Jump to content

No more System Updates


Recommended Posts

Just now, sequestris said:

I asked. They answered.
image.png.e86dff897e350f61066ec2de48273090.png

They have stopped pushing updates for Pro1 a very long time ago.

...or is it about update system which also stops working?

Anyway, LineageOS still provides an up-to-date Android environment, however, there are still bugs in kernel which could only be improved through manufacturer as having closed-source components and what is very sad to be left alone...

  • Like 2
Link to post
Share on other sites
5 hours ago, OKSun said:

Can I ask what are the implications for those using stock android on the pro1: Is it still safe in terms of data security? And if so for how long?

I would not say it is safe considering it is more than a year since it was updated...

I have used stock OS because it was set up and it is a bit harder to do a major update on a daily driver without a proper way of backup/restore in case something went wrong...

However, stock OS simply had a lot of problems and LineageOS works as good as possible, the only problems remained were built into kernel, so they are basically not LineageOS-related.
Device is really fast, NFC payment is working, every functions work as they should...

  • Like 1
Link to post
Share on other sites
11 hours ago, VaZso said:

I would not say it is safe considering it is more than a year since it was updated...

Thanks for the answer. 

My experience with the android stock software was fine (with the workarounds suggested by the users, I could use the phone and the banking apps were working).

I am disappointed that there will be no update. I wrote to fxtec customer service to get official statement about android use and implications in terms of data safety (Does fxtec officially suggest to move away from android?).

Edited by OKSun
  • Like 2
Link to post
Share on other sites
1 hour ago, OKSun said:

My experience with the android stock software was fine (with the workarounds suggested by the users, I could use the phone and the banking apps were working).

Me to, I use stock android on my daily driver, and apart from the need for occasional boots (roughly twice a month), when it forgets it has a fingerprint reader, it works fine for me. I seldom do voice/calls, and when I do almost always with headset.

But yes, certainly disappointing with the lack of updates.

  • Like 2
Link to post
Share on other sites
23 minutes ago, EskeRahn said:

But yes, certainly disappointing with the lack of updates.

Thanks. Yes the question for me is whether my personal data is at risk.

Edited by OKSun
Link to post
Share on other sites
1 minute ago, OKSun said:

Thanks. Yes the question for me is whether my data is at risk.

The polemic answer is: Yes, do not trust a phone as a safe place for data, no matter the OS or security update level...

But then the big question always is HOW big the risk is, if we choose to take the chance anyway?

Strictly someone could snap it out of your hand while you are using with your banking app open, so you NEVER get it completely secure...

There are a lot of other things than security patch level in play. e.g. the security of the net you are using it on. That is the reason why my 'Paranoia' never would let me connect my device to a net where I do not feel they are suitable secured behind firewalls. And thus never in any circumstances to a public WiFi.

Sure I would prefer to have the most recent security updates on my Pro1, but not enough to want to have the hassle with apps not working. But that is just my personal balance.

  • Like 2
Link to post
Share on other sites
2 hours ago, EskeRahn said:

my 'Paranoia' never would let me connect my device to a net where I do not feel they are suitable secured behind firewalls. And thus never in any circumstances to a public WiFi.

No offense, but that does not seem very practical to me. The only network you can trust on that level is one you configured yourself. For most users, that would mean to connect their Pro1 to the Internet only at home. At that point it is not really a mobile device anymore ...

We do agree that banking is best done at home anyway. I use only my PCs and separate hardware tokens for that. In fact, by relying on security of a single system (the phone), most banking apps undermine the very principle of two-factor authentication which lies in using two independent devices that are air-gapped from one another.  

  • Like 1
Link to post
Share on other sites
2 hours ago, claude0001 said:

No offense, but that does not seem very practical to me. The only network you can trust on that level is one you configured yourself. For most users, that would mean to connect their Pro1 to the Internet only at home. At that point it is not really a mobile device anymore ...

Well I was talking WiFi... So only internet through the mobile carrier (when not at home, or a few trusted WiFi locations).
But yes I will need to to trust my mobile carriers net.

  • Like 1
Link to post
Share on other sites
14 hours ago, EskeRahn said:

Well I was talking WiFi... So only internet through the mobile carrier (when not at home, or a few trusted WiFi locations).
But yes I will need to to trust my mobile carriers net.

Trust is maybe an overstatement... but you have to asses the risks. If someone has access to a manipulated carrier network, there are probably more valuable targets than me.

But since I do the same (never connecting to public wifi). Do you have the same problem as me, that it seems that some places with public wifi (supermarkets especially) seem to be constructed to block mobile network? I know this sounds like a conspiracy, but I swear, here in Switzerland you seem to have no Internet at all in big supermarkets!

Edited by Doktor Oswaldo
  • Like 1
Link to post
Share on other sites

Germany here, also problems accessing the mobile networks in (some) supermarkets.

When some years ago I found my erstwhile phone to behave suspiciously after having used the wifi of the hotel where I had been staying, I became extremely careful with public and semi-public wifis, too, though, and I wouldn't even call it paranoid. 😉 

But I guess that's what VPNs are for... Until now I didn't bother to create a VPN endpoint in my home LAN for that purpose (it's still on my wishlist because it obviously would also allow access from everywhere to all of my home LAN resources without further ado), but I'm using one of the better-reputed commercial VPN providers (Express VPN, I also chose it for its good Linux support). When I log into a public wifi, first thing i do is to activate VPN which is just two taps, and then I'm sensibly safe (it can even be automated; there's an 'autoconnect when joining networks not listed as trusted' option).

Edited by Rob. S.
  • Like 2
Link to post
Share on other sites
3 hours ago, Doktor Oswaldo said:

Trust is maybe an overstatement... but you have to asses the risks. If someone has access to a manipulated carrier network, there are probably more valuable targets than me.

But since I do the same (never connecting to public wifi). Do you have the same problem as me, that it seems that some places with public wifi (supermarkets especially) seem to be constructed to block mobile network? I know this sounds like a conspiracy, but I swear, here in Switzerland you seem to have no Internet at all in big supermarkets!

My Guess would be that they are generally just deep flat concrete building, so the signal has a hard time reaching. So most likely they offer the WiFi as a service to compensate this, especially if they are one of those allowing you to scan the items with your phone as you put them in the basket. (That offer is quite common in Denmark. e.g. Coop) , I have given up using this due to net-issues doing so....

  • Like 1
Link to post
Share on other sites
27 minutes ago, EskeRahn said:

My Guess would be that they are generally just deep flat concrete building, so the signal has a hard time reaching. So most likely they offer the WiFi as a service to compensate this, especially if they are one of those allowing you to scan the items with your phone as you put them in the basket. (That offer is quite common in Denmark. e.g. Coop) , I have given up using this due to net-issues doing so....

We have that here too. Funnily also in a Supermarket called coop. They also offer you handscaners though. But here the problem is, that you need an account and give them access to all your sales data to use it. So I use the self scanning register instead of that.

  • Like 1
Link to post
Share on other sites

Interesting discussion. What I have observed with some WiFi's run by shopping malls is that they block price-comparison websites. <conspiracy> So maybe the have an interest in locking your out of your mobile network ...  🕵️‍♂️ </conspiracy>

On a more serious note, in my daily life, I lack mobile network just too often. I travel by train a lot, and there are still too many uncovered areas in the open countryside. At my working place there is practically no chance of having mobile data at all (radiation protection walls). So I rely on local WiFi's even for phone calls much of the time. To be honest, I never worried much about it ...

4 hours ago, Rob. S. said:

But I guess that's what VPNs are for...

Hmm ... not so sure about that. It is true that an (encrypted) VPN would protect you from a malicious WiFi admin overhearing your communications. But that can be achieved with any kind of end-to-end encryption, as is standard on the Internet nowadays. Protocols like https can safely be used even on a fully unencrypted WiFi from that point of view.

What I thought we were discussing here is the (theoretical) possibility of the WiFi access point exploiting some vulnerability in your unpatched phone OS to get access to your device. I do not think that can be excluded via the use of VPN. After all, a VPN is just a virtual (tunnel) interface that relies on an existing physical network connection underneath. So, obviously, the latter has to be established normally before the TUN interface can be installed. In order to be accepted on the typical (semi-)public WiFi, you have to register by accessing a web interface controlling the AP. In theory, that would probably be enough to exploit some vulnerability e.g. in your web browser (apparently my LineageOS always uses the built-in browser for that, even though Firefox is set as default).  

Edited by claude0001
Link to post
Share on other sites

I have just installed another android security update for my outdoor phone (a Cyrus from Feb 2020 running on android 9). I get these updates quarterly, although Cyrus is also a niche market phone.  So it seems possible.

I am still unclear what these security updates include. What security aspects are they improving? Should we be worried?

Edited by OKSun
Link to post
Share on other sites
10 hours ago, OKSun said:

I am still unclear what these security updates include. What security aspects are they improving? Should we be worried?

The AOSP security bulletins are here:

https://source.android.com/security/bulletin

Everything since April 2020 is unpatched in stock Android 9.

LineageOS picks up the open-source patches from the security bulletins, but can't do so for the (closed-source) Qualcomm fixes, which would have to be implemented by the device manufacturer. That's why a recent LineageOS will display an "Android security patch level" of "5 April 2022", while the "Vendor security patch level" is stuck at "5 April 2020" on Lineage, too.

Edited by claude0001
  • Thanks 3
Link to post
Share on other sites
2 hours ago, claude0001 said:

That's why a recent LineageOS will display an "Android security patch level" of "5 April 2022", while the "Vendor security patch level" is stuck at "5 April 2020" on Lineage, too.

Right, and there are exactly two years between last vendor security patch level and current LineageOS security patch level...

Edited by VaZso
  • Thanks 1
  • Sad 1
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

Terms