Hi,
A friend wants to degoogle his phone, so I suggested the OS I’m currently using. The one we can’t talk about… He wants a small/compact phone, so I suggested pixel 4a (not buying second hand though), but I’m afraid that planned obsolescence may kill the phone rather soon. What’s your opinion?
Cheers and thank you for your help,
What’s the OS we can’t talk about?
To be more helpful than the joke comments you’ve received so far, it’s graphene OS that’s causing a lot of controversy.
What’s the controversy?
They claim their security measures are better then other custom ROMs.
Don’t they all make that claim?
Hence the controversy! 🙂
Also, Graphene tend to act superior about it and it pisses people off.
That doesnt sound like a controversy, its bascially “btw, I use arch”
https://www.privacyguides.org/en/android/
There is no controversy. There’s a lot of people memeing. I haven’t seen a single security analysis, or survey of options, that didn’t put GOS at the very top. Look at privacy guides, they say graphene is great, but if you can’t use that divest is okay.
People may not like the leader, and the developers are very opinionated which turns other people off, but I don’t think there’s any questioning the pedigree and the level of security provided
Hannah Montana Android.
We don’t talk about Hannah Montana Android.
The one we can’t talk about…
I don’t get it ? Why can’t we say it’s name ?
Because GrapheneOS is a debatable triggering subject for some people. Basically the OS itself is amazing and very good. But the project leader is apparently arrogant and offensive. And offended a load of big known online personalities. Apparently he says his OS is the best and better then everyone else etc etc. So the question is: do you use and support a project where the product itself is amazing and just what the world needs, but where the project leader is offensive? Some say yes, some say no. = Controversial subject.
Personally I use GrapheneOS because I need a good camera and I like having a flagship modern phone. Currently I’m using a Pixel 7 Pro. I also like the privacy and security features that graphene offer. I don’t see another project out there that can offer me the same. The product is good.
But the project leader is apparently arrogant and offensive.
“apparently”
Well yes exactly. It’s all just big personalities online that say that these things happened. Who knows really what the guy is like. A few big names online say these things about him, but I personally have never had any Interaction with him. So it could all be true, or partly true, or not at all. I guess no smoke without fire… but there is always 2 sides to every story.
Yes, that is too old for a new phone considering it’s already past its end-of-life for both official support and your OS. I’m not sure why you’d recommend them to buy new either - a phone like that is only going to be good value if you pick up a used one for cheap. A new model will be massively overpriced for what it is (and may not even be new, just refurbished and repackaged).
I guess they were talking about a refurbished or a used one.
They specifically said “not second hand” so I assumed not.
The Google Pixel 4a is officially end-of-life and doesn’t get any software and security updates anymore (https://endoflife.date/pixel).
Pixel 5 is end-of-life and shouldn’t be used anymore due to lack of security patches for firmware and drivers.
I understand if your friend is on a budget and simply can’t afford a non EOL phone but, they should really consider a 6th gen Pixel or better if they care at all about their data security.
Has there been a successful exploit against a phone with old firmware but modern Android security patches?
I am not sure if there is an example of that specific situation as it would be pretty odd for a phone to be receiving security patches but not firmware updates.
Anyway its not super relevant as the Pixel 5 does not receive firmware or security patches anymore.
OP also seems to be inferring he suggested to his friend to use a very specific security / privacy OS that does not recommend using that model phone anymore for the exact reasons I mentioned. Plus the model is only receiving partial support as a stop gap for users to have time to get a newer model and won’t be supported much longer anyway.
Custom ROMs will receive upstream Android security patches but not patches from proprietary components (firmware). For instance, my Moto g7 power has Android security patches from May but the latest vendor security patch level is 2021. (I’m running Lineage OS) I’m curious to know if the older firmware is a problem. I don’t think it is easily exploitable outside of government backdoors. Not that it matters much as I plan on keeping my phone until it dies.
Not sure where your getting your information but the Pixel 5 has not gotten Android updates or security updates in over 7 months.
There are tons of examples of exploits being used to target EOL phones as its common for people to not care about these updates, or be misinformed, so they are easy targets.
If OP or anyone else wants to use an EOL phone that’s fine but, don’t pretend its a smart security practice. Although even if I were to use an EOL phone, LineageOS doesn’t have the greatest background and isn’t really degoogled
You are still missing my point. All phones actively supported by Lineage OS get Android security patches. Those aren’t vendor patches but they do patch the OS and sometimes the kernel.
For instance, the Pixel 5 was last updated June 28. https://wiki.lineageos.org/devices/panther/
Not to say that you should still buy it. However, if it cheap it might be worth it.
Also from the article you linked:
Although the incident forced LineageOS to take offline all its service, it did not impact the signing keys that authenticate distributions because they are stored on hosts separate from the main infrastructure.
Those are partial security patches (its not in the same ballpark as a non EOL phone).
Even non EOL phones are usually updated dangerously slow when it comes to LineageOS.
Some more sources, not sure why I’m even adding them as you seem hell bent to believe LineageOS is secure regardless of the facts.
https://eylenburg.github.io/android_comparison.htm
https://www.kuketz-blog.de/lineageos-weder-sicher-noch-datenschutzfreundlich-custom-roms-teil4/
If my device is so insecure why haven’t I been compromised? Your “facts” are only important if it promotes Graphene OS.