To follow on from yesterday’s post about Android 4.1.2:

  • Based on what I’ve read if you are an Android user and paranoid buy the latest Nexus/Pixel device every 3 years. e.g.: selected quotes from a ycombinator post today (I don’t like the testosterone-dominated culture of YC or Wikipedia but I must grudgingly admit there’s good stuff there)
    • “Yeah. The only reasonably secure option for Android requires you to own a Nexus device within the window Google pushes security updates regularly. Or you flash it yourself to keep it up to date regularly. And even that is kind of dicey unless its just Google apps + Signal + verifiable OSS.”
    • “For one, without Google Play Services you have no Play Store. Unless you’re going to prevent users from installing apps entirely, there isn’t really another safe way to obtain apps. Additionally Verify Apps, SafetyNet, Safe Browsing, etc. are all part of Google Play Services. You really want Verify Apps.”
    • My 2 cents: you can also install secure 3rd party ROMs but I wouldn’t recommend that to non Geeks
  • If you are an iPhone user buy the latest iPhone every 3-5 years.
  • If you are worried about security don’t buy a non Pixel Android phone because you only get 18 months of updates. Unless you like buying phones every 18 months :-) !
  • Did I get that right?
  • But really is this being too paranoid? I don’t think so but #ymmv :-)

Leave a comment on github