Android user’s with LineageOS 14.1 ROM’s recently received an over the air (OTA) update. As dutiful users trusting their ROM providers, knowing that security is important, the vast majority of users accepted the update.
What they got was this:
When a user clicks on that, it takes the user to this web page. At least it did after April 1st. I can’t say if it impacts all versions of LineageOS or just a few. I’m not sure if anyone knows exactly how many are impacted, but the latest info I saw was that there are more than a million users of LineageOS ROMs.
As you read down the page, you realize that this embedded link was from LineageOS as an April Fool’s joke, even though my OTA update prompt occurred on the 5th, a little late as jokes go. And it included a fictional story about Lineage starting their own digital currency.
I’m okay with a decent joke once in a while. Haha on me.
But when I attempt to get rid of the alert, no joy. It’s not a simple ‘swipe it away.’ I’m stuck with this thing.
If a user further examines their phone, there is a ROM based app called ‘Wallet’. Open it and it prompts a user for a Login and password. I wasn’t about to log into it. There is no way to uninstall the app, because it’s part of the ROM.
You have to read the web site under the second bullet for LineaGenuine (both 15.1 and 14.1) for a means of correcting this prank. And, yes, I can confirm the TWRP command line option from the site works.
Most of the user reactions on Reddit are irritated, negative or downright flaming. The LineageOS insider that did respond didn’t indicate they would not prank users in the future. I read it as passive acknowledgment and maybe they’ll think about listening to users.
So, if you really really really like LineageOS (yes, that’s a lot of really), expect to have some kind of April Fools prank occur that could involve more than a simple pop up. It’s likely to be a pain to get rid of. In this case, it may have sent you into a paranoid tizzy.
But, let’s talk about what ROM’s are in the first place. They are customized Android operating systems built for each piece of hardware. Android for phone from manufacturer A won’t work on manufacturer phone B. It requires development effort to make Android run on any given phone. And for each upgrade in Android, that development effort has to occur again. Not every manufacturer cares, because you would be less inclined to buy a new phone every year if it’s kept current.
Custom ROM’s frequently exist to allow old hardware to still be functional. Or allows more user control. Why replace a great phone, when a custom ROM will work great and make it current. Those are just a few reasons ‘why use a custom ROM’.
They are generally created with an open development model, by volunteers putting together the packages, sometimes with no or little financial incentive, for each piece of hardware. With no financial incentive, it means they have no one to really answer to and nothing that prevents them from doing whatever they want (like pranking users). I’m sure some ROM teams look at it seriously and others as just a hobby or learning experience, so they want their fun. But that doesn’t guarantee the integrity of their work or their personal character.
Basically, if you’re knowledgeable enough to go through the process of loading a custom ROM you’re subject to whatever those developers decide to do. And if you don’t like it, some of them feel you should take your toys and play somewhere else.
I can see why some people would stop using LineageOS.
The idea that in this age of security conscientiousness when ROM developers go this far to ‘prank’ a large segment of their user community, that can be interpreted that they don’t value the end users trust.
And yes, the ROM Developers may know it’s not a big deal or an exposure themselves. But many of the users would say this crosses a fine line between having fun and threatening something that many value very seriously.
It can lead a person to think, “in what other ways will they mess with me? Data collection? Call and location tracking? Contextual details? User ID and password skimming? Banking and financials?” We know it’s feasible, especially with the Facebook issues that were made public.
As for me, LineageOS does make a decent ROM. But there are a lot of options out there. Then again, “Android One” may be the answer. But that’s another story.