Protects against the following threat(s):
基於 Android 的自訂作業系統(通常稱為 自訂 ROM)是在裝置上實現更高層級的隱私和安全性的流行方法。 這與 Android 的「stock」版本形成鮮明對比,「stock」版本是手機出廠時附帶的,並且通常與 Google Play 服務 深度整合。
我們建議您在裝置上安裝這些自訂 Android 作業系統之一(按優先順序列出),具體取決於您的裝置與這些作業系統的相容性。
AOSP 衍生品¶
GrapheneOS¶
GrapheneOS 是隱私與安全方面的最佳選擇。
GrapheneOS 提供了額外的 安全強化 和 隱私改進。 它有 加固的記憶體分配器,網路、傳感器權限與各式安全改進. GrapheneOS 還帶有完整的軔體更新與已簽名的構建版本,因此完全支援 Verified Boot 。
GrapheneOS supports sandboxed Google Play, which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific work profile or user profile of your choice.
Google Pixel系列 是目前唯一符合 GrapheneOS 硬體安全要求 的裝置。
By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address from Google, but means it is trivial for an admin on your network or ISP to see you are making connections to grapheneos.network
, grapheneos.org
, etc. and deduce what operating system you are using.
If you want to hide information like this from an adversary on your network or ISP, you must use a trusted VPN in addition to changing the connectivity check setting to Standard (Google). It can be found in Settings → Network & internet → Internet connectivity checks. This option allows you to connect to Google's servers for connectivity checks, which, alongside the usage of a VPN, helps you blend in with a larger pool of Android devices.
DivestOS¶
If GrapheneOS isn't compatible with your phone, DivestOS is a good alternative. It supports a wide variety of phones with varying levels of security protections and quality control.
DivestOS 是一個 LineageOS 的軟分叉。 DivestOS 從 LineageOS 繼承了許多 支援的裝置 。 It has signed builds, making it possible to have verified boot on some non-Pixel devices. Not all supported devices support verified boot or other security features.
The status of firmware updates in particular will vary significantly depending on your phone model. While standard AOSP bugs and vulnerabilities can be fixed with standard software updates like those provided by DivestOS, some vulnerabilities cannot be patched without support from the device manufacturer, making end-of-life devices less safe even with an up-to-date alternative ROM like DivestOS.
DivestOS 具有自動核心漏洞 (CVE) 修補,更少的專有設備驅動程式,和自訂的 hosts 文件。 Its hardened WebView, Mulch, enables control-flow integrity for all architectures and network state partitioning, and receives out-of-band updates.
DivestOS 還包含來自GrapheneOS 的核心補丁,並透過 defconfig 加固 啟用所有可用的核心安全功能。 所有高於3.4版本的核心都包含 整頁的核心記憶體清理 ,並且所有~22 Clang 編譯的核心都有啟用 -ftrivial-auto-var-init=zero
。
DivestOS 也實現了一些最初專為 GrapheneOS 開發的系統加固補丁。 DivestOS 16.0 and higher implements GrapheneOS's INTERNET
and SENSORS
permission toggle, hardened memory allocator, exec-spawning, Java Native Interface constification, and partial bionic hardening patchsets. 17.1 and higher features per-network full MAC address randomization, ptrace_scope
control, automatic reboot, and Wi-Fi/Bluetooth timeout options.
DivestOS 使用 F-Droid 作為其預設應用程式商店。 我們通常 建議避免使用 F-Droid ,但在 DivestOS 上這樣做是不可行的;開發人員透過自己的 F-Droid 儲存庫:DivestOS Official 來更新他們的應用程式。 For these apps you should continue to use F-Droid with the DivestOS repository enabled to keep those components up to date. 對於其他應用程式,我們推薦的 應用程式獲取途徑 仍然適用。
DivestOS replaces many of Android's background network connections to Google services with alternative services, such as using OpenEUICC for eSIM activation, NTP.org for network time, and Quad9 for DNS. These connections can be modified, but their deviation from a standard Android phone's network connections could mean it is easier for an adversary on your network to deduce what operating system you have installed on your phone. If this is a concern to you, consider using a trusted VPN and enabling the native VPN kill switch to hide this network traffic from your local network and ISP.
標準¶
Please note we are not affiliated with any of the projects we recommend. In addition to our standard criteria, we have developed a clear set of requirements to allow us to provide objective recommendations. 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
- 必須是開源軟體。
- Must support bootloader locking with custom AVB key support.
- Must receive major Android updates within 0-1 months of release.
- Must receive Android feature updates (minor version) within 0-14 days of release.
- Must receive regular security patches within 0-5 days of release.
- Must not be "rooted" out of the box.
- Must not enable Google Play Services by default.
- Must not require system modification to support Google Play Services.