Hi,

A friend wants to degoogle his phone, so I suggested the OS I’m currently using. The one we can’t talk about… He wants a small/compact phone, so I suggested pixel 4a (not buying second hand though), but I’m afraid that planned obsolescence may kill the phone rather soon. What’s your opinion?

Cheers and thank you for your help,

  • Possibly linux
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    4 months ago

    Custom ROMs will receive upstream Android security patches but not patches from proprietary components (firmware). For instance, my Moto g7 power has Android security patches from May but the latest vendor security patch level is 2021. (I’m running Lineage OS) I’m curious to know if the older firmware is a problem. I don’t think it is easily exploitable outside of government backdoors. Not that it matters much as I plan on keeping my phone until it dies.

    • Imprint9816@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      4 months ago

      Not sure where your getting your information but the Pixel 5 has not gotten Android updates or security updates in over 7 months.

      There are tons of examples of exploits being used to target EOL phones as its common for people to not care about these updates, or be misinformed, so they are easy targets.

      If OP or anyone else wants to use an EOL phone that’s fine but, don’t pretend its a smart security practice. Although even if I were to use an EOL phone, LineageOS doesn’t have the greatest background and isn’t really degoogled

      • Possibly linux
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        4 months ago

        You are still missing my point. All phones actively supported by Lineage OS get Android security patches. Those aren’t vendor patches but they do patch the OS and sometimes the kernel.

        For instance, the Pixel 5 was last updated June 28. https://wiki.lineageos.org/devices/panther/

        Not to say that you should still buy it. However, if it cheap it might be worth it.

        Also from the article you linked:

        Although the incident forced LineageOS to take offline all its service, it did not impact the signing keys that authenticate distributions because they are stored on hosts separate from the main infrastructure.

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        I think lineage is a good operating system for a limited exposure use cases. Like a project phone on a safe network, or as a webcam, or is like a embedded hardware controller. But not on the raw internet, not processing raw internet data, not with open Wi-Fi, not with open Bluetooth.

        Even with all of that, it should still be segmented from the rest of the network