LineageOS Introduces “Trust” – A Centralized Interface for Security and Privacy
The introduction of monthly security patches for Android was a welcome and much-needed move from Google. At that time, Android was infamous for its fragmentation issues, which negatively impacted how security vulnerabilities could be patched and then quickly distributed to devices. Monthly security patches provided a quick way for concerned users to judge how “secure” and “up-to-date” their device really was.
Unfortunately, as well-intentioned this change might be for the end users, some OEMs were failing to fully roll out all of the security patches for their devices. Whenever Google rolls out a monthly security patch, OEMs are required to fix all the vulnerabilities outlined in that month’s security bulletin if they want to claim that their device is secure up to that monthly patch level. However, researchers found a significant patch-gap between the security patch level reported on the phone and what vulnerabilities the phone was actually protected against. While most average consumers would not seemingly care about this, there is no denying that this was a breach of trust on the part of the OEMs. Issues like this prompted Google to amend their OEM agreements to incorporate requirements for regular security patches.
Trust is a centralized interface within LineageOS ROMs (located in Settings > Security and Privacy) that will now be home to all of LineageOS’s security features. Here, you can get an overview of the status of core security features like Privacy Guard and more, as well as get explanations on how to make your device secure and your data private. Further, as part of user experience improvements, the Trust icon will be made visible in the status bar to inform users that the action being done is secure and not caused by fake permission dialogs, phishing attempts, and other such nuisance.
Trust ties into the earlier mentioned changes from Google as it separates out the vendor security patch level and the framework patch level. LineageOS is able to patch the Android framework thanks to AOSP, and they can patch the kernel thanks to the Linux kernel source. But the developers have to usually rely on OEMs for BLOBs to update vendor HALs, bootloaders, and more. The new “vendor” security patch level now reports when the BLOBs were last updated. This provides much more relevant information, as can be seen in the case of Nextbit Robin, which will display a vendor patch level of April 2017 even though the Android framework patch level may be up to date.
The Trust interface also warns users when their device is insecure, as in the cases when SELinux is disabled, root is enabled, or when the device is unencrypted. Trust also shows an icon in the status bar when an app is actively using root access, much like Privacy Guard. Trust also houses settings to control the SMS message limit for apps.
The Trust interface is live in this week’s LineageOS 15.1 builds. The developers promise to deliver on more features as part of Trust in the future.