this post was submitted on 27 Jan 2024
274 points (98.9% liked)
Asklemmy
43952 readers
696 users here now
A loosely moderated place to ask open-ended questions
Search asklemmy ๐
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- !lemmy411@lemmy.ca: a community for finding communities
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Yes and no. For apple you can use their phones for quite a long time securely. For Android that is a very different story. As far as I know only Google with their new pixel phones and Samsung have offered more than 2 years of updates. After that time your phone becomes a security risk. So make sure your devices receives updates or can be used with a custom ROM (though that can be insecure as well).
It's 2 years of FEATURE updates, usually longer for security.
Sometimes. It depends on the manufacturer. Some do more some don't promise anything. You have to know what you have. Also the support time starts usually at the start of sale not at the time of purchase. That means if you buy a new phone that was released a year ago on clearance or something you might have only half the time.
What a load of crap. My phone is 5 years old and the only security risk is me blindly installing questionable APKs off the Internet or clicking pop-up ads or something. It's not like I'm walking around with a time bomb or anything when all I do is browse a few apps and text and call.
Also the new pixel 8 supposedly is supposed to come with 7 years of updates. It's entirely possible Google abandons that plan though, given their track record.
There have been a few bugs in the past years that let you take over a phone without user interaction. There was one where you only need to receive an SMS (it was invisible even) and your phone is infected. Another one was a vulnerability in wifi calling and voice over lte.
A phone is not a passive device that only gets something when you request it. You take also it with you to public places, use it in open wifi networks and you get calls. All that while being used for security critical stuff like 2FA, banking and payment.
You shouldn't use a phone without current security updates for much more than calling. It is a time bomb. If you want to educate yourself further you should look at "zero click vulnerabilities".
And if you happen to be in Vegas during Def con you should probably just turn off your phone and leave it in the room.