Hi,

A friend wants to degoogle his phone, so I suggested the OS I’m currently using. The one we can’t talk about… He wants a small/compact phone, so I suggested pixel 4a (not buying second hand though), but I’m afraid that planned obsolescence may kill the phone rather soon. What’s your opinion?

Cheers and thank you for your help,

  • AnxiousDuck@feddit.it
    link
    fedilink
    arrow-up
    5
    ·
    6 months ago

    Can someone explain to me under what circumstances would using an old phone be risky (under a common reasonable threat model)?

    • tty5@lemmy.world
      link
      fedilink
      arrow-up
      4
      ·
      6 months ago

      No security fixes once the device reaches end of life. For pixel 4a end of security updates was 10 months ago. That mostly is a problem with malicious apps - there were some privilege escalation bugs in those 10 months - but sometimes you get a banger that can get exploited by simply loading a page or opening an image.

      • ReveredOxygen@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        6 months ago

        Wouldn’t those be typically handled at an OS level? If you’re using an OS that actually gets updates, you’re only vulnerable to attacks at the kernel or driver level

        • tty5@lemmy.world
          link
          fedilink
          arrow-up
          2
          arrow-down
          1
          ·
          edit-2
          6 months ago

          If you are on stock software on EOL device you are not getting os updates either.

          Also a bunch of recent vulns were in SoC specific stuff - outside os.

      • AnxiousDuck@feddit.it
        link
        fedilink
        arrow-up
        2
        ·
        6 months ago

        I get it about malicious apps but what about just using mainstream apps and surfing the web with adblockers?