🆕 Software Suggestion | DivestOS

[SkewedZeppelin]

Basic Information

Name: DivestOS Category: Android Operating Systems URL: https://divestos.org, https://github.com/divested-mobile, https://forum.f-droid.org/t/divestos-an-aftermarket-system/10105

Description

DivestOS is a soft fork of LineageOS. It aims to support both old and new devices. Standout features are automated kernel CVE patching, proprietary blob removal, delta OTA updates, signed releases, verified boot, and a realtime malware scanner.

Why I am making the suggestion

It brings to the tables features that no other ROM does. eg. automated kernel CVE patching, automated proprietary blob removal, OTA delta updates with Tor support, etc.

My connection with the software

I am the author.

• [X] I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.

[ph00lt0]

@SkewedZeppelin is it possible to relock the bootloader in the os after installation? Personally I think this is very important but lacking in most custom ROMS? I am very interested why this is not been implemented by Lineage-OS as from my understanding this improves the security of the device.

[SkewedZeppelin]

@ph00lt0

is it possible to relock the bootloader in the os after installation?

Yes, DivestOS properly signs builds allowing bootloader relocking on supported devices. See: https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L143 and https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Copy_Keys.sh

[ghost]

Does it support autobuilds?

[SkewedZeppelin]

Autobuilds? Can you elaborate/clarify?

On Thu, 2020-09-10 at 04:37 -0700, ZarusMods wrote:

Does it support autobuilds?

[ghost]

On original LineageOS with every commits for day, automatically building rom.

[SkewedZeppelin]

@ZarusMods There are no nightlies. Per the site:

Releases are typically done on a monthly schedule unless there are major or security related changes.

[ghost]

Only when major update, user building it self

[ghost]

@ZarusMods There are no nightlies. Per the site:

Releases are typically done on a monthly schedule unless there are major or security related changes.

Oh thanks for clarifying

[lunkhub]

My connection: User/Tester. My Euro's worth:

If GrapheneOS is listed, then DivestOS should be listed too, at least under "Worth Mentioning" for older devices not supported by GrapheneOS.

Plus:

• In contrast to GrapheneOS and some others, there are no signs the DivestOS developer is involved in legal disputes or wastes much time battling on social media or other sites.
• DivestOS supports several older devices, including some with removable batteries or sd cards. It works as a daily driver for some devices.
• Few default apps are installed. Realtime malware scanner (hypatia) is an add-on app, at least for some devices if not all.
• Developer has been working on this or related projects a long time, since ~2013-2015'ish or so.

Neutral:

• Developer uses at least a couple aliases. But who doesn't.
• Appears to be a part-time effort. Developer is sometimes responsive, sometimes not. But what OS didn't start small.
• Based in USA.

Minus:

• Several supported devices are not tested by the developer, but this is similar to other OS projects, and device status (Works, Untested, Broken) is shown and updated, with details on functionality also given.
• Uses github (negative, but so does PTIO and many more). Also uses gitlab (positive +/-).
• Has some out of date or inconsistent info' on the website, but who doesn't. Privacy Policy page refers to Stripe for ROM download payments, but About page asks for donations, for example.
• It has bugs, but what OS doesn't.
• No independent audits. Uncertainty who is really behind it, or whether they can be trusted. But isn't that almost always the case.

[fabianski7]

some xda roms have the option to disable internet access for apps individually, natively through the android settings, without having to use any application like afwall. Is it possible to do this at DivestOS?

[SkewedZeppelin]

@fabianski7 yes, that is a standard LineageOS feature.

Screenshot


[CactiChameleon9]

Sorry to interrupt... but I have a question. Does DivestOS ping a google owned address to check internet connectivity like Lineage, or has that been changed with your build? (If so that is another reason to prefer over lineage - at least for me)

[SkewedZeppelin]

@CactiChameleon9

Does DivestOS ping a google owned address to check internet connectivity

Yes, DivestOS does not change the default connectivity check URLs. There is good reason not to. GrapheneOS has a detailed explanation about this here. https://grapheneos.org/faq#default-connections

However DivestOS 14.1 and 15.1 do include a patch from @MSe1969 that allows easily disable the check from the Settings app. And on 11.0, 16.0, and 17.1 you can disable the check via ADB.

See also https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Misc/Features/CaptivePortalCheck.txt and https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Patches/LineageOS-16.0/android_frameworks_base/0005-Connectivity.patch

[CactiChameleon9]

OK, thanks. The reasons given makes sense - anonymity is important. Thanks for the info on your decisions with that choice, and the related files. I really like the idea of using one at random - however I agree may be ethical/permission issues to doing so. Sorry for hijacking this issue a but I was intrigued. I may switch my phone over to your OS due to your clear consideration of privacy issues just shown now (and because of your fun reply on fdroid fourms to another similar project). Sorry and Thanks again.

[ph00lt0]

@CactiChameleon9 late reply, but if you want to alter the ping domain you can fairly easy do so with some adb commands.

adb shell settings put global captive_portal_http_url URL
adb shell settings put global captive_portal_https_url URL
adb shell settings put global captive_portal_fallback_url URL
adb shell settings put global captive_portal_other_fallback_urls URL

or disable it all together:

adb shell settings put global captive_portal_detection_enabled 0
adb shell settings put global captive_portal_mode 0