Android
DROID DOES
Welcome to the droidymcdroidface-iest, Lemmyest (Lemmiest), test, bestest, phoniest, pluckiest, snarkiest, and spiciest Android community on Lemmy (Do not respond)! Here you can participate in amazing discussions and events relating to all things Android.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Rules
1. All posts must be relevant to Android devices/operating system.
2. Posts cannot be illegal or NSFW material.
3. No spam, self promotion, or upvote farming. Sources engaging in these behavior will be added to the Blacklist.
4. Non-whitelisted bots will be banned.
5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.
6. Memes are not allowed to be posts, but are allowed in the comments.
7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.
8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.
Community Resources:
We are Android girls*,
In our Lemmy.world.
The back is plastic,
It's fantastic.
*Well, not just girls: people of all gender identities are welcomed here.
Our Partner Communities:
view the rest of the comments
I haven't done much reading into it, but something to consider is there was a post just recently that I saw someone mentioning that their pixel 4a was becoming unsupported very shortly. You may want to see when the scheduled EOL for the 5 is as that might influence your decision if that is sooner than you'd be hoping for.
Am I naïve for thinking that manufacturers stopping support for devices, then claiming it affects your safety, is just to sell more phones?
I always buy refurbished, currently running an S9 and I'm not even sure if it's still supported. Recently retired a Nexus 10 from 2012 and had zero security issues in a dozen years
Yes you are.
Vulnerabilities are constantly being found in the software stack used by Android, if you are running vulnerable software you're increasing the likelihood of some malicious app (or website, file, etc...) taking advantage of the vulnerability. The consequences of vulnerability vary from being able to fingerprint your device when it's not supposed, to escalateling privileges to root or even kernel mode. Although the later are significantly rarer.
That you know of... If the vulnerability is successfully exploited, the likelihood of you noticing are close to zero.
You could always flash a custom ROM to install the latest security patches, but you would still be missing the security updates for all the closed source components (such as the bootloader, device drivers, etc...). Not to mention all the security implications (good or bad) that comes with installing custom ROMs.
I'll not pretend I understand the consequences 😂
What does that mean for the average user?
From tracking your to full access of your phone and capable of doing anything without you knowing it or lifting a finger.
Tracking me happens all the time. Also I'm old but tech savvy so I'd know if someone had any access to my phone.
I'm still not sure what I should worry about?
This is really a bold claim. How or why makes you so sure of that?
If the attacker/app manages to get some application running in the background as root, how would you know that they had access to your phone?
To expand on the points mentioned above as well, although you may not be concerned by someone tracking your phone, something like root access is a concern. When the other commenter mentioned someone having access to your phone, it doesn't mean unlocking the screen and moving it around, it means they have the ability to run commands at the highest privilege level at which point, an attacker can do basically anything.
Find ways to export biometrics? Idk, probably, set it up to forward all requests to a man in the middle server? Almost certainly.
To say "if I can't see it, it can't be compromised" is definitely a naïve stance in my opinion. Whether this is being done intentionally by companies to sell more phones? Well.. I don't think many people would argue the contrary
A good example though for iphones is an sma that triggers an exploit that escalates access and allows the entity to install their software that monitors and controls your phone is possible. It even deletes the test. So the end user does not know. It's used and purchased by governments. I'm sure there are 0 days on Android that would do similarly.
They could steal all of your logins. This includes things like bank accounts. Your phone could be used as part of a botnet to commit criminal acts. They could shorten your battery life and use up your data plan by mining crypto in the background. You know, just like any other compromised computer.
I personally think they do it to sell more phones. They could support their phones for much longer as evidenced by Lineage
I don't know about selling more phones, but it's definitely a profit angle. I'm not sure if using a phone without security updates for that long is a good idea. It's one of those it works until it doesn't, and you'll be regretting it very much when it doesn't.