my home page

The Privacy Rich Phone Project

As of mid-January, 2019, I have accepted the task of pursuing a privacy-rich phone. For the moment, that's the equivalent of "a phone without Google Apps." (Apple consumers are members of a strange, expensive cult, which I could liken to certain other expensive organizations described as "cults," but anyhow.)

As of January 19, I'm going down the path of LineageOS. Android and Google are associated, and at some point "we" need to dig into how deeply, but we're going on the assumption so far that the privacy issues are on the Google app level rather than the Android proper, purely as an OS, level.

I updated this page on January 25, as detailed at the bottom in "page history."


phone selection

very quick, dirty, and temporary phone selection method

I have discovered the hard way that it's hard to find a phone that will work with Lineage, install from Linux, and be compatible with a phone provider. Here is the selection criteria for the moment, which I will elaborate on further below.

  1. LGs must come from this list:
  2. Samsungs that were originally AT&T phones are out. For example, SM-N900T will work (T for T-Mobile). SM-N900A will NOT (A for AT&T). Network "unlocked" is irrelevant.
  3. other phones that were originally AT&T are thus suspect
  4. Samsung Galaxy S must be S6 or later
  5. Serious sellers will include the IMEI / MEID number. Sometimes it's text within the ad, sometimes it's in a photo of the back of the phone or the box. Check that number against Ting.
  6. check the LineageOS device list.
  7. If you find the model on the list, avoid this verbiage, "WARNING: The LG G3 (Verizon) is no longer maintained. A build guide is available for developers that would like to make private builds, or even restart official support" such as on Lineage's VS985 page.
  8. try hard to match the exact model number with the Lineage site. Do a Google search, without the quotes, like this: "SM-N900T" which will result in "Supported models / SM-N900T / SM-N900V / SM-N900W8" on this LineageOS specific-build page.
  9. make sure there is a TWRP for the phone
  10. probably a good idea to see someone on YouTube or with a very well written description that they've actually used the phone, with TWRP if not Lineage
  11. An existing build is preferable to build-it-yourself. Build-it-yourself phones are those on the devices list minus those on the pre-built list.

elaboration on phone selection method

Note that the IMEI(D) numbers I found were 14 digits (Samsung, I think) and 15 digits (LG), and the MEID numbers were 18. Both were only numerals.

On January 25, I got an LG (developer) account. The process was not so bad. However, I learned once again that you have to get the EXACT model number. An LG-VS988 (V for Verizon??) did NOT work when allegedly an RS988 would. I listed the eligible LGs above. Also see LG's site on the bootloader unlock matter.

As another example of what not to do, with Samsungs, I remember there was a model ...AZ that was listed as supported when the ...A model did not work. AZ was for the Cricket carrier / reseller, and A was for AT&T.

Motorolas also have an unlock feature on Motorola's site. FYI, here is LG's official unlocking website" as listed on the Lineage US997 page.

As I recall, Sony just wants "the number," not an account.

Ironically, it's easier to root older LGs from Windows than Linux. Those phones may be too old to get cell service anyhow, though.

yet more on LGs

On LG's unlock page (account necessary), they wanted the IMEI / MEID and THEN a "Device ID." That device ID was 64 characters / digits. I seemed to be locked into a catch-22, unable to get the number. The catch-22 turned out to be irrelevant because I could not get into bootloader / fastboot mode. However, in case it helps someone, I list how to get the number further below.

None of the LG fastboot / bootloader methods worked at all on the VS988. With Samsung (AT&T), I could get into fastboot mode; I just couldn't do anything there.

phone sourcing

I discovered that a minority of thrift stores sell phones, although based on one call and one visit, it's a low-probability source. Two Goodwills I found and talked to do NOT sell them.

I've used CraigsList and eBay. Gazelle and Swappa are other options.

future work (Jan 19, ca. 5pm)

One possible business model is to sell phones pre-loaded with Lineage and "number" verified on Ting and / or others, or with a Ting SIM card, ready for activation. Another possibility is to create a non-profit. Note that I'm broadcasting everything we're thinking so far.

Could a privacy-loving community be the basis for a cryptocurrency community?

Maps / GPS

How to provide an alternative to Google Maps?

I understand that Google was paying NavTech (???) something like $1B / year before they started sending their own cars around.

I learned the term, "differential privacy." We may eventually want to implement that. This would allow users to specify exactly what info that do and don't want sent to an app that asks.

related reading / notes

I believe my initial search, without the quotes, was "android without google." Ironcially, a Google search.

The article that got me started down the initial path:


The '/e/' Foundation is doing the same thing. We should look harder at that soon.

Another carrier to check is Republic Wireless. My non-definitive note is that they accept some models from Alcatel, Google, Huawei, Motorola, and Samsung.

The "popular" carriers proably allow you to bring your own phone. Research for later.


I have the impression that Towel Root does not work beyond Android 4.x, but I'm not certain. Thus, one technique is to revert a phone back that far and then root it.

King Root would NOT root the AT&T Samsung Galaxy Note S (SM-N900A) with Android 5.0. (I think it's 5.0 and not another 5.x. I am nearly certain it's 5.x, though.)

really technical install stuff


See Lineage's "hltetmo" page for my basis.

Heimdall is a bootloading tool.

These are the Heimdall dependencies in Ubuntu Linux (18.04 LTS):

sudo apt-get install zlib1g-dev qt5-default libusb-1.0-0-dev libgl1-mesa-glx libgl1-mesa-dev

It took me a while to realize the GitHub version was "null." The new code is on GitLab. As of Jan 18, version 1.4.1, which I believe comes with Ubuntu 18.04, was probably fine. I successfully built it from source, though, to get v1.4.2. My probably was almost certainly the AT&T "issue" and not the Heimdall version.

These helped with the build:

cd Heimdall/build

cmake -DCMAKE_BUILD_TYPE=Release ..


There is a bin directory not far down the hierarchy. Copy those files to /usr/local/bin or whanot and make sure that folder is in your PATH.

sudo heimdall flash --RECOVERY /home/[user]/Downloads/twrp-3.2.3-0-hlte.img --no-reboot

I'm still not sure if sudo (root) is needed (as of Jan 19). In the event it is, these help:

The dreaded error messages

As of Jan 18, I have given up on the AT&T phone (attempt #1) due to these sideload / heimdall errors: "SECURE MAGICCODE CHECK FAIL : recovery" "SYS REV CHECK FAIL : No Version" I am assuming this is AT&T's lockout / bootloader lock. There may be a solution, but I have given up for now.

Note that I tried I believe it was patches 225 and 240 on Heimdall's old GitHub site. My problem is likely AT&T, not Heimdall.


Rar2Zip info, or rar to zip file format. So far this has proven not useful for this purpose, but I thought it might help with an Android image file. It did seem to work in terms of converting, but converting what proabbly not what I needed.

more very technical stuff

results of / after phone 3

I have failed, so far, with phone 3, a ZTE Axon 7 Mini. I have at best soft-bricked it, and I haven't been able to dig out. So, with that said, all of the following is suspect. I try to leave out verbiage to the effect of "as best I remember," and "I believe" because it applies to everything. I can't check most of this anymore, and I don't know for sure where I went wrong, although I speculate.


I now question that the tuliptool was doing anything useful. However, I may have messed up somewhere else, so I will record some results.

It's called the Tulip Tool because "tulip" is the ZTE codename for the Axon 7 Mini, or maybe just the US version.

Somewhat incomplete tool instructions, linked from the appropriate Lineage page.

$ ./tuliptool-linux lock status
Sending programmer...Connecting to programmer...log: logbuf@0x08067EB8 fh@0x08064D20
log: Finished sector address 0
log: Finished sector address 0
log: Finished sector address 0
log: Finished sector address 0
Device unlocked: yes

$ ./tuliptool-linux lock unlock
$ ./tuliptool-linux lock lock

$ ./tuliptool-linux write recovery tulip-twrp-7.1-r1.img

./tuliptool-linux write boot axon1-boot.img    [An attempt to restore boot from a backup I'd taken from the tuliptool in read mode.  The attempt did not work.]

ZTE Axon 7 Mini keys

Pressing volume up and power for very roughly 7 seconds went into bootloader mode, as best I remember. I can't check that anymore. The phone is too far gone.

Holding both volume and down--it's the same button with 2 sensors underneath--THEN plug in the USB-C, then wait 2 - 3 seconds. The phone would buzz (vibrate). There was no screen indication, but the phone was in fastboot mode.

ZTE Axon 7 Mini versions

When I bought the phone, it said: Build Number: ZTE B2017G_USAV1.0.0B21 / 30 Dec 2016 / Android 6.0.1. I believe this started as a ...b14, but I'm not certain of that, either. Allegedly ...b12, the EU version, is close enough, but I can neither confirm nor deny.

more likely the right way - EXPLICITLY UNLOCK THE PHONE

Before I unlocked properly, this was failing:

$ sudo /opt/google/adb/fastboot flash recovery ./recovery.img
Sending 'recovery' (24576 KB)                      OKAY [  0.908s]
Writing 'recovery'                                 FAILED (remote: 'unknown command')

I don't think there is a "hard [boot] lock" on this Mini, but a number of useful things happen when I ran one of the following 2 commands. As best I can tell, they are equivalent. tuliptool may not have been unlocking. When I ran those commands, though, the phone completely reset, at least at the "userdata" level, including removing the pattern screen lock / pattern password.

The moral being that just because a phone isn't locked, you still need to run the unlock command.

$ sudo /opt/google/adb/fastboot flashing unlock
$ sudo /opt/google/adb/fastboot oem unlock

Also, those commands were failing with "FAILED (remote: 'unknown command')" until I figured out how to get the phone in fastboot mode with the 2 volume keys as given above.

possible places I went wrong

I may have been where I needed to be as soon as I truly unlocked the phone and it reset. It took me a while to realize that the situation had changed, though, so I may have done things I didn't need to. Before I reset / unlocked the phone, the bootloader screen did not have recovery or ADB (sideload) options.

Trying to load a file called may have been where I went wrong.

The Tulip TWRP may not have been working. As I added to the sourcing list, it's probably a good idea to check the TWRP list before buying a phone. The Axon 7 is listed there; the Axon 7 Mini is not. tuliptool appears to be an attempt at getting twrp to work with the Mini, but results are unknown to me.

You're supposed to adb sideload the file. I tried to fastboot-load all sorts of stuff because that's the only thing I have access to.

both useful and possibly very dangerous fastboot commands

probably useful:

$ sudo /opt/google/adb/fastboot devices       [make sure you're connected]
$ sudo /opt/google/adb/fastboot flashing unlock
$ sudo /opt/google/adb/fastboot oem unlock
$ sudo /opt/google/adb/fastboot oem device-info
$ sudo /opt/google/adb/fastboot getvar all

commands you probably have to use, but perhaps irreversible:

sudo /opt/google/adb/fastboot flash recovery ./recovery.img

very likely a bad idea in most circumstances, but it might also work in some:

[sudo...] fastboot erase boot
fastboot erase cache
fastboot erase recovery
fastboot erase system
fastboot flash system system.img
fastboot flash boot boot.img
fastboot flash recovery recovery.img
fastboot flash cache cache.img
fastboot flash vendor vendor.img
fastboot erase userdata
fastboot flash userdata userdata.img
sudo /opt/google/adb/fastboot -S 1M flash system     [gets you nowhere much much faster!?!]

When I first tried to flash the whole system, I would get this: "Invalid sparse file format at header magic / Sending sparse 'system' 1/2 (523458 KB) " Then nothing would happen for 10 - 15+ minutes; I didn't wait longer. When I added -S 1M, it did something immediately, but it wasn't useful. I still got the "Invalid sparse file format at header magic," but at least it did something fast.

normal boot time

The normal boot time was about 14 seconds from the "ZTE" screen to the yellow "Axon," then a bit more time until the lock screen.

getting an LG 64 digit / 64 character "Device ID" for unlocking the bootloader

For the following, you need ADB loaded on your computer (not Android), you have to set the phone to developer mode, and you have to enable USB debugging. Those steps are addressed in many, many tutorials.

  1. From the command prompt on your computer, do the following where $ is the prompt; you do not need to type it. If you see a model number and "device," adb is connected to the device. The number like "VS988c40b6f88" is only to keep track of devices attached to your computer; I don't know of another purpose for that number.
    $ adb devices      
    List of devices attached
    VS988c40b6f88	device
  2. Then "$ adb shell" without quotes nor $. The result is something like "lucye:/ $ " (without quotes). Now you're at the phone's prompt.
  3. lucye:/ $ getprop | grep recovery_id
    [ro.expect.recovery_id]: [0x2f9b8b74d752c330a4074e50b5f6cfb253091450000000000000000000000000]
  4. Remove the 0x at the beginning. That just indicates hexidecimal. The remaining 64 digits are the "Device ID" that LG's site wants for unlocking, or at least I'm 93% sure of that.

For what it's worth, this is the URL of the LG unlock form I'm talking about, but you have to be logged in to get there, I would assume.

For sake of exhaustiveness, here are some LG unlock instructions. You can use the Lineage instructions, though.

more misc notes

The LG-VS988 I got says "MADE IN CHINA." Apparently some LGs are made in Korea.

To get an LG G6 out of download mode or USB transfer mode, hold power + volume down for roughly 5 seconds. It took me a while to figure that out. The LG-VS988 I was working (phone 2) would go into download mode but not fastboot mode. The V is for Verizon. A very similar model was on the LG unlock list, though.

"Official" Project Updates

Update 1 - Jan 31, 2019 3:03pm EST

I've struck out on the 3 phones I've tried so far. My plan is to go buy phone #4. Starting to look at $70 (used) and going up seems the most efficient. I paid ~$85 for both phones 1 and 3. I paid less for 2 because it was in bad visual shape.

I'm going to start a simple text file with model numbers and "yes" or "no" as in to be considered or not. Then maybe we'll get to the point of being able to outsource sourcing. My criteria above is still way too complicated.

Page History

HTML5 valid