| ▲ | GuB-42 15 hours ago | |||||||
Just because one layer of the security stack is compromised doesn't turn your device into a paperweight. I know many people who use out-of-support and vulnerable devices and I am not aware of a single one getting pwned by a system exploit, it is always some kind of phishing or scam. This is anecdotal evidence but I couldn't find actual data, as most don't distinguish between malware that rely on system-level vulnerabilities (as in 0-day) and the ones that don't (like fake apps that steal credentials, mine crypto or inject ads). But it is clear that the former are a minority on Android. If you don't know what to do with it because your security standards are so high, just give it to someone with lower standards then you, or use it for some project that doesn't involve sensitive data. And if security is broken to the core, there is probably some vulnerability you can exploit to root your phone and do whatever you want with it, including installing a custom ROM. Still, I agree with you on making it mandatory to provide an unlock method, at least for out-of-support phones. | ||||||||
| ▲ | avadodin 14 hours ago | parent | next [-] | |||||||
It's not 1999 anymore. If you get RCEd today as a nobody you don't get a purple gorilla. Just silently enlisted into a "Residential VPN" and a background script that checks for the SSID "Iranian Research Facility" every time you turn your wifi on for some reason. | ||||||||
| ▲ | _factor 14 hours ago | parent | prev [-] | |||||||
"I've never had someone steal from my car, so the fact that my car lock doesn't work is not a problem." | ||||||||
| ||||||||