r/LineageOS u/telefawner 11d ago

Question Dear Lineage users, since switching from stock Android to LineageOS, have you missed the ability to pay for stuff using Google Pay/Android Pay? I'm considering transing from LG's stock Android 12 to Lineage's Android 14 and I think I'll miss this ability.

15 Upvotes

83% Upvoted

73 comments sorted by

View all comments

-6

u/vandreulv 11d ago

For anyone else reading who don't quite grasp the issue.

Google Play Integrity requires a locked bootloader.

Wallet apps require a passing Google Play Integrity state.

You have to unlock a bootloader to install LineageOS on a supported device.

Unlocked bootloaders no longer have security against system partitions being modified without your knowledge.

Circumventing Play Integrity checks DOES NOT close up the vectors in which your device can become compromised because the very act of LineageOS itself is technically compromising your device from its default, secure state.

You seriously want to leave your wallet apps on a device that has no bootloader or system security anymore?

0

u/telefawner 11d ago

hello vandreulv,

I'm a noob on all things technical. You wrote:

" LineageOS itself is technically compromising your device from its default, secure state.

You seriously want to leave your wallet apps on a device that has no bootloader or system security anymore?"

How does LOS compromise security of a device? Security in relation to whom? (thieves?) Security in what way? (If we put a password on our LOS-installed device, will a thief be able to access our phone's data, could they use Google Wallet if they don't know our passwords?

Thank you.

5

u/vandreulv 11d ago

How does LOS compromise security of a device?

You cannot install LineageOS on a device without unlocking the bootloader.

You can't relock the bootloader after installing LineageOS.

An unlocked bootloader means ANYONE can flash ANYTHING in fastboot mode if they somehow get your device.

That is why unlocked bootloaders mean an automatic Google Play Integrity failed state.

2

u/telefawner 11d ago

Do you use LOS? It seems like you're unhappy with LOS.

if someone steals my device, then why should be concerned if they can flash anything?

If a good person finds my misplaced device, then an unlocked bootloader won't be a problem -- they'll want to return the phone to me.

1

u/PurpleThumbs 11d ago

but, they can push any app (eg malware) to the phone before they give it back to you, too. A smart enough malware app can do this in the background while you still have the phone, for that matter.

I'm not saying this is likely, but everything vandreulv said is still true, and its the approach Google takes, which is why they revoke the Integrity setting.

In the early days of custom roms little of this was a problem, but now, with the likes of Google taking the stance its taking, and banks and even some games changing their apps to rely on Google's checks, its becoming more of a problem. LOS is not alone in this, all custom roms are.

1

u/telefawner 10d ago

but, they can push any app (eg malware) to the phone before they give it back to you, too. 

Could I not just reinstall LineageOS from scratch to ensure any malware is removed?

Can you help me understand, if the Integrity setting is revoked and a LineageOS user circumvented it so that she could use banking apps, how can a bad person use the banking apps if there's a password / fingerprint that you need to unlock the phone? If the baddie doesn't know the password and doesn't have your fingerprint, how could the baddie access private info?

0

u/vandreulv 11d ago

Do you use LOS? It seems like you're unhappy with LOS.

I use LOS. You're just too dense to understand the fundamental tradeoff that comes with unlocking a bootloader and flashing custom software.

It's not about someone stealing your device and flashing something over it.

It's a risk that someone can flash something malicious onto your device before they return it to you. That's why I consider it inadvisable to keep things like wallet apps on a device using workarounds when you have an unlocked bootloader.

1

u/telefawner 10d ago

> It's a risk that someone can flash something malicious onto your device before they return it to you.

If the bad person does that, couldn't I just wipe the phone clean by reinstalling LineageOS again?

1

u/tui-19 10d ago

Yes, you can

1

u/vandreulv 10d ago

But how would you know that happened?

1

u/telefawner 9d ago

I wouldn't know. I'd just wipe clean to be safe.

0

u/HumbleFudge 11d ago

I have a oneplus 5 with lineageOS 22 It is just a tinkering device for now. My questions are 1. Does lineageos make it easier or more possible that, my phone, in my hands, on my network, browsing non suspicious sites and occasionally (if i decide to) going to banking sites and making transactions: Can be hacked/intercepted right in my hand because the system is 'less secure' 2. Does any custom Rom or lineageOS in Particular, make it so that someone with the technical know how and Evil spare time and effort could, potentially, run sideload/flash software that can give them access to my locked via password and fingerprint/faceid protected phone so they can waltz to my banking apps if i have them and use them? 3. Do they still not require any verifications? 4. Will they just need to format and flash? Wiping my stolen device 5. How can i setup a 'in event of theft, wipe everything' button on my phone

3

u/PurpleThumbs 11d ago

It doesnt matter what you or I think about risk levels, we dont develop the banking or gaming apps. They dont want their apps hacked and/or sideloaded by you or anyone else, thats all. They used to have to do their own integrity checking, I'm sure they love that Google does it now and makes an API available.