Hi,

A friend wants to degoogle his phone, so I suggested the OS I’m currently using. The one we can’t talk about… He wants a small/compact phone, so I suggested pixel 4a (not buying second hand though), but I’m afraid that planned obsolescence may kill the phone rather soon. What’s your opinion?

Cheers and thank you for your help,

  • s38b35M5@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    I bought a used Pixel 5 in Feb for my daily driver. Replaced my Pixel 3 only because the power button was flaky. They both still run great. By my standards, getting two years out of a phone I paid $150 for is better than getting three years out of a $700 phone.

  • GolfNovemberUniform@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    1 year ago

    It goes for like $80-120 in my country. For the price it’s an interesting deal but it’s extremely old so GrapheneOS won’t support it. I think you can still find something like LineageOS or crDroid but tbh it’s too old for a new daily driver. Lack of firmware updates will kill custom ROMs due to incompatibility with new Android versions eventually (and most likely very soon).

    Compact phones are dead now and the last ones don’t even seem to support degoggled custom ROMs. You’re out of lack with that.

    • Ilandar@aussie.zone
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      1 year ago

      Compact phones are dead now and the last ones don’t even seem to support degoogled custom ROMs.

      The XZ2 Compact still has LineageOS and DivestOS support and there are ongoing unofficial iodéOS builds for the XZ1 Compact (which I am using). The S10e has decent support too, although it’s a bit larger. But yes, modern compacts are dead in the traditional form factor - it’s now flips or a niche micro-brand phone like the Unihertz Jelly series.

        • Ilandar@aussie.zone
          link
          fedilink
          arrow-up
          0
          ·
          1 year ago

          Sorry if I’ve misunderstood what you were trying to say. I interpreted that quote from you as suggesting the last true compact Android phones (the Xperia Compacts and, to a lesser extent, the S10e) don’t have custom ROM support. If you were instead saying the most recently released “compact” phones (which are really just medium-sized phones) don’t have custom ROM support, then that would also be partially incorrect since the Pixel A series is widely supported and the Xperia 5 III has official LineageOS support.

    • Corgana@startrek.website
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      extremely old

      Dude it’s less than four years old lol I get what you are saying but Q3 2020 is not that long ago.

      • mnmalst@lemmy.zip
        link
        fedilink
        arrow-up
        0
        ·
        1 year ago

        FYI: “Extended support” from a custom rom means the OS level software gets updated, not the device firmware. So you still end up with a not fully up to date phone.

        Written from my Pxiel 4a. :)

    • RBG@discuss.tchncs.de
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      The software updates are maybe not an argument when it comes to degoogling? Then it depends if the OS they plan to use still sends updates.

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        The hardware driver updates are absolutely critical if you want to have a secure phone. The phone has to be within the support window, to get any hardware driver updates. The risk surface of a phone’s hardware is huge, you’ve got the Bluetooth drivers, you’ve got the Wi-Fi drivers, you’ve got the modem drivers, and any other sensors I may have forgotten about.

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    Depends on your friends threat model, lineage will work on it.

    No security updates makes the Pixel 4a a bold choice for your main phone. I don’t recommend it

    I would follow the graphene OS recommended phone guide, that gives you maximum flexibility to put any operating system you want on the phone.

    • delirious_owl@discuss.online
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      Phones are insecure devices, by design. Should be OK.

      Just don’t do anything on a phone that falls under “sensitive” on your threat model. Use a proper computer with a proper password for that.

          • jet@hackertalks.com
            link
            fedilink
            English
            arrow-up
            0
            ·
            1 year ago

            You can use two factor, fingerprint plus pin and have the pin layout randomize each time.

                • jet@hackertalks.com
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  1 year ago

                  I think phones are the MOST secure devices most people have. They are locked down, they run software in very restricted containers, they have more restrictive feature allowance. for 99% of the people the phone is the most secure device, full stop.

                  Can you do better on a computer? Sure, but it takes a bunch of work and isn’t the out of box experience

                • delirious_owl@discuss.online
                  link
                  fedilink
                  arrow-up
                  0
                  ·
                  1 year ago

                  So you’re saying that, in order for me to steal everything on your phone, all I have to do is stand behind you in a supermarket and film you unlock your screen once. Then, on the way to your car, I quickly pull a knife on you and force you to tap your finger on your phone, then I hop on a motorbike and ride away.

                  Hope you didn’t have any banking apps or crypto on your phone, because now that’s gone.

                  QubesOS on a laptop is much much safer.

  • Undertaker@feddit.org
    link
    fedilink
    arrow-up
    0
    ·
    1 year ago

    Yes, it is. You should not recommend such a phone. And this only in terms oft update.

    The arguments against the company behind this phone would Film books, but that’s another point

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Has there been a successful exploit against a phone with old firmware but modern Android security patches?

      • Imprint9816@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        1 year ago

        I am not sure if there is an example of that specific situation as it would be pretty odd for a phone to be receiving security patches but not firmware updates.

        Anyway its not super relevant as the Pixel 5 does not receive firmware or security patches anymore.

        OP also seems to be inferring he suggested to his friend to use a very specific security / privacy OS that does not recommend using that model phone anymore for the exact reasons I mentioned. Plus the model is only receiving partial support as a stop gap for users to have time to get a newer model and won’t be supported much longer anyway.

        • Possibly linux@lemmy.zip
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          1 year ago

          Custom ROMs will receive upstream Android security patches but not patches from proprietary components (firmware). For instance, my Moto g7 power has Android security patches from May but the latest vendor security patch level is 2021. (I’m running Lineage OS) I’m curious to know if the older firmware is a problem. I don’t think it is easily exploitable outside of government backdoors. Not that it matters much as I plan on keeping my phone until it dies.

  • Corgana@startrek.website
    link
    fedilink
    arrow-up
    0
    ·
    1 year ago

    The Pixel 5 is still a great phone with his battery life and camera, and the last Pixel small enough to used one-handed.

    If they’re not gaming or doing anything CPU-intensive it’s what I reccommend today. Everything afterwords has been an incremental upgrade.

  • ssm@lemmy.sdf.org
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    1 year ago

    Random hardware suggestions, using mobile Linux support as a litmus test

    • Pinephone (Pro): Main downside is that OG Pinephone has extremely anemic hardware, and the charging circuit is not controlled through hardware for some insane reason; hope the kernel devs of whatever OS you put on it knows how to not turn your phone into a bomb. Also Pine64 as a company has gotten flak for their support of Manjaro. Can’t deny how good the price is though.
    • Fairphone 4: Good hardware, but expensive. I don’t own it, but it works good on postmarketOS according to the wiki.
    • Librem 5: Overpriced compared to the earlier members on this list, but you can guarantee the phosh interface will work well considering it was developed by Purism as well.
    • OnePlus 6 and 6T: I don’t know much about these, but they’re very popular with the mobile Linux crowd.

    As for the pixel, there’s work on it but it’s still broken at the moment. As for the hardware being too old, I haven’t used anything Android in a while, so I don’t know how much performance degrades each release, but a mobile Linux distribution should run just as good today as it will 20 years from now, assuming you use the same interface.

  • toastal@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    1 year ago

    Pixel 4a was one of the last in the Google (5a being last). The OEM lost its way after that. This enough to not recommend their devices as far as I am concerned.

  • Dark_Dragon@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    Umm one question by the way , why use Google phone to degoogle? There are plenty of good Android phones out there right?

    • OhYeah@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      While it is ironic, the pixels are easy to unlock the bootloader and have good support across lineage, calyx, and graphene. Been using one to degoogle for awhile and would recommend them

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      1 year ago

      Google makes the most open and customizable phones. Unlocked bootloaders, the ability to sign your own code. Rapid security updates for baseband drivers.

      Nobody else comes close.

      https://grapheneos.org/faq#future-devices

      Actually pine phone is really open, but it’s not android and nowhere ready to be a daily driver.

  • Ilandar@aussie.zone
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    1 year ago

    Yes, that is too old for a new phone considering it’s already past its end-of-life for both official support and your OS. I’m not sure why you’d recommend them to buy new either - a phone like that is only going to be good value if you pick up a used one for cheap. A new model will be massively overpriced for what it is (and may not even be new, just refurbished and repackaged).

  • AnxiousDuck@feddit.it
    link
    fedilink
    arrow-up
    0
    ·
    1 year ago

    Can someone explain to me under what circumstances would using an old phone be risky (under a common reasonable threat model)?

    • tty5@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      No security fixes once the device reaches end of life. For pixel 4a end of security updates was 10 months ago. That mostly is a problem with malicious apps - there were some privilege escalation bugs in those 10 months - but sometimes you get a banger that can get exploited by simply loading a page or opening an image.

      • ReveredOxygen@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        Wouldn’t those be typically handled at an OS level? If you’re using an OS that actually gets updates, you’re only vulnerable to attacks at the kernel or driver level

        • tty5@lemmy.world
          link
          fedilink
          arrow-up
          0
          ·
          edit-2
          1 year ago

          If you are on stock software on EOL device you are not getting os updates either.

          Also a bunch of recent vulns were in SoC specific stuff - outside os.

      • AnxiousDuck@feddit.it
        link
        fedilink
        arrow-up
        0
        ·
        1 year ago

        I get it about malicious apps but what about just using mainstream apps and surfing the web with adblockers?