security.
The UnaOS kinda looks like a descendant from Lineage, we'll see what they come up with but just looking at their video made me very uncomfortable about the features they provide.
I think the other thing we need to consider are the cons of if we DON'T reccomend it.
Since we have no other popular option that works across several devices, I think we should keep LineageOS, and possibly recommend F-Droid as an alternative android app store.
@kewde Just worth noting that per-device kernels, firmware and other blobs need their own security updates. It's only feasible to pull in upstream (Linux, CAF) kernel changes without ongoing vendor support. The Android Security Bulletins include vulnerabilities without fixes included in the AOSP code, so distributions pulling in the AOSP changes every month will purport to have an updated security patch level but it won't be accurate. The bulletins are only exhaustive for Nexus/Pixel devices but they still include non-AOSP fixes that are relevant elsewhere, particularly most of the Qualcomm platform vulnerabilities. No security updates from the vendor implies inability to provide full security updates, unless it's open hardware and then someone still has to do the work.
For example, how many of these are on the January security patch level? https://github.com/TheMuppets/proprietary_vendor_lge. It looks like it's just the Nexus 5X, so they're misrepresenting the patch level on every other LG device. Should you really be recommending software with a bunch of known, unpatched vulnerabilities with no timeline for fixing them or even acknowledgement that it's a problem?
BTW, unlike CyanogenMod, LineageOS pulled in the security fixes for the CMUpdater app from CopperheadOS and they seem to be planning to sign their builds with release keys along with not breaking the security model as much. It doesn't change the fact that's it's infeasible to fully patch even the OS itself with their available resources other than for Nexus/Pixel and perhaps a couple other exceptions. No amount of development resources would allow patching firmware components with signature verification, unlike the proprietary blobs in the OS and (open source but unmaintained) kernel drivers.
Speaking of F-Droid why aren't we already recommending it?
LineageOS has become available since around January, and there are builds for many devices already. I think we can substitute Cyanogenmod for the LineageOS on the website in the mobile operating systems section. devices
I will be submitting a PR to replace Ubuntu Mobile with CopperheadOS.
Ubuntu Mobile is currently discontinued.
+1 for Lineage OS you don't want to be linking non maintained code like CyanogenMod because no bugs get fixed.
CyanogenMod was removed some time ago.
This issue should be closed!