Even on a device where full security updates are available *and* the ROM ships all the security updates (i.e. they actually bundle all the updated firmware and drivers, which is rare), they usually lack a security update model and roll back / damage security features in AOSP.
Conversation
Replying to
If you want a secure device, use an iPhone or a Pixel with the stock OS. If you can't afford the current generation, use an iPhone from the previous generation. There are only a couple non-Pixel Android devices with decent security and none are truly competitive with a Pixel.
2
Replying to
Nitrogen 7.1 is based on AOSP
I think devs do not want to let certain devices die. forum.xda-developers.com/google-nexus-5
2
Replying to
Everything involving Android is based on AOSP. It's a silly statement. As I explained, there is no secure ROM available for the Nexus 5. Any claiming to have the latest security patch is being dishonest (quite concerning!), because they don't have the driver and firmware updates.
1
Replying to
There's no option available for the Nexus 5 that isn't incredibly insecure. You should understand that choosing to use a Nexus 5 is a choice to use a device with serious unpatched vulnerabilities. The monthly security patches include far more than just AOSP security patches.
1
Replying to
There are options even for Nexus 4 they are not perfect roms, just like the stock roms are also not perfect. In security nothing is impossible I think you agree.
I do not like Iphone and I'm not going to buy another phone.
2
Replying to
Those ROMs are all incredibly insecure. They're vulnerable to hundreds of serious disclosed vulnerabilities in the drivers, firmware and kernel. They lack current generation exploit mitigations throughout the stack and attackers have years to get reliable exploits working...
2
Replying to
Their updates don't provide full security updates for devices not receiving those updates from the vendors. In fact, they don't even provide full security updates many of the devices where that's still possible and quite easy to do since they don't always bundle drivers/firmware.
2
Replying to
Vendors do not want to know about security they just want to know about profit
1
1
Replying to
I'm unsure what that's supposed to mean. I don't think this is a productive discussion worth continuing.