FP4 - very privacy-friendly custom ROM iodéOS

Just to make it easy :slight_smile:
iode

3 Likes

I must admit I’ve never heard of iode. What are peoples feelings about how trustworthy it is? If, for example, i installed a password manager on the phone, how likely is it that my passwords could be read and sent somewhere?

That depends on your definition of trustworthy. They have been around for some time. I don’t know anything about the people involved, but they have a open forum, so you can ask them.

For me personally, the big showstopper is shipping proprietary applications. Not only their iodé solution (like mentioned before), but also Magic Earth (like /e/ as well). They do let you remove every app, that’s a plus, but for me this is a matter of principle. If you had the choice to make it open source and didn’t, I won’t trust you.

But that’s just me, others arrive at other conclusions and are obviously quite happy with it.

If (and only if) you copy your passwords to the clipboard, consider your passwords unsafe, the Android you’re running doesn’t matter at that point. Otherwise you should be reasonably safe regardless.

6 Likes

thanks for the reply. It’s one of the reasons i want to get a phone that is officially supported by lineageos, rather than one where somebody creates unofficial linageos roms.

The same applies to Lineage as well, just because they are bigger doesn’t mean they are inherently more trustworthy. There’s still a person creating your ROM without any meaningful oversight. Official doesn’t mean what you think it does…
During the CyanogenMod days they shipped a lot of crappy stuff with their ROMs.

And binary blobs will be on any of your phones anyway…

2 Likes

The binary blobs don’t bother me that much. If $PHONE_MANUFACTURER stole passwords from the phones they sold they’d get in real trouble. It’s different when it’s one developer in some far away country :confused:

It’s not only about $PHONE_MANUFACTURER stealing your data. There are almost definitely bugs in those binary blobs that can be exploited and we as users have no way of auditing them. The manufacturer will probably not act malicious themselve, but that doesn’t make it any better.

Lineage is just a thrown together community of people in far away countries (every country is a far away country for someone). There is no organisation, no legal entity you can hold accountable if your device gets attacked.

No custom ROM is inherently trustworthy, you can only base your trust on the people that make it.
Because of that, it’s completely valid to choose iodé over /e/ or vanilla FPOS, if you trust the team behind it.

4 Likes

I agree with @hirnsushi in principle about the possible security risks and trustworthiness.

I for one have decided to trust iodé at this point, despite the closed source blocker. I was helped by the following review: https://tarnkappe.info/test/iodeos-does-the-data-saving-android-operating-system-fulfill-its-promise-155022.html which has a paragraph about the iodé app.

But honestly: of course I don’t know the person who wrote the review personally, so I can’t say for sure that it wasn’t the developers of iodé who reviewed their own product… The trust thing is obviously not that simple :wink:

3 Likes

Hmm, with the command “adb shell pm uninstall --user 0 nameoftheapp” you can also deinstall all the apps you want within e/OS/.

Anyway: I don’t have the time right now, to spend another whole day to install a new OS with all the deinstalling and installing the apps, the FP4 being my main smartphone. And as e.foundation is an official partner of Fairphone, I trust them and give them this try. And it is working nicely, especially with the new release of yesterday.

1 Like

Everything’s fine… :grinning:
No one is forced to use iode.
Everyone can and should use what he likes, gets along best with it, comes closest to his requirements.
If you are happy with /e/, then I am happy for you… :+1:

1 Like

That is all true unfortunately, no disagreement from my side. As the maintainer of FP3 the best I can offer users is full transparency on how the system you received was put together out of individual open-source and proprietary components. Besides that, there is so much open-source code (millions of lines) that I have no hope of understanding all functionality in detail.

8 Likes

Isn’t Google one too? I think that an official partner doesn’t imply that they’re a trustworthy company.

Hopefully /e/ isn’t bad though, but I still don’t get why they needed to fork LOS rather than contribute to it.

2 Likes

I shared the same sentiment when they started out as “eelo” back then.
But it makes sense. Some thoughts …

LineageOS will not allow the pre-integration of microG in the way /e/OS or LineageOS for microG (another fork) do it.

LineageOS will not take further degoogling steps like /e/OS does. It’s not their priority and not why they exist. And it keeps LineageOS compatible with the genuine Google Apps and services, e.g. via installing Open GApps.

And then the e foundation sells phones with /e/OS on them. When doing this, you’d better have some non-volunteer developers at hand and full control over the OS you use.

4 Likes

Oh Google is immensely trustworthy. Their security is second to none. Any data you give to Google is totally safe. I have no worries keeping my passwords and credit card data on a google doc.

1 Like

For me this feels more like a Debian → Ubuntu situation (will probably only make sense to Linux users…).
Neither /e/ nor iode seem to be hostile forks to the upstream. As long as there isn’t anyone actively blocking it, there’s still the possibility both sides profit in the end :crossed_fingers:

9 Likes

1 Like

I’m not sure if I should like that post, someone might think it’s the way to go :rofl:

1 Like

Pretty funny. :laughing:
I would state that Google is competent at keeping your data safe from other users.

5 Likes

Competence is rare in this field. Apple for a long time didn’t have any rate limiting for login attempts, for example. The result: thousands of iCloud accounts got hacked. And then there are password managers like lastpass which seem to get hacked quite regularly.

If i really wanted to keep information safe, i’d have no qualms saving it on google drive.

Perhaps the official statement from iodé is interesting on this topic. It was published in the iodé-forum:

vince31fr, 05.02.2022:

Hi,
iodé is based on LineageOS and partially open source (iode · GitLab ).
We’re a still a young project with original features such as the built-in adblocker we’re developping, and we’re trying to find an answer to the following question: is it possible to live from this activity/passion? That’s why we’re extremely cautious about releasing what makes our difference, are still thinking about the global strategy, but may open source the entire code in 2022.
We are slowly open sourcing though, each month adding code to our repos, and we will soon publish most of the modifications we made on common LineageOS repositories.
If you want our project to develop and survive on the long-term, please patient a bit more :wink:

5 Likes