this post was submitted on 18 Feb 2024
237 points (87.4% liked)
Technology
59627 readers
4100 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I flash custom ROMs, so get updates pretty frequently, but that is beyond most people's capabilities, for sure. I currently use the OnePlus Nord N200 which i got new for $250 and installed LineageOS 20 (Android 13) on it. You can still tell it's a $250 phone compared to like $1000 phones but the differences aren't noticeable enough to cause me issues and make me want to upgrade.
Idk, I bought a used Pixel and use it with GrapheneOS. 150/200€ often, if you repair it yourself its cheaper.
LineageOS is just the tip of the iceberg. There are many components that will likely not get any updates
GrapheneOS is a great project. I had a Pixel 3a XL with Graphene on it and it was a good experience
It has evolved a lot since then
Being able to use Android Auto on GrapheneOS now was a huge change!
Graphene does not offer any support at all though once the manufacturer stops releasing new versions. With Lineage I've seen two or three more major Android versions ported than the manufacturer released.
No, they get minimal security patches for nearly a year.
Thats not much but its harm reduction as they cannot
DivestOS is recommendes AFTER the device is EOL.
For the uninitiated, what's Lineage OS? Is that like a FOSS alternative OS?
Yes. Its basically AOSP (android Open Source Project) with just enough stuff to make the device useable and you have to add everything else on top of it. A lot of custom ROMs use LineageOS as their base and build from that point.
Unfortunately IME it's a no go if you're using banking or government/authenticator apps. (Your mileage may vary and this may change.)
Not how it should be, but how it is.
I think it depends a lot on the app itself. My banking app works perfectly fine, on it with no Google Play services, but I have seen apps that completely will not open at all, except to give an error message, so I know what you mean. That is not specifically a lineage problem as much as its a google play services problem. Yoi can install gapps and those apps will work, but IMO that defeats the point.
It doesn't necessarily defeat the point if the only reason you are using Lineage is for OS updates and not for privacy reasons. That was my original reason for using it before de-googling.
I don't have google play services anymore but I do still use microG just for Revanced because I am a psychopath that actually likes YouTube recommendations.
And using a browser will always work.
LineageOS is a project making AOSP (Android Open Source Project) usable. This means bundling it together, combining it with the right drivers and kernel for specific phones.
They also maintain many of the AOSP apps (gallery, phone etc) and modernize them, which is awesome as Google abandoned them.
LineageOS is not security focused and often less secure than stock Android. It has no Google Apps by default, which means a lot of proprietary Apps that rely on the backends will not work, at all.
There is the option to install "NIK Gapps" or other names, which is just a bundle of all Google Apps, installed as System apps, just as horrible as stock Android is.
There also is microG, which is also a system app and is not Opensource, as it downloads official Google Binaries.
Every System app can read critical device identifiers that you cannot change, and can access all files, as it doesnt need permissions.
LineageOS is a usable Android, often more up to date than what came with the device, but those Devices never have full support for Custom Operating Systems, like relockable Bootloader or full security features. So in the end you have more updates but partly less security, more privacy or none.
Also the Updates that LineageOS can even supply are very minor. Android devices use the Linux kernel but a special version tailored to that SOC (System on a chip). They would need to make a custom Kernel just for that phone, often newer, as manifacturers of those cheap phones have nonexistent Update lifespans.
They dont do that as its a lot of (unpaid) work.
Then there is firmware which is only delivered by manifacturers and signed with their private keys. No custom OS can do that and firmware security holes are very important and a lot.
So LineageOS is a really nice project if you donate to them but still save money. Abusing their hard work to buy cheap devices and get their longer OS support for free is not cool.
And in the end it is incomplete, insecure and nothing to build upon when buying a new device.
Btw, a ROM is only a small part of the firmware that you cannot change. No custom OS is a ROM.
This is literally a core principle of Open Source. You can charge money if you want, but anyone is fully entitled to distribute your work for free.
It is not and cannot be abuse.
No but I meant buying devices of shitty manufacturers and get an OS for free
That's not abuse.
If the developers choose to support that hardware, they have a reason. In either case, there is no way to use open source software that's abusive, with the exception of stuff like Amazon taking an open source project, modifying it without distribution so they're not obligated to share their changes, and selling the product as a service (at a scale that makes it extremely difficult for the authors to compete). That's against the spirit of open source even if it wasn't foreseen when licenses were written and is hard to legislate.
Using open source software to save money isn't.
Not saying we shouldn't donate to worthy causes, but if we're going to call using free software without paying abuse, then there are many technology users to round up.
Do note that although custom ROMs helps provide OS updates, it does not help with any firmware updates to your phone parts as those are vendor released. Once they stop providing those updates, it is no longer secure
I have a OnePlus 3T (2016) that is running Android 11 custom ROM. I use it mainly for some games and browsing. I would never use it as my main phone or use banking apps there though. Don't want to risk all of my data on there.
That's why GrapheneOS only supports phones that are still officially updated.
When you say "it's no longer secure", can you point to an actual vulnerability on older hardware and what the exploits are?
We keep hearing how unpatched phones are not secure but I'd like to hear more about what the actual risk is.
Millions of people use older phones that haven't been updated for years, yet it seems to me that scams are more about social engineering than exploiting software vulnerabilities on phones.
You might like this website! It's quite an interesting website to go through :)
https://www.cvedetails.com/
Though to be fair, majority of every day people probably aren't getting their phones hacked. And not every hardware has known vulnerabilities, at least from what I've seen on the website. Also, I don't know if it's true, but I heard that for a lot of exploits, the person needs the phone physically.
Not really my field of expertise though
Right?
Show me some stats where this is demonstrated to be a problem.
I run OLD versions - current phone is Android 9.
I've had 10x more problems caused by system updates than anything else, let alone "being insecure".
That is definitely true. Once the vendor stops putting up those patches, it does become quite problematic. So as long as you keep your Android up to date as best as you can and primarily use open source software and ad blockers, you should be alright in most cases.
That only works if there is support for the phone from developers. For many phones there isn't any, both because the OEM did not make their source available and no individual Dev was interested in doing support for it.
If you want a new phone that has support you need to research it first.
Phones with Mediatek processors tend to be the worst for this, because the source code often is not released, contrary to the open source license.
That is a good point. I always make sure that my devices can run lineage before buying them because I don't want to be stuck with a brick.