The only Pixel I have is a Pixel 3XL which is not supported anymore for updates. A few questions. does that mean at some point you have to buy a new phone all the time? How long are they supported, do I need the buy the newest one everytime to have a decently long support? If I can install Calyx, but have already degoogled my phone, is Calyx still useful? But I suppose at this point it’s still better to get a Pixel anyway and install Graphene which is supposedly better? how risky is it to run an unsupported phone like my Pixel 3XL? What can happen?
You must log in or # to comment.
The problem lies more with the phone itself no longer being supported, as both Calyx and Graphene only do harm-reduction updates after end of life, not full security updates. You will be taking a risk using either, but both are better than stock android.
For some reason you’ll find a lot of Calyx/non-graphene os hate on lemmy (just look at the dowvotes on anything calyx related, even on this post). But if your threat model is just combatting coprorate data harvesting, de-googling, or further securing your phone, it works well and does as promised.
You should also look into Fairphones with Calyx. They’re a bit pricey, but they get hardware support for 10 years instead of 5 (most android phones) and they are built with replacable parts in mind to prevent e-waste and unnecessary cost.
So in other words, yes you will have to buy a phone every 5 years (or 10 with fairphone) in order to have comprehensive security, even with graphene or calyx.
What’s your threat model? What are your major security concerns?
A phone not getting hardware updates is going to be trivially targeted by physical attacks, such as celebrite.
If your phone isn’t getting updates from graphene OS, it probably won’t get updates from calyx os either (or soon won’t).
If you just want to keep the hardware working, for nonsensitive things, lineage OS is a great option. But it won’t be very secure
https://grapheneos.org/faq#device-lifetime tells you how long a device will get support and updates
Honestly I hate that question because who actually has an answer for that specific device and situation? Though you do provide a good breakdown
does that mean at some point you have to buy a new phone all the time?
Yes and no. There are new security vulnerabilities discovered every day and if you aren’t getting security updates your device will not be secure.
If you spend a couple hundred bucks you can get a Pixel 8 and it will be good for another 5 years.
Lineage OS is also a good alternative. https://wiki.lineageos.org/devices/crosshatch/
The thing I don’t get about these sorts of conversations is if your threat model is so great why are you using a cellular phone at all? Like I get it, I’ve used graphene and I like it but as my daily I’m iOS all the way. Why, you ask? Because at some point you have to realize you are sacrificing a ton in usability in order to gain privacy and security. If I really cared about security I’d install graphene, sure. But I probably would even put a SIM card in the damn thing.
I would use Calyx over Graphene OS any day
Why?
