I mean we all know about the sideloading restriction thing. So I wanna explore alternative OSes, just gathering info, not sure if I'll even end up buying another phone (currently have a Samsung as a main phone, and in North America they are bootloader locked).
Like I know Graphene OS is supposedly more secure, but is it worth paying so much more for a phone? And used phones are kinda sketchy btw, most originate from a carrier so unlockability is in question (I'm not playing the buy/return "lootbox" game lol, so much hassle and its never guaranteed when a seller would even accept a return).
The moto I was looking at apparantly was on CalyxOS's supported list, but they suspended development for some reason, so Lineage is the only Custom ROM left other than Graphene.
Graphene seems cool, but idk if its really that much better. Getting a pixel is directly giving Google the most money, and I don't feel so good about that after they closed sourced Pixel device tree codes (or whatever that thing was called that they closed sourced), and then they killed sideloading, feels wrong to be buying a pixel right now. So that leaves me with just Lineage. And I could get a much cheaper phone too going Lineage.
So TLDR: If you were to recommend a phone to someone, which would you recommend? Expensive phone for Graphene, or Cheap phone and just use Lineage? Or something else?
My current phone is about to kick the bucket, so I'm kinda in the same boat. I was stuck between the two options you're considering, but I recently decided that my next phone's probably gonna be a Fairphone because I have yet to hear any negative reviews about them
Well, you are gonna hear the first one then
They don't offer security updates. Like at all.
They are a month behind, if not multiple. And that is if they don't just discontinue support, like for the fp5 which is running an extremely eol kernel
My plan was to put Lineage on it, would that change your mind?
Lineage OS updates aren't going to fix firmware vulnerabilities, which would need to be developed for each phone individually. That's why guaranteed security updates from the OEM are so important, because they're usually the only ones equipped to provide them. If you don't care about security that much though, it's a good way to save money and prevent the device from going to a landfill. At the very least, it could be used for gaming or some other low risk utility. I have an ancient LG G5 with LineageOS connected to a TV, which I only use for streaming video. I even blocked it from accessing the rest of my LAN just in case.
Oh, I see. I was misunderstanding what you were getting at. I've never been someone who's glued to their phone, so its mostly a reluctant device I keep for emergency and remote access to my server. Considering most of my phone time is spent VPN-free web browsing or using selfhosted services, I think I don't need to be overly concerned with security like that, right? Every phone I've ever bought has been several years old anyway
(I'm not the guy you original replied to btw)
There's no way to know for sure, as each vulnerability is different. There could be bug that allows remote code execution, or something crazy like that. If you have ssh keys on your phone for accessing your personal infrastructure, I wouldn't risk it. Even if you're not someone worth targeting individually, bad actors try to exploit vulns en-mass to see what sticks. I'm sure you're no stranger to random bots hitting your webservers looking for
wp-adminendpoints 24/7.I'm a software dev, not a security researcher, but my perspective gives me insight into how sloppy and irresponsibly most software is written these days. I sure as hell don't trust 's throwaway code written for yearly e-waste device #15
That's a great point, well put