0

There's a great question here about what to do if your Android phone has vulnerabilities but no updates. The current accepted answer suggests that LineageOS is a better option. I quote:

In the case of an Android phone the best option would probably be to get alternative and still supported software like LineageOS for it. [...]

Is LineageOS really, objectively more secure than the standard Android vanilla OS in some way?

Edit: I realize that the context of the original question was "I'm stuck on a phone without any future updates." However, that's not always the case; in my case, my phone provider (OnePlus) does provide updates.

My question is more generically: given that I have a choice of a stock/vanilla Android OS, or LineageOS, which (if both are up to date) is more secure?

ashes999
  • 111
  • 1
  • 1
  • 5

2 Answers2

1

The point is simply that LineageOS still provides updates for very old phones.

I run it on my maguro and before switching to cyanogenmod (which is now LineageOS) I was stuck on Android 4. Now I have Android 6.0.1 and the latest LineageOS build is from 2 days ago.

Does this mean that LineageOS is more secure than vanilla Android? Definitely not. Is an up to date LineageOS more secure than a 5 year old Android? Very likely!

Elias
  • 1,915
  • 1
  • 9
  • 17
  • Thanks for your response. I've updated my question to clarify that I'm comparing apples to apples (up-to-date vanilla Android vs. up-to-date LineageOS). – ashes999 Jun 26 '17 at 21:20
0

First, the answer you refer to does not claim that LineageOS is more secure than Vanilla Android. It only claims that a current and supported LineageOS is more secure than the old and unsupported Android version on the phone the OP bought.

Apart from that, a current and supported LineageOS version is actually more secure than even the latest Android installation in many current phones because the developers provide updates usually much faster. Also, it allows smaller installations with many unneeded applications removed and thus reduces the attack surface of the phone.

Apart from providing faster updates then most vendors current LineageOS does not add much more security, i.e. there is no additional hardening of the system done. This was different with earlier versions (i.e. CyanogenMod) where various privacy related features were added on top of Stock Android. But, since Stock Android catched up in this regard this is no longer needed.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • Thanks for your response. Can you provide any mode proof/explanation/evidence that LineageOS is more secure, other than it has faster updates and/or less apps by default? I'm wondering if it has something more fundamental about the OS that makes it more secure. – ashes999 Jun 26 '17 at 21:21
  • 1
    @ashes999: fundamentally LineageOS is based on a stock Android. There is no additional hardening done as far as I know. In the past the predecessor Cyanogenmod had various privacy related improvements compared to stock Android but with the time stock Android incorporated more of such features by its own already so it is less needed today. – Steffen Ullrich Jun 27 '17 at 04:55
  • @Steffan although my question has since been DVed (with no comments, ...) if you can roll your comment into your answer, I'll accept it. – ashes999 Jun 27 '17 at 22:14