this post was submitted on 28 Jun 2024
61 points (93.0% liked)

Privacy

31975 readers
652 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Hi,

A friend wants to degoogle his phone, so I suggested the OS I'm currently using. The one we can't talk about... He wants a small/compact phone, so I suggested pixel 4a (not buying second hand though), but I'm afraid that planned obsolescence may kill the phone rather soon. What's your opinion?

Cheers and thank you for your help,

(page 2) 50 comments
sorted by: hot top controversial new old
[–] [email protected] 2 points 4 months ago* (last edited 4 months ago)

Random hardware suggestions, using mobile Linux support as a litmus test

  • Pinephone (Pro): Main downside is that OG Pinephone has extremely anemic hardware, and the charging circuit is not controlled through hardware for some insane reason; hope the kernel devs of whatever OS you put on it knows how to not turn your phone into a bomb. Also Pine64 as a company has gotten flak for their support of Manjaro. Can't deny how good the price is though.
  • Fairphone 4: Good hardware, but expensive. I don't own it, but it works good on postmarketOS according to the wiki.
  • Librem 5: Overpriced compared to the earlier members on this list, but you can guarantee the phosh interface will work well considering it was developed by Purism as well.
  • OnePlus 6 and 6T: I don't know much about these, but they're very popular with the mobile Linux crowd.

As for the pixel, there's work on it but it's still broken at the moment. As for the hardware being too old, I haven't used anything Android in a while, so I don't know how much performance degrades each release, but a mobile Linux distribution should run just as good today as it will 20 years from now, assuming you use the same interface.

[–] [email protected] 1 points 4 months ago* (last edited 4 months ago) (1 children)

Pixel 5 is end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers.

I understand if your friend is on a budget and simply can't afford a non EOL phone but, they should really consider a 6th gen Pixel or better if they care at all about their data security.

[–] [email protected] 2 points 4 months ago (1 children)

Has there been a successful exploit against a phone with old firmware but modern Android security patches?

[–] [email protected] 2 points 4 months ago* (last edited 4 months ago) (1 children)

I am not sure if there is an example of that specific situation as it would be pretty odd for a phone to be receiving security patches but not firmware updates.

Anyway its not super relevant as the Pixel 5 does not receive firmware or security patches anymore.

OP also seems to be inferring he suggested to his friend to use a very specific security / privacy OS that does not recommend using that model phone anymore for the exact reasons I mentioned. Plus the model is only receiving partial support as a stop gap for users to have time to get a newer model and won't be supported much longer anyway.

[–] [email protected] 2 points 4 months ago* (last edited 4 months ago) (1 children)

Custom ROMs will receive upstream Android security patches but not patches from proprietary components (firmware). For instance, my Moto g7 power has Android security patches from May but the latest vendor security patch level is 2021. (I'm running Lineage OS) I'm curious to know if the older firmware is a problem. I don't think it is easily exploitable outside of government backdoors. Not that it matters much as I plan on keeping my phone until it dies.

[–] [email protected] 2 points 4 months ago* (last edited 4 months ago) (2 children)

Not sure where your getting your information but the Pixel 5 has not gotten Android updates or security updates in over 7 months.

There are tons of examples of exploits being used to target EOL phones as its common for people to not care about these updates, or be misinformed, so they are easy targets.

If OP or anyone else wants to use an EOL phone that's fine but, don't pretend its a smart security practice. Although even if I were to use an EOL phone, LineageOS doesn't have the greatest background and isn't really degoogled

[–] [email protected] 2 points 4 months ago* (last edited 4 months ago) (3 children)

You are still missing my point. All phones actively supported by Lineage OS get Android security patches. Those aren't vendor patches but they do patch the OS and sometimes the kernel.

For instance, the Pixel 5 was last updated June 28. https://wiki.lineageos.org/devices/panther/

Not to say that you should still buy it. However, if it cheap it might be worth it.

Also from the article you linked:

Although the incident forced LineageOS to take offline all its service, it did not impact the signing keys that authenticate distributions because they are stored on hosts separate from the main infrastructure.

load more comments (3 replies)
[–] [email protected] 1 points 4 months ago

I think lineage is a good operating system for a limited exposure use cases. Like a project phone on a safe network, or as a webcam, or is like a embedded hardware controller. But not on the raw internet, not processing raw internet data, not with open Wi-Fi, not with open Bluetooth.

Even with all of that, it should still be segmented from the rest of the network

load more comments
view more: ‹ prev next ›