Better Mobile App

android security issues and patches

I have wondered on and off occasionally what happens if a security issue happens with the android OS.
Currently as we all know android is incredibly fragmented, mainly due to a system where the phone vendors roll out updates at their own leisure and google upgrading the OS at a very fast pace. Combination of the two equals fragmented userbase. But I have never seen an update for android on any version stated to fix a security issue.
Then I read this article.
http://www.bbc.co.uk/news/technology-23431281
It mentiones manufacturers have yet to pass on the patch which is no surprise as here in the uk the phones that still do get updates tend to be 12 months behind google's updates (unless a new model on market), which is a deliberate policy so people buy a new phone to get new android.
Does anyone here know which android version's are affected and if custom roms have it patched?

chrcol said:
I have wondered on and off occasionally what happens if a security issue happens with the android OS.
Currently as we all know android is incredibly fragmented, mainly due to a system where the phone vendors roll out updates at their own leisure and google upgrading the OS at a very fast pace. Combination of the two equals fragmented userbase. But I have never seen an update for android on any version stated to fix a security issue.
Then I read this article.
http://www.bbc.co.uk/news/technology-23431281
It mentiones manufacturers have yet to pass on the patch which is no surprise as here in the uk the phones that still do get updates tend to be 12 months behind google's updates (unless a new model on market), which is a deliberate policy so people buy a new phone to get new android.
Does anyone here know which android version's are affected and if custom roms have it patched?
Click to expand...
Click to collapse
if you're rooted (which i assume seeing your signature) you're safe.
Also read this: http://www.androidcentral.com/making-sense-latest-android-security-scare

well it doesnt say you safe if rooted it just says you have bigger security concerns to worry about so dont worry about this.
So in short if that article is right, its been a problem since android 1.6, all that time google hasnt bothered to patch it, samsung did their own patch but only on the s4, and android 4.3 is expected to be patched.
In the meantime ensure unknown app sources is disabled.
thats what I get from that article.

Very important thread.
Thanks for posting.
I'm glad I'm rooted

another article.
http://searchnetworking.techtarget....s-Report-Mobile-malware-attacks-grew-over-600
Seems android not disclosing the security issues and it wouldnt surprise me all the older phones with no updates are full of security holes.
should google be backporting security fixes to 2.2.x 2.1.x etc?

Install Xposed framework and then load the patch module to fix both security exploits, or simply only install well trusted apps

yeah I patched my AOKP now.
looking at this url it seems I can do the same on TW rom also.
http://forum.xda-developers.com/showthread.php?t=2374453

p9000 development already dead?

Why is there such alot more development and forum activity on for example the Xiaomi Redmi phones than on this one? The p9000 got excellent hardware for a great price but the community is really small somehow and the software is still buggy? How come? Do you think its still worth to wait for more activity and responses from developers for this phone or is it a "dead cow" already and better to swap to another brand to get support from developers on for example CM or RR?

furchtlos76 said:
Why is there such alot more development and forum activity on for example the Xiaomi Redmi phones than on this one? The p9000 got excellent hardware for a great price but the community is really small somehow and the software is still buggy? How come? Do you think its still worth to wait for more activity and responses from developers for this phone or is it a "dead cow" already and better to swap to another brand to get support from developers on for example CM or RR?
Click to expand...
Click to collapse
Development for this device is far from dead, we have a stable device tree for building custom ROM's, CM and RR ROM's already released, a fully source built TWRP and work on custom kernels is just beginning. That's a lot more development already than an awful lot of devices see in their entire lifetime.

I would rather say it has just begun. Development for this MTK chip is not a matter of course and the outcome so far is pretty exciting. This opens the way for other devs who work on other devices with the same chipset. It's just that many devs simply prefer Snapdragon which leads to higher dev count on those devices, faster bug fixing etc. I am pretty excited what the future brings not only for our P9000 but MTK devices in general as far as flashing and development goes.

Development is dead? What gave you that impression? For starter this phone already has a working twrp recovery. That is more then some Chinese phones get in their whole lifetime. Kernels is the area of development next and elephone has been kind to release the source code for the phone. Again more then most developers even bother with.

well, it got twrp,root and xposed working. More than some name brand phones that stop official updates after a year.
But i admit it is easier to update my old nexus 4 with cm downloader. Just click the update notification and latest cm gets installed.

It is also getting nougat in November hopefully

mangoman said:
well, it got twrp,root and xposed working. More than some name brand phones that stop official updates after a year.
But i admit it is easier to update my old nexus 4 with cm downloader. Just click the update notification and latest cm gets installed.
Click to expand...
Click to collapse
That's because Nexus 4 is an officially supported device by CM.
It's very difficult for MTK devices in general to get official CM support because we have to patch some things in the framework to make camera, RIL (mobile data) etc working.
The official stance is that these things should be done in device tree as no proprietary code is allowed in CM framework.
Initially when our patches were submitted to CM Gerrit they were rejected because of this, Leskal is working on minimising the patch work needed and getting more of the generic MTK code accepted on Gerrit.

Not helped by the fact that MTK themselves aren't helpful or willing to support developers as it doesn't suit their replace and force upgrade business model. Technically how they operate and their refusal to release official development tools or code is a violation of the open sources nature of Android. But google has yet to do anything serious about it. As far as I know, any code we have is from reverse engineering and leaks.

Android-UK said:
Not helped by the fact that MTK themselves aren't helpful or willing to support developers as it doesn't suit their replace and force upgrade business model. Technically how they operate and their refusal to release official development tools or code is a violation of the open sources nature of Android. But google has yet to do anything serious about it. As far as I know, any code we have is from reverse engineering and leaks.
Click to expand...
Click to collapse
Not true, I've met up with MTK engineers at DevCon and they do actually encourage development, they just seem to lately be wanting to protect their HAL's and drivers which as pointed out on the XDA portal article about this is sort of ridiculous. But then again it's proprietary code and not under the GPL so whilst we can say it's stupid we can't really contest it, it's their choice.
The code we have is completely official and not gotten from reverse engineering.

Jonny said:
Not true, I've met up with MTK engineers at DevCon and they do actually encourage development, they just seem to lately be wanting to protect their HAL's and drivers which as pointed out on the XDA portal article about this is sort of ridiculous. But then again it's proprietary code and not under the GPL so whilst we can say it's stupid we can't really contest ot, it's their choice.
The code we have is completely official and not gotten from reverse engineering.
Click to expand...
Click to collapse
I have seen many a leak before. But OK they support developing but at the same time they don't help provide any decent tools for troubleshooting or development.

Android-UK said:
I have seen many a leak before. But OK they support developing but at the same time they don't help provide any decent tools for troubleshooting or development.
Click to expand...
Click to collapse
Why do they need to? There's already great tools around for that, I know Qualcomm certainly used to provide a package for debugging the lower system levels but it wasn't widely available as the lower levels of the device booting process are not needed to be modified outside of OEM labs and manufacturing.
The lowest level we need is kernel debugging and the kernel already provides that via last_kmsg and desmsg etc, all other tools are already available as part of ADB, logcat etc. There are also a plethora of other tools readily available.

I would call it pretty dead now Well, if not dead then dying.

Let's hope for a Christmas special

[dorado] [DEV] Porting Wear OS upgrades and Google Pay to Wear24

Wear 24 Development​Contributors: @JaredTamana, @davwheat​
Current Status: Active​Current Kernel Status: Building, NFC driver working but still potentially WIP​System ROM Status: Still WIP. Current task: collecting/compiling files, modifying .jars​THIS ROM IS NOT YET AVAILABLE TO DOWNLOAD AS AN END-USER ROM​
This project has a few goals:
- Bringing NFC/Google Pay support to Wear24 [Feasible, main goal]
- Bringing system updates to the Wear24, ie System H [Probably doable, second goal]
- Adding/fixing functionality in the Wear24 (such as new radio bands, no cloud icon, etc) [Maybe possible but needs more research, low on the list)
- Other projects are being considered for the Wear24, but no news on them at this time.
Links
Social
Wear24Dev Blog, periodic updates on this project: http://wear24dev.blogspot.com
Wear24 NFC Discord, open chat so users can see us develop in real-time! Also, tech support. https://discord.gg/8XyTeUC
Development
Wear24-NFC-Kernel GitHub, this is our source for building the kernel. Instructions for building it yourself are in the README. https://github.com/davwheat/Wear24-NFC-Kernel
Travis-CI Build Logs for Kernel: https://travis-ci.org/davwheat/Wear24-NFC-Kernel
Wear24-NFC-ROM GitHub, will soon contain the files needed to make an image/zip, depending on how we decide to distribute. https://github.com/davwheat/Wear24-NFC-ROM
JaredTamana's GDrive dorado folder, may contain files you need: https://drive.google.com/drive/folders/1h6gz-oLMPZ90nwt7BLhWVgHii1DRCW5c
davwheat's GDrive dorado folder, may contain files you need: https://drive.google.com/drive/fold...droid-msm-dorado-3.18-nougat-mr1-wear-release
tetra release for enabling NFC: https://forum.xda-developers.com/sm...ony-smartwatch-3-nfc-support-package-t3219713
NXP Setup Guidelines: https://github.com/NXPNFCProject/NF...r/AN11762-Android_NXP_NFC_Setup_Guideline.pdf
Special Thanks
janjan: Dev guidance
 @bensdeals: Donor, help
 @yochanmarquos, u/lerxi: Development help.

-- RESERVED -- Because you never know

Someone should have a TWRP backup handy with the images you are looking for. Correct me if I'm wrong, but all the images you require are inside a TWRP backup image.

Anyone remember that Sony SW3 port thread? I'm not sure what happened to the project, but dev seems quiet and the device tree repos are gone. Was hoping to use those as a resource and it wasn't crawled by archive.org. Wonder if external forces got involved, which makes me a bit worried. If anyone has a clone of that repo, it might be really useful.

Please. I beg you to make this happen. Thanks for even trying

I'm definitely interested in this. If I knew I could get Google Pay working on this device, I would definitely buy one. I'll happily throw a few dollars your way too, if you can release something that works.

Hoping I found it
JaredTamana said:
Anyone remember that Sony SW3 port thread? I'm not sure what happened to the project, but dev seems quiet and the device tree repos are gone. Was hoping to use those as a resource and it wasn't crawled by archive.org. Wonder if external forces got involved, which makes me a bit worried. If anyone has a clone of that repo, it might be really useful.
Click to expand...
Click to collapse
Is this what you're looking for? (Sorry, I'm not allowed to post url yet so just remove space before .com)
github .com/FlorentRevest/android_device_sony_tetra
My Wear24 just came in from eBay . It's a really good looking device. I might be able to help you test at some stage. Also willing to donate ducats if you get far enough. Good Luck :good:

I got my wear24 a few months ago, and was slightly disappointed to find out about the lack of root, customization, etc. I'm still not a huge fan of opening it up, but I'm up for helping any other way I can!

YTSec said:
I got my wear24 a few months ago, and was slightly disappointed to find out about the lack of root, customization, etc. I'm still not a huge fan of opening it up, but I'm up for helping any other way I can!
Click to expand...
Click to collapse
I appreciate the thought, but doing anything in the vein of system modification will require opening the watch. Luckily, the pinout is right under the back cover, so chances of damaging the watch are minimal. If you change your mind, let me know.

** NEWS **
Semi-daily updates will be going on this Blogger Page so I don't clog up the thread
http://wear24dev.blogspot.com

Hi, can i flash this rom to zte quartz 2017?
Hi, can i flash this rom to zte quartz 2017?

Eshal said:
Hi, can i flash this rom to zte quartz 2017?
Click to expand...
Click to collapse
Eshal, this ROM hasn't even been built yet. I cannot guarantee compatibility with your device because I'm not building for your device. You can try flashing whatever you like, but I'm not liable for your device.
This ROM is still in its first steps and I quite literally have nothing to release yet. I've just finished bringing backups over to my PC.

JaredTamana said:
I appreciate the thought, but doing anything in the vein of system modification will require opening the watch. Luckily, the pinout is right under the back cover, so chances of damaging the watch are minimal. If you change your mind, let me know.
Click to expand...
Click to collapse
I took a look, it's not as bad as I thought. Its probably worth unlocking the bootloader anyway! I'll let you know tomorrow if I do.

YTSec said:
I took a look, it's not as bad as I thought. Its probably worth unlocking the bootloader anyway! I'll let you know tomorrow if I do.
Click to expand...
Click to collapse
Glad to hear it! Make sure to read the main thread as to tips on how to do it. Use lots of heat, and don't forget the Y000 (0.6) screwdriver.

Kernel builds are now passing, and I've begun debugging the boot process. More info on the Blogspot

Sorry for the late reply, I'm just waiting on a toolkit that works on it, then I'll start ripping it apart to help out! Also, I got that new UI which is great.

How goes the testing? I've noticed that there haven't been any new posts on the blog or on this thread. Hope everything is well

@JaredTamana Have you seen this? BLOCKS announces Project OpenWatch: an Android Oreo-based OS for smartwatches in collaboration with CarbonROM and LineageOS
Here's their GitHub.

VlitalityX said:
How goes the testing? I've noticed that there haven't been any new posts on the blog or on this thread. Hope everything is well
Click to expand...
Click to collapse
Hiya! Sorry for the lack of updates. I've hit a wall with that Binder error. All documentation online seems to be about x86 machines and ranges from IO errors to SELinux errors. I've already tried compiling without SELinux in a few different ways to no avail. I've tried contacting development channels on IRC, but no one seems to have the answers I need (most times I don't even get a reply...)
I'm still brainstorming. I took a look at the kmsg from the stock build and there's a LOT being sent to logs there that isn't from my kernel. I'm not sure where to go next, and I don't want to go knocking on the door of every single developer that might know the answer. The problem is the Binder errors are so vague about what's causing the failed transaction that I can't even start to understand what's wrong.

yochananmarqos said:
@JaredTamana Have you seen this? BLOCKS announces Project OpenWatch: an Android Oreo-based OS for smartwatches in collaboration with CarbonROM and LineageOS
Here's their GitHub.
Click to expand...
Click to collapse
Thanks! I do remember seeing this. Problem is, if I can't even build a stock kernel, nothing else can be done. I need the device booting first before I can move to system changes.

Daydream will be back. Axon 7 development is still ongoing

I wrote an email to the chief technical officer of ZTE and asked if development for the Axon 7 is still ongoing. Here is a screenshot of the answer.

Can you link exactly who you wrote to? I would like to confirm this.

MishaalRahman said:
Can you link exactly who you wrote to? I would like to confirm this.
Click to expand...
Click to collapse
Pm for now to avoid possible email spamming.
As for all the others who read this, here is a little more explanation:
He is the technical chief officer of zte and stands in direct contact with the dev team. He is also the reason we got the zip for disabling system write protection in the first place. Without him i wouldn't have gotten the update.zip (with disabled system write protection) and @raystef66 couldn't have made a flashable zip for us.

Great contact! Thanks.
Anyway to get the PIE IMS so we can get wifi calling working on Oreo or Pie?

amphi66 said:
Great contact! Thanks.
Anyway to get the PIE IMS so we can get wifi calling working on Oreo or Pie?
Click to expand...
Click to collapse
Volte works on Oreo china

amphi66 said:
Great contact! Thanks.
Anyway to get the PIE IMS so we can get wifi calling working on Oreo or Pie?
Click to expand...
Click to collapse
VoLTE should work on any of the big Oreo ROMs. WFC is hit or miss (even on stock ROM). I'm assuming Oreo is gonna be the last android version we can install and still have these things work (unless some dev out there finds a way to get past this roadblock in the future). Either way, I kinda doubt ZTE would provide any further updates for us beyond Oreo. I'm assuming that the response given in the OP meant that they would fix everything that's still broken and missing on 8.0; not begin development for Pie (especially since the Axon 10 is just around the corner, pulling resources into a 3-year-old phone just isn't a sound decision from a business standpoint).

HunterBlade said:
pulling resources into a 3-year-old phone just isn't a sound decision from a business standpoint).
Click to expand...
Click to collapse
It is if ZTE expect some form of customer loyalty on future purchase decisions. Would you buy the Axon 10/11/12 etc. based on your Axon 7 experience? Yes they had disruptions from trade sanctions etc. but that's not the consumers fault and imo ZTE should be doing everything they can to restore faith in their brand.

They're basically starting again.
They need an affordable flagship like the Axon 7 was. If they don't, it will be hard to gather enough sales to start a customer pool and try for return purchase later on.
Current customers are wary, sceptical and untrusting after that whole fiasco and rightly so.

amphi66 said:
Great contact! Thanks.
Anyway to get the PIE IMS so we can get wifi calling working on Oreo or Pie?
Click to expand...
Click to collapse
VoLTE nd Wifi calling wok fine for me on ZTE's Oreo B20.

RobboW said:
They're basically starting again.
They need an affordable flagship like the Axon 7 was. If they don't, it will be hard to gather enough sales to start a customer pool and try for return purchase later on.
Current customers are wary, sceptical and untrusting after that whole fiasco and rightly so.
Click to expand...
Click to collapse
They just need to copy and paste the Axon 7 with newer specs.
Maybe bumping it to 6" in order to have more internal space would do the trick.
I still can't understand how did they think that the Axon 9 Pro was a good idea. They litterally took all that was great about the A7 and...deleted it.
Now...a bit of an on topic question. Instead of releasing 8.0, could they not enter the Android One program with it...especially since they were aiming for stock experience?
Maybe it's been asked before, but what are the implications of entering the AO program,because IIRC, I may have read some time ago something about a partition not existing on the device and ZTE not gambling with a large release, but I can't remember specifically?

TorqueSsS said:
They just need to copy and paste the Axon 7 with newer specs.
Maybe bumping it to 6" in order to have more internal space would do the trick.
I still can't understand how did they think that the Axon 9 Pro was a good idea. They litterally took all that was great about the A7 and...deleted it.
Now...a bit of an on topic question. Instead of releasing 8.0, could they not enter the Android One program with it...especially since they were aiming for stock experience?
Maybe it's been asked before, but what are the implications of entering the AO program,because IIRC, I may have read some time ago something about a partition not existing on the device and ZTE not gambling with a large release, but I can't remember specifically?
Click to expand...
Click to collapse
The vendor partition stuff is something else entirely. Some people believed that ZTE would bring Treble support to the Axon while that made very little sense (Treble is a requirement for phones that SHIP with Oreo and above, but it's optional for Oreo, and its main advantage is it makes it easier for OEMs to update major Android versions). It was developed by djkuz and NFound eventually anyways, but only because of the generic ROM benefits
I don't think you can simply slap Android One certification on the middle of a product's life, but even if they could, it would make absolutely zero sense for them... Why be commited to security updates and newer Android versions on a phone that has surely stopped giving any revenue since long ago? Plus I'm not even sure if people prefer stock Android to stuff like One UI where you have a bunch of options

Do not expect to much from ZTE for the Axon 7. Until now they did not release a stable OS and it will not change for the next update.

dodo34 said:
Do not expect to much from ZTE for the Axon 7. Until now they did not release a stable OS and it will not change for the next update.
Click to expand...
Click to collapse
Marshmallow and Nougat were perfectly stable, if not the chinese versions. i'd say that counts.
The important thing is them fixing Daydream because it doesn't only entail adding daydream back, to run it properly you need to have thermals and the kernel properly tuned. Daydream should put the phone at ~1.3 GHz but I believe they'll have to mess around to make it work as intended anyways
plus all this is useful for LOS

Marshmallow and Nougat had a very bad design and UI because of mifavor. Oreo is nice but extremly unstable.

dodo34 said:
Do not expect to much from ZTE for the Axon 7. Until now they did not release a stable OS and it will not change for the next update.
Click to expand...
Click to collapse
What next update?
I thought this device was EOL as far as zte was concerned. There hasn't been an official update since august of last year and that had a security update of july '18. That's 6+ months ago. I think we're on our own now....

gpz1100 said:
What next update?
I thought this device was EOL as far as zte was concerned. There hasn't been an official update since august of last year and that had a security update of july '18. That's 6+ months ago. I think we're on our own now....
Click to expand...
Click to collapse
how can you ignore the OP this much??
??
seriously, read the OP first
Also, the chinese version still gets updates, the last one was abt 2 weeks ago?

Choose an username... said:
how can you ignore the OP this much??
??
seriously, read the OP first
Also, the chinese version still gets updates, the last one was abt 2 weeks ago?
Click to expand...
Click to collapse
Not ignoring OP at all... Simply going by zte's past actions. I've seen these sort of promises with other devices (moto x pure comes to mind) in the past. I'll believe it when I see it.
Got a link to this update from 2 weeks ago? What was the actual update?

gpz1100 said:
Not ignoring OP at all... Simply going by zte's past actions. I've seen these sort of promises with other devices (moto x pure comes to mind) in the past. I'll believe it when I see it.
Got a link to this update from 2 weeks ago? What was the actual update?
Click to expand...
Click to collapse
All I'm saying is, @GodOfPsychos contacted this ZTE guy, he said that an update was going to be released, and then XDA'S EDITOR IN CHIEF contacted that guy and got the same response (with which an article was made). They can bail at any time, but it's not like they are promising Pie anyways
I'm guessing you can't see the attached screenie in the OP? I can see it just fine from XDA Labs

We won't get official Android Pie for Axon 7.
The most I read into that is update to include cut out features like Daydream, probably a security update too. Just a finish of what Oreo 8.0 was supposed to be. I don't think we will even see official Oreo 8.1

If they had just kept with the whole "best sounding phone" idea I'd probably already have bought another ZTE. It was the thing that distinguished them in the crowded market of samey-same phones. At this point I'm clinging to my Axon 7 with my tight little hands, and any update to its stability will be appreciated. [Full disclosure, I'm running the GSI Liquid Remix unofficial build of Pie, but if they do update the official Oreo and get it rock solid, I could see downgrading just to be on an official ROM.]

Is it possible to install Security Updates alone, without upgrading Android?

Hi everyone,
I can't find a satisfactory answer on my favorite search engines, so I thought I'd come here and ask. Sorry if this question has already been put on the table, carved, sliced and gobbled, I couldn't find trace of it in the forum's search engine either.
My phone's a Leagoo T5c that will forever be stuck on Android 7.0, it seems, because the OEM has already lost interest, and because its SoC makes it difficult, if not downright impossible, to find a suitable custom ROM.
The latest ROM I could find and install on this phone goes back to August of 2018 (no-no, no typos), and its Security Update is even one month older (July 2018).
My question is in the title: Is it possible to install Security Updates without reinstalling/updating/upgrading the firmware itself, like you would in, say, Windows or any other OS, I presume?

UglyStuff said:
Hi everyone,
I can't find a satisfactory answer on my favorite search engines, so I thought I'd come here and ask. Sorry if this question has already been put on the table, carved, sliced and gobbled, I couldn't find trace of it in the forum's search engine either.
My phone's a Leagoo T5c that will forever be stuck on Android 7.0, it seems, because the OEM has already lost interest, and because its SoC makes it difficult, if not downright impossible, to find a suitable custom ROM.
The latest ROM I could find and install on this phone goes back to August of 2018 (no-no, no typos), and its Security Update is even one month older (July 2018).
My question is in the title: Is it possible to install Security Updates without reinstalling/updating/upgrading the firmware itself, like you would in, say, Windows or any other OS, I presume?
Click to expand...
Click to collapse
With android 10 were introduced Google play security updates that lets you received security updates (not all of them unfortunately, some requires to upgrade) without updating the full OS. You can't do it because you're stuck with the wrong Android version
Hopefully you won't have any issues with hacking but consider buying a new phone when you'll get a chance

Security updates get rolled out as OTA by OEM/Carrier if they consider it's necessary. You can't force it. Theoretically, all Android smartphones should get around two years of security updates. However, the reality is often very different.
The Leagoo T5c is a small-budget phone what was sold for 99 USD - so more or less a disposable item. You cannot expect OEM/Carrier to have any interest in providing updates for such a phone.

Thank you both for your explanations. I understand that Android works differently when it comes to updating itself, mostly because Google isn't the only party to have a voice in the chapter; still, it's unnerving to see that the end-user is more or less captive anyway.
It kinda defeats the very purpose of an open-source OS, to have to wait for an OEM to release (or not) an update, when you could install the patches yourself.
As for buying another phone, well, as soon as I've got the dough, I will, believe me. Not because I'm dissatisfied with this one, but because I don't like the idea of totting around with a phone that hasn't seen a security update in over two years.
I'm also seriously considering moving to Ubuntu Touch, though there again, my phone's exotic platform could be problematic. Custom ROMs seems to be as complicated an avenue as others, too.
All in all, Android isn't what they sold me: It's not secure, it's not "free", it's just another way to make you shell out bucks for new hardware every couple years.
Android is just iOS without the eye-candy, you ask me...

UglyStuff said:
Thank you both for your explanations. I understand that Android works differently when it comes to updating itself, mostly because Google isn't the only party to have a voice in the chapter; still, it's unnerving to see that the end-user is more or less captive anyway.
It kinda defeats the very purpose of an open-source OS, to have to wait for an OEM to release (or not) an update, when you could install the patches yourself.
As for buying another phone, well, as soon as I've got the dough, I will, believe me. Not because I'm dissatisfied with this one, but because I don't like the idea of totting around with a phone that hasn't seen a security update in over two years.
I'm also seriously considering moving to Ubuntu Touch, though there again, my phone's exotic platform could be problematic. Custom ROMs seems to be as complicated an avenue as others, too.
All in all, Android isn't what they sold me: It's not secure, it's not "free", it's just another way to make you shell out bucks for new hardware every couple years.
Android is just iOS without the eye-candy, you ask me...
Click to expand...
Click to collapse
Android isn't iOS precisely because you can break free from your OEM by flashing a custom ROM. You can develop one for almost any device as long as the OEM releases the kernel source code. And most OEM do (expect for some very unknown phones).
Custom ROMs like GrapheneOS are made to free you from google Services and are truly privacy oriented. And all of that is possible because Android is open source.
Trust me, the Android community has always worked actively to counter aging of their devices (including me).
Just buy a phone with a solid community behind and you'll be able to keep it up to date a looong time

Raiz said:
Android isn't iOS precisely because you can break free from your OEM by flashing a custom ROM. You can develop one for almost any device as long as the OEM releases the kernel source code. And most OEM do (expect for some very unknown phones).
Custom ROMs like GrapheneOS are made to free you from google Services and are truly privacy oriented. And all of that is possible because Android is open source.
Trust me, the Android community has always worked actively to counter aging of their devices (including me).
Just buy a phone with a solid community behind and you'll be able to keep it up to date a looong time
Click to expand...
Click to collapse
I agree with you in principle, but if I must take an example: I have this Early 2006 MacBook Pro with a Core Duo CPU that precludes me from even installing Mac OS X 10.7 "Lion" on it, because the CPU is 32-bit-only, and Lion requires a 64-bit CPU.
The machine itself works very well, albeit a bit slowly, but then it's got only 2 GB of RAM and a 120-GB SSD. When I got fed-up with OS X applications not updating/upgrading and Firefox addons not installing because my copy of Firefox was too old, I partitioned the SSD, installed rEFInd as boot manager, and installed Zorin 15.2 (now 15.3) Lite 32-bit.
I now spend more time on the Linux side of this Mac than on the OS X side, and updating/upgrading it is a breeze, either via the dedicated application or in Terminal. I know there'll be an end-of-the-line there too, someday, but at least I'll keep using this Mac until it truly dies on me, not when Apple tells me it's dead.
This, for me, is the very essence of open-source: Not just the fact that it's free, but that you can revive an old machine and keep it running long after Apple et al have decided that it had gone the way of the dinosaurs.
The same doesn't apply to Android, alas. Here, you must have a compatible SoC/chipset/what-have-you, a Treble-compatible device, you must have this, you must have that...
In the end, only a fraction of Android users really get to enjoy everything their device has to offer for as long as they choose; the others just pop into the nearest phone store, be it brick-and-mortar or cyber, and must produce their credit card.
My question was as much a challenge to myself as anything else. I would really like to learn how Android works, but the tutorials and articles I've found here and there are all a bit cryptic.
That's why I'm regularly prowling this forum, I guess.
"Hunting high and low", as the song goes... :laugh:

yep, good question but google & manufactures are in it for the moola not the users 2 yr old phone.

hiitsrudd said:
yep, good question but google & manufactures are in it for the moola not the users 2 yr old phone.
Click to expand...
Click to collapse
Don't I know it! It's true that even budget phones have decent specs nowadays, still, why dump a perfectly functioning phone simply because you can't update/upgrade the software?
I understand Google's rationale, of course: They invest tons of money year after year after year to keep the whole boat afloat, and they need a steady income. OK. Still, to not be able to keep your phone ***safe*** is a no-go for me.
I'm seriously beginning to think about installing Ubuntu Touch on the device. I think I'm going to try that next weekend.
I'll probably come back here with my eyes red, asking for help in unbricking my phone, though.
Stay tuned! :good:

A followup, if you are mindful of your own security it's conceivable to get more usage of that android. I don't use a banking app, but if need be use a good browser( thats updated of course) And update all often used apps via playstore. I'm still running Oreo on my phone. FYI you iOS ppl need to do critical updates asap