Post AC8xnPF7CSH5KD4xTU by pcrock@fosstodon.org
 (DIR) More posts by pcrock@fosstodon.org
 (DIR) Post #AC8Syzs2GIrnWwKYiG by pcrock@fosstodon.org
       2021-10-07T17:31:15Z
       
       0 likes, 0 repeats
       
       I'm trying to get out of this ridiculous 2 to 5 year support window for mobile devices. So instead of replacing my damaged smartphone, I decided to downgrade to a feature phone that has hotspot capability.The idea is to have one low-cost device that I don't care about provide an untrusted Internet connection. Then use a separate device with WiFi if I really need any "smarts." That device could be a refurbished smartphone / tablet or my trusty 10 year-old laptop.We'll see how it goes.
       
 (DIR) Post #AC8Sz0KkXXpqxzlUTA by rudolf@fosstodon.org
       2021-10-07T22:50:23Z
       
       0 likes, 0 repeats
       
       @pcrock Buy a smartfone that is supported by LineageOS.
       
 (DIR) Post #AC8xnPF7CSH5KD4xTU by pcrock@fosstodon.org
       2021-10-08T04:35:28Z
       
       0 likes, 0 repeats
       
       @rudolf So, my understanding is that LineageOS gives us operating system updates, but they still rely on obscure firmware blobs from the hardware manufacturers. Meaning long-term LineageOS support doesn't necessarily mean we still get long-term firmware security updates.Not a phone developer though, so I might not fully understand how it all works. Maybe there's a good Android phone out there with open source firmware that I'm just not aware of.
       
 (DIR) Post #AC9RFpWpxcULd0H3TM by rudolf@fosstodon.org
       2021-10-08T10:05:45Z
       
       0 likes, 0 repeats
       
       @pcrockThe blobs are the smallest problem, most exploits are in apps, less in Android, almost none in Blobs. Like most folks die at home, fewer in cars, and almost nobody in plane crashes. Plane crashes get the most press.Motorola has an Android most close to AOSP, and many of their phones are supported by LOS. If you don't mind spending money, Fairphone or Pixels also work.
       
 (DIR) Post #AC9VXQKolkHGWIITQm by pcrock@fosstodon.org
       2021-10-08T10:53:45Z
       
       0 likes, 0 repeats
       
       @rudolf I 95% agree, though I think firmware security becomes much more important when your device is promiscuously connecting to things via the baseband, Bluetooth, etc. Having a two-device setup makes it so I can turn off all my radios except WiFi, which makes outdated firmware less of an issue.
       
 (DIR) Post #AC9YOSUDhRXsRv6xw8 by rudolf@fosstodon.org
       2021-10-08T11:25:44Z
       
       0 likes, 0 repeats
       
       @pcrock The only ones that count are wifi and sim. The second device also has wifi and sim blobs, probably even the same. And I do not know of even one case where a blob took over an Android device.
       
 (DIR) Post #AC9j32YE1y5VQVyTIW by pcrock@fosstodon.org
       2021-10-08T13:25:08Z
       
       0 likes, 0 repeats
       
       @rudolf You have a point. Attacks on blobs seem rare and theoretical at this point. Getting a phone with active LineageOS maintenance is probably much more effective than worrying about baseband firmware etc.Though even LineageOS developers drop active support for devices. It seems like if you want long-term support for a device, Android isn't a great choice in general.