What is /e/'s position on security?

I’m in the process of looking around at various privacy and security focused Android OS’s and I’m reading quite a number of criticisms of /e/ around security, e.g. coming from people that like GrapheneOS, CalyxOS, et. al. The criticisms focus on two broad areas, the first being that /e/ inherits the userdebug builds from LineageOS and thus disables a very large swath of Android security protections, the second being that /e/ supports (focuses?) on old devices that have not had updates to their proprietary blobs for a long time and that run older kernels with known vulnerabilities.

I don’t want to start another argument here, my question is whether there is any “official” response to those criticisms. I understand this is both a touchy and tricky topic (not unlike privacy) and would love to hear /e/‘s reasoning for why it’s OK to use LineageOS’ security stance as a base and why it’s OK to promote the use of old phones in the face of the security issues.

Personally, up to about a year ago I did not really care about my phone’s security: I simply didn’t have much of value on it and I avoided all SMS verification stuff. At this point, however, I have to accept that I can no longer avoid apps and SMS that affect my finances and other personal safety/security aspects, which means I have to take my phone’s security seriously and sadly this raises some important doubts about /e/.

1 Like

Hello.
The first vulnerability is always…
.
user!

And for my security (?) my banck launch aws (and gg-lytics, and so on, without my consent) each time I connect from my PC running Debian, with clean DNS… Furthermore, wants me to download a gg assistant :crazy_face:

Sorry, /me => [ ]

@Manoj … Are you aware of anything official in this regard?

We would prefer to spend our time on resolving issues we have and making improvements to the code. Seriously we do not have the time to devote to answer every critic or troll who wants to bash /e/ and prove that their OS is better.
I can only tell them if your OS is better than /e/ good for you. Spend more time on it and make it better instead of wasting your time bashing /e/.
We have shared all that is to be known about /e/ in our Product Description . Gaël has regularly shared updated about the work we do through his posts which show up on Kickstarter and which then show up on our announcement channel. Searching through this site will throw up a lot of posts on the /e/ way of working.
We are not trying to beat anyone or be better than anyone else. We are only trying to improve the google AOSP code and make it safe for the average android smartphone user. Nothing more nothing less. When the time comes we will come up with detailed documents on security and privacy from our perspective. For now we would prefer to get the work at hand done.

8 Likes

Thanks, I was fearing this type of reply :sleepy:. The word “security” does not show up once in the product description. I looked in the announcements category, and I can’t find anything noteworthy either. You write “trying to improve the google AOSP code” but you start with LineageOS which disables a large number of Android security features, so while you’re improving on some axes you’re taking a huge step back on the security axis. I respect “For now we would prefer to get the work at hand done” I was just wondering about the direction of this work.

I undestand your point. Well it depends how you look. I saw some post by Mr. Duval stating (e.g. at kickstarter) that updating /e/ is important to apply the security patches constantly following in. Certainly not a full statement but they care. I undstand the response by @Manoj in that way. Updates included but currently no additional measures because there are no resources for this ATM. This comes later it seems.
@tve : out of curiosity, what other things could be done?

The biggest item would be not to produce userdebug builds, which reduce security. I don’t know whether that would require ditching lineageos or not.

Another big issue is the promotion of old devices, which is really great from a responsible-consumer perspective, but horrid from a security one. The reason is that they are several years out of date on firmware (proprietary blobs) and kernel. Look up the mediatek-su vulnerability to read how bad these issues can get (e.g. https://www.xda-developers.com/mediatek-su-rootkit-exploit/), I found it rather eye-opening.

Finally, if you look at security-focused ROMs like grapheneos or calyxos you’ll see that they’re almost exclusively available for google pixel devices. The reason is that on pixels you can unlock the bootloader, flash a completely custom ROM, and then relock the bootloader for that ROM and thereby get full verification at boot time. What this means is that even if a malicious app manages to get root (or whatever) access due to a vulnerability it can’t make that persist across reboots. I don’t see that a pixel-only focus could work for /e/ but I would have expected /e/ to support pixels better and use that as a way to try and get more manufacturers to support this feature.

I’m not a security fanatic. I decided to ditch stock because of privacy, specifically, I don’t want every thing I do tracked by Google et. al. But there is a very big overlap between privacy and security and as I’ve been educating myself about the various options for a more private system for my phone I’ve found myself unwilling to trade privacy off for less security. Given that I own a pixel3a I fortunately have very good options.

(Edit: I’m also not focusing exclusively on where /e/ is today but where it’s headed, hence the phrasing of the topic of this thread.)

3 Likes

Thanks for this clear and interesting answer. I didn’t consider the firmware an issue. Indeed more complicated than I thought.