Newset 0.9 build update for Samung Galaxy S6 - is it safe now?

I made a post about my testing of the Galaxy S6 Edge (zeroltexx) updated Oreo build ( e-0.11-o-20200926-UNOFFICIAL-zeroltexx) in a device specific thread in order to keep this thread about the Galaxy S6 (Zerofltexx).

It can be found here : /e/ on Samsung Galaxy S6 Edge SM-G925F (zeroltexx)

I wish you all a good day :slight_smile:

3 Likes

Hello itsclarence!
Today I tried your “e-0.11-o-20200926.UNOFFICIAL-zeroflexx.zip”-image. It’s working!!!
I can use WLAN, install apps, the torch is working, first camera test was successful !!!
I’ ll report more after testing.

Thank you for creating this image !!! :blush: :slightly_smiling_face:

I’ll try to update this build next week… enjoy and let me know how it is running.

Great!
Synchronizing of calendar and contacts with nextcloud is successfully working ! Lot of installed apps successfully installed. At the moment no issue ! :slightly_smiling_face:

I am looking forward to your update!

1 Like

Hello itsclarence!
Today I replaced the batterie of my S6, because it blow up while charging and blasts the backcover of my phone. So I was able to test some apps. I found that the contacts app always crashes and the app “open map” only shows a black screen. Contacts can be shown in the phone app.
The WLAN connection loses the access to the internet after some minutes of inactivity. After WLAN switch off and on, the connection is working.
I tested lots of other apps like k9mail, Phone ticket apps, qr-readers, smarthome apps. All without any errors.

@itsclarence made a new eOS-Q-build for the Samsung Galaxy S6 (zerofltexx).

Make a backup before flashing, and please share your experience with this build.

1 Like

Good morning,

do I understand correctly that a new build is available for zerofltexx that is actually functional?

Kind regards
Forumsnutzer

Indeed, you can find it here. You can read @SuzieQ’s testing feedback in the same post.

1 Like

And it does work! At last a new build! Thank you so much! :slight_smile:

1 Like

Good morning,

these two security warnings were showing on my phone this morning.

Bildschirmfoto vom 2021-01-17 09-43-38

Saying

  • This build was signed with public keys.
  • SELinux is not in “enforcing mode”, the security is undermined by that.

Is is a reason to be alarmed? Is there anything I can do to fix this?

Kind regards
Forumsnutzer

Hallo, let’s first define what public key and SELinux mean.

This build was signed with public keys

I found an answer online : Android uses a key to sign apps, but by default, that key is well-known and available in the ROM source tree. Since apps that are signed by those keys and that are installed as a system app can obtain special permissions, a warning was put in place if the default key is used.

SELinux is not in “enforcing mode”, the security is undermined by that.

Here is an explanation of what SELinux is
Kurzgesagt : As part of the Android security model, Android uses Security-Enhanced Linux (SELinux) to enforce mandatory access control (MAC) over all processes, even processes running with root/superuser privileges (Linux capabilities). Many companies and organizations have contributed to Android’s SELinux implementation. With SELinux, Android can better protect and confine system services, control access to application data and system logs, reduce the effects of malicious software, and protect users from potential flaws in code on mobile devices.

Is it a reason to be alarmed?

Yes, both are security flaws. I am however not knowledgeable enough to tell how seriously it impacts security.

Is there anything I can do to fix this?

Public key : When it comes to the public key part, I think that a way to fix this would be for the one who built it, @itsclarence to sign his build with his own key.

SELinux : Since what you mention also affects the Q build running on my S6 Edge, I tried to fix the SELinux part following this post. However, using the SELinuxModeChanger app did not work, I think therefore that it probably will not work on your S6 either. I tried various other methods, none of which worked, but feel free to try yourself. I suppose the only way to fix this would be in the building process. I do not know if it has to do with the sources used or something else, maybe people who build can comment to enlighten us.

1 Like

I happened to find that there is a new build available already, an official one even, which I just tried to install.

But when installing TWRP notified that the Zip signature verification failed.

Is there a solution to this?

@itsclarence, @Bryophytae,
do you know how I could fix the aforesaid problem?

Oh, and as of late I cannot retrieve new builds anymore from this link:
https://images.ecloud.global/dev/zerofltexx/
That was still possible at the time when I downloaded the build at the time of writing the above post.

Or was my above post from 13 days ago again flagged as spam?
What is going on with this forum?!?

The dev builds for the S6 have been taken offline as the device is not currently supported. I believe it is fair to say that it is presently unknown as to whether or not it will become supported officially again.

1 Like

As @mcmd said, the S6 and S6 Edge are no longer officially supported by /e/. The ex-official dev build that you downloaded is based on Android 7 “Nougat”, whereas itsclarence published Oreo (Android 8) and Q (Android 10) unofficial builds, which is a great way to keep this “old” device running and somewhat up to date.

If an unofficial build runs well and has a large enough user base, it could become official again. However, based on the few problems encountered (SELinux, phone call volume, bootloop caused by encryption, camera crash,etc.), I do not think it will be official again anytime soon.

Regarding your question about zip signature verification, I do not know. It could be because it is no longer supported. I usually verify the checksums provided next to the download link in order to make sure the file I downloaded matches the one /e/ made available, and consider it enough.

1 Like

Alright, thank you for letting me know.
Thank you @Bryophytae for giving some background knowledge.
Unfortunately I cannot retrieve the checksum any longer. But do I understand correctly that if I install the ex-official build that I downloaded (assuming that I was able to do so), it would downgrade my phone to Android 7, while itsclarence’s build, albeit not the newest, gives me access to a Android 10 (which it does on my phone)?

Yes, that is correct, your phone would be downgraded to Android Nougat. (The n in e-0.14-n-202101[…] stands for Nougat. For Oreo, it is O, P for Pie and so on) However, I do not know if the ex-official Nougat build you downloaded is stable. If you want to know, you should test it. I remember that, at least for the S6 Edge, many official builds did not run smoothly (e.g. random reboots), and the last stable build was in February 2020.

If it is stable, the pros and cons of the ex-official Nougat build are (As far as I can tell with my limited knowledge) :

Pros

  • SELinux is enforced
  • it is signed by /e/
  • it should be possible to encrypt it without causing a bootloop

Cons

  • No recent Android 10 features
  • No Android 10 platform security patches
  • No /e/OS updates

For both Android 7 and 10, vendor (i.e. Samsung) security patches are out of date, (see in Settings > Trust) so they are equally vulnerable in this regard, as are many phones supported by custom ROMs.

Android 10 platform security patch is up to date, which is a plus for security, but as mentionned in my previous comment, in the Q build SELinux is not enforced and it is signed with public keys, which is bad for security. It also cannot be encrypted. In a nutshell, none of those builds are perfect, you need to figure out which one best fits your criteria. For my limited minimalist phone usage, the Q build is per-fect, and I’m super happy it exists.

1 Like

Thank you once more for the detailed information! :slight_smile:

From what you write, given my very limited understanding of the matter, the pros and cons seem to somewhat balance each other.
And I was not able to test the ex-official Nougat build anyway, as I could not get past the failed signature verification when trying to install it.

I as well am a rather minimalist user, so if that is fine for you, I guess it is fine for me as well! :slight_smile:

There are new builds for zerofltexx/zeroltexx. Take a look at this repo. https://github.com/Exynos7420

Thank you, @nsherbina1999, for sharing. I had a look at it, but it’s all Greek to me.
Could you point to something in there that might be of use to me?