this post was submitted on 23 Jun 2024
73 points (96.2% liked)

Privacy

4241 readers
82 users here now

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

founded 1 year ago
MODERATORS
top 24 comments
sorted by: hot top controversial new old
[–] cheddar@programming.dev 38 points 5 months ago (4 children)

If only there was what to install. It's crazy that I have to essentially throw away a perfectly capable device because the manufacturer doesn't provide updates anymore. That if I want security updates.

[–] lightnsfw@reddthat.com 6 points 5 months ago* (last edited 5 months ago) (1 children)

It's so stupid. All the phones newer than mine have less hardware features so if I replace it I'll have to find new ways of doing a bunch of things. I'm just accepting the risk at this point until manufacturers get their heads out of their asses and make something decent or my carrier stops supporting my phone. I'd have probably bought two more phones since I got this one if everything wasn't a downgrade from what I have currently.

[–] EddoWagt@feddit.nl 4 points 5 months ago (1 children)

Yeah that's why I caved and bought a Sony Xperia 1 VI, yes it was very expensive, but at least it still does everything I want

[–] lightnsfw@reddthat.com 0 points 5 months ago (1 children)

What about that one made you select it?

[–] EddoWagt@feddit.nl 3 points 5 months ago

Sd card slot, headphone jack, great front firing speakers, no hole punch selfie camera, good cameras and awesome battery life

[–] aa1@lemm.ee 2 points 5 months ago (1 children)

Yeah, it's a shame. Only Google seems to take updates seriously.

[–] Andromxda@lemmy.dbzer0.com 7 points 5 months ago (1 children)

Not sure why this is getting downvoted, because it's actually true. Google is the only Android phone manufacturer at the moment, that delivers 7 years of OS security updates + firmware updates, allows the user to unlock the bootloader and re-lock it with custom signing keys to retain full Android Verified Boot. And the ARMv9 MTE is the cherry on top.

A modern Pixel with GrapheneOS is the best thing you can get right now for privacy, security and longevity.

[–] aa1@lemm.ee 4 points 5 months ago (1 children)

I completely agree with you. I think people downvoting me because "fuck Google" when in fact, hardware wise, is the best available to achieve privacy and security.

[–] jadedwench@lemmy.world 2 points 5 months ago (1 children)

My guess? Probably a mix of Google Evil (true), and not understanding you are talking about Pixels.

I switched to Pixels after the whole Note 7 debacle. I even have the Note 7 t-shirt Best Buy gave out for those of us with pre-orders. It was really really shitty timing as I was traveling a lot for work and I am trying to remember if I even had a backup phone to use. I may have already traded my old phone in at the time, but had something in a drawer I could use.

Evil Corp be damned, my phone just works. It doesn't lag. The pictures are awesome. Screen is nice. I just need all of this AI assistant shit to go away. I got it to STFU about it at least and my phone can go back to being a phone. Gemini can rot.

[–] Andromxda@lemmy.dbzer0.com 0 points 5 months ago (1 children)

I just need all of this AI assistant shit to go away.

GrapheneOS doesn't have any of this BS.
Despite what some people (who never used GOS and have idea how it works) say, everything except for Google Pay and a small portion of banking apps works just fine on it. You can check if your bank's app is supported: https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/
If you need Google Play services, you can easily install them, and it will still be more private than on a standard Android device, thanks to a custom sandboxing mechanism.
Security is just phenomenal, and I think it's fair to call GrapheneOS the most secure mobile operating system out there.
It also enhances the longevity of your phone, because GrapheneOS provides feature updates as long as Google provides security updates. Some devices with the Stock OS (like e.g. the Pixel 6a) receive security updates for 5 years, but Google only provides feature updates for 3 years. GrapheneOS extends that period to 5 years as well.
It's also super easy to install, and it's fully free & open source. It is truly amazing. I recommend watching this video to learn more about it: https://invidious.fi/watch?v=yTeAFoQnQPo

[–] jadedwench@lemmy.world 2 points 5 months ago (1 children)

That's the thing. I use Google Pay for 90% of the places I go and that isn't something I am willing to give up. Also, it looks like Amex isn't supported either. Google does 7 years of updates now.

[–] fmstrat@lemmy.nowsci.com 2 points 5 months ago (1 children)

This is why I only buy unlockable devices that have open boot loaders. Making that decision up front means ROM support for a much longer time frame.

[–] cheddar@programming.dev 2 points 5 months ago* (last edited 5 months ago) (1 children)

From my understanding my phone should be unlockable, but I have no expertise when it comes to custom Android builds. Like, how do I know they are safe and don't come with some malware?

[–] jadedwench@lemmy.world 5 points 5 months ago (1 children)

I haven't done it in ages as I have a Pixel, but the norm used to be go to XDA Developers. Everything you need should be there. Guides, reputable links, etc.

[–] fmstrat@lemmy.nowsci.com 5 points 5 months ago

Nowadays people use the popular ROMs like Lineage (you might remember as cyanogenmod), or GraphineOS. There are a few others, too. But XDA is always a good resource.

[–] tired_n_bored@lemmy.world 1 points 4 months ago

I wish security patches would be separated from "look at this new animation while closing the app1!1!1!" update honestly. Why is it so hard to do that?

[–] Tempo@lemmy.ml 28 points 5 months ago (2 children)

I think the moral of the story here is more along the lines of "don't install weird off-brand versions of apps from dodgy places" (F-Droid excepted, obviously)

Like what the fuck is a "Black WhatsApp"?

[–] Psychodelic@lemmy.world 12 points 5 months ago

Ratel RAT is spread via various means, but threat actors are typically seen abusing known brands like Instagram, WhatsApp, e-commerce platforms, or antivirus apps to trick people into downloading malicious APKs.

During installation, it requests access to risky permissions, including exemption from battery optimization, to be allowed to run in the background.

Yeah, that's a weird thing to do and then blame on a lack of updates.

"Make sure to extend your car's warranty! I mean, just look at what happened to this drunk driver's car."

I personally really dislike forced updates and how some people try and justify them with examples of people doing dumb shit like this where they literally side load a sketchy APK and grant it all permissions. Why not promote tech literacy instead of blind confidence into updates that are almost never explained in any significant detail? It's honestly just so weird how superstitious it all seems

[–] noodlejetski@lemm.ee 7 points 5 months ago (1 children)

Like what the fuck is a "Black WhatsApp"?

there are some modded Whatsapp versions that add features that don't exist in the official version, like hiding typing indicator for you while still being able to see the other person's, same with read markers, and so on. while I've never tried any myself, some of them seem to be legitimate.

[–] urheber@discuss.tchncs.de 1 points 5 months ago (1 children)

they are, but they probably also install a bunch of other stuff, I've had one once. had to reset my phone.

[–] EddoWagt@feddit.nl 2 points 5 months ago

I ran yowhatsapp for like 5 years, was great until whatsapp forced me to use the official app

[–] henfredemars@infosec.pub 13 points 5 months ago

Title doesn’t really follow the data from the article. Updating your smartphone doesn’t appear to be related to the RAT investigated here. Rather, the researchers note older devices were targeted more often.

This could be an incidental finding.

[–] tomjs@lemdro.id 8 points 5 months ago

It's ironic that this website is being posted here. The amount of ads is atrocious, and the scrolling looks like 10fps. Privacy much...