/e/ deep dive
Last updated : 20/9/2024 (someone please make a superior /e/)
Introduction
Welp, guess I got too harsh on /e/, considering it's basically the only custom ROM (aside from Jaguar ROM) to provide older Android (A11, A12L) builds (if LineageOS had an official build for it). But still - I'm curious on how far I can take /e/ before it either becomes tolerable enough for me (or actually Lukas since he asked for it)... or it stops working altogether. So yeah - this is a deeper dive on /e/.
Setup
- Device : Lukas' X3N - he asked me to flash this, so I might as well make this deep dive. BTW, he asked for a pocketbox setup, so I'll make sure it's noted down for later.
- ROM : e-1.16-s-20231020342893-dev-surya.zip & e-1.17-s-20231113351092-dev-surya.zip
- Kernel : Deluxe Kernel 4.14.328 (A1112-20231029) with inbuilt KernelSU 0.7.0 (flashed after debloating in TWRP)
- Recovery : Unofficial TWRP 3.7.0-12 by brigudav - no /e/OS Easy Installer whatsoever. 20/9/2024 Update : Old build I used to link to disappeared with brigudav re-sorting his files. Use whatever -12 TWRP I suppose...
- Root method : KernelSU 0.7.0, inbuilt with Deluxe Kernel. No Magisk for this one.
- microG settings :
- Disabled SafetyNet, Cloud Messaging, device registration (in that order)
- Disabled all location settings
- Revoked permission for body sensors, contacts, phone, & SMS. Location permission is immutable, unfortunately.
Debloat
Method : TWRP Delete
/system/apex
- com.android.cellbroadcast.capex
/system/app
- AccountManager
- Apps (a.k.a. App Lounge)
- Bluetooth
- BluetoothMidiService
- Camera > OpenCamera / any other camera app of personal choice (actually optional - /e/ uses their own OpenCamera fork)
- CarrierDefaultApp
- eDrive
- MagicEarth
- Mail
- Message
- NfcNci
- Notes
- OpenKeychain
- OpenWeatherMapWeatherProvider
- PdfViewer
- PrintRecommendationService
- PrintSpooler
- PwaPlayer
- SimAppDialog
- SoterService
- Stk
- Talkback
- Tasks
- WebCalendarManager
/system/priv-app
- AdvancedPrivacy
- BuiltInPrintService
- CellBroadcastLegacyApp
- DroidGuard
- ManagedProvisioning
- MmsService
- SplitInstallService
- Tag
- Telecom
- TelephonyProvider
- TeleService
- WeatherProvider
/vendor/app
/product/app
- Browser > Simple Thank You
- Gallery2 > Simple Gallery
- LatinIME > Simple Keyboard (rkkr)
/product/priv-app
- Contacts
- Dialer
- Eleven
- ImsServiceEntitlement
/system_ext/app
- AntHalService-Soong
- FM2
- QtiTelephony
- WAPPushService
/system_ext/priv-app
- CarrierConfig
- dpmserviceapp
- EmergencyInfo
- ims
- LineageSetupWizard
- PicoTts
- qcrilmsgtunnel
- QuickAccessWallet
- Seedvault
- Updater
- WfdService
Debloating notes
- For replaced apps (such as Gallery2 > Simple Gallery) :
- In TWRP (where you're debloating everything), browse to the directory of the app you're replacing (/product/app/Gallery2)
- Delete everything inside that directory - including the lib & oat folder.
- Copy the replacement apk into directory
- Rename the replacement apk to match the directory ([Simple Gallery (or whatever you're naming)].apk > Gallery2.apk)
- chmod the new Gallery2.apk permission to 644
- Replaced keyboard :
- Follow notes on replaced app directly above.
- In system, "jumpstart" Simple Keyboard by installing another keyboard app (such as OpenBoard) & opening Simple Keyboard - it'll ask to be enabled. Enable that keyboard app before Simple Keyboard (which should enable itself). Without that additional keyboard app, Simple Keyboard cannot be enabled & won't work. Feel free to uninstall that additional keyboard afterwards.
- Bluetooth, emergency, telephony, and the like : As mentioned beforehand, I'm debloating for a pocketbox setup, not a cellphone setup. Therefore, they are wiped. For cellphone setup, just don't wipe those services out. In A13 (which I'm not using), Bluetooth belongs in /apex & can't be deleted without making the system unbootable (though it still doesn't seem to work after I cut off all telephony services, though I might need to research this further).
- StatementService / Intent Filter Verification Service : "Disabled" by toggling off its internet access.
- If you don't want microG (either as system app or installed in your system), delete FakeStore & GmsCore in /system/priv-app; and GsfProxy in /system/app. DroidGuard's still going down no matter what - that thing's depreciated long ago.
- On X3N : Wipe package cache after debloating, in addition to dalvik & cache.
On user-installed apps :
- First off - KernelSU APK. It's not Magisk, but since Deluxe Kernel came with it, might as well take advantage of it.
- BlissLauncher? No. Nova Prime. (wanted : a decent, well maintained launcher)
- App Lounge? Delete for Droid-ify (and use F-Droid build so it has some form of automatic updates).
- /e/ uses their own OpenCamera fork, which doesn't seem any different aside from package name & some UI changes. So this one actually doesn't need to be changed unless necessary.
- LineageOS Eleven > user-installed AIMP 3.10.1052 (wanted(?) : a decent, well maintained music app)
- mpv-Android for videos.
- Accubattery for battery monitoring - Lukas' personal preference.
Default connections
Before committing to fully setting up the X3N, I used PCAPdroid to document /e/'s default connections, as their documentation is a stub. Full pictures can be seen here : (Part 1) (Part 2). Important parts (cannot be captured with adb shell settings get command) :
- captive_portal_http_url : http://connectivity.murena.io
- captive_portal_https_url : https://connectivity.murena.io
- captive_portal_fallback_url : unknown (assumed to be http://connectivity.murena.io since settings get global captive_portal_[url-type] returns null until user-set)
- captive_portal_other_fallback_urls : unknown
- ntp_server : pool.ntp.org
While functional, I'm also somewhat curious as to why /e/ left their default connection documentation as a stub. But then again, the founder's a bit notorious for ignoring questions on security issues, so I'm not sure on trusting the whole development team (& their server by extension; though to a lesser degree than the likes of Go-ogle). So, I tried to put these in :
- captive_portal_http_url : http://connectivitycheck.grapheneos.network/generate_204
- captive_portal_https_url : https://connectivitycheck.grapheneos.network/generate_204
- captive_portal_fallback_url : http://grapheneos.online/gen_204
- Other captive_portal_other_fallback_urls : http://grapheneos.online/generate_204
A radical's option for a radical.
- ntp_server : pool.ntp.org (unchanged)
- Not related to network, but makes Android less annoying for me : adb shell settings put secure show_rotation_suggestions 0
At least this one worked... though it's not important to the grand scheme of things.
- 8/8/2024 Update : Of course, I forgot to mention the mandatory reboot via terminal command to lock in these changes. Here you go then.
And I found out that connectivity.murena.io is hardcoded so it can never be changed. "Resetting" connections to default then.
- captive_portal_http_url : http://connectivity.murena.io
- captive_portal_https_url : https://connectivity.murena.io
- captive_portal_fallback_url : http://connectivity.murena.io
- captive_portal_other_fallback_urls : http://connectivity.murena.io
- ntp_server : pool.ntp.org (still unchanged)
All in all, it resulted in these : (part 1) (part 2) - those were taken before the reset, and shouldn't change after it.
For 1.17 I went for these before debloating :
- captive_portal_http_url : http://captiveportal.kuketz.de
- captive_portal_https_url : https://captiveportal.kuketz.de
- captive_portal_fallback_url : http://captiveportal.kuketz.de
- captive_portal_other_fallback_urls : http://captiveportal.kuketz.de
- ntp_server : pool.ntp.org (still unchanged, just user-set this time)
- yet again : adb shell settings put secure show_rotation_suggestions 0
And the results are unfortunately unchanged. Sure, on one hand, it ain't ze beeg tech (let alone Goolag / Go-ogle depending on how you look at 'em)... but on the other hand we're trapped in yet another zoo... except this time we're stuck in /e/'s cages, without any alternatives aside from migrating back to Go-ogle's zoo (which kinda looked like a savanna). What if murena servers went down? Your network (which might use captive portals instead of WPA password) will not work for your device, all because the devs actively prevent you from changing those default connections.
Other quirks
- Usually, Xiaomi's firmware tend to be suspect on background music. However, on the build we're running, I don't find this behavior popping up (at least not consistently).
- /e/ still stuck with their iPhone-like UI. I should be able to adapt with it, though I'd rather take AOSP UI (as offered by most ROMs) even if it meant bloating up Settings (or LineageOS' at the very least) & sacrifice proper background music behavior. In addition, there's no way to tune UI colors to my liking at all - even Material You is absent on A12L builds.
- /e/ tends to lag on security, being behind by 1 month of security patches. I wonder if that goes well with their ideal world claims... but then again, I remember mentioning something about the founder ignoring questions on security issues.
- i8sn.conf inbuilt in /system/etc, for spoofing userdebug builds as user builds ala MagiskHide to "pass" SafetyNet BasicIntegrity. Oh yeah - I forgot to mention /e/ dev builds are userdebug builds. Not that it matters to me, but not a good look for a "privacy-focused" system.
- /e/ 1.16-s ships with 108.0.5359.156 webview, 1.17-s ships with 117.0.5938.153; just as Tad noted (frame required for 1st-party).
- Some more questionable software decisions on /e/ (not exactly(?) related to ROM, but still potential red flags)
- Discourse as forum software - sure, block off all users of any browsers that aren't bloated-ass Chrome / its "forks" like the "privacy-respecting" Brave (or Go-ogle's "competitor" Firefox & Safari). I mean... use recommended browsers from browsehappy.com?! ...excuse me, I gotta puke... I mean... "be happy" in the toilet bowl. (proceeds to clog said toilet, to disgust of the entire workplace except for those who saw it coming)
- Presence at mastodon.social, Telegram, & ex-twitter (why does this kinda explain Gael's behavior on Tad?)
Conclusion
To be frank, my expectation's really low for /e/. On one hand, I'm kinda glad there's some well-maintained A12L builds (12/12/2023 Update : Not really (depending on the device - /e/ is also guilty of "RUSH B NO STOP!" towards latest Android, though at a slower pace), but at least older builds are available & provided); that also comes without Go-ogle connections by default (even if some default prebuilts can be shaky, though that can be taken care of rather easily). I am also surprised (and impressed) by /e/ on one unexpected aspect : background music playing - something that has been a common issue for the X3N (and basically any OnePlus & Xiaomi phones - not sure about other Chinese brands). However, with all that is good out of the way, I must bring out the ugly aspects of /e/ for me : enforced default connections, unnecessary interface changes, & unrepentingly behind on security patches. The interface can be tolerable, but the connections & security patches not. Therefore, while I'm somewhat glad to bring /e/ out of my "avoid" tier (if only because well-maintained older Android builds are either a dying breed or stuck in a Fight Club), I still felt like I made a mistake - one I can only hope I won't regret... though only time will tell if I will have to bring it down for the last time (and for the rest of my and/or the /e/ foundation's life). 30/7/2024 Update : yeaaaah... /e/ is now back in the "avoid" section.
Though since I kind of wanted to close this on a good note, here's what I think the /e/ foundation must do :
- First off - security. I know /e/ isn't exactly about delivering bleeding edge security, but when you're taking work from LineageOS & still manage to not include the latest security patches (and even claim to offer regular / state of the art security (archive.org)), you fucked up. Maybe if you're a one-dev show, I'd probably be a bit more lenient in this regard (though there's still DivestOS, so I'm being really generous on that) ... but you're running on a scale bigger than LineageOS while also selling pre-flashed devices like iodé; there can be no excuse to not deliver latest security patches.
- Let us modify default connections in system so we're fully free to use it as we see fit, without having to be tied to your servers. We don't appreciate being forced to use your servers.
- Just document all default connections already. I thought you are adding more details with time?
- Abandon work on meaningless and/or questionable stuff (App Lounge, BlissLauncher, iOS-esque UI, latest Android, SafetyNet/PlayIntegrity) & work towards the more meaningful stuff (Android security, default connections, documentations, supporting older Android, and bring the latest goodies from latest Android while avoiding the bad stuff such as bluetooth in /apex & touch vibration arbitrarily fused with keyboard vibration). I know this'll be me repeating stuff I've already said... but fuck it. Any privacy foundation worth their salt will take these seriously. Just because you're based in EU doesn't excuse you from doing better.
Until all of these came true, /e/ foundation (and murena by extension) cannot & should not be considered a serious privacy-focused foundation in any way. I mean, even I wanted to end it nicely, but I just can't. And with that, until Gael Duval's latest controversies (or someone made the perfect custom ROM) I guess...
Back to top
Index - cellphone
Main Page