The reason I didn’t do that is my last two devices (cumulative 5 years of use) had no recovery partition, I didn’t want to brick them until I had a replacement (I did brick one of them -my first ever full bricking 🥹!-, the other was already broken beyond normal use but it took the flash, and I learned), and I didn’t want to buy a new device for the sole purpose of changing the os. There’s a ton of research that goes into doing that which I simply didn’t have the energy for when my last device bit it.
Maybe I should have, but I figured I’d try iOS first. I hate it passionately, but I’ll probably keep it until my phone dies, apple fucks up big dog (I’m aware of the slave labor, almost no tech is spared that, though, and I didn’t know about fairphone) or a good Linux os/device comes out. Hell bonus if I can jailbreak and flash a different OS on this fucker, but I know alllll about how locked down apple is… can’t replace components, can’t even change a fucking ringtone without a gob of work… it fucking sucks after a decade on android using it as fully as I could. I even switched to Linux (ubuntu) because it felt like android for my pc. (Also fuck windows 8/10/11. Windows 7 was the last reasonably good iteration, and I formatted my drive and reinstalled that shit every 6 mths -bootleg master disc, took about that long for windows to flag me as not genuine- to keep using it until I swapped to Linux. Learned good data management habits in the process!)
I used to use cyanogenmod and a couple others waaaay back in like 2012-2018 or whatever, and I really liked rooting and flashing os, but privacy focused OS weren’t available for my devices. I’m poor, so can’t afford good phones, especially if I’m gunna fuck up the warranty immediately by rooting (only reason I paid as much for an iPhone as I did is they do support devices long-term, which is sorely lacking in stock android and, to me at least, entirely unknown for custom). Especially since a lot of better devices, to my understanding, have a rooted flag that can’t be un-flown by disabling root.
As for proton, I’ve heard good things, from a lot of people. I’m currently looking into self-hosting options for various things to un-dependent myself from services run by unknown entities (it’s gunna be a blast learning everything from square one… but so much better than my shit being “owned” by someone else), and haven’t really decided if I want to try hosting my own email or not. Probably not but it might be fun to play with while I decide.
That is very true, and I have actually bought used before but it was a miserable experience because it wasn’t listed as carrier-locked (it was, however, a long time ago, well before carrier unlock was required/universal unlock was commonly available).
Perhaps I’ll look into getting a used phone while I have a working one and play with it a bit, if I can find one for a reasonable price, as long as they don’t have the same replacement lockout apple has. I’ve been using GSM carriers exclusively so I can bring my device if I ever (need to or can) emigrate, so probably a decent market of devices available.
Not a stupid question and thanks for reminding me that’s an option. I tend to distrust used/refurbished tech -replaced for a reason sort of thing, especially when warranty replacements of major models tend to be refurbished and have their own problems… but I probably shouldn’t assume others treat their tech the way I do - my forever precious. Like cars, I run them until they die, and someday I’ll make a fucking sculpture with all the broken old phones I have. I recently found my first semi-smart phone, which I had when I was… 22-24, I think? The Motorola rival A455 in purple. Fuck was technology pretty!
Thank you for the detailed reply, and that’s actually something I hadn’t really considered. I know I baby the fuck out of my phone, so I’d probably be one of those people 😁 but also phones themselves have gotten a lot more durable and harder to break.
And that’s a good point that in other countries, unlocked gsm phones are just the norm even with regular upgrade plans, where here (Midwest us) it’s kinda hard to find because a lot of the larger carriers are CDMA, so my standard experience is just different. I haven’t really looked too much other than refurbished, and those aren’t cheap-er enough to be worth it, but I’ll take a look.
Unless I’m mistaken, there have been firmware RCE vulnerabilities that give successful attackers unrestricted access to the entire system and can be attacked by anyone capable of sending network packets to it. That is not “very low”. That’s insecure to the point that “your” phone is basically the property of some overseas crime ring and they’re letting you borrow it.
I do indeed: the Android Security Bulletins. Bear in mind that most people don’t install a custom operating system after the stock OS stops receiving updates.
Even for those who do, however, those vulnerabilities listed under a heading like “Qualcomm closed-source components”—that is, firmware vulnerabilities—are still present on their devices. See, for example, this list of firmware vulnerabilities fixed in an update as of December 2019. If you have a device that stopped receiving updates before then, it still suffers from those vulnerabilities no matter what OS you run on it, and many of them are RCEs that give successful attackers complete control of the device.
As for “likelihood”, infosec does not work that way. Cybercriminals and hostile foreign intelligence agencies don’t sleep and don’t show mercy. If you have a vulnerability that your adversaries know about and can feasibly exploit, then they are already exploiting it. That’s why vulnerability disclosure embargoes are a thing.
Pardon the wall of text incoming -
The reason I didn’t do that is my last two devices (cumulative 5 years of use) had no recovery partition, I didn’t want to brick them until I had a replacement (I did brick one of them -my first ever full bricking 🥹!-, the other was already broken beyond normal use but it took the flash, and I learned), and I didn’t want to buy a new device for the sole purpose of changing the os. There’s a ton of research that goes into doing that which I simply didn’t have the energy for when my last device bit it.
Maybe I should have, but I figured I’d try iOS first. I hate it passionately, but I’ll probably keep it until my phone dies, apple fucks up big dog (I’m aware of the slave labor, almost no tech is spared that, though, and I didn’t know about fairphone) or a good Linux os/device comes out. Hell bonus if I can jailbreak and flash a different OS on this fucker, but I know alllll about how locked down apple is… can’t replace components, can’t even change a fucking ringtone without a gob of work… it fucking sucks after a decade on android using it as fully as I could. I even switched to Linux (ubuntu) because it felt like android for my pc. (Also fuck windows 8/10/11. Windows 7 was the last reasonably good iteration, and I formatted my drive and reinstalled that shit every 6 mths -bootleg master disc, took about that long for windows to flag me as not genuine- to keep using it until I swapped to Linux. Learned good data management habits in the process!)
I used to use cyanogenmod and a couple others waaaay back in like 2012-2018 or whatever, and I really liked rooting and flashing os, but privacy focused OS weren’t available for my devices. I’m poor, so can’t afford good phones, especially if I’m gunna fuck up the warranty immediately by rooting (only reason I paid as much for an iPhone as I did is they do support devices long-term, which is sorely lacking in stock android and, to me at least, entirely unknown for custom). Especially since a lot of better devices, to my understanding, have a rooted flag that can’t be un-flown by disabling root.
As for proton, I’ve heard good things, from a lot of people. I’m currently looking into self-hosting options for various things to un-dependent myself from services run by unknown entities (it’s gunna be a blast learning everything from square one… but so much better than my shit being “owned” by someone else), and haven’t really decided if I want to try hosting my own email or not. Probably not but it might be fun to play with while I decide.
deleted by creator
That is very true, and I have actually bought used before but it was a miserable experience because it wasn’t listed as carrier-locked (it was, however, a long time ago, well before carrier unlock was required/universal unlock was commonly available).
Perhaps I’ll look into getting a used phone while I have a working one and play with it a bit, if I can find one for a reasonable price, as long as they don’t have the same replacement lockout apple has. I’ve been using GSM carriers exclusively so I can bring my device if I ever (need to or can) emigrate, so probably a decent market of devices available.
Not a stupid question and thanks for reminding me that’s an option. I tend to distrust used/refurbished tech -replaced for a reason sort of thing, especially when warranty replacements of major models tend to be refurbished and have their own problems… but I probably shouldn’t assume others treat their tech the way I do - my forever precious. Like cars, I run them until they die, and someday I’ll make a fucking sculpture with all the broken old phones I have. I recently found my first semi-smart phone, which I had when I was… 22-24, I think? The Motorola rival A455 in purple. Fuck was technology pretty!
https://www.bing.com/images/search?q=motorola+a455+purple&form=HDRSC3&pc=MOZW&first=1
deleted by creator
Thank you for the detailed reply, and that’s actually something I hadn’t really considered. I know I baby the fuck out of my phone, so I’d probably be one of those people 😁 but also phones themselves have gotten a lot more durable and harder to break.
And that’s a good point that in other countries, unlocked gsm phones are just the norm even with regular upgrade plans, where here (Midwest us) it’s kinda hard to find because a lot of the larger carriers are CDMA, so my standard experience is just different. I haven’t really looked too much other than refurbished, and those aren’t cheap-er enough to be worth it, but I’ll take a look.
Buying a secondhand phone also gives you an insecure phone. That’s why GrapheneOS doesn’t support old phones.
deleted by creator
That’s not the problem. Remotely exploitable firmware vulnerabilities, for which no patch will ever be available, are the problem.
deleted by creator
Unless I’m mistaken, there have been firmware RCE vulnerabilities that give successful attackers unrestricted access to the entire system and can be attacked by anyone capable of sending network packets to it. That is not “very low”. That’s insecure to the point that “your” phone is basically the property of some overseas crime ring and they’re letting you borrow it.
deleted by creator
I do indeed: the Android Security Bulletins. Bear in mind that most people don’t install a custom operating system after the stock OS stops receiving updates.
Even for those who do, however, those vulnerabilities listed under a heading like “Qualcomm closed-source components”—that is, firmware vulnerabilities—are still present on their devices. See, for example, this list of firmware vulnerabilities fixed in an update as of December 2019. If you have a device that stopped receiving updates before then, it still suffers from those vulnerabilities no matter what OS you run on it, and many of them are RCEs that give successful attackers complete control of the device.
As for “likelihood”, infosec does not work that way. Cybercriminals and hostile foreign intelligence agencies don’t sleep and don’t show mercy. If you have a vulnerability that your adversaries know about and can feasibly exploit, then they are already exploiting it. That’s why vulnerability disclosure embargoes are a thing.