I'm Conflicted - eviltoast

I have a Pixel 4a (with Calyx) for a few years already (start of 2021) and it’s still going great. The battery is okay. Everything works nice. It’s smooth. It runs everything perfectly fine.

This makes me glad to see that hardware wise this phone was really built to last, I can’t even count how many times I dropped it so hard that I was scared to see the damage (which was always either nothing or a broken screen protector)

But software wise I’m screwed as security updates are already gone from Google and I only get the extended support from Calyx which will also end soon.

Now I’m forced to choose between having a phone that is insecure or buying a new one.

So thanks Google for the high quality hardware, but what’s up with this software planned obsolescence??

I know this isn’t exactly right to repair, but it also kind of is because if Google decided to ditch the 4a, they should be forced to open source the software so that the public can actually repair it.

I’m sure that some of their latest updates can be modified slightly to work for the 4a, but they don’t care and for them this is a win-win since they don’t have to maintian support and they get new customers who would otherwise be satisfied with an “old” phone.

What happened to the days when an old phone meant a phone that was already crumbling to pieces, and not a fully functional computer that is slightly older then a toddler?

  • downpunxx@fedia.io
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    6 months ago

    cheers for that, but all i see on that list is a whole bunch of “this could lead” and “there’s a possibility”, not any widespread outtages of breaches of entire product lines, like we have seen in the past with botnets and viruses in the pc world. i’m all for precaution, but again, i can’t think of a time there’s been a worldwide, or even nationally localized, smart phone infection across a brand or product line due to the ending of regular security updates, and i’d be interested if anyone knew if there ever has been.

    what i’m thinking is, while it’s best practice to have manufacturers/phone company os gui security updates for any smart phone in use, it’s not the end of the world if there aren’t. i could be wrong, but “this could lead” and “there’s a possibility” is warning, not proof or anything at all

    • MTK@lemmy.worldOP
      link
      fedilink
      arrow-up
      6
      arrow-down
      1
      ·
      6 months ago

      I’m sorry but you are wrong, if there is a CVE it means it works, and “could lead to” means that it literary can lead to that outcome.

      All you need it one really bad CVE or a few bad-ish ones to do a lot of damage.

      • downpunxx@fedia.io
        link
        fedilink
        arrow-up
        1
        arrow-down
        2
        ·
        6 months ago

        sure, could lead to, show where it has, in small groups, or large, ever, for any smart phone

          • downpunxx@fedia.io
            link
            fedilink
            arrow-up
            1
            ·
            6 months ago

            ok, i browsed through that, and again, am not seeing where it actually was deployed and affected end users, just a breakdown of how it could, and what i’ve continually been requesting, wondering about is if a botnet/virus campaign has ever been actually pushed out to smart phones, anywhere, at any time, due to the ending of manufacturers security updates, and again, i’ve yet to be presented with any evidence it has (only that it could be)

            • MTK@lemmy.worldOP
              link
              fedilink
              arrow-up
              1
              ·
              6 months ago

              Look, when it comes to security statistics, a lot of it is locked behind closed doors in all kinds of big security companies. I can tell you personally that I have worked in such a company and you could see a lot of exploitation (attempts) on Android devices. It was there.

              Look once there’s a CVE and there is a POC for it. Usually there comes a Metasploit module for it and then it’s for sure being used by a bunch of people.

              • downpunxx@fedia.io
                link
                fedilink
                arrow-up
                1
                ·
                6 months ago

                aha, the old, i know it happened, i just can’t produce any real proof of it happening, anywhere, to anyone, at any time. got it. well, shit, i’m convinced, guess you shouldn’t use that Pixel 4a then. question answered, problem solved. be well.

                • MTK@lemmy.worldOP
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  6 months ago

                  Look, I have no interest in convincing you, you can also find some materials online but yeah, plenty of this info is closed source, that’s just how it is with some industries.

                  If you want to throw caution to the wind because you couldn’t find anything that is your choice.

      • downpunxx@fedia.io
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        6 months ago

        sure, able to be exploited, show where it has, in small groups, or large, ever, for any smart phone, ever

          • downpunxx@fedia.io
            link
            fedilink
            arrow-up
            2
            ·
            6 months ago

            and again, not being a sea lion, as sea lions request others to research easily identifiable information, which my posit is precisely the oposite of, i’ve asked if there ever has been a smart phone vulnerability like a botnet/virus campaign that has ever been actually pushed out to smart phones, anywhere, at any time, any where due to the ending of manufacturers security updates, and again, i’ve yet to be presented with any evidence it has (only that it could be). so, not knowing of one personally (which in no way means it hasn’t happened, just that i don’t know about any such occurance) i put it to the comment section, and having been replied to almost a dozen times now with “vulnerabilities” i’ve yet to be presented with an actual infection case. not one.

              • downpunxx@fedia.io
                link
                fedilink
                arrow-up
                2
                ·
                6 months ago

                I know people who have had fires in their apartments, I have seen news reports on tv and the internet, there are entire subsections of literature giving excruciatingly grand detail of historical fires throughout time. You know, proof that a thing happened, and investigation of why and how it happened.

                What I have not seen any proof of, at any time, from any source, is a mass infection of consumer grade smartphones which would have been prevented by ongoing timely security updates. Not one. Rien. Bubkas. What I am seeing a lot of is people convinced that a warning is as good as an experience which has been studied and learned from. What I’m seeing without fail in this thread are people so jammed up with “could” and “possibly” but no “here’s what we learned from this exploit being detonated in the wild, and here’s the reason it happened”.

                I like your fire analogy, I’m worried about fires, I’ve seen the results. The same can’t be said about not getting ongoing manufacturers security updates for smart phones.