I don't need you to explain to me how this works. You're wasting your time and mine. As I've said, devices without full security updates are a security disaster. Your Nexus 5 is incredibly insecure and easy to exploit, regardless of which insecure ROM you choose to run on it.
Conversation
Nexus 5 stopped receiving support after October 2016. Using a ROM shipping the latest AOSP security patch doesn't fix that, as I've explained, since the vast majority of the driver, kernel and firmware updates aren't available. The firmware and many drivers are closed source too.
1
Some modified roms use modified kernels.
Firmware can be rewritten.
2
I read somewhere that someone was working on the Verified boot in modified Roms.
I repeat in security does not exist impossibles.
When you think you're safe there are people like me to break the security that you or someone else did.
1
Verified boot requires hardware support, as do many other security features. It's impossible to add it to a device without hardware support. As I already explained, the Nexus 5X/6P and Pixels have full support for verified boot with alternate operating systems. My work used it.
1
Your device doesn't have basic security updates for the vulnerabilities disclosed in the monthly bulletins. That's basic security hygiene. There's far more to security than fixing disclosed vulnerabilities and also you're missing years of advances in software / hardware security.
1
Fixing discovered vulnerabilities is basic security hygiene. Your device doesn't even have those basics. It isn't fixed by any ROM. You're in the same position as someone using WinXP in 2018 and trying to justify it by saying a couple out of thousands of bugs got binary patches.
1
I don't understand why you follow me or have interest in privacy / security hardening work if you don't even care about having basic security updates fixing the discovered vulnerabilities. It makes no sense and trying to argue from a position of total ignorance is just silly.
2
3
Phones should receive proper security updates for much longer. Google should move to supporting Pixels for at least 5 years. However, they're still doing the 3 years they did for Nexus devices and it isn't fixed by using a ROM with AOSP security updates after the end-of-life.
1
2
I can understand someone that's unable to afford buying a new flagship phone on a 2-3 year cycle. The best value secure option for them is using an iPhone XR for 5+ years and then repeating the cycle. People doing a 2-3 year cycle have Pixels as a good option. That's all I said.
1
1
1
Many people can't afford expensive phones up front so they pay a bit more spread out over a contract. There aren't any cheap secure phones available. Buying an old iPhone isn't really cheaper since it needs to be replaces sooner and they retain value too well for great deals.
And sure, you can do better than the security of a stock Pixel or iPhone, by using an alternate OS on a Pixel that doesn't currently exist, or even better by having alternate hardware matching the solid implementation and hardware security features of Pixels and going further.
1
1
1
Building AOSP from source yourself with a proper setup including a good HSM for signing can match the security of stock but that isn't really something that exists as it can't simply be installed and it's non-trivial to do the same full updates and hardening as the stock OS.
1
Show replies