Hi,
A friend wants to degoogle his phone, so I suggested the OS I’m currently using. The one we can’t talk about… He wants a small/compact phone, so I suggested pixel 4a (not buying second hand though), but I’m afraid that planned obsolescence may kill the phone rather soon. What’s your opinion?
Cheers and thank you for your help,
Yes, that is too old for a new phone considering it’s already past its end-of-life for both official support and your OS. I’m not sure why you’d recommend them to buy new either - a phone like that is only going to be good value if you pick up a used one for cheap. A new model will be massively overpriced for what it is (and may not even be new, just refurbished and repackaged).
I guess they were talking about a refurbished or a used one.
They specifically said “not second hand” so I assumed not.
Sorry I am really blind recently. A new 4A is a terrible deal
The Google Pixel 4a is officially end-of-life and doesn’t get any software and security updates anymore (https://endoflife.date/pixel).
CalyxOS still provides extended support for Pixel 4a until August 2024.
FYI: “Extended support” from a custom rom means the OS level software gets updated, not the device firmware. So you still end up with a not fully up to date phone.
Written from my Pxiel 4a. :)
The one we can’t talk about…
I don’t get it ? Why can’t we say it’s name ?
Because GrapheneOS is a debatable triggering subject for some people. Basically the OS itself is amazing and very good. But the project leader is apparently arrogant and offensive. And offended a load of big known online personalities. Apparently he says his OS is the best and better then everyone else etc etc. So the question is: do you use and support a project where the product itself is amazing and just what the world needs, but where the project leader is offensive? Some say yes, some say no. = Controversial subject.
Personally I use GrapheneOS because I need a good camera and I like having a flagship modern phone. Currently I’m using a Pixel 7 Pro. I also like the privacy and security features that graphene offer. I don’t see another project out there that can offer me the same. The product is good.
But the project leader is apparently arrogant and offensive.
“apparently”
Well yes exactly. It’s all just big personalities online that say that these things happened. Who knows really what the guy is like. A few big names online say these things about him, but I personally have never had any Interaction with him. So it could all be true, or partly true, or not at all. I guess no smoke without fire… but there is always 2 sides to every story.
I think it’s a bit too old, if you want to stay in the pixel ecosystem maybe try to grab a 6, 6a or 6 pro. They are around $250, and they are great!
I recently got a 6a to replace my iPhone SE for €160 and it’s been working great.
Great
I’m using a 4a right now which I bought last year, refurbished. It’s a great phone and has a headphone jack. If you’re concerend about updates, install an alternative OS. If you want to degoogle that should be the path anyway.
4a is end of life already, so no firmware updates from Google. GrapheneOS has legacy builds available for it but doesn’t recommend using them, and they might go away anytime soon
get a used device which is still properly supported, don’t buy brand new e-waste
You could just jot use Graphene OS. They create ewaste just as much as Android. Lineage OS will run on 8 year old phones.
I have a 4a running graphene and I love it but after 3+ years the battery life is shot. I really didn’t want to buy any of the new pixels because they are all too big and I hate big phones. I was thinking of just buying a new 4a and installing graphene again (because got forbid making a phone where you can just swap out the battery in this day and age) but are you saying this would be a bad idea at this point? Like even if they keep graphene up to date the phone will still be outdated (and therefore vulnerable) at the kernel/hardware level?
yes and P4a is already one major GOS/Android version behind, it’s only getting “extended legacy support” releases. i.e. security fixes are merged and backported where possible, but it’s overall not the best setup and they recommend to switch asap.
I’m pretty sure GOS will drop Android 13 (and therefore P4a) as soon as they release Android 15, since the team won’t be maintaining three major Android versions.
CalyxOS ported Android 14 to P4a, so you might squeeze an additional year or so out of it if you switch.
I’d either replace the battery in the old P4a, or get a newer model with 7y software support. But buying a new 4a is probably not your best possible move
You can install LineageOS or e/OS on it (instead of Graphene, if that’s too controversial), and then the 4a is a good phone to use.
I bought a used Pixel 5 in Feb for my daily driver. Replaced my Pixel 3 only because the power button was flaky. They both still run great. By my standards, getting two years out of a phone I paid $150 for is better than getting three years out of a $700 phone.
Depends on your friends threat model, lineage will work on it.
No security updates makes the Pixel 4a a bold choice for your main phone. I don’t recommend it
I would follow the graphene OS recommended phone guide, that gives you maximum flexibility to put any operating system you want on the phone.
Phones are insecure devices, by design. Should be OK.
Just don’t do anything on a phone that falls under “sensitive” on your threat model. Use a proper computer with a proper password for that.
Could you explain how phones are insecure by design?
How long is your password? Do you ever type it in public?
You can use two factor, fingerprint plus pin and have the pin layout randomize each time.
That’s extremely insecure compared to a computer
How?
I think phones are the MOST secure devices most people have. They are locked down, they run software in very restricted containers, they have more restrictive feature allowance. for 99% of the people the phone is the most secure device, full stop.
Can you do better on a computer? Sure, but it takes a bunch of work and isn’t the out of box experience
So you’re saying that, in order for me to steal everything on your phone, all I have to do is stand behind you in a supermarket and film you unlock your screen once. Then, on the way to your car, I quickly pull a knife on you and force you to tap your finger on your phone, then I hop on a motorbike and ride away.
Hope you didn’t have any banking apps or crypto on your phone, because now that’s gone.
QubesOS on a laptop is much much safer.
I have a Pixel 3a, and I love it. I also have a Pixel 4a and love that one too
I bought a Pixel 5a, and hated it. I think the 4a is the best phone on the market right now. Great price, great support in Lineage, and its not too big and heavy.
Sadly agree, I’ve been looking for a proper successor with no luck.
Yes, it’s too old. Does not receive software updates anymore. The newer a-series of phones are still quite a bit larger than the 4a but also quite a bit smaller than the 8 or especially 8 “Pro” or whatever the fuck stupid name they’re giving phones these days.
The software updates are maybe not an argument when it comes to degoogling? Then it depends if the OS they plan to use still sends updates.
The hardware driver updates are absolutely critical if you want to have a secure phone. The phone has to be within the support window, to get any hardware driver updates. The risk surface of a phone’s hardware is huge, you’ve got the Bluetooth drivers, you’ve got the Wi-Fi drivers, you’ve got the modem drivers, and any other sensors I may have forgotten about.
I mean…you’re gonna have to run some operating system on it. And that operating system is going to need security updates.
Can someone explain to me under what circumstances would using an old phone be risky (under a common reasonable threat model)?
No security fixes once the device reaches end of life. For pixel 4a end of security updates was 10 months ago. That mostly is a problem with malicious apps - there were some privilege escalation bugs in those 10 months - but sometimes you get a banger that can get exploited by simply loading a page or opening an image.
I get it about malicious apps but what about just using mainstream apps and surfing the web with adblockers?
Wouldn’t those be typically handled at an OS level? If you’re using an OS that actually gets updates, you’re only vulnerable to attacks at the kernel or driver level
If you are on stock software on EOL device you are not getting os updates either.
Also a bunch of recent vulns were in SoC specific stuff - outside os.
I am far from unbiased as I just switched back to my pixel 4a from my new Sony Xperia. I think the Pixel 4a is a flat out GREAT phone, full stop. It is perfectly sized IMO, has been very reliable, good battery life (though at this point I should look into replacing the battery), and it has a headphone jack. That being said, picking it as a new phone now essentially means going with a custom rom and hoping it stays supported. That’s fine and all, but it’s not something most people want. Just to be clear, the xperia isn’t a bad option per se, I only switched back because the phone came carrier locked when it was supposed to be unlocked and the carrier it was locked to was uncooperative so I refunded it.
Writing from a 3 years old 4a running CalyxOs: the phone is a perfect choice if you want a small sized phone with a 3.5mm jack and that gets constant updates. The camera might be a little better but I don’t take many pictures so I don’t mind.
the camera is amazing, but you need to use the Google Camera app for it to take advantage of all the Pixel magic. 3rd party camera apps will yield lousy shots comparatively.
tangential: I‘m using a oneplus 6 with postmarketOS but depending on your friend‘s it skills, it might not be ready for him yet.
So far its very usable but I suggest someone must want to swim against the current and do things differently. One could say a „pioneer“ type would be ideal for this.
