Switching to LineageOS

I’m writing this post for two main reasons. One, I hope this becomes informative documentation for anyone who asks me about what I’m running on my phone. And two, in the process of describing my experience, I hope I can convince someone out there to consider making a similar switch, for whatever reason – maybe hack a bit to learn something new, maybe just ressurect some old beloved devices, or even just to stick it to the Android.

The biggest factor that prompted my move is the throw-away economy we now live in. My long-time choice of mobile device since my beloved Blackberry days – the Motorola Moto Z (2016) – recently stopped receiving updates. We all know how important updates are, for both security and productivity, so I needed to act soon.

I knew there were alternatives to “stock” Android out there. I’ve heard of projects like CyanogenMod, and its successor, LineageOS, in passing. This was my chance to get my hands dirty. So I went about surveying the options out there with some key criteria:

  1. must be open-source, and
  2. must be fairly mature and stable, and
  3. must at least acknowledge security and privacy as nice-to-haves.

There were a ton out there; and depending on when you’re reading this article, there are probably a ton more or a ton less, so I won’t rob you of the thrill of the hunt with a list here – go forth and search!

In the end, I settled on two projects that looked pretty cool: OmniRom, and LineageOS. OmniRom didn’t focus much on privacy and security, but it boasted about being stable and feature-packed. LineageOS however at least tries to “take security seriously”, as well as be feature-packed and stable. I’m greedy, so I decided to try both.

The first challenge was figuring out all the parts involved. It took quite a bit of research, as does most hacking projects, but eventually I constructed this (quite possibly incorrect but working) mental model of the system.

Mobile(Android) OS Systemdigraph "Mobile(Android) OS System" { rankdir = LR size = 8 node [style=filled, color=brown, fontcolor=white, shape=doublecircle, fontname="Zilla Slab"] edge [color=brown, arrowhead=vee] hacker -> device [headlabel="adb ", label="fastboot", fontcolor=brown] device -> bootloader [label=unlock, fontcolor=brown] bootloader -> android android -> apps bootloader -> recovery recovery -> sideload sideload -> android sideload -> apps recovery -> wipe } Mobile(Android) OS System hacker hacker device device hacker->device fastboot adb       bootloader bootloader device->bootloader unlock android android bootloader->android recovery recovery bootloader->recovery apps apps android->apps sideload sideload recovery->sideload wipe wipe recovery->wipe sideload->android sideload->apps

In other words, when you power up a mobile device, the first thing that runs is the bootloader, which then runs the OS. Alternatively, you can use special tools like adb and fastboot to reboot the device using a special “recovery” partition if one is installed (they will also allow you to install one of these partitions as well). These recovery partitions, or images as they are sometimes called, provides full access to the device, and filesystem, which is useful for doing stuff like, say, installing an OS. Most bootloaders are “locked” by the device manufacturer, and will need to be “unlocked” before the device will be allowed to install and boot recovery images.

Most Android devices nowadays comes with an additional “fastboot” mode, where you can tell the bootloader (by pressing and holding some device-specific combination of buttons) to run a special executable that provides special boot-ing options like “factory reset”, or “boot to recovery”, etc., but this isn’t necessary for the purposes of this article, as long as you have the adb and fastboot tools installed.

Knowing what I’m working with now, it was a straight shot to installing and booting into my new mobile OS. First I installed and tinkered with these alien adb and fastboot tools to see what they did, then I was ready to commit to wiping my device and bringing it back to life with a new OS.

adb was straightforward to get working. I just had to enable “USB Debugging” on my device, and then install and run adb. I’m on a Mac (running Kubuntu), and apparently only some USB ports worked with adb. Additionally, only some cables worked. I’ not sure what happened there, but thats for another post.

fastboot was similarly straighforward to set up. Only quirk was that I needed to unplug/plug the USB port while in fastboot mode (see below) to get fastboot to see my device. You need a strong and healthy heart in this business.

With my toolkit primed and ready, it was now time to unlock my device and install my recovery image. Motorola was gracious enough to make this process a cinch. I went over to their website, and followed their instructions without ever needing to call customer support. Installing the recovery image was similarly pleasant: twrp seemed like the most eligible recovery image out there, so I went over to their website, and downloaded a copy for my device. Bada-bing bada-boom and I had a custom recovery image installed and running on my device:

$ adb reboot bootloader
... wait for the device to reboot
$ fastboot flash recovery <path/to/my/copy/of/twrp.img>
... wait for it
$ fastboot boot <path/to/my/copy/of/twrp.img>

Homestretch – the prize is in sight, and I waste no time.

Since OmniRom launched way before LineageOS, I figured it was the most promising, so gave it first dibs. I headed over to their website and downloaded the ROM for my device. Not much else to do there – there’s no FAQ, installation instructions, or docs that I could find. This should’ve been a red flag for me. But I forged on anyways. I headed over to LineageOS’s website and found installation instructions, which worked without a hitch for OmniRom as well. After using twrp to wipe and format my device, I sideloaded the OmniRom image. Google Play services, a key component to many apps that most people use everyday, is usually shipped with the “stock” Android that comes pre-installed with your device. Unfortunately its proprietory, and not distributed, so the lovely people over at OpenGApps went ahead and packaged it up nicely so we can sideload it along with our OS. So I headed over to the OpenGApps website and grabbed me a copy of their “nano” package, which was promply sideloaded without a sqeak. If my model was correct, I pretty much nailed it. A simple reboot should bring me to my new OS install.

$ adb reboot
*excited breathing*

A quick note on updates before we move on. Turns out the OS installation process is pretty much the same process for installing updates. Both OmniRom and LineageOS will notify you about updates, but you’ll have to head over to your computer where you have adb and fastboot installed, and download the latest copy of the OS for your device, then follow the same installation procedure as described above. However, DO NOT “wipe and format” your device, if you’d like to keep your data in place. Godspeed.

Et voila! A pristine OmniRom install greeted me. They weren’t kidding when they boasted about having “lots of custom enhancements.” There were so many settings I could use to customize my experience, that frankly, was a bit overwhelming. After all the time we spent together, I probably used 20% of the customizations, just enough bring my experience in parity with what I had in my previous Android life. And life was good. The only glaring, and quite annoying, issue was that my yubikey neo (NFC + USB) did not work. In fact, all “secure” NFC functionality did not work: Google Pay, for example. I intend to debug this, or at least check the logs to see what’s going on here, but thats for another post. All the other apps that I previously used on stock Android worked on OmniRom. I was happy. Until, a month or so in, I realized I’m not getting a ton of updates. In fact, I could count them on one hand. It turns out, only some devices get all the development action, and it takes a while to trickle down the tree, if it ever does. This was a huge disappointment. I was looking forward to feature-packed. All day, erryday.

All good. I took what I learnt and moved on to LineageOS. Since I used LineageOS’s install instructions to install OmniRom, this round was a walk in the park. Within no time at all, I had LineageOS running on my device. And it was splendid. It tracked upstream Android more closely, so it had more of the newer features than OmniRom. I feel it drew a well-balanced line between tons of customization and usability. The default Launched was snappy and stable. Its focus on privacy and security definitely showed - an entire category of the settings app was dedicated to “Privacy”, where it was easy to get a snapshot of what permissions my apps were using. My only qualm in this regard was that device encryption was not enabled by default. This would’ve been the cherry on top. However, the setting to enable encryption was easy to find, and the flow was seamless. Best of all, useful updates kept rolling in almost every day. Unfortunately, LineageOS also suffered from #noNFCforU. No matter, I was pleased with everything else. And so, I’m running LineageOS to this day on my trusty old Moto Z. The device needs a new battery, which I’ll replace soon, but I’m glad I can squeeze in an extra few years. I’m very excited to have the latest Android features available to me rather than having to wait for Slowtorola – see what I did there?

For closing thoughts, I gotta say how impressed I am by the opensource community for this level of product maturity. I was able to simply pull together a few pieces, and end up with a beautiful, stable, secure and opensource Android experience.

If you decide to give this a shot, and decide it works for you too, please consider donating a little thank you to these projects.