this post was submitted on 11 Jul 2023
471 points (92.4% liked)
Asklemmy
43965 readers
1714 users here now
A loosely moderated place to ask open-ended questions
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- [email protected]: a community for finding communities
~Icon~ ~by~ ~@Double_[email protected]~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
That's the reason why I switched to iPhone after many years of Android, security updates are vital nowadays with all the sensitive data and apps we use on our phones, Apple is the only one that guarantees al least 5 years, iPhones are not too expensive if you don't buy the latest models and I'd rather avoid supporting companies that don't understand the importance of security.
Pixel actually guarantees 5 years now and if you put GrapheneOS on it, then you'll have one of the most private and secure operating systems available
just a side note for graphene: i have the feeling that it’s not for everyone. “too much” security tends to get in the UX way
Chances are if you know how to use an Android, using Graphene isn't too much harder. You can still download from the play store and run apps like normal. If you're reading this post then you probably have the technical knowhow to plug your phone into the computer and press the start button.
Fair point with not being for everybody though, I wouldn't be comfortable giving it to my non-techy family and friends. You do have a fair point.
I've been running GrapheneOS on my Pixel 3 for three years and I have few complaints. I still cant figure out how to get automatic updates to work in Android 13 with the Neo or Droidify stores but atleast the stock GOS apps auto update. BTW, to clarify what you said, we have to use the Aurora app to download from Google Play Store.
You're right it's not for most people. Not having Google services installed might be a major blow for people who have become accustomed to the conveniences they provide. I just use a separate vanilla Pixel for Google services if I need them, but the phone with my SIM card is the one with GrapheneOS.
You can turn Google Services on if you would like. I personally do have it turned on as some of my apps wouldn't get notifications without it. You could use it as a normal android downloading through the play store and nobody would notice that it's degoogled. All the apps are sandbox and you can change what permissions that have, I previously used CalyxOS and this is much more private and secure.
Does it send telemetry? Why is CalyxOS more secure?
Oh I meant GrapheneOS is more private and secure. Don't get me wrong, CalyxOS is still much better than stock android
Out of curiosity, which Pixel phone is a good one to have GrapheneOS installed on to last a long time?
The latest Pixel would get the longest update. They follow Google's support updates which is 5 years from the time it is available for purchase.
https://grapheneos.org/faq#device-lifetime
You can do even better than five years with Fairphone (...Speaking as a Pixel user)
But will Fairphone be around in 5 years?
It has been around for 10 years and 4 phones by now, and only gaining in popularity and market share. No reason to predict an early demise yet. The Fairphone 1 controversially only received 3 years of updates, but since then it's 5 years.
Sad LG Noises
Fairphone is also guaranteed only 5 years. If not, then they are probably using a custom ROM that is not directly supported by Google. I'll keep my eye out for this company though, the repairability is great and I love the repairability of the phone.
The article I just linked says they're extending support to 7 years: Out to 2026 for their 2019 model, the Fairphone 3. The article also links to an older article talking about how the Fairphone 2 ended up with 7 years.
I'm in the US so the Fairphone was never really a consideration for me, but if it's available whenever I need my next phone I'll definitely look into it. It's pretty annoying to be using Google's own phone, and still only have access to 3 years of OS updates.
Interesting. So 7 years for the Fairphone 3 but it seems on their website, for the Fairphone 4, it is only 5 years, they might extend it to 7 years like their previous phones though.
Edit: Apparently Fairphone 4 is coming to the U.S, but with /e/os instead of the fairphone os.
https://shop.fairphone.com/?ref=header
https://www.fairphone.com/en/open-source/
https://arstechnica.com/gadgets/2023/07/fairphone-is-coming-to-america/
Well, Google isn't famous for being reliable in the long run with their services, Apple is proven at this point, tho who knows, I'll wait a few years and see if Google is still at it with their Pixels.
Googles already been doing this for years.
Apple isn't the only one that guarantees many years of updates. The fairphone (although currently only sold in the EU, they're coming soon to the USA) has 5 years of promised support, Google Pixel 6 and later also have 5 years of promised updates, Samsung Galaxy, has 4 years, while one year less than its competitors, still much better than the 1-2 years most phones used to have. Android phones these days aren't like the wild west back then, Android phones are on par with iPhones, the choice is merely personal preference.
Happy to hear companies are finally getting it.
I have just done the same.
Although Google are now promising 5 years of support for Pixel phones, Pixel phones are not a core business for Google, and as they have shown many times, Google will end projects at the drop of a hat with no regard for their customers.
There are secondary Android companies like Samsung that promise long term security updates, but are always behind the publishing curve compared to Google. This means that malicious actors have the opportunity to study Google’s published updates to reverse engineer cracks that they then exploit.
The current Android security update model is inherently insecure due to this issue. Until manufacturers are forced to update in a timely manner ( by which I mean simultaneously with Google) I won’t buy another Android phone.
Yeah exactly. It's surprising how many people don't check or care how long their device is being updated. Apple does a great job of supplying their devices with updates long-term.
If you stand there at the store with this year's iPhone; take the full price divided by how many years you plan to own/ use it. Then you realize it's actually relatively cheap.
iPhones have decent residual value as well. You should be able to recoup at least a third of the price after three years, if you look after it.
True, I bought an ipad more than 7 years ago to read because e-readers are too small for my liking.
I don't use it much anymore since I have an e-writer now, but it still receives updates regularly, whatever comes to my phone comes to it as well, it's impressive.
Both Samsung and Google give you 5 years of updates (at least 3 major Android releases + 2 years of Security updates) for a few years now.
Pixel and Samsung also have 5 years of updates promised. And more phones are giving at least 3 years. I don't think most people nowadays are hanging onto their 5 year old phones. Most everyone switches phones every 2 or 3 years.
I'm a fringe case then lol, I keep them until they actually break, they do last 4-5 years for me, sometimes more, I don't make intense use of my phone, I much prefer using my PC for basically everything.
This is why we need law to mandate security updates for 5+ years.
That's why I installed custom ROM on my Redmi Note 3 and used it for 4.5y until the battery swole.
If you are using an android phone, you can change the ROM to one that still gets updates, it's like changing the os in a computer. The process will delete all of the user data inside the phone but you've got nothing to lose if it doesn't get any security updates.
I recommend lineageOS to anyone wanting to go down this route because of its compatibility with every phone, old or new.
that “security update” quickly gets irrelevant as the exploits for lineage (or any non-standard rom) sells for pennies compared to a stock exploit. also no one’s paying security researchers to assess lineage - also it would be completely impossible with the amount of updates and devices they release
remember that (unfortunately) security is all about money
But more people using stock roms could potentially mean any exploit is more easily found compared to custom roms. Not saying that's the case, but it's a factor to consider.
as more people use a software it’s not easier to find exploits but much more profitable - and you see that propagate, as in:
Now the last 2 steps tend to cycle since the security of the product fluctuates
Now the above have nothing to do with “residual” products - such as custom roms. And actually, you have so many deeply specialized people around the main product that finding a bug and developing an exploit on the residual is just a matter of “who the fuck cares”.
So you’re basing your security of your phone on “care”, also known as security through obscurity (some times at least).
Another example of “who cares” security is libreoffice. When I started as a security engineer the veteran (and boss) referred to it as training material to find security bugs. I found some, but who cares? Ain’t nobody gonna pay for them as “nobody” uses the software (keep in mind that we’re referring to millions of daily users rather than thousands per month)
Sorry for sheet! ❤️ Be safe and use a password manager
How difficult is it to change ROM?
hmmm depends on the phone and what you mean difficult. If you’ve managed to format a computer you’ll be fine. If you’re having trouble downloading chrome or office, maybe think about it again - I’m not saying you shouldn’t try or learn (everybody can learn), Im just saying that it will require an amount of time that I imagine would be uncomfortable to a user that don’t wanna bother downloading a program.
Not all people enjoy computers!
It depends. For Graphene OS, there is a web installer that the people who have used it said it was the easiest custom rom they've installed. Unfortunately, it only supports for Google Pixels.
For other custom roms... maybe not as easy...
Graphene OS Web Install: https://grapheneos.org/install/web
Hey there! Have you checked xda for unofficial ports or other ROMs? Might still be better than vanilla
This.
If you have a phone with snapdragon CPU you probably can extend it's lifespan with custom ROMs that offers security updates. Mine released in 2019, support dropped at android 11, but unofficial LOS with android 13 works great and still updates regularly. No complains here, even the OTA works. Although I do need to flash manually because of root. I don't see myself upgrade anytime soon.
Switch to iPhone. Or pixel. Longer security updates. Guaranteed
I hope I dont jinx myself with this but I dont think security updates at the OS level are that important nowadays.