Hi,
A friend wants to degoogle his phone, so I suggested the OS I’m currently using. The one we can’t talk about… He wants a small/compact phone, so I suggested pixel 4a (not buying second hand though), but I’m afraid that planned obsolescence may kill the phone rather soon. What’s your opinion?
Cheers and thank you for your help,
Can someone explain to me under what circumstances would using an old phone be risky (under a common reasonable threat model)?
No security fixes once the device reaches end of life. For pixel 4a end of security updates was 10 months ago. That mostly is a problem with malicious apps - there were some privilege escalation bugs in those 10 months - but sometimes you get a banger that can get exploited by simply loading a page or opening an image.
I get it about malicious apps but what about just using mainstream apps and surfing the web with adblockers?
Wouldn’t those be typically handled at an OS level? If you’re using an OS that actually gets updates, you’re only vulnerable to attacks at the kernel or driver level
If you are on stock software on EOL device you are not getting os updates either.
Also a bunch of recent vulns were in SoC specific stuff - outside os.