If you want to use a phone for 5-6 years while retaining a decent level of security, buy an iPhone XR. You don't have other options. Please stop using insecure old Android phones and don't bother pretending that ROMs unable to ship full security updates change that situation...
Conversation
Replying to
The same boat. Neither device had competitive security features on release. LG G4 is end-of-life and doesn't have full security patches anymore, no matter which ROM you choose. AOSP security updates only provide a subset of the security fixes, not all device-specific fixes.
1
1
Huawei P20 still seems to receive security updates but not at the proper monthly schedule and likely only with the mandatory fixes rather than all recommended ones. Security is about far more than just fixing bugs but these vendors can't even get that done properly. It's a joke.
1
1
Replying to
Interesting. Ty for your input. So where could one do these recommended fixes themselves? In the phone develop settings somehow? Or has to be done by the company?
1
Replying to
For closed-source components, it's only realistic for the companies producing the software to properly maintain it. It's possible to make binary patches, but it scales very poorly to more complex issues and simply isn't a viable way to maintain software in the long term at all.
For the low-level firmware, there's signature verification and downgrade protection. Similarly, peripheral components (as in separate from the SoC, like Wi-Fi) are supposed to do the same for their own firmware. It wouldn't make all that much difference if this wasn't the case.
1
1
There are many device-specific components that are open source including the entire kernel and all the kernel drivers. However, no one is taking that over and porting the entirety of the drivers forward to a still maintained LTS kernel branch. It's a huge amount of boring work...
1
1
Show replies