Options for Android phone no longer getting security updates?

LineageOS in general is very mature, I used it as a daily driver for years. Though it will partially depend on model; there's an upstream that all the different builds share, but individual builds have to be made for individual devices and support was entirely community-based last I checked. So depending on the popularity of your phone, you eg. might only get nightlies and not stables

Assuming this is your phone, looks like you might have to use nightlies: https://wiki.lineageos.org/devices/ocean/

Still, I've used nightlies for significant stretches of time without any major issues. You'll probably see a significant speed boost too vs the OEM software

You will need to follow a guide and do a little tinkering to set up the OS, but I think this is a viable path forward for you

From my experience (which isn't worth much but I have had similar thoughts about this) I went with a used iPhone 8 last year for around $180 because I thought it was going to get iOS 16, which it did. It's good until September next year (when the next iOS probably comes out) and at that point I will probably get a newer iPhone albeit probably a used one to save money.

On custom ROMS, a security researcher named 'madaidan' states that ROMs such as Lineage are insecure (https://madaidans-insecurities.github.io/security-privacy-ad...) with GrapheneOS being an exception.

On the GrapheneOS website, it recommends getting a Pixel 6 and above which has 5 years of guaranteed full security updates (https://grapheneos.org/faq#recommended-devices).

Louis Rossmann recently released a video talking about GrapheneOS as his daily driver and breaks down some usability misconceptions. (https://www.youtube.com/watch?v=yIZmUINSvQ4)

https://wiki.lineageos.org/devices/ocean/

A Moto G7 Power like above? Motorola devices can be bootloader unlocked I think.

We have a couple Moto G7 Plus devices and use microG, I use VPN and have a firewall app. Works great. Even notifications can work with apps you choose.

I have been a LineageOS user for awhile. There's no guarantee a particular device will always be maintained but if is, it's not that hard to install. The instructions are pretty clear. I've used it on a old Samsung 3, an Honor5x, Samsung S5, and now Moto G7.

Unfortunately, I don't believe your device is supported by GrapheneOS: https://grapheneos.org/faq#supported-devices

Install LineageOS on it, if it's supported?

https://wiki.lineageos.org/devices/#motorola

But read this about LineageOS, et al to understand the risks: https://madaidans-insecurities.github.io/android.html

If you prefer Android devices, always seek out phones whose bootloader can be unlocked so that you can install another OS on it. This way, you can be assured of Android fork / ports being available for the phone even if the manufacturer stops releasing updates. I highly recommend Sony Open Devices - https://static.developer.sony.com/develop/open-devices/get-s... ... Or checkout the list of supported devices that can run LineageOS (a popular fork of Android) - https://wiki.lineageos.org/devices/

My bank-app decided not to work on android 6 and below.

So the answer 1#, dont worry about it, somebody else does the worrying for you.

No one's going option 1? Are there any stories of people getting pwned because of old android vulnerabilities?

You can buy a Pixel 6a and it will get security updates until 2027: https://support.google.com/pixelphone/answer/4457705?hl=en#z...

It costs quite a bit less than an iPhone ($349 as of this writing).

That's a pretty lousy policy from Moto, even more so considering it has a decent Qualcomm SoC in it.

Android 9 got its last regular security update in January of 2022. If Google's pattern continues, Android 11 itself should continue to get regular security updates until Q1 2024.

What a waste.

The problem with custom ROMs is that a lot of banking apps try to detect if the phone's bootloader is unlocked or it's rooted, and these apps then refuse to work. There are workarounds but they're not bulletproof.

Keep it, but don't do anything important on it. Don't read your email. Don't read your social media, if you care about your account being taken over. Don't access your bank on it. Use it for phone calls and texting only, and that if you don't care about somebody else reading your texts.

And for me, that's good enough. I don't actually care about someone reading my texts. I simply don't access the internet on my phone. (Cataracts made it hard to focus close enough to read a screen that small. Yes, you can enlarge the text, but then I'd be scrolling my fingers off.) My personal life isn't tabloid material. I don't have any stalkers. (So far as I know - if I do, hi!) So someone could read my contacts, read my texts, and see pictures of my granddaughter and my cat. Under these conditions, I see no reason why I should care very much about the security of my phone.

Am I missing something in my threat model?

Airgap it, remove all apps, install Navit [1] and mount the phone on your bicycle to turn it into a sleek, hackable, premium(-ish) offline GPS.

[1]: https://www.navit-project.org/

I've used LineageOS to revive a Samsung Galaxy S4 and a Note 3, they work pretty well. The installation is easy. That said, you might encounter bugs on your particular device which may or may not be a big deal for you.

I have had some issues with GPS accuracy and Bluetooth connections from the S4 to a certain device occasionally dropping out, but I haven't done careful before/after tests so these may be hardware problems. I would recommend giving the LineageOS a try, at least before replacing the phone, if that's the path you want to take.

For a similar moto one I saw two problems trying to use microg/lineageos:

1. Bluetooth headset audio had some kind of bug. Something like this is a deal breaker or something you would never notice depending on what you do on the phone I suppose.

2. There's no sign of a key partition to support orange(?) booting. I just see N/A for the keys of whatever OS I might have booted.

Airgap it or install Lineage or one of the other open source replacements, it's not usually hard, but I don't know anything about your particular phone. On Pixels you can literally just go to a webpage and start the rooting and install from there.

Keep it, to play around with LineageOS, but get an inexpensive iPhone.

#u€k these handset manufacturers like Moto whose lack of mainline support feeds our trash heaps - they know exactly what they're doing.

2, and get an iPhone so you don't have this problem again in 2024. I even got security updates on my Windows Phone years after Microsoft abandoned the entire platform, Android is mostly just a joke we all tell ourselves isn't one.

A related question: How secure is an Android phone that does receive security updates from its vendor? I vaguely recall hearing that it can take months before a security patch makes it from mainline Android to consumer devices.

> 2. Replace it now with a new phone.

Buy an iPhone. You do not need this fuss in your life.