Over 700 proprietary blobs are removed during build time. Removal of these proprietary blobs increase security by reducing attack surface and increase privacy by removing untrusted code.
One of the biggest issues when it comes to aftermarket ROMs is the Linux kernel not being patched against known vulnerabilities. We've developed an automated patch checker that is able to apply fixes for over 2,900 CVEs. Furthermore, bootloader relocking and verified boot is made available for capable devices.
A custom hosts file created by analyzing over 180 million domains is included that blocks over 200,000 advertising and tracking servers. In addition LineageOS's built in analytics service, CMStats, is also removed.
Free Space Eraser
Extirpater is the first free space eraser for Android. It helps prevent deleted files from being recovered. Perfect for migrating from an unencrypted install or before selling your device.
We created Hypatia, the first ever open source real-time malware scanner for Android. Backed by the standard and trusted ClamAV signatures, it can detect over 450,000 malware signatures.
Privacy Oriented Browser
Mull is a browser based on Mozilla technology that is hardened against advanced fingerprinting techniques thanks to the Tor uplift project and arkenfox-user.js project.
F-Droid is an app catalogue that specializes in delivery of FOSS apps. For the most part all apps available through F-Droid respect your privacy and device.
UnifiedNlp is a plugin based Fused location provider. This allows you to enable plugins that can access various offline or online databases to determine your location in a battery saving way without GPS.
Silence, a SMS only fork of Signal, is substituted in place of the default AOSP app. It allows for end-to-end encrypted messages to other Silence users.
DivestOS is a great alternative operating system for privacy and security with a large support for old and new Android devices. If your device isn't supported by GrapheneOS, go for it ;)
DivestOS, unlike LineageOS, keep the Android security model intact by supporting bootloader relock and Verified Boot. Beside that, it adds hardening patches from GrapheneOS and actively patch the Linux Kernel against known vulnerabilities with an automated patch checker (that is able to apply fixes for over 2,900 CVEs) developped in-house.
The OS is user-friendly and the developer is open to feedbacks/requests (this includes support of other devices not currently supported).