Found this article, I think it’s am interesting comparison
My source: https://mastodon.nz/@leighelse/115572223821306554
Apart from fixing the small privacy leaks in Lineage, ∕e∕OS doesn’t seem to offer much extra in the way of security hardening.
With /e/OS, the bootloader can be relocked on Fairphone, Shiftphone, Teracube, and Google Pixel, and they are sold locked by Murena. https://community.e.foundation/t/list-devices-where-bootloader-can-be-relocked/48424
This means a pickpocket or airport security control can’t take a copy of your system image via USB and brute force your few-digit passcode in a virtual machine without guess rate limiting. If they crack it, they can start using your user accounts and whatever information is on the phone.
With LineageOS, relocking is not so rosy: https://wiki.lineageos.org/faq#canshould-i-relock-my-bootloader
Few devices allow for it and even less work properly after that. Relocking can result in actual unusable devices, so be warned!
https://forum.fairphone.com/t/relock-fp5-keeping-lineageos/108723
If you plan on installing LOS and want to lock your bootloader you’ll have to build your own images, that’s not supported by default.
https://www.reddit.com/r/LineageOS/comments/n7yo7u/a_discussion_about_bootloader_lockingunlocking/
With /e/OS, the bootloader can be relocked on Fairphone, Shiftphone, Teracube, and Google Pixel, and they are sold locked by Murena. https://community.e.foundation/t/list-devices-where-bootloader-can-be-relocked/48424
this was one of the things i’ve been waiting for! i was leaning towards graphene because of the bootloader lock, but i don’t want a pixel.
the next problem i have to wait for is better support for the network bands in north america. i know from experience that the bands that fairphone supports are the same that my chinese phones supported in the past; which meant that i got no signal inside of large buildings and had to rely on wifi. i’ve never heard of shiftphone nor teracube, so i hope that their band support is better.
To this I’d add that it is very common, and very easy, to install either MicroG or the real Gapps (Google Play Services, Play Store, etc) on LineageOS.
GrapheneOS has another added bonus of allowing you to install Google Play Services only in the “work” profile, leaving your main profile Google-free.
Personally, I think everyone should be at least a little worried about their phone potentially being seized by malicious state-sponsored actors. Whether it’s a power-tripping cop, airport security, or the New American Gestapo, this kind of thing is only becoming more common as time goes on. GrapheneOS has repeatedly been shown to be resistant to attacks that stock ROMs are vulnerable to, sometimes for months or years after Graphene patched the holes. LineageOS with an unlocked bootloader is likely to be less secure against any USB attack than stock.
Just my two cents. I love LineageOS but I would never feel comfortable traveling with an unlocked bootloader. Then again, it might be better to take a burner phone when traveling anyway.
Nice article.
Good read, it gives a refreshing take on these options.
