Phone setup notes

December 17, 2021

53 minute read

This is epic, so here’s a table of contents:


Well this makes a good counterpart to the laptop setup post. Similar idea, it’s just a place for me to keep track of all the things involved in building a new phone from scratch. This one also explains to people who look at me like I’m mad why I don’t just “do what everyone else does”.

Why don’t you just…?

Most people don’t think their phone install deserves a blog post, or even a lot of thought beyond a visit to the Apple “genius” bar (lol) so they can push the “copy everything to my new phone button”. I’m not most people. I’ve been running Linux since approximately Ubuntu 5.04 Hoary Hedgehog in 2005 (the brown one). Even while being a “.NET developer”, back when Microsoft were still trying to simultaneously ignore and destroy Linux. What strange times we live in now with dotnet being open source and cross-platform, has the leopard changed its spots?

There are many factors in this battle for the phone in your pocket.

  • The GPL’s fundamental truth is that there is a tension for control over your devices between the creators of software and the users of that software. iOS and Android both believe that the users can’t be trusted with full control over their device because “security”. I believe this balance of power is important. Too far in either direction and things start to go badly:
    • All the power in the hands of vendors at the expense of users results in exploitation, unfair pricing, anti-competitive practices, monopolies, duopolies (google+apple), cartels, and lack of innovation and quality due to lack of competition.
    • On the flip side all the power in the hands of “users” (or at least user-developers) as per the pure GPL and it becomes difficult or impossible for capitalist processes to fund innovation and engineering effort due to the inability to capture generated value.
  • The apps matter, I do actually want to use a phone for useful things, and increasingly web applications are a poor cousin to their equivalent apps. (Facebook, horror that it is, oscillates between making a browser unusable and making it just about possible to read and interact, they really want all that juicy extra data that you can get from being an installed app).

iOS and Android both believe that users can’t be trusted with full control over their device

This time in smartphones is a moment like my first linux install around the year 2006. I hated the main operating system (Windows) that I was locked in to. All the app[lication]s that I relied on (outlook, visual studio etc) were locked to the operating system I hated. And now in 2021 all the proprietary apps on phones are locked to android / iOS (gmail, authenticator, waze, google maps, banking apps, whatsapp etc.)

I could just install OpenGApps or similar to get the google play store on top of a slightly more free android variant; then install all the proprietary apps again, or I could see just how much I can do without google services by using microG and open source alternative apps like k9mail and I’ve already started this journey by trying out many free alternatives and think it’s worth pushing ahead. Running a build with no google services will be a good acid-test of how far I’ve got even if I have to go running back to the proprietary google services.

In my switch to Linux from Windows I just tried to do as much as I could with free software such as the gimp and thunderbird, often still installed on Windows, and then bit by bit I needed to fire up Windows less and less often as I found alternative apps and ways of doing things.

Any progress I can make here will make the jump to a fully free phone OS less painful in the future, and I’m increasingly confident that day will come just like I don’t think twice about running Linux Mint even for work these days.

Nursing Homes and Neighbourhoods

I highly recommend reading this article - Purism, The Future of Computers: The Neighborhood and The Nursing Home. It wonderfully illustrates the binary choice between the apple/google duopoly and the DIY open source and privacy movement with the rather apt analogy of nursing homes (apple etc where your needs are met but you give up control of your environment) and neighbourhoods (open source where it’s up to you not let the wrong people in to renovate your house).

Why not just Apple iOS?

Yes I know the iPhone crowd can just push a button on the new phone and have it look like the old phone, but iOS is the polar opposite of what I want my technology to be: under my control. That means root. That means open source. That means GPL.

iOS certainly does have some unique advantages that I will be sad to miss out on but not sad enough to give up all the other things I care about.

iOS, the good

  • A secure boot chain, remarkably hacker-proof - even with physical device access which is very impressive.
  • Impressively effective device-to-device migration of user settings and data (android failed miserably at this in my experiments)

iOS, the dubious-to-bad

  • Complete reliance on a single vendor for looking after all your precious “data”. This in my view is risky no matter how good the vendor is.
    • In 2012 this was demonstrated as Mat Honan had all his data and devices wiped and locked remotely when a hacker took over his Apple account, and he had no other copy of all his precious family photos. A cautionary tale for all of us.
    • Someone I know lost everything on their iPhone when the OS upgrade process somehow managed to do the following:
      1. backup the phone to the iCloud
      2. wipe the phone and install the updated iOS (I understand this is normal procedure)
      3. back up the blank phone to iCloud overwriting the only backup (apparently there was only a single slot)
      4. restore the blank backup to the updated phone
      5. declare success, leaving my friend with all his data gone and a factory-installed OS
  • No root (a problem for syncthing, independent backups and general user-control)
  • No user-replaceable OS (aka ROM)
  • No open source
  • All the apps cost more!

Why not just stock android?

“So you must be an android dude then” you say. Well no because frankly android isn’t much better these days. Ever heard of AOSP? (The Android Open Source Project) Well that’s an ever-shrinking piece of what people call Android these days. Piece by piece google have been replacing open-source android with proprietary rewrites. Combine that with proprietary drivers for the endless churn in hardware. If you can even install ASOP on a device good luck getting much to work. The idea of android being “the open source one” in the true spirit of the GPL is a distant and fading memory.

There is a cartel of industry players called the Open Handset Alliance These industry groups can be good but I think in this case they are a barrier to innovation and openness.

“OHA members are contractually forbidden from producing devices that are based on competing forks of Android”
~ Wikipedia on OHA

Ars Technica: “Google’s iron grip on Android: Controlling open source by any means necessary”

Root and backups

One of the big drivers I’ve had for getting a non-standard phone setup is that I don’t want to rely on on google to backup everything on my phone in case it dies, but because Android is by default locked in by secure boot and doesn’t give the user any root access or ability to get root access that’s a bit of a problem for the normal method of backing up a device.

A laptop backup is a question of backing up /home plus a dotmatrix/bootstrap setup for regaining interesting configuration etc.

Android is a bit more complex because it has a couple of storage areas:

  • an [emulated] ‘sdcard’ this is kinda like /home on a laptop and has things like downloaded files; some of the apps use this to save things to
  • storage for every individual app (I learned about the existence of this by losing all my app data)

Every app on android runs under a separate userId, which allows Android to ensure that apps can’t read each other’s data. This is a good thing for security, but that means if you install a “backup app” it can’t read any of the data you actually want backed up. And it can’t get root because that’s not available to you as a user or to any non-system apps.

So that means to backup independently of google, you need root, and to get root you need to unlock the whole boot chain.

I did have root on my OnePlus 5t, but an operating system update helpfully removed that for me… breaking my backups… and root access couldn’t be restored without wiping the phone… including the data I didn’t have backed up because it had broken my backups. Gah. Off the back of that experience I want to make sure that I’m not set up to fight some bloody vendor that doesn’t believe I should have root.

Something other than iOS or Android and its derivatives?

It’s all about the apps.

An operating system is not that useful on its own.

There’s a reason Ballmer shouted “developers developers developers” (amusing as this meme has become in the abstract). An operating system is not that useful on its own. Operating systems live and die by the applications (aka apps) available on them, and the utility and value they in turn bring to their users.

iOS and Android have utterly captured the app market on phones, creating a duopoly in the phone space.

Even the mighty Nokia (with Symbian), Research In Motion (RIM) with Blackberry* and Microsoft with Windows Phone failed to win against them and eventually threw in the towel.

* Blackberry seems to have all but fallen off the radar, they started shipping android in the end basically being a android phone with a physical keyboard thus becoming part of the apple-google duopoloy..

So for me that rules out for the time being all the Linux based phones such as a Librem 5 running PureOS. (See below).

It’s only when alternatives like Librem/PureOS gain traction that we’ll see the makers of apps, websites and phones have to create and adopt open standards that allow further diversity and innovation.

The fact the Librem exists and seems to be sustainable are encouraging signs for the breaking of the google+apple duopoly on mobiles. It’s only when alternatives like Librem/PureOS gain traction that we’ll see the makers of apps, websites and phones have to create and adopt open standards that allow further diversity and innovation. Currently we are seeing a repeat of the “works best in Netscape / Internet Explorer” duopoly of the browser wars that was eventually broken forever by Firefox, Opera and friends forcing websites to stop using proprietary extensions and stick to open standards.

Dearly departed

Nokia / Symbian

Symbian was briefly ahead on features as an OS in my opinion. I had a Sony Ericsson P800 and P910 and in their day they were almost amazing phones, hampered by lacking hardware (2g at the dawn of 3g, serial port connectivity emulated over usb, and for god knows what reason Sony were still trying to beat SD cards with memory stick). Consumers flocked away from them in droves to the new iPhone.

Microsoft / Windows Phone OS

Microsoft’s “Windows Phone” was a triumph of a phone operating system, and everyone I knew that had one absolutely loved the operating system. But Microsoft just couldn’t persuade the big-name mobile-app developers (i.e. companies) to invest the endless effort required to create and maintain a third version of their apps for another app store.

OpenMoko / Neo FreeRunner

I had high hopes for the truly open Neo running OpenMoko, but it didn’t stand a hope in hell amongst the rapidly evolving tech and software at the time. I bought the Neo FreeRunner and it was an exciting time, but it quickly became a relic.


After many years of being the goto android-variant mobile OS for non-conformists, sadly CyanogenMod imploded in 2016. The code lives on in LineageOS (see below).

Promising futures

Two currently active non-android physical phone projects, and several more ongoing Linux based (i.e. non-android) mobile-friendly operating system efforts. Although these will never cross the radar of most people just like Linux didn’t for many years) these are important foundational projects.

Purism’s Librem 5 phone hardware running PureOS (Linux)

The Librem 5 is worth a look if you want to take it to the next level of openness, however it comes with a compromise in specifications, a hefty price tag (inevitable due to lower production volumes) and no android / iOS apps.

You might however want to consider spending your dollars as a vote for the future you want to see.

The Librem 5 runs Linux (PureOS), not Android. This is great but as of 2021 does mean it suffers from the “app” problem (see above).

Because of the “app” problem I’m not ready to make the jump to a Linux based smartphone that can’t run android apps. I’m also not particularly keen to drop quite this much in specification for the benefit.

Personally I’m happy with the OnePlus compromise of specification plus apps versus openness for now, but I’m very glad to see Purism pushing the frontier of openness and maybe I’ll join their users one day.

PinePhone Pro phone hardware (Linux, for now)

The PinePhone Pro is a low spec but very open Linux phone. A follow up to the original PinePhone.

“pre-orders from developers on October 15, 2021, and expect to have them delivered by December”

Phones like this are important in building momentum in the capability of non iOS/Android software even though they will never be mainstream phones themselves.

This is a Linux phone, though in theory GloDroid will provide a build of Android (AOSP) for it, but don’t hold your breath. - OmgUbuntu article on PinePhone+GloDroid.

UBPorts Ubuntu Phone (Linux)

Canonical killed the Ubuntu Phone and the Ubuntu Touch operating system, but the software lives on in ubports. (Presumably that’s short for UBuntu Ports)

Plasma (Linux KDE for phones)

Plasma Mobile is a variant of the KDE Plamsa desktop specifically for mobiles.

Learn more about Plasma on Wikipedia

Mobian - (Debian Linux for phones)

Mobian is encouraging to see. Debian Linux’s strenth has always been its governance and stability. Debian has been a rock in the stormy seas of open source even as different people have passed through its team. This is because debian has a strong set of organisational rules that are above and beyond any individual contributor. The fact that they are working on a mobile variant is very encouraging.

PostmarketOS (Linux)

PostmarketOS is an Alpine Linux (i.e. very small) variation designed to breath life into otherwise obsolete hardware. I expect this will become more useful as phone hardware stops becoming utterly obsolete due to major changes in basic expectations and environment.

Secure boot

There’s the secure boot chain and device locking. This can be a good thing or a bad thing depending on the power dynamic between users and providers (and maybe even the state/government).

It is true that your device is less “secure” with the bootloader unlocked (as the phone likes to scream at you every time you boot it up), at least to attackers with physical access to your device, however I think that’s worth the trade for full control of your device (that you paid for and “own”).

Security is not an absolute. You have to consider cost, inconvenience, human behaviour, the value of an attack target, the motivations of different actors (state, organised crime, hackers, opportunist thieves, trolling friends etc). For me an encrypted data partition and a passcode will do for physical security. In theory you can get full secure boot chain for custom operating systems but even on a Linux laptop this is non-trivial currently.

There’s an important difference here between google/apple considering the security of their entire device eco-system in the hands of every kind of user, and the security of an individual’s device customised to suit them. If google turn off secure boot for everyone then it makes it that much more likely that someone will successfully develop and spread an android virus that corrupts the boot chain. If I turn it of it’s a rounding error on the probability, and a marginal difference to the “security” of my own device.

Apple’s secure boot chain

Apple don’t want you to fiddle with the OS they control, so you don’t get to touch it without “jailbreaking” it. Jailbreaking is done by exploiting a security flaw, and it’s a cat and mouse game with Apple fixing bugs to close holes and hackers finding new ones to regain control of the devices. Not a game I want to play just to have control over my own hardware. This 100% rules out iOS for me, it’s a complete dealbreaker. No matter how shiny, how bug free, how capable it is I wouldn’t trade unless there was absolutely no alternative.

Android’s secure boot chain

Android also secure their boot chain by default, however whether you can unlock it and flash a different recovery/bootloader/OS/ROM depends on the phone manufacturer, individual device, and sometimes the phone network provider (aka locking/unlocking).

This means choose your device and provider carefully if you wish to unlock without wasting your time trying to jailbreaking a locked device.

Artificial app limitations when unlocked

Android has a system that allows apps to hide or limit functionality called SafetyNet. For apps like NetFlix that won’t even show in the play store for unlocked phones we’re into the mega-discussion that is DRM. In short if a content creator wants to lock their device to a locked-down platform that’s fine be me but I won’t be using those platforms for my main computing, instead I might have them as throw-away additional appliances like the google chromecast, or samsung TV’s built in junk. What really matters here is what alternatives you have available to you. For google pay, I’m very slightly sad to miss out but my contactless debit card still works fine so I’ll live.

Hardware choices

Given the “app” problem, any devices not capable of running Android or a derivative are currently out of the running (sad times).

A non-negotiable for me is manufacturer support for replacing the bootloader and everything above that (OS, apps). This ensures the life of the device beyond the point at which the manufacturer loses interest or does something horrific/stupid. This is also a signal for who is truly in charge of the device once it’s “yours” - you the user or the supplier and their developers. By locking you out of making modifications it’s a clear signal that you are not to be trusted with the power over your own device.

As the useful innovation in hardware slows down (2G to 3G was a big jump, but 8-megapixels camera to 32-megapixel cameras is less foundational) it will be less often that devices will become obsolete through huge leaps in capability. It will also mean that phone hardware will inevitably become more commodity and less proprietary, giving a chance for more open standards to get a foothold (just as x86 replace proprietary CPU architectures many decades ago), while still being acceptably capable. We shouldn’t be throwing out devices because the manufacturer decided not to provide security patches for their OS variant, and certainly not because the manufacturer took away a feature we like through forced updates.

Google Nexus / Pixel (meh)

I have run a google nexus 4 previously which was flashable and rootable, but long since obsolete in hardware capabilities (and suffered a hardware failure). I never looked back at the google line after I discovered OnePlus, I can’t comment on whether the current pixel phones are a good device for my constraints. I don’t particularly want to further feed the beast. If you want the authentic pure google experience I guess these are probably worth a look but the pure google experience seems less and less appealing as the years roll on.

Sony (yuck)

Someone told me that a particular Sony phone was flashable, I researched it, found instructions on flashing it, ordered one… and couldn’t flash it. Discussing with Sony support it transpired that that precise model was sometimes flashable and sometimes not, and the only way to find out was to order one and look at the serial number. Fuck you Sony. They never have understood the open source movement and look like they still don’t. They always treated their kit like appliances not a blend of hardware and software (or firmware) with everything that means for the long term management of the software. It’s a shame because they do make nice hardware. I’d still buy a dumb Sony audio amplifier but not much else of theirs. Returned and refunded, try again…

OnePlus (yay, no wait, boo)

This is my choice for the new OnePlus 9 Pro I’m trying to set up, and the OnePlus 5T I’ve been using for more than a couple of years now.

They don’t make the grade for the pure “everything must be open including chip bytecode and chip architecture” as they use proprietary chips, but they make the right balance for me of reasonably high spec hardware for a reasonable price, android compatibility, and the ability to flash whatever ROM/OS you like (at your own risk).

I’ve been running a OnePlus 5t for a while now (bought outright, no network lockin or contract nonsense) and generally happy enough with it. There are some bugs and storage is starting to constrain hence the upgrade, plus the camera could be better by modern standards and I don’t fancy carrying a separate camera.

I now have had the OnePlus 9 Pro sat in a drawer for two months waiting for me to figure out what-the-FSM to run on it, hence this blog post. It’s already been unlocked and I’ve tried flashing a couple of things but am not happy with the setup yet. I stopped looking at it while I concentrated all my efforts on making sure my business was going in the right direction (or any direction at all).

To get root you have to wipe the phone

The OnePlus comes with OxygenOS (an android derivative) preinstalled, but not rooted and with a locked bootloader. To get root you have to wipe the phone which means it’s important to do it before you start using it. It’s caused me no end of pain that you can’t use titanium backup to backup all your data without root, and you can’t get root without losing your files. I understand why (so you can’t just unlock a phone to steal all the data) but that doesn’t make it less of a pain in the arse. Bonus points for operating system updates (over the air / OTA or just normal updates) de-root the phone.

XDA Developers detailed page on the OnePlus 9 including pro

But wait, there’s trouble in paradise.

The founder Carl Pei left OnePlus in 2020 after 7 years at the company.

OnePlus was funded by an existing phone company called Oppo. (And both OnePlus and Oppo are part of BBK)

It seems that OnePlus is basically now dead in the water as a brand if not a company in its own right and will be sucked back into whatever the mothership has to offer, breaking everything along the way by trying to merge Oppo’s colorOS with OnePlus’s OxygenOS into an unholy mess.


As if that wasn’t enough:

“OnePlus is adding artificial limitations and breaking features via software updates, and there are no indications that they’ll improve.” ~ GCam Hub,

So what OS options does that leave?

So not iOS and preferably not Android either.

Unfortunately the apps mean that I’m stuck with Android and its derivatives for the time being.

It seems the best hope for salvation is the Linux based options discussed above eventually getting sufficient app coverage to make the jump more bearable, or maybe even some kind of android emulation allowing them to run android apps sufficiently well. The path from Windows to Linux for me included a mix of dual-boot, virtualization and wine (an api compatibility layer, not an emulator)

It’s worth mentioning that some (most/all?) phone manufacturers make proprietary customizations to Android or even complete forks that you may or may not want. Samsung for example (for the Galaxy line of phones) replaces the “launcher” with the “Samsung Experience”. I’m going for more open rather than less, so I’m not interested in trading slickness for losing even more control. I just want a platform that runs the apps I care about and is as open as possible.

Researching the options

I don’t follow this stuff all the time so I had to do some googling (duckduckgo-ing). Here’s some useful comparisons I turned up:

I’ve got more to learn/research here so I’ll expand this section as and when I learn more. Think of this as a bliki. There’s a full history in git (link at end).

Towering stacks of patches

The below are probably the most realistic alternatives to stock Android and iOS for those who want more openness but don’t want to give up all the modern conveniences in the name of openness and/or privacy. They are however all customizations of Android and that brings a very real problem.

The core open “Android Open Source Project (AOSP)” is run by google for google’s benefit and for their own Android ecosystem. There is significant engineering effort continually poured in to this, with major releases made on remarkably short timelines.

Any project that makes a customization to AOSP such as LineageOS and keeps track of it in their own fork is constantly at the mercy of changes to the foundation it has been based on, a foundation which really has no reason to care about them.

This creates a never ending challenge that stunts innovation outside the Android/iOS duopoly. If you build a significant customization, it will sooner or later be broken and need re-engineering because of changes in AOSP, or maybe even be impossible to resurrect. The more you innovate and customize, the more engineering fire-power is required just to stand still on the treadmill of change in the platform.

While we have good tools for managing all this complexity (git, gerrit) this is a fundamental and unavoidable problem with building on a platform that doesn’t care about you.

Contrast that with the Linux ecosystem where the platforms people are building on (consisting of many many layers and teams) are much more interested in supporting downstream projects and allowing choice. Projects that run on Linux can often run with minimal modification for decades. Linux is also not built for the benefit of some particular vendor like google with their own agenda, it is instead run by a foundation with far more broad interests and pressures.

Android derivative options

I now need to look into the below and decide what to run (maybe with some trial flashing). Once that’s done it’ll be on to the slog of setting up the actual device how I want it.

OxygenOS from OnePlus - used to be good, now dying a painful death

See the section on OnePlus hardware above. The company and OS are in trouble now the founder has left and the operating system has been merged with Oppo’s colorOS (read “fucked”)

This is the default for the OnePlus device I have, which means it’s the most likely to make the hardware perform at its best.

After a wobble on data reporting (which I’m not too bothered about) they seem to have largely sorted out their privacy game… apart from being full of google services just like the rest of the mainstream android devices. To play or not to play…

Here’s the original article disclosing OnePlus silently sending data home.

It seems the latest news is that Oxygen is falling apart. XDA Developers: “OxygenOS 12 for the OnePlus 9 series is littered with bugs”

“It was shit after merge with #Oppo and getting worst day by day. I really like #OnePlus device but #OxygenOS is dead now.” ~ @rahulawanjari, 9 Dec 2021, twitter

Crap, there goes another good option. As if the mobile phone space wasn’t horrific enough already.

In fact OxygenOS 12 was so bad, that they’ve just OnePlus pulled the plug on the entire OxygenOS 12 upgrade!!

Bonus points for the anti-competitive practice of actively denying access to hardware features (secondary cameras). I hope the courts slap them down for this clearly anti-competitive behaviour.

So after discovering that shit-show-in-paradise from OnePlus I could potentially skip OxygenOS 12 and stick to the less f*cked OxygenOS 11, but that doesn’t seem like much of a plan so it looks like I’ll be skipping any fancy hardware capability and looking for a more open and less broken Android variant. Yet more proof that corporations can’t be trusted as guardians of our software for the long term without GPL or at least MIT to stop them from hurting their users sooner or later. Did I mention my podcast is called “Software Should Be Free”. Does this horror show give you a hint as to why it’s called that?

LineageOS (yep)

LineageOS is the successor to the now defunct CyanogenMod. See the history of LineageOS and it’s relationship to CyanogenMod here on Wikipedia.

CyanogenMod was a bastian of freedom and innovation. I hope Lineage has managed to continue that.

There does appear to be a build of LineageOS for the OnePlus 9 pro - I think this is worth trying out.

LineageOS has it’s own recovery image, so no need to run TWRP as well.

Review of LineageOS on XDA Developers

Lineage for microG (maybe?)

This is a fork of lineage with microG already set up properly and a patch that lineage wouldn’t allow that let’s them spoof google signatures in order to trick apps into believing they are using the real google play services

Q: “Why do we need a custom build of LineageOS to have microG? Can’t I install microG on the official LineageOS?”

A: “MicroG requires a patch called “signature spoofing”, which allows the microG’s apps to spoof themselves as Google Apps. LineageOS’ developers refused (multiple times) to include the patch, forcing us to fork their project.”
~ Lineage for microG faq

Replicant (not yet)

Replicant is a fully free Android distribution running on several devices” I’m glad this freedom is here but I’m not quite ready to give up every last proprietary thing until there’s a bit less of a gap.

Supported devices shows purely Samsung Galaxy devices currently.

/e/ (aka Eelo) (nope)

What a bizarre name! Good luck googling this.

“We build desirable, open source, privacy-enabled smartphone operating systems.”

This Android derivative is focussed on privacy; eliminating as much data collection as possible. Laudable but not my main focus right now.

GrapheneOS (nope)

GrapheneOS - The private and secure mobile operating system with Android app compatibility. Developed as a non-profit open source project.”

GrapheneOS only officially supports Pixel phones

CalyxOS (nope)

CalyxOX - “Your Phone Should Be Private Everyone needs a phone. Not everyone wants to be spied on. Reclaim your privacy with CalyxOS.”

Supports Pixel devices and one Xiaomi phone (never heard of it).

Seems to be pushing Signal and Tor so is super-privacy focussed.

Google Apps and Services

There are two major parts to this:

  1. Google play - the app store for downloading apk files to install (plus ratings, reviews, screenshots etc)
  2. Google services - these provide services that many apps want to use to avoid multiple implementations such as location information, push notification etc.

There’s a few ways of getting the google play store and related proprietary horrors:

  • Open GApps - pulls down the proprietary apps and writes them to the image
  • MindTheGapps? - pulls down the proprietary apps and writes them to the image
  • microG - open source re-implementation of the services

For Lineage 18.1 (Android 11) the Lineage wiki links to MindTheGaps, and XDA Developers says “Always Use the GApps Package Recommended by your ROM Developer”

I don’t mind proprietary software as long as there’s choice out there, and the apple app store + google play duopoly on apps is not choice. F-Droid is fine but doesn’t have a single big name vendor’s apps, so it’s probably enough for google to dodge an anti-competitive lawsuit but not enough to produce any real competition.


Open GApps (installer)

Installer for google’s proprietary services.

Q: Why is this such a pain? A: Licensing…

“Due to licensing restrictions, these apps do not come pre-installed with ROMs others than those from vendors that are part of the Open Handset Alliance and must be installed as a sideload package by the user themselves.” ~

We’re lucky they let us do this at all, google could take their toys away from us at any time.

For Open GApps pico looks sufficient, Lineage recommends nano and no bigger.

MindTheGapps (installer)

Installer for google’s proprietary services.

Really haven’t found much information about this.



microG (open source reimplementation)

A free software implementation of shared services provided by the proprietary google services (such as location and push messaging used by many apps).

Doesn’t work properly when flashed to lineage according to the faq so they made their own fork of Lineage “Lineage for microG” (see above)

Aurora - play store proxy

Download apks (installation files) from the google play store without any googleness.

Yalp - play store proxy

F-Droid app store

F-Droid is an app store for android like google play but without all the googlyness.

This a bit pointless if you install play because all the open source apps are available in both, and the closed ones are only in play. I think I’ll skip this for now but I’m glad it exists… Though it is pre-installed in lineage-for-microG so I have poked around and installed a few things.

Playmaker - play store / f-droid integration

Recovery images

TWRP (great but not needed)

Previously I’ve used TWRP, and I got as far as flashing it before discovering Lineage has it’s own recovery image

  • Unlock bootloader
  • Download TWRP for lemonadep - 3.6 twrp download for lemonadep
  • Get twrp public gpg/pgp public key to be able to verify .asc files
  • Flash TWRP (TeamWin Recovery Project?)
    • Power off the phone
    • Hold down volume-down and power buttons
    • Select english
    • select reboot to fastboot
    • connect the usb cable (usb-c to usb-c doesn’t work on my dell xps, use the bigger usb 3 A to usb-c cable)
    • run fastboot devices on the laptop (connected over usb), you should see your phone listed
    • boot the phone from the local twrp image fastboot boot twrp-3.6.0_11-0-lemonadep.img, phone boots up into twrp gui
    • advanced > flash current twrp
    • there’s a note about bootloops, but the options isn’t there so skipping that
    • reboot > power off (says current slot: A, just for the record)
    • power on with volume-down held again, boots straight to twrp this time

LineageOS’s recovery image

Came across this here:

Works well, flashed no problem and have used both recovery and fastboot modes with no issues. You’ll see it as part of the steps below.

Installing LineageOS on OnePlus 9 Pro (take 1)

It begins. LineageOS.

The oneplus 9 pro device is codename lemonadep.

Useful howtos:

XDADevelopers coverage of Lineage support for OnePlus 9 pro

The steps:

  • Download latest nightly (there’s no stable/unstable on this): - this has both the ROM (OS image) and the recovery image.
  • Download copy-partitions (as per wiki)
    • The sha256 for the copy I have is 200877dfd0869a0e628955b807705765a91e34dff3bfeca9f828e916346aa85f
  • Verify all the sha256 sums: sha256sum -c *.sha256
  • Boot to fastboot
  • flash the lineage recovery:
      $ fastboot flash boot lineage-18.1-20211214-recovery-lemonadep.img
      Sending 'boot_a' (196608 KB)                       OKAY [  6.113s]
      Writing 'boot_a'                                   OKAY [  0.655s]
      Finished. Total time: 6.985s
  • copy partitions as instructed
    • boot into recovery (vol-down + power)
    • “apply update” > “apply from adb” (aka sideload)
    • adb sideload
    • Ignore unknown sig and “continue”
  • wipe
    • boot into recovery (vol-down + power) if not already in it
    • “format data / factory reset”
  • OS install
    • boot into recovery (vol-down + power) if not already in it
    • “apply update” > “apply from adb” (aka sideload)
        $ adb sideload
        serving: ''  (~47%)
            adb: failed to read command: Success

      apparently this is normal, but the failed to flash error on the phone is not, and rebooting drops me back into the existing Oxygen install. Dammit…. Try again

    • Second attempt ran fine
      • output: step 1/2
      • output: step 2/2
      • then recovery logo comes back up and it just sits there
      • volume up to the back arrow at the top, power to press it
      • then it says “install complete with status 0” (zero being unix-speak for no-issues)
      • but it doesn’t ever get past the lineage logo when booting, maybe because of the boot of oxygen. hmm
      • hard-power-off by holding down volume-up and power button
    • take 3,
      • back to recovery
      • re-wipe (factory reset)
      • reboot
      • this time it booted… briefly
      • it got to setup screen, then before I did anything rebooted into some kind of recovery failsafe and prompted to factory reset again, which I did. This time it rebooted and stayed up while I zipped through the wizard.
  • go take a look - ignore the warning about doing gapps etc first just so we can see what vanilla Lineage looks like. We can always wipe & reflash
    • wonderfully empty app list!
    • basic main camera & selfie cam works
    • flashlight works
    • odd android verify notification, didn’t seem to work
    • top shelf only available on lockscreen, odd
    • no sim yet and wifi not connected yet, so not much else to test
    • vol-down + power still takes screenshots

Connect adb, see if we get root shell

  • On the phone enable adb
    • settings > about phone > tap “build number” repeatedly
    • settings > system > advanced (grrrr) > developer options
      • usb debugging [on]
      • rooted debugging [on]
      • disable adb authorization timeout [on]
    • connect usb cable to laptop
    • phone prompts “Allow USB Debugging?”
      • tick “always allow”
      • press “allow”
  • On the laptop adb devices should now show the phone

Success with non-root:

$ adb shell
OnePlus9Pro:/ $ ^D

Root denied without flipping the “rooted” option:

$ adb root 
ADB Root access is disabled by system setting - enable in Settings -> System -> Developer options

After enabling rooted debugging as above:

$ adb root  
restarting adbd as root
$ adb shell
OnePlus9Pro:/ # whoami

Getting root back


It really annoys me that on a laptop this isn’t even a step, yet on Android this is a whole additional drama. But I may have already mentioned that. Understanding the reasons doesn’t mean I have to like it.

adb root shell

According to adb root shell is the official LineageOS way of getting root access to “mess with important files”.

$ adb root  
restarting adbd as root
$ adb shell
OnePlus9Pro:/ # whoami

Worth knowing but not much help for running titanium backup as root.


According to Magisk is the only real option now. I guess SuperSU still works but lacks the masking that allows you to fool android pay etc.

⚠️ Beware of fake Magisk sites !! ⚠️

Github is the official home for Magisk and it’s downloads:

Beware of clone sites especially ones offering downloads. is not legit or authorised and may host malware at some point. I’ve seen a few others too. They look like SEO optimised clones that could potentially be feeding some or all visitors malware.

It’s worth being extra-careful with things like recovery images and rooters because by definition they have full control of your device, malicious or malign.

Magisk root install

LineageOS said not to boot before doing installing GApps, I’m not sure if that applies to Magisk too. I already have booted up. Not sure if a factory reset plus wipe will be enough or whether the image will have to be reflashed. I’ll try with just an install, if that doesn’t work I’ll try the reset and see what happens, and if that doesn’t work I’ll try a full reinstall.

Getting boot.img

The instructions for Magisk just say you need boot.img, leaving know clues how to get it. I’ve proposed explaining how to extract them in this pull request

It turns out it’s embedded in the Lineage system image that we’ve already downloaded.

There’s another payload extractor with easier dependencies that’s worth a try, especially if you don’t already have python: payload-dumper-go | payload-dumper-go downloads. I’ve now tested this and it works great. You don’t even have to unzip the zip.

Extract the payload.bin file from the to the same folder as the python script.

Some instructions on using python to extract the boot image: (ignore the file it’s older than the github one)

The payload_dumper file appears to be from assuming my googling is accurate.

I didn’t need to do the pip install.

I did change the python to python3 at the top of the py file and make it executable.

$ ./ payload.bin 
$ ll output 
total 5.6G
-rw-rw-r-- 1 tim tim 192M Dec 20 23:20 boot.img
-rw-rw-r-- 1 tim tim  24M Dec 20 23:20 dtbo.img
-rw-rw-r-- 1 tim tim 2.8M Dec 20 23:20 odm.img
-rw-rw-r-- 1 tim tim 1.3G Dec 20 23:21 product.img
-rw-rw-r-- 1 tim tim 267M Dec 20 23:21 system_ext.img
-rw-rw-r-- 1 tim tim 2.5G Dec 20 23:21 system.img
-rw-rw-r-- 1 tim tim 8.0K Dec 20 23:21 vbmeta.img
-rw-rw-r-- 1 tim tim 4.0K Dec 20 23:21 vbmeta_system.img
-rw-rw-r-- 1 tim tim 192M Dec 20 23:22 vendor_boot.img
-rw-rw-r-- 1 tim tim 1.3G Dec 20 23:22 vendor.img

Hurrah, now we have a boot.img to give to Magisk.

Magisk rooting

Copy the boot.img across:

$ adb push output/boot.img /sdcard/ 
output/boot.img: 1 file pushed, 0 skipped. 177.5 MB/s (201326592 bytes in 1.082s)
  • Press install on the Magisk app.
  • “Select and Patch a File”
  • hamburger in file browser > “OnePlus 9 Pro” (obviously, duh) > boot.img
  • “let’s go ->”
  • Magisk shows steps then” output file is written to…” and a path to download folder
$ adb shell
OnePlus9Pro:/ # ls -lh /sdcard/Download/
total 96M
-rwx------ 1 u0_a163 u0_a163 192M 2021-12-14 13:21 magisk_patched-23000_BYMDt.img
  • pull the file back to the laptop adb pull /sdcard/Download/magisk_patched-23000_BYMDt.img
  • Now flash the file to the phone:
    • (the vol-up + power didn’t work for me, just did a normal boot, vol-down + power is reccovery not fastboot)
    • Settings > system > advanced (ffs) > gestures (wtf?) > power menu > advanced restart [on]
    • power button (hold) > power > restart > fastboot
$ fastboot flash boot magisk_patched-23000_BYMDt.img 
Sending 'boot_b' (196608 KB)                       OKAY [  6.035s]
Writing 'boot_b'                                   OKAY [  0.639s]
Finished. Total time: 6.853s
  • power off
  • power on
  • open up the Magisk app - it shows installed version number now, hurrah

Using Magisk:

  • Click the cog (top right) to optionally turn on “MagiskHide”
  • Along the bottom are four icons
    • Home
    • Shield - shows root requests
    • bug - shows logs
    • jigsaw piece - shows modules, activate, deactivate & install



I consider this an important backup access to the phone. If the screen fails then this allows you to pull any important files off over usb.

Steps for this are above.

Installing “Lineage for microG” (tried, rejected for now)

  • has install and download links
  • Download image from
    • check sha: sha256sum -c
    • run update_verifier python script:
  • Go back to lineage install instructions
  • Boot to fastboot
  • flash the lineage-microG recovery: fastboot flash boot lineage-18.1-20211220-microG-lemonadep-recovery.img
  • copy partitions as instructed
    • boot into recovery (vol-down + power)
      • or “enter recovery” from lineage fastboot
    • “apply update” > “apply from adb” (aka sideload)
    • adb sideload ../LineageOS/
    • Ignore unknown sig and “continue”
  • wipe
    • boot into recovery (vol-down + power) if not already in it
    • “format data / factory reset”
  • OS install
    • boot into recovery (vol-down + power) if not already in it
    • “apply update” > “apply from adb” (aka sideload)
    • adb sideload
  • reboot
  • skip all the guided setup steps
  • open the microG app
  • run the self check (all green ticks for me, woo)

So now I have a clean LineageOS install with a FOSS re-implementation of google’s proprietary shared services. Win.

Now re-run magisk sideload from above to get root again.

  • re-enable adb as before
  • re-enable advance power button menu
  • adb install Magisk-v23.0.apk
  • grab a payload-dumper-go binary release
  • payload-dumper-go_1.2.0_linux_amd64/payload-dumper-go
  • adb push extracted_20211221_231517/boot.img /sdcard/Download/
  • run the patch in the phone Magisk UI (under “install”)
  • get the filename to pull: adb shell ls /sdcard/Download
  • adb pull /sdcard/Download/magisk_patched-23000_d5mu3.img
  • reboot to fastboot
  • fastboot flash boot magisk_patched-23000_d5mu3.img
  • “reboot system now” in lineage fastboot menu

Success, now I have root and microG.

Next, see if Aurora does the job, and if not how do I get google play on top of microG, if that’s even possible. Till next time…

Getting apps


F-Droid is preinstalled (stared blankly at app list for a while before spotting it!) so that was easy, this can install many open source apps, and warns about “anti-features” which is a nice touch.

Used F-Droid to install andOTP as a test (alternative to google authenticator 2FA app). Worked well.

Apps from play store - Aurora

Found Aurora in f-droid with a search, installed no problems, opened it up.

First thing it does is prompt for install type which is confusing and lacks enough context to know what it means. The four types are explained further here: thought I’m still not really sure. I don’t know what a plit apk is yet, and I don’t see if there’s a difference between root and services as I could do either and they both say they do the same thing.

  • Session - recommended but not clear why, I think it’s saying it’s like “Aurora Services” but with more something-or-other
  • Native - doesn’t support split apks, that sounds bad, see below for what they are (see below for split apk research)
  • Root - auto install when downloaded
  • Aurora Services - auto install when downloaded

How to choose? I guess I’ll go with the recommendation.

Couple of theme questions. Meh.

Installer question: “Select a suitable installer”

  • External Storage Access [grant] - pops and allow dialog, clicked “allow”
  • External Storage Manager [grant] - required on R+ (aka android 11), which we are running, guess I’ll need that, - opened permissions screen, toggled to allow
  • Installer Permission [grant] - opened permissions screen, toggled to allow


Log in using:

  • Google
  • Anonymous

It seems from what I’ve read in the FAQ and terms that using the real login is best because the anon accounts end up with random locales and app restrictions depending on where the login was generated.

[install keepassdroid and push my kdb across with adb to get the google login, eventually the kdb will be sync’d with syncthing]

… log in with google …

And we’re in, app listing showing. Disconcerting to see disney+ etc in “free” app store on a “free” phone.

WhatsApp isn’t available in f-droid so let’s try that as an experiment… It’s in the list… it installed… it opened… it worked! (And logged me out of the phone, fucking whatsapp).

What’s a split APK?

The state of the system

What’s working and what isn’t.

Google voice to text (dead)

The keyboard has a little mic button which allows you to use google’s services to enter text anywhere you like by typing. This is useful as I hate phone keyboards. I use it quite a lot. Unsurprisingly with the microG setup that’s not working at all. The button is there but it does nothing.

Bluetooth (working)

Headphones connected and played no problem.

The state of the apps

What’s working and what isn’t.

Banking apps (mixed)

Let’s start with the big one. This is most likely to sink an open source effort as they try to protect themselves by joining in the lockdown.

Surprisingly two out of three of the banking apps I’d like to use actually worked on the rooted custom ROM with an unlocked bootloader. I had not turned on the magisk hide capability at this point. One banking app behaved as if nothing was different, one popped a warning but allowed the app to continue and one flat out refused to run. I’m not going to name the banks involved on the public internet as I don’t want to encourage anyone to test the security of my banking.

One of the apps logged my out of my other phone. The other functioning app offered to transfer a “digital key” to the new device, and without that allowed me to use the first phone to generate a login code and use that to poke around. I didn’t try transferring the key.

More worrying was the realisation that I’d been locked in to running a google/iOS locked-down device by one of the banks as they are an “app-first” bank. You can’t even use the online banking without the phone app, and the phone app requires a locked and signed phone. It’s only by going on this very journey of actually trying to set up a phone that I control that I’d even noticed this insidious creeping embrace of platform-lockin. So now to truly escape the platform, I have to change banks as well.

Google calendar (mostly working)

I’m afraid I still use google’s calendar, and there’s a high cost of change as I’ve got my other half using a shared calendar. The calendar worked fine, although oddly the “widget” (view of calendar that can be placed on the phone’s desktop when unlocked) was blank until I left the phone in the drawer with wifi off for two days. For who-knows-what reason when I got it out the drawer it has started working.

Oddly the events have shown up but reminders are missing. This is a bit of a problem as I use them a lot. It’s not that they’re local to my other phone because they show on the google calendar web interface too.

Amazon things (working)

The amazon shopping app worked no problem.

To my surprise the amazon primve video app worked and played content as normal. I rather expected some kind of DRM smackdown to kick in on a rooted device.

Audible worked and played no problem.

Spotify (working)

Again pleasingly working with no quibbling or warnings. This is more important to me at the moment than perhaps it should be.

Whatscrapp (working)

Much as I hate WhatsApp and it being owned by Facebook/Meta …. thanks to network effect I kinda still need it. I’ve managed to get some of my contacts over to telegram/signal but not everyone.

WhatsApp worked but signed me out of the other phone (ffs). Bonus points for receiving an important message from someone I haven’t heard from in about a year on the wrong phone. Ugh.

So on the plus side I’ve learned of another reason to dislike WhatsApp.

Hiding the unlock & root

Magisk has in its settings a “hide” option. This had no noticeable effect on the “SafteyNet” test (still three of three tests fail for me) built in to Magisk. I didn’t notice any change in app behaiour in my limited poking.

WiFi-based location (turn on)

Understandably from a freedom-warrior point of view the wifi-based loction services are off by default, but this is a bit of a pain because if you’ve ever used pure GPS positioning you’ll know it’s shit at doing it in houses, offices and built up areas, takes ages to get a lock, and is a bit hit and miss in cars. The accuracy you normally see is much more a function of the ubiquity of wifi in our urban lives.

Screen refresh rate 60/120Hz (increase)

The “minimum screen refresh rate” setting was set to 60Hz. There’s also a developer option for showing the current rate. In my experiment it sat at 60Hz all the time. This is fine till you scroll up and down, then you notice how much smoother the text scrolls at 120Hz. I upped the minimum to 120Hz which seemd to work.

There’s also a smooth-scroll option that I turned on that seems to produce a nicer effect.

Using adb to do backups

It might be possible to backup a locked down phone without root by using adb’s backup capabilities. I haven’t looked into this much or tried it yet but here’s some quick research notes:

This might give me a way of rescuing some of my data from my old phone that de-rooted itself in an OS upgrade and fucked my titanium backups (still bitter).

Oh but wait…

Devs can set the ALLOW_BACKUP flag to “No”

Argh, what is wrong with this platform.


  • Turn on all the power button options:
    • Settings > system > advanced (ffs) > gestures (wtf?) > power menu > advanced restart [on]

Options - what now?

That’s been an enlightening exercise in “is this even possible”. I’ve learned a huge amount about the current state of the phone ecosystem. I’m in equal measure dismayed and hopeful, there are some unpleasant trends and circumstances, and some really encouraging signs of hope for the open ecosystem.

There really isn’t a clear answer for me for where to go from here. There are downsides and challenges in every direction.

The options available seem to be in increasing order of freedom and somewhat decreasing order of utility:

  • Get an iPhone and abandon my principles and control, go live in a digital nursing home. - YeahNo.
    • get banking apps galore
    • never get root again
    • trust apple to administer the correct dosage of backups
    • forever more fight the divide between iOS and my linux laptops
  • Install Oxygen 11, relock the bootloader, live without root, have no upgrade path because Oxygen is dead. - No.
    • possibly brick the phone trying to lock it
    • get banking apps
    • never get root again
    • never have decent backups
    • forever more fight the divide between iOS and my linux laptops
  • Install lineage and one of the google apps installers
    • still no bank
    • probably get reliable google goodness
    • get stalked by google (no change there, I dno’t mind as much as some about this)
    • unknown time-to-failure
    • I think this is probably the most “mainstream” of the subversive options so is most likely to continue to have a forward path for the next few years
    • worry about security of unlocked evenrything and the security of lineage - I think it’s probably no worse than linux at this point but who knows
  • Install lineage-for-microG (current experiment)
    • no bank, no voice-to-text
    • worry more about the security of build servers for this niche option
    • I don’t know how sustainable this project is, it’s certainly noble
  • go all in and run a linux distro
    • definitely no apps for you
    • get to take the moral high ground
    • lose touch with everyone who is on whatsapp

It would be nice to think that by choosing to run the most open thing I can I am in some way helping, but I think the truth is users really don’t make much difference to projects like this unless they come in enough numbers to sway app vendors like WhatsCrapp to support more obscure platforms. It’s only the hackers and those who can financially fund projects who really make a difference here. So while I want to run the most open thing I can it doesn’t really matter a hill of beans outside of my own brain whether I do or not.

I think having written down the options I’m swinging towards lineage + proprietary google services. This seems to solve the immediate problem of getting unlocked and rooted and getting working backups again without losing everything that’s useful to me in the process.

I’m glad I’ve tried the microG version, and hope we see open source slowly chip away at the power of the two giants just like Linux did in the desktop space over decades.

Installing LineageOS + google services on OnePlus 9 Pro (take 2)

I now have the lineage bootloader so the steps to get into recovery etc are a bit different than with stock or TWRP.

“Note: If you want the Google Apps add-on on your device, you must follow this step before booting into LineageOS for the first time!” ~

  1. Download latest nightly (there’s no stable/unstable on this): - this has both the ROM (OS image) and the recovery image.
  2. Download copy-partitions (as per wiki)
    1. The sha256 for the copy I have is 200877dfd0869a0e628955b807705765a91e34dff3bfeca9f828e916346aa85f
  3. Verify all the sha256 sums: sha256sum -c *.sha256
  4. Boot to fastboot
  5. flash the lineage recovery: fastboot flash boot lineage-18.1-20211228-recovery-lemonadep.img
    1. don’t reboot yet
  6. copy partitions as instructed
    1. switch to recovery
    2. “apply update” > “apply from adb” (aka sideload)
    3. adb sideload
    4. Ignore unknown sig and “continue”
    5. come back out of recovery menu (don’t reboot yet)
    6. don’t reboot yet
  7. “factory reset” > “wipe all data”
    1. don’t reboot yet
  8. flash OS:
    1. “apply update” > “apply from adb” (aka sideload)
    2. adb sideload
    3. don’t reboot yet
  9. MindTheGapps - I haven’t found any instructions for this anywhere
    1. check the arch (it’s arm64) here
    2. Download the arm64 build from
      1. or the “mirror”
    3. Given there’s no shas anywhere I downloaded from several mirrors and cross-checked the hashes. 85481cb98c8a8692f52c033ead1db436870af385498a917701fcd8c6182e145c
    4. “apply update” > “apply from adb” (aka sideload)
    5. adb sideload
    6. ignore signature warning (the price of escaping a closed ecosystem)
    7. error shown on phone, roughly:
       low resource device detected, removing large extras
       not enough space for gapps! aborting
       error in /sideload/ (status 1)
      1. patch that adds error message
      2. current message on sigma branch
      3. In lineage recovery, mount sytsem and enable adb, run df:
         OnePlus9Pro:/ # df -h /mnt/system                                                                                            
         Filesystem      Size  Used Avail Use% Mounted on
         /dev/block/dm-2 0.9G  0.9G  3.0M 100% /mnt/system

        That is indeed quite full. Annoyingly the installer doesn’t say which partition is full.

      4. Some ideas here
      5. Try format & reboot to recovery, nope.
      6. hint that it could be slot related
      7. let’s try a swap slot as per
      8. enter fastboot
         $ fastboot set_active other
         Setting current slot to 'b'                        OKAY [  0.043s]
         Finished. Total time: 0.044s
      9. enter recovery
      10. re-run the sideload
      11. “apply update” > “apply from adb” (aka sideload)
      12. adb sideload
      13. ignore signature warning (the price of escaping a closed ecosystem)
      14. same space error. sigh

And that’s as far as I’ve got… to be continued with much googling.

Todo once I have an OS I’m happy with

OS Updates (for next time)

Watch out for de-rooting, make sure backups are up to date first.

End… for now

That’s as far as I’ve got so far. I’ll be editing this post as I progress with the install so do come and look again. Also suggestions and questions welcome.

I really do hope one day I can de-google my phone just like I de-microsofted my laptop, but today is not that day for me.

Share: Tweet | LinkedIn
Suggest improvements: page source on github

Get extra content that's just for my list. Get new blog posts to your inbox.
Join me on my journey through software and business.