> I'm constantly amazed by how people spend so much of their income on Apple products
I don't know about other people, but I went iPhone specifically for the value/$. Got a used iPhone SE 2020 for $150 in late 2021, and expect to use it for 5+ years. I seriously doubt that there are any Androids out there that could get even close to that.
It really helps that Apple's CPU/SoC is substantially superior to what everyone else uses, so older iPhones tend to feel snappier. Between that and Apple's clearly superior OS support, I don't know why value shoppers who don't want to install their own firmware would go with Android.
You must have gone without security or other OS updates then, which I would consider a deal breaker with a phone. Google only recently extended the Pixel OS support timeline to be on par with Android.
> Yes, I don't care about getting updates. If they're important to you, that's fair.
Hardware devices with embedded software couldn't get updates (or was a difficult job so didn't happen) until somewhat recently. It is unfortunate that the ability to do updates is used as a crutch to ship faulty software that then needs updates. A phone shouldn't ever need an update in its lifetime if it was properly built in the first place.
I only recently stopped using my Motorola cellphone from 2005 (only because they decommissioned the towers). It never received any update in 17 years. It also never needed any.
I would like to buy devices with that level of quality today.
Well, yeah, and I'd like a pony. The main issue is security updates. I'm guessing you weren't accessing things like a banking app with highly sensitive financial data on your 2005 Motorola.
> I'm guessing you weren't accessing things like a banking app with highly sensitive financial data
For anyone who has done any serious threat modeling exercises would never ever do that from a 2023 phone (I'm fully aware many people do it regardless).w
Yet somehow millions of people do, and I'm not aware of a single banking app breach caused by a zero-day device flaw.
This advice to not use a 2023 phone is just plain silly. I'm not saying it's 100% locked down, but neither is going to a bank branch and talking to someone in person.
If security is a concern, getting a newer Pixel and installing GrapheneOS is your best bet. It's still not perfect and nothing beats just not having a cell phone, but that's a choice very few are okay with today.
The trick with GrapheneOS, or any privacy setup, is that it requires attention to stay reasonably secure. The OS won't matter if you enable Google services and install apps that track and sell all your data.
Ah yes, android is perfectly secure as long as you install an aftermarket os, and then don’t install google services or any android application which uses google services (all of them).
Or you could just use the brand that gives 6-7 years of OS updates and 10+ years of security updates out of the box…
I would 100% use iOS if I preferred to keep a stock OS and needed those apps.
I just don't need that in a phone and am totally fine with the limitations of a degoogled device.
I don't recommend that for most people. I was simply responding to a question of what device to consider with regards to privacy/security. I even tried to include caveats that it isn't right for everyone and had real tradeoffs.
> If security is a concern, getting a newer Pixel and installing GrapheneOS is your best bet. It's still not perfect and nothing beats just not having a cell phone, but that's a choice very few are okay with today.
> The trick with GrapheneOS, or any privacy setup, is that it requires attention to stay reasonably secure. The OS won't matter if you enable Google services and install apps that track and sell all your data.
Not sure how I could have been more clear here, I literally started by saying "if security is a concern". I stand by that, if security is a concern I would not use an iPhone or stock Android. I also stand by the assumption that for most people security isn't a concern.
So yes, I wouldn't recommend graphene for most people but I would recommend it to anyone both concerned about security and willing to sacrifice some functionality and convenience (both caveats in my original post).
You make it sound as though I changed my recommendation or story half way through. If that's your opinion, please do me a favor and point out specifically where I walked it back or contradicted myself.
What about the Exynos RCE bugs? Now that they are patched they are secure again or how is this supposed to work? What about the intentional backdoor unearthed in the pixel phone (the sim swap thingy)? Who was that for?
My problem is, as a user, whose expertise is not 100% security, how can a layman decide which device to trust? Trust the neighbor, trust the expert who thinks is an expert, but doesn't see his own limitations, trust the newspapers parroting whatever they find (or their security advisor), trust the marmots or trust the looks, because you don't know what the silicon does. You might know one domain, but not multiple ones, like you might know the IT domain, but doesn't know the underlying physics domain, so you might think the phone is secure in the IT domain, but since you don't know jackshit about the physics, you have to again rely on someone's advice.
The iPhone is locked down tight, even security experts have complained in the past because analysing the core internals is cumbersome. But that's a double edged sword, when you can't even get basic info about phone's status without resorting to some hacking shenanigans.
Any way to know your firmware has not changed? How come there are zero tools for the layman to verify the status of his device? You don't know whether your usb's firmware is intact, whether your motherboard is a-ok and the list goes on.
According to newspapers, it is/was the panacea of security (iPhone), yet sec bugs after sec bugs are coming out all the time. You don't even have complete control over the phone, since the software switches (like wifi) are not actually disabling the wifi circuitry.
How come banks are sitting on ancient systems and are seemingly fine?
Should you trust zerodium's bounty prices, should you trust exploit brokers? (they ought to see what's an emmentaler right?)
Encrypted secure phones? Look how many criminals got caught, by putting their trust blindly into something, that someone parroted about how secure that is.
GrapheneOS says they are secure, but where are tools that show you that yes we do this and that and that solves these kinds of attacks, thwarted these attacks in the past, demonstrated?
Should you consider Mikko's advice. Use a phone that is made by a country, whose intelligence agency is not a threat to you? But how do you know that a phone, which is made in X country is actually controlled by that country's IA? And how do you know which IA is not a threat to you? :DDDDD Do you even have to fear against a nation state's capabilities or since they have unimited budget you are fucked when somehow get in their crosshairs?
It's like flipping a coin, putting your trust into someone's solution blindly.
Hardware devices with embedded software used to be air-gapped.
As soon as phones got Bluetooth, you got Nokia Bluetooth viruses that would spread via public transit, and you had to go to a service center to fix it since it wasn't designed to be updated.
Even in the days of "software was complete on launch", security was absolutely abysmal and we just relied on most people being honest.
Yeah, saying "embedded software used to be complete and final back in the day" is such a rose-colored glasses take. When I was a kid we could occasionally pick up car phone (that's what we called cell phones back then) conversations by changing to a particular channel on the TV.
The pixel 6a will get 3 years of updates and 5 years of security updates. On a phone that was released 12 months ago.
So it hasn’t been tested yet. Plenty of time for google to renege on that.
The Pixel 6a is at least a cheaper phone. But the Pixel 7 are flagship prices for the same support.
iPhones have been getting this level of updates since almost day one. The last iPhone I ran into the ground was a 6 and that had 5 years of OS updates. iOS 8 through 12.
My current XR has been getting updates for almost 5 years and will get iOS 17. So at least 6 years of updates?
When I got my last Pixel Google were giving 3 years of security updates. I bought it one year after release. For an average consumer doing the same thing they would have had an unsecure doorstop with very low resale value after two years. Should be criminal.
I installed some ROM and kept it alive (not by far as secure as using an iPhone, of course).
This is exactly why I own an iPhone. I don't even personally like apple as a company. I don't like Mac computers. There are things that really irritate me about iPhones, but I use them anyway because of how long they get updates for.
My son's now 4 year old Samsung S10-5G (my old phone) is still getting updated. It is a flagship phone, the first with 5G - will be interesting to see how long they do it.
Google and Samsung appear to be on the same page; I think the front runners in the Android world are a lot better than some would like to give them credit for.
The phones do stop working properly, e.g. unicode doesn't work, and unsupported android OS's aren't no longer developed, not to mention security updates.
It's risky, especially in todays world where financial information is stored endlessly on a cell phone. 5 years+ for iphones make a very nice deprecation curve / alongside a viable resell market. It's nice to sell a 2yr old iphone for 70-80% of it's purchase price and then buy a new one and not have to worry about anything for another 5 years.
If you only buy devices with LineageOS support, you can continue to get updates for a very long time. I would not want to be at the mercy of the manufacturer for the software.
I might be one of those value shoppers; I usually buy the "Pixel .a" version of the oldest available generation when it's time for replacement (I'm currently on a Pixel 4a). I like it. I used to have an iPhone, but I prefer the "feel" of Andriod-on-Pixel, but I don't know how to describe it. Less heavy-handed maybe? More minimalistic?
I don't need the fastest, most powerful SoC. I don't need the best, super fast display. The battery life on my 4a is enough for my needs. People get way too religious about this.
Your "usually" is doing a lot there. You bought the second ever "a", so you've done it once?
I understand your preference though, I've used google's phones (Nexus then Pixel) for about a decade. They have the benefit of having one fewer cooks in the kitchen. Any other brand has to adjust to whatever dumb thing Google has done to copy iPhone in each new OS release, and then also add their own layer on top of that.
My son uses my old S10-5G (the world's first premier 5G phone, released in mid 2019 - ages ahead of Apple), and it's still regularly receiving security updates.
> I seriously doubt that there are any Androids out there that could get even close to that.
I don't see the 2020 SE getting software upgrades for much longer, it's already the bottom of the barrel for iOS17, so I guess you're OK to forgo those for a while ?
If your phone needs are low enough you can get by with the SE in 2026, buying a Gakaxy A series today would totally fit the bill, and you probably could get one new at the same price and way cheaper used.
Fair point. Super critical security updates could go on, while official OS support is dead.
To note, iOS doesn't allow alternative browsers so Safari will also be stuck in time and there will be no option to get any modern engine on the device (I'm not even sure you could get one through jailbreaking, that would be a lot of porting efforts for virtually no one on the market)
I resurrected a third gen iPad a few weeks ago for no reason, and the most interesting part was it couldn't get past Cloudflare's browser check, so couldn't even see some of simpler and primitive sites on the web.
Macs are pretty much in the same boat. I have a couple 2015 models. Can’t get the latest major OS update. But they get updates and I expect I’ll be able to continue using them as primarily browsers for quite some time.
>I seriously doubt that there are any Androids out there that could get even close to that.
It's probably because you didn't really do any research into it. A $100 or less Pixel 4a released in 2020 will easily last 5+ years if you take care of it.
> It's probably because you didn't really do any research into it. A $100 or less Pixel 4a released in 2020 will easily last 5+ years if you take care of it.
I'm not optimizing for years alive in retirement; instead, it's years of active, healthy life.
Similarly, I don't just care about years of software support in a phone - it's important how long the phone feels like it's still a snappy, responsive phone. I just don't have a lot of confidence that I'd feel that way about the Pixel 4a in 2027.
In addition to the Pixel 4a I also have an iPhone X and in 2023 you can really tell how sluggish the phone feels with iOS 16. I can only imagine how much worse it will feel with iOS 20.
2nd data point, I'm using Galaxy s8+ from 2017. I haven't taken great care of it so the back glass has many cracks in it. However the front glass has no cracks, minor scratches but is otherwise in great shape. I don't notice the scratches when I'm using it, but they're easily visible when the phone is off and held at an angle in the light. I'm still very pleased with the performance and the battery life. I did not expect it to last more than 5 years.
I don't know about other people, but I went iPhone specifically for the value/$. Got a used iPhone SE 2020 for $150 in late 2021, and expect to use it for 5+ years. I seriously doubt that there are any Androids out there that could get even close to that.
It really helps that Apple's CPU/SoC is substantially superior to what everyone else uses, so older iPhones tend to feel snappier. Between that and Apple's clearly superior OS support, I don't know why value shoppers who don't want to install their own firmware would go with Android.