{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Introduction
iodéOS is a privacy-focused operating system powered by LineageOS and based on the Android mobile platform. iodéOS aims at protecting the user's privacy with a built-in adblocker and by freeing the smartphone from snitches.
The objectives in the conception of this ROM are threefold:
To keep the stability and security level of LineageOS, by minimizing the modifications made to the system. Apart the system modifications required by the adblocker, we mainly only added a few useful options commonly found in other custom ROMs, made some cosmetic changes, modified a few default settings to prevent data leaks to Google servers.
To ease a quick adoption of this ROM by new users. We especially target users that are concerned by the protection of their privacy, but are not reluctant to still use inquisitive apps like Google ones. We thus included MicroG as well as a coherent set of default apps, and simplified the initial setup of the system. Particularly, an initialization of MicroG has been made with GCM notifications allowed by default, a privacy-friendly network location provider (DéjàVu) pre-selected, as well as Nominatim Geocoder.
To provide a new and powerful way of blocking ads, malwares, data leaks of all kinds to many intrusive servers. We are developing an analyzer, tightly integrated into the system, that captures all DNS requests and network traffic, as well as a user interface (the iodé app). Compared to some other well-known adblockers, this has the advantages of:
Avoiding to lock the VPN for that use. You can even use another adblocker that uses VPN technology alongside our blocker.
Being independent of the kind of DNS server used by the system or set by an independent app: classical DNS on UDP port 53 or any other one, DNS over TLS (DoT), DNS over HTTPS (DoH), ..., as we capture the DNS requests before they are transmitted to the system function that emits the DNS request. What we do not support, is DoH when it is natively built into applications, i.e. when an app communicates directly with a DoH server, without asking name resolution to the system. It would require to decrypt HTTPS packets between such an app and the DoH server, which may create a big security hole.
Precisely mapping DNS requests and network packets to the Android apps that emitted (or received) them.
Deciding which apps have a filtered network usage (by default, all apps), and which ones can communicate with blacklisted servers.
Since its first versions, we added many features to the iodé blocker: several levels of protection, fine-grained control over the hosts that should be blocked or authorized, displaying statistics on a map to see the quantity of data exchanged to which countries, clearing statistics... We are actively developing the blocker, and new functionalities will be regularly added.
Features
Changes in LineageOS to prevent data leaks:
Default DNS server: Google's DNS replaced by Quad9's 'unblocked' servers in all parts of the system.
A-GPS: patches to avoid leaking personnal information like IMSI to supl server.
Captive portal login: connectivitycheck.gstatic.com replaced by captiveportal.kuketz.de for connectivity check.
Dialer: Google default option replaced by OpenStreetMap for phone number lookup.
Pre-installed apps:
We included many useful default apps, but our choice cannot suit everyone; so we added the possibility to remove them. It can be done at the end of the phone setup, or at any time by going to Parameters -> Apps & Notifications -> Preinstalled apps.
MicroG core apps: GmsCore, GsfProxy, FakeStore.
NLP backends for MicroG : DejaVuNLPBackend (default), MozillaNLPBackend, AppleNLPBackend, RadioCellsNLPBackend, Nominatim Geocoder.
App stores : FDroid (with F-Droid Privileged Extension) and Aurora Store.
Browser: our own fork of Firefox (with Qwant as default search engine, many other ones added, telemetry disabled, parts of telemetry code removed) instead of Lineage’s default browser Jelly.
SMS: QKSMS instead of Lineage's default SMS app.
Email: p≡p (Pretty Easy Privacy).
Camera: our own fork of Open Camera, with a few tweaks.
Maps/navigation: Magic Earth GPS & Navigation (the only one free but not open source).
Keyboard: OpenBoard instead of AOSP keyboard.
PDF: Pdf Viewer Plus.
Personnal notes: Carnet.
{Ad/Malware/Data leak}-blocker: iodé.
News: to keep users informed about our developments, as well as a FAQ.
Meteo: Geometric Weather.
Pre-included FDroid repository:
The apps that we tweak or develop (microG services, the browser based on Firefox, the News app, Open Camera ...) are available through a repository that we included in FDroid (check the "Apps for iodéOS" category). For this purpose and to avoid name conflicts of some apps, we also had to make a few changes in FDroid.
Useful options from other custom ROMs:
Smart charging (disables charging when a given level is reached, to protect battery health).
Fingerprint vibration toggle.
Swipe down to clear all in recent apps (Android 10 only).
Installation Instructions
To download and flash our latest build, see https://gitlab.com/iode/ota.
You can also find here direct links to the latest builds.
Supported devices
Fairphone FP3/FP3+
Fairphone FP4
Google Pixel 3
Google Pixel 4
Google Pixel 5
Google Pixel 6
Google Pixel 6a
OnePlus 9
OnePlus 9 Pro
Samsung Galaxy A5/A7 2017 (a5j17lte/a7j17lte)
Samsung Galaxy S9/S9+ (starlte/star2lte)
Samsung Galaxy Note 9 (crownlte)
Samsung S10e/S10/S10+ (beyond{0,1,2}lte)
Samsung Note 10 (d1)
Samsung Note 10+ (d2s)
Sony Xperia XA2 (pioneer)
Sony Xperia XZ1 (poplar)
Sony Xperia XZ2 (akari)
Sony Xperia XZ3 (akatsuki)
Xiaomi Mi9 (cepheus)
Teracube 2e
Xiaomi Mi 10T 5G / Mi 10T Pro 5G
Xiaomi Mi 10 Lite 5G
Sources
iodéOS: https://gitlab.com/iode/os
LineageOS: https://github.com/lineageos
device tree:
https://gitlab.com/iode/os/public/devices/samsung/device_samsung_crownlte
https://gitlab.com/iode/os/public/devices/samsung/device_samsung_universal9810-common
kernel:
(iodéOS 1.x) https://github.com/LineageOS/android_kernel_samsung_universal9810
(iodéOS 2.x) https://github.com/synt4x93/android_kernel_samsung_universal9810
(iodéOS 3.x) https://github.com/universal9810/android_kernel_samsung_exynos9810
Bug Reporting
You can post a message in this thread or (preferred) open an issue here.
Credits
LineageOS is a free, community built, aftermarket firmware distribution of android, which is designed to increase performance and reliability over stock android for your device.
All the source code for LineageOS is available in the LineageOS Github repo. If you would like to contribute to LineageOS, please visit their Wiki for more details.
This ROM would be nothing without the tremendous work made on MicroG, and all the other open source apps that we included. We are very grateful to their authors.
Contributors
Direct contributors: @iodeOS, @vince31fr
Indirect contributors (too numerous to list): All the people that contributed to the device tree, to LineageOS, and to the included open source apps.
Sponsoring
You can help in the development of this ROM by paying us a coffee here: https://paypal.me/iodeOS.
Screenshots
Downloads : iodéOS 3.x / 4.x
Due to an incompatibility in the data encryption method, a factory reset is required to migrate from iodéOS 2 to iodéOS 3 or later. It can be installed as OTA by using this updater. Backup your data before proceeding.
The data format must be performed with iodé's recovery, not TWRP, which can be found here.
04/04/2023 (build 20230401):
Upgrade to iodéOS 4.1 based on Android 13 / LineageOS 20
Blocker: improved use of blocking lists (sub-domains blocking)
FDroid: fixes an issue on apps update
LineageOS synchronized with March security patch included
All apps updated
07/02/2023 (build 20230131):
Blocker:
Improved blocking settings. You can now choose 'Standard' blocking (ads, trackers, malwares, etc) or 'Reinforced' blocking (same objective but more extensive), and then select additional categories.
The 'Porn' category has been extended to a wider 'Sensitive content' one, that also includes fake news, gambling, drugs, piracy, torrent..., with mainly child protection in mind.
The 'Extreme' category has been removed, as it is now part of the reinforced blocking.
Improved blocking lists. We merge several acknowledged and up-to-date sources, and have diversified our sources to produce more complete lists. The standard list has however been reduced a bit, to avoid as much as possible interference with apps expected behavior.
Added a new network location provider: Local NLP Backend. It is an improved version of the DéjàVu NLP backend which was already available in iodéOS. Like DéjàVu, it builds a local database connecting localizations learned from other NLP backends and apps using GPS, and mobile antennas/Wifi; but also has an active mode (not preselected) that can trigger GPS requests. To configure it: Settings -> System -> microG -> Location modules
LineageOS synchronized with January security patch included
All apps updated
New devices support: Pixel 3, 6, 6a
16/12/2022 (build 20221512):
Blocker: added multiple selection in settings / domain customization. Long-press on a domain, select several domains or all, apply actions (block all, authorize all...)
PdfViewerPlus: improved security by updating core libraries
Network settings: added a switch to disable connectivity check (and thus captive portal detection)
LineageOS synchronized with December security patch included
All apps updated
New devices support: Pixel 4 & 5, OnePlus 9 & 9 Pro
24/11/2022 (build 20221121):
Improvements in the blocker user interface (iodé app)
LineageOS synced with September security patch included
All apps updated
17/10/2022 (build 20221014):
Blocker:
Network blockings following their type (Wifi, mobile data, VPN) added
Default blockings definition for new apps
Personnalized recipients management improved
iodé's app access restrictions by password added
Search filters added in report and map
Display theme selection
Automatic and 'real-time' refresh of the whole app
Performance and fluidity improvements of the app
LineageOS synced with September security patch included
All apps updated
27/07/2022 (build 20220726):
Upgrade to iodéOS 3.1 based on Android 12 / LineageOS 19.1
SafetyNet certification activated: allows many apps, notably banking ones, to fully work
Setup wizard: the push notifications configuration page now also activates SafetyNet (fine-grained control in Settings->System->microG)
OpenCamera: the 'Use alternative flash method' in photo settings is no more necessary and can be disabled, allowing flash optimization
News app: German translations
LineageOS synced with July security patch included
All apps updated
Downloads : iodéOS 2.x
24/10/2022 (build 20221024):
Hotfix build for keyboard not showing in decryption page.
17/10/2022 (build 20221014):
Blocker:
Network blockings following their type (Wifi, mobile data, VPN) added
Default blockings definition for new apps
Personnalized recipients management improved
iodé's app access restrictions by password added
Search filters added in report and map
Display theme selection
Automatic and 'real-time' refresh of the whole app
Performance and fluidity improvements of the app
LineageOS synced with September security patch included
All apps updated
27/07/2022 (build 20220726):
SafetyNet certification activated: allows many apps, notably banking ones, to fully work
Setup wizard: the push notifications configuration page now also activates SafetyNet (fine-grained control in Settings->System->microG)
OpenCamera: the 'Use alternative flash method' in photo settings is no more necessary and can be disabled, allowing flash optimization
News app: German translations
LineageOS synced with July security patch included
All apps updated
21/07/2022 (build 20220530):
Setup Wizard: new page to configure push notifications through microG
Lockscreen settings: switch added to disable fingerprint unlock when screen is off
Improved German translations
Bug fixes and improvements
LineageOS synced with May security patch included
All apps updated
02/05/2022 (build 20220408):
News app reworked
Setup Wizard: new iodé introduction
iodé blocker: pull to refresh replaced by automatic refresh in report tab
Teracube 2e 2022 batch released, video playback in browser and video recording fixed
Music app : playlist crash fixed
Open Camera : crash when tapping thumbnail of a newly recorded video fixed, photos and videos now editable
LineageOS synced with March security patch
All apps updated
03/02/2021 (build 20220129):
New iodé blocker map feature
Build mode changed to 'user' (i.e. release) mode): more apps work out-of-the-box and more secure device, but more restrictive recovery
Camera app changed to Open Camera
Wireguard kernel module included
Dark bootanimation
January security patch
Preinstalled apps updated
Beware: Play store Magisk module broken
03/12/2021 (build 20211129):
Fixes DRM (downgraded from L1 to L3)
18/11/2021 (build 20211108):
LineageOS updated (November security patch)
Preinstalled apps updated
Iodé blocker: hosts can now be customized, either globally or by app
Data partition encryption is now automatically triggered on non encrypted devices. Backup your data first, some users reported that their data has been wiped. We're very sorry for the inconvenience.
10/09/2021 (build 20210828):
LineageOS updated (August security patch)
Preinstalled apps updated
Backup app included: Seedvault
microG now uninstallable: Settings -> Apps & notifications -> Preinstalled apps
New default accent color (clear blue from iodé logo)
Bixby key now configurable (short press only, Settings -> System -> Buttons)
10/09/2021 (build 20210828):
Upgrade to Android 11 / LineageOS 18.1
Preinstalled apps UI reworked with the introduction of categories.
Dark theme in the iodé blocker UI (next improvement will be hosts customization).
p≡p (https://f-droid.org/fr/packages/security.pEp/) is now the defaut email client, and replaces lineageOS client which is no longer maintained.
Preinstalled apps updated to their latest version.
LineageOS updated (July security patch).
28/05/2021 (build 20210525):
Different protection levels in iodé's blocker added: in addition to the default standard blocklist, we added three lists (socials, porn, extreme) that can be activated globally or on a per-app basis (more information in the FAQ).
Geometric Weather app added.
Preinstalled apps selection at setup wizard added.
Preinstalled apps including microG updated to their latest version.
LineageOS updated (May security patch).
07/03/2021 (build 20210306):
Blocker UI improved: performance at startup, statistics display (with sortable columns), DNS stream
Preinstalled apps management (uninstall / reinstall) menu added (Settings -> Apps & Notifications -> Preinstalled apps)
Latest lineageOS sources synced
Default apps updated
22/01/2021 (build 20210121):
LineageOS sources synced (AOD and glove mode now available)
Prebuilt apps updated
Activated Camera APIv2 in Snap
Added AudioFX
Added fast charge disabler
Disabled broken widevine DRM L1, now fallback to L3
Force auto-update of apps in FDroid to keep in sync with iodé apps. It can be disabled.
25/12/2020 (build 20201224): first publicly available build for Samsung Galaxy Note 9.
Downloads : add-ons
phonesky-magisk.zip : Magisk module for NanoDroid patched Play Store, for those who really need to get access to their paid apps that don't work with microG. This module can be generally be deactivated when you have installed and ran once the paid apps.
NB : you may have to wait a couple of hours after activating the module for being able to install paid apps.
phonesky-magiskV2.zip : compatibility for the upcoming iodéOS 2.0 based on Android 11. It can ben installed on iodéOS 1.x based on Android 10 too.
IMPORTANT : install this module or deactivate the previous one before installing iodéOS 2.0, or you'll be caught in a bootloop.
[/LIST]
CSM Fol said:
I have a question: All AOSP-based Android 10 ROM's are plagued with this issue: There is massive touch delay/sensitivity issues when playing mobile games (Source 1, Source 2).
And because this ROM is based on AOSP, is this bug also present? I don't have time to try out any custom ROM's now, so I kindly ask.
Click to expand...
Click to collapse
Get your Nope4 back
ps: how's life Steve?
how do i decrypt this?
bobwhite11 said:
how do i decrypt this?
Click to expand...
Click to collapse
How do you decrypt what ?
nice, definitely gonna try this
bobwhite11 said:
how do i decrypt this?
Click to expand...
Click to collapse
To avoid forced encryption on first boot and make it optional to enable from device settings with official lineage or roms based on the official trees like this. You should use vendor_overlay for a modified fstab, or modify your stock vendor fstab.
Something like this synt4x93/android_device_samsung_universal9810-common/commit/67db1379fc6850228310525ffb1f4ec8df95f26e
vince31fr said:
How do you decrypt what ?
Click to expand...
Click to collapse
I assume he is talking about decrypting /data in recovery and is unable to do so because of forced encryption.
=== New Update : 22/01/2021 ===
Available as OTA (see OP)
when i try to start a call, doesnt appera call screen
so i cant stop a call or use speakerphone on samsung Note 9
So far so good - everything seems very stable and I haven't encountered any annoying bugs after roughly a day of use. Only issues I've had are as follows:
1. Developer mode
It says it has worked after tapping the build number repeatedly but then I don't see any Developer Options available in the settings. Am I missing something?
Scrap that, I finally found it. Under Settings -> System -> Advanced -> Developer options. Looks like the only 'problem' was my unfamiliarity with LineageOS changes to settings menus.
2. Limited USB connectivity
I can't see the phone at all when connected to a PC via USB cable and booted normally. I've gone into Developer Settings and set default USB mode to 'file sharing' but it still doesn't show up and I don't get any option to change the mode as I would normally expect. The device is detected fine in bootloader and recovery modes. I've tried different USB cables and a different laptop to help rule those possibilities out. Has anyone else encountered this problem?
3. Forced encryption
Synt4x.93 said:
If any users want to do this without recompiling, just put the modified fstab from that commit in /system/product/vendor_overlay/29/etc/fstab.samsungexynos9810 and set the usual permissions and format /data again.
Click to expand...
Click to collapse
Direct file link for anyone else with the same need: https://raw.githubusercontent.com/s...8df95f26e/rootdir/etc/fstab.samsungexynos9810
To access /system I assume you need root access. Typically I would do this by flashing Magisk but I can't flash anything from recovery without a full wipe when the data partitions are encrypted. How does one get around this chicken-and-egg problem?
Fixed with a generic script
FerretallicA said:
So far so good - everything seems very stable and I haven't encountered any annoying bugs after roughly a day of use. Only issues I've had are as follows:
1. Developer mode
It says it has worked after tapping the build number repeatedly but then I don't see any Developer Options available in the settings. Am I missing something?
Scrap that, I finally found it. Under Settings -> System -> Advanced -> Developer options
2. Limited USB connectivity
I can't see the phone at all when connected to a PC via USB cable and booted normally. I've gone into Developer Settings and set default USB mode to 'file sharing' but it still doesn't show up and I don't get any option to change the mode as I would normally expect. The device is detected fine in bootloader and recovery modes. I've tried different USB cables and a different laptop to help rule those possibilities out. Has anyone else encountered this problem?
3. Forced encryption
Direct file link for anyone else with the same need: https://raw.githubusercontent.com/s...8df95f26e/rootdir/etc/fstab.samsungexynos9810
To access /system I assume you need root access. Typically I would do this by flashing Magisk but I can't flash anything from recovery without a full wipe when the data partitions are encrypted. How does one get around this chicken-and-egg problem?
Click to expand...
Click to collapse
2. Connect Phone to PC then press "Charging this device via USB" from notification the choose file transfer
3. i flash the Disable_Dm-Verity_ForceEncrypt_11.02.2020.zip it disable the forced encryption
the only bug i found is from front camera when "selfie mirror" is enabled the camera app will crash after capture
If anyone else wants to get their Note 9 up and running with this ROM with minimal hunting around, here's what I'd suggest (assuming coming from a stock firmware). You will end up with iode + Magisk + no 'data' encryption (so for example you can still access your Data partition from recovery).
You will need:
Odin installer from https://odindownload.com/download/
Tested with: https://odindownload.com/download/Odin3_v3.13.3.zip
(there is a newer version 3.14.1 but I already had 3.13.3 so tested with that)
TWRP installer in .img.tar format from https://twrp.me/samsung/samsunggalaxynote9.html
Tested with: https://dl.twrp.me/crownlte/twrp-3.5.0_9-1-crownlte.img.tar.html
lode ROM from https://github.com/iodeOS/ota/releases/tag/v1-crownlte
Tested with: https://github.com/iodeOS/ota/releases/download/v1-crownlte/iode-1.1-20201224-crownlte.zip
Magisk zip installer from https://github.com/topjohnwu/Magisk
Tested with: https://github.com/topjohnwu/Magisk/releases/download/v21.4/Magisk-v21.4.zip
Disable DmVerity ForceEncrypt fix from https://github.com/Zackptg5/Disable_Dm-Verity_ForceEncrypt
Tested with: https://androidfilehost.com/?fid=17248734326145725184
and also a PC for running the Odin software.
Summary of install steps
Update phone to latest official firmware
Restart phone in bootloader mode and flash TWRP with Odin. If you've never done this before there is a decent guide here: https://www.droidthunder.com/install-twrp-recovery-on-samsung
Restart phone in Recovery mode (TWRP).
Use Wipe -> Format to completely wipe the existing Data partition.
Copy the iode, Magisk and 'disable forced encryption' zip files to your phone. Then from TWRP install them in order of iode, Magisk and "Disable DmVerity ForceEncrypt". Do not restart the device in between each step.
andrikv said:
2. Connect Phone to PC then press "Charging this device via USB" from notification the choose file transfer
3. i flash the Disable_Dm-Verity_ForceEncrypt_11.02.2020.zip it disable the forced encryption
Click to expand...
Click to collapse
2. it doesn't work. There is no such prompt on the phone. It's weird because I can see the phone just file and transfer files in recovery mode, just not when booted into the main OS. It works on pretty much every other Note 9 ROM i've tried for more than 5 minutes.
3. Thanks, I went by that route too in the end.
Having used this for over a week now, just reporting back that it has been rock solid and I get around 2.5 days of fairly average use between needing to charge.
Regarding the not showing up PC connection issue, it started working when I flashed the no-encrypt patch immediately after flashing the main ROM image. I'm not sure if it is directly related but I'm happy it's working anyway.
This is going to be my daily driver for the foreseeable future. Thanks to both Lineage and iode teams for making it easier than ever to have a stable and functional Android device with as little Google snoopery as possible. Great work!
Is there any way to add additional rules to the iode blacklist? It's all very well having a built-in firewall of sorts and dashboard showing blocked traffic but it's kind of useless if you can't easily add things to it (e..g Facebook tracking URLs which aren't blocked by iode by default)
FerretallicA said:
Is there any way to add additional rules to the iode blacklist? It's all very well having a built-in firewall of sorts and dashboard showing blocked traffic but it's kind of useless if you can't easily add things to it (e..g Facebook tracking URLs which aren't blocked by iode by default)
Click to expand...
Click to collapse
Hi,
not yet possible but we will add blocklists in march, and the possibility to tweak your own hosts in the following months. You can also join our beta tester group if you want to get updates a little sooner than official OTAs
iodeOS said:
Hi,
not yet possible but we will add blocklists in march, and the possibility to tweak your own hosts in the following months. You can also join our beta tester group if you want to get updates a little sooner than official OTAs
Click to expand...
Click to collapse
Where can I apply for beta testing?
Rubennino said:
Where can I apply for beta testing?
Click to expand...
Click to collapse
You'll find a telegram link in the news app (FAQ 'how to contribute')
=== New Update : 07/03/2021 ===
Available as OTA (see OP)