Introduction
iodéOS is a privacy-focused operating system powered by LineageOS and based on the Android mobile platform. iodéOS aims at protecting the user's privacy with a built-in adblocker and by removing embedded trackers.
The objectives in the conception of this ROM are threefold:
- To keep the stability and security level of LineageOS, by minimizing the modifications made to the system. Apart the system modifications required by the adblocker, we mainly only added a few useful options commonly found in other custom ROMs, made some cosmetic changes, modified a few default settings to prevent data leaks to Google servers.
- To ease a quick adoption of this ROM by new users. We especially target users that are concerned by the protection of their privacy, but are not reluctant to still use inquisitive apps like Google ones. We thus included MicroG as well as a coherent set of default apps, and simplified the initial setup of the system. Particularly, an initialization of MicroG has been made with GCM notifications allowed by default, a privacy-friendly network location provider (DéjàVu) pre-selected, as well as Nominatim Geocoder.
- To provide a new and powerful way of blocking ads, malwares, data leaks of all kinds to many intrusive servers. We are developing an analyzer, tightly integrated into the system, that captures all DNS requests and network traffic, as well as a user interface (the iodé app). Compared to some other well-known adblockers, this has the advantages of:
- Avoiding to lock the VPN for that use. You can even use another adblocker that uses VPN technology alongside our blocker.
- Being independent of the kind of DNS server used by the system or set by an independent app: classical DNS on UDP port 53 or any other one, DNS over TLS (DoT), DNS over HTTPS (DoH), ..., as we capture the DNS requests before they are transmitted to the system function that emits the DNS request. What we do not support, is DoH when it is natively built into applications, i.e. when an app communicates directly with a DoH server, without asking name resolution to the system. It would require to decrypt HTTPS packets between such an app and the DoH server, which may create a big security hole.
- Precisely mapping DNS requests and network packets to the Android apps that emitted (or received) them.
- Deciding which apps have a filtered network usage (by default, all apps), and which ones can communicate with blacklisted servers.
Since its first versions, we added many features to the iodé blocker: several levels of protection, child protection features, fine-grained control over the hosts that should be blocked or authorized, displaying statistics on a map to see the quantity of data exchanged to which countries, clearing statistics... We are actively developing the blocker, and new functionalities will be regularly added.
What's included
Changes in LineageOS to prevent data leaks:
- Default DNS server: Google's DNS replaced by Quad9's servers in all parts of the system.
- A-GPS: patches to avoid leaking personnal information like IMSI to SUPL server.
- SUPL server: can be disabled by a switch in phone settings.
- Captive portal login: connectivitycheck.gstatic.com replaced by captiveportal.kuketz.de for connectivity check.
- NTP server: change to pool.ntp.org.
- Quick Settings Tiles: sensitive ones require unlocking (disabled by default, can be activated in lock screen security settings).
- Wifi and bluetooth: can be automatically disabled when connection is lost.
Pre-installed apps:
We included many useful default apps, but our choice cannot suit everyone; so we added the possibility to remove them. It can be done at the end of the phone setup, or at any time by going to Parameters -> Apps & Notifications -> Preinstalled apps.
- MicroG core apps: microG Services, microG Companion, GsfProxy.
- App stores : FDroid (with F-Droid Privileged Extension) and Aurora Store.
- Browser: our own fork of Firefox (with Qwant as default search engine, many other ones added, telemetry disabled, parts of telemetry code removed) instead of Lineage’s default browser Jelly.
- SMS: QKSMS instead of Lineage's default SMS app.
- Email: p≡p (Pretty Easy Privacy).
- Maps/navigation: Magic Earth GPS & Navigation (the only one free but not open source).
- Keyboard: HeliBoard instead of AOSP keyboard.
- PDF: PdfViewerPlus.
- Personnal notes: Carnet.
- {Ad/Malware/Data leak}-blocker: iodé.
- News: to keep users informed about our developments, as well as a FAQ.
- Meteo: Breezy Weather.
How to flash Shift (SHIFT6mq)
SHIFT6mq
- Unlock OEM in developer settings
- Activate adb and type
adb reboot bootloader
, or press Power + Vol+
- Type
fastboot flashing unlock
- Download fastboot package for your device (latest file
iode-[...]-fastboot.zip
):
- Unzip fastboot package and execute
flash-all.sh
(linux) or flash-all.bat
(windows)
- At the end, accept or decline bootloader relocking; if yes, boot, and in developer settings uncheck "OEM unlocking"
How to flash OnePlus (OnePlus 9, OnePlus 9 Pro)
OnePlus 9 / 9 Pro
- Unlock OEM in developer settings
- Activate adb and type
adb reboot bootloader
, or press Power + Vol-
- Type
fastboot flashing unlock
- Download fastboot package for your device (latest file
iode-[...]-fastboot.zip
):
- Unzip fastboot package and execute
flash-all.sh
(linux) or flash-all.bat
(windows)
How to flash Google (Pixel 3, 4, 5, 6, 6a, 6 Pro, 7, 7a, 7 Pro, 8, 8 Pro)
- Unlock OEM in developer settings
- Activate adb and type
adb reboot bootloader
, or press Power + Vol-
- Type
fastboot flashing unlock
- Download fastboot package for your device (latest file
iode-[...]-fastboot.zip
):
- Unzip fastboot package and execute
flash-all.sh
(linux) or flash-all.bat
(windows)
- At the end, accept or decline bootloader relocking; if yes, boot, and in developer settings uncheck "OEM unlocking"
How to flash Fairphone (FP3, FP3+, FP4, FP5)
FP3, FP3+
- Unlock your phone by following the instructions from Fairphone website
- Activate adb and type
adb reboot bootloader
, or press Vol-
and plug phone while it's shut down
- Type
fastboot oem unlock
- Download fastboot package for your device (latest file
iode-[...]-fastboot.zip
):
- Unzip fastboot package and execute
flash-all.sh
(linux) or flash-all.bat
(windows)
- (optional)
fastboot oem lock
- (optional) Boot, and in developer settings uncheck "OEM unlocking"
FP4, FP5
- Unlock your phone by following the instructions from Fairphone website, but do not unlock critical partitions (do not execute 'fastboot flashing unlock_critical').
- Activate adb and type
adb reboot bootloader
, or press Vol-
and plug phone while it's shut down
- Type
fastboot flashing unlock
- Execute
fastboot flashing get_unlock_ability
. It it returns get_unlock_ability: 0
: do not relock the bootloader (last step)
- Download fastboot package for your device (latest file
iode-[...]-fastboot.zip
):
- Unzip fastboot package and execute
flash-all.sh
(linux) or flash-all.bat
(windows)
- At the end, accept or decline bootloader relocking; if yes, boot, and in developer settings uncheck "OEM unlocking"
How to flash Teracube
2E 2022 batch (emerald)
- Unlock OEM in developer settings
- Activate adb and type
adb reboot bootloader
, or press Power + Vol+
- Type
adb reboot bootloader
- Type
fastboot flashing unlock
- Download fastboot package for your device (latest file iode-[...]-fastboot.zip):
- Unzip fastboot package and execute
flash-all.sh
(linux) or flash-all.bat
(windows)
2E 2021 batch
- Unlock OEM in developer settings
- Activate adb and type
adb reboot bootloader
, or press Power + Vol+
- Type
fastboot flashing unlock
- Download fastboot package for your device (latest file
iode-[...]-fastboot.zip
):
- Unzip fastboot package and execute
flash-all.sh
(linux) or flash-all.bat
(windows)
How to flash Xiaomi (Mi 9, Mi 10 LITE, Mi 10T (Pro)/Redmi K30S Ultra)
- Unlock your phone by following the instructions from Xiaomi website
- Activate adb and type
adb reboot bootloader
, or press Power + Vol-
- Download fastboot package for your device (latest file
iode-[...]-fastboot.zip
):
- Unzip fastboot package and execute flash-all.sh (linux) or flash-all.bat (windows)
How to flash Samsung
A5 (2017), A7 (2017)
- Update the stock firmware to the latest
- Unlock OEM in developer settings
- Activate adb and type
adb reboot bootloader
, or press Power + vol- + Home
- Flash recovery for A5 | recovery for A7 with command:
heimdall flash --RECOVERY <recovery_filename>.img
- As soon as the flash ends, quickly press power/vol+/home buttons altogether to directly reboot to recovery
- From recovery => Factory reset => Format Data/factory reset
- From recovery => Advanced => ADB Sideload: swipe to start sideload, and issue
adb sideload <rom.zip>
(iodéOS for A5 | iodéOS for A7)
S9, S9+, Note9
- Update the stock firmware to the latest
- Unlock OEM in developer settings
- At reboot, follow the setup wizard, make sure to be connected to the internet, then activate developer options
- Activate adb and type
adb reboot bootloader
, or press Power + Vol- + Bixby
- Flash recovery for S9 | recovery for S9+ | recovery for Note9 with command:
heimdall flash --RECOVERY <recovery_filename>.img
- As soon as the flash ends, quickly press
Power + Vol+ + Bixby
buttons altogether to directly reboot to recovery
- From recovery => Factory reset => Format Data/factory reset
- From recovery => Apply update => Apply from ADB =>
adb sideload <rom.zip>
(iodéOS for S9 | iodéOS for S9+ | iodéOS for Note9)
S10, S10e, S10+
- Unlock OEM in developer settings
- Activate adb and type
adb reboot bootloader
, or shut down phone and press Vol- + Bixby
while plugging to computer
- In Download Mode (DL), long press
Vol+
and unlock bootloader
- Reboot to DL mode & flash recovery for S10 | recovery for S10e | recovery for S10+ with command:
heimdall flash --RECOVERY <recovery_filename>.img
- As soon as the flash of recovery ends, quickly press
Power + Vol+ + Bixby
buttons altogether to directly reboot to recovery
- From recovery => Factory reset => Format Data/factory reset
- From recovery => Apply update => Apply from ADB =>
adb sideload <rom.zip>
(iodéOS for S10 | iodéOS for S10e | iodéOS for S10+)
Note 10, Note 10+, Note 10+ 5G
- Unlock OEM in developer settings
- Activate adb and type
adb reboot bootloader
, or shut down phone and press Vol+ + Vol-
while plugging to computer
- In Download Mode (DL), long press
Vol+
and unlock bootloader
- Reboot to DL mode & flash recovery for Note 10 | recovery for Note 10+ | recovery for Note 10+ 5G with command:
heimdall flash --RECOVERY <recovery_filename>.img
- As soon as the flash ends, quickly press
Power + Vol+
buttons altogether to directly reboot to recovery
- From recovery => Factory reset => Format Data/factory reset
- From recovery => Apply update => Apply from ADB =>
adb sideload <rom.zip>
(iodéOS for Note 10 | iodéOS for Note 10+ | iodéOS for Note 10+ 5G)
A52s 5G, Galaxy Tab S5e (LTE/Wi-Fi)
- Update the stock firmware to the latest
- Unlock OEM in developer settings
- Activate adb and type
adb reboot bootloader
, or shut down phone and press Vol+ + Vol-
while plugging to computer
- In Download Mode (DL), long press
Vol+
and unlock bootloader
- Download the latest
iode-[...]-vbmeta.img
and iode-[...]-recovery.img
from (iodéOS for A52s 5G | iodéOS for Tab S5e (LTE) | iodéOS for Tab S5e (Wi-Fi)) and rename them as vbmeta.img
and recovery.img
. Create tar files from them: tar cvf vbmeta.tar vbmeta.img
and tar cvf recovery.tar recovery.img
- Reboot to DL mode, and flash with Odin
vbmeta.tar
(select it in AP) and then recovery.tar
- As soon as the flash ends, quickly press
Power + Vol+
buttons altogether to directly reboot to recovery
- From recovery => Factory reset => Format Data/factory reset
- From recovery => Apply update => Apply from ADB =>
adb sideload <rom.zip>
(iodéOS for A52s 5G | iodéOS for Tab S5e (LTE) | iodéOS for Tab S5e (Wi-Fi))
How to flash Sony Xperia (XA2, XZ1, XZ2, XZ3)
- Update the stock firmware to the latest
- Get your unlock code from Sony website
- Unlock bootloader: connect to a wifi in order to grey-out "Unlock OEM" in developer settings
- Activate adb and type
adb reboot bootloader
, or press Vol+
and plug phone while it's shut down
- Type
fastboot oem unlock 0x<unlock code>
- Download fastboot package for your device (latest file
iode-[...]-fastboot.zip
):
- Unzip fastboot package and execute
flash-all.sh
(linux) or flash-all.bat
(windows)