Hi. I’m using unofficial rom of the newest LineageOS for my Xiaomi Redmi Note 12S. I know it’s not that secure to use unofficial rom as using official one because it might have malware but I think that I trust guy behind a rom and I even donated him for his hard work. Official firmware for Xiaomi is terrible and had a lot of spyware, I couldn’t sleep with awareness of this.
For right now I’m planning to make my phone more private and secure. I heard that SIM Card is really big privacy issue and it can take control over device. I’m planning to don’t using SIM Card on my main device and instead put in my old IPhone 7, then I will share internet from it or make calls if I will have to. I don’t trust Apple too much but I think that their system is much better hardened than android when it comes to stuff like that. I don’t planning to put any important stuff on IPhone, expect for proprietary software like banking apps etc. I think that ICloud account is huge privacy issue but I think that solution is better than what I have right now. So I’ll have FOSS software only on my main Xiaomi Phone.
Then maybe I should root my LineageOS to harden it? It will give more control over my device and I could control it network traffic by firewall, add additional encryption if it’s possible etc. What solutions can you recommend? Also I heard that opened bootloader is security issue but to be honest if I was able to do this by exploit avoiding doing this by manufacturer way I think that cops or hackers can do the same if they I will get my phone.
What can I do also for more privacy and security? I think that I should use work profile and private space which are great solutions. Also I can make some faraday cage which will also dull a sounds from environment, avoid holding sensitive data on my phone and have different accounts for messengers.
What do you think about this? How are you using your phone and what can you recommend for privacy?
You must log in or # to comment.
In my opinion, the reward for rooting LineageOS is pretty limited for having to risk one of the more important aspects of the Android security model, since the base system is already decently clean. If you want to go the extra mile, you could try installing the LeOS GSI, which strips out the remaining pings to Google servers (see LineageOS column of the table).
Definitely double check if the build you use has anything weird configured, but modern LineageOS (and Android in general) should already have good encryption by default. Not sure if LineageOS already has a way to toggle per-app network access, but if not, take a look at RethinkDNS, does a fine job without root.
Not much you can do about the unlocked bootloader, but as long as you aren’t being targeted by some agency, sticking to trusted sources like F-Droid for apps will go a long way. I have a similar approach with two phones and minimal personal data stored on each, so I’d personally approve of those elements.
Faraday cage might be of interest with regard to the iPhone since those can still function as their own AirTags even when powered off. But modern phones are surprisingly sensitive to signals so the slightest imperfection, especially in cheap Faraday bags, could give you away. While you’re at it, make a threat model to see if Faraday cages are necessary for your needs.
i root with magisk and use afwall and adaway to block stuff. maybe not the most secure but it’s pretty private, at least i know there’s no weird network connection happening without me knowing.
it all depends on your threat model, but IMO your idea is decent. personally i’d rather have another lineageos phone for calls, since the iPhone’s phone app sucks (no call recording) and it being connected to the internet means it can be tracked by apple. also it’s impossible to install any apps on iOS without an apple account. (unless you jailbreak, which is a pretty different story. your iphone 7 can be jailbroken with checkra1n which is good tho)
Yeah doin the same here. Unlock bootloader, root with magisk and install a debloater + firewall and block everything by default and only allow things I trust.
However, this phone is the last one to allow this kind of magic… Since android 16 just bricks your phone if you do that.
Using vanilla LineageOS and apps from F-droid which are open source you are fine. Most spyware and malware come from apps so LineageOS with F-droid is huge step from stock android concerning privacy and security. And improved version is GrapheneOS but I don’t think is a necessity for the average user, if that’s your case.
you don’t need root to use a firewall
https://github.com/M66B/NetGuard for example
It’s late and I need to sleep so I’ll just paste some links for now, but you are talking about such a wide variety of issues that’s it kind of hard to give a short, succinct answer.
Some privacy tips that I follow, by Naomi Brockwell: https://www.youtube.com/playlist?list=PLt3zZ-N423gXV-0pdxnRn-nw0WzVKh4NY
Same, but by Rob Braxman: https://www.youtube.com/playlist?list=PLKqVMfkpsufHUWAwU9nnkHnhSRH1TBgF3
Naomi’s advises are superb. Braxman’s I’d take with a hint of salt. They tend to have a point behind them though sometimes a bit light and he’s rather keen on selling his own products.
iPhone’s design is more secure than Android (partly because of OS+hardware integration that just isn’t practical in a multi-vendor space), but they still have plenty of zero-days in their implementation. iPhone 7 is old enough that official security patch support is EOL, though Apple has still shipped some critical fixes past EOL.
