[dont__panic]

Did we read the same article? Without security updates, you really shouldn't rely on a phone for banking/payments/secure messaging. Google has effectively killed the Pixel 3 for real usage.

You should be able to throw LineageOS on there as long as you don't have a locked Verizon bootloader. But there are a lot of caveats to that, in terms of which apps will work when rooted, which won't etc. etc.

[cesarb]

> Without security updates, you really shouldn't rely on a phone for banking/payments/secure messaging. Google has effectively killed the Pixel 3 for real usage.

There is a lot of real usage which is not "banking/payments/secure messaging". Besides, stopping security updates does not mean the phone suddenly becomes open to the whole world. Many vulnerabilities might be exploitable only when running code natively on the device, or only when within radio range, or only when plugged directly to the USB port.

[RHSeeger]

> There is a lot of real usage which is not "banking/payments/secure messaging".

In fact, I don't do any of those on my phone. Unless maybe you count email as secure messaging in some way.

[qzx_pierri]

> Unless maybe you count email as secure messaging in some way

I would say yes, considering email is often used as a primary means to reset account passwords. Most services support MFA (which could be somewhat of a mitigating security control), but a LOT of services still don't.

[thrwyoilarticle]

I have bank accounts I can only access via my phone. I'm not going to buy a new phone just for them while maintaining an old phone.

[boring_twenties]

There's also the fact that LineageOS will fix only Android-related bugs, you're still stuck with the unpatched vendor firmware (which includes the kernel, unless I'm mistaken).

[h4waii]

LineageOS backports security patches when possible, including kernel-related ones since they ship their own kernel.

Firmware doesn't include kernels, generally speaking.

[dont__panic]

So just to clear up my understanding: using LineageOS up-to-date means you should be safe from kernel and Android bugs, but you're still vulnerable to firmware issues, which would just be... hardware level, like your WiFi chip, CPU, USB-C port, camera, microphone, etc?

[h4waii]

Potentially. Google also stills updates AOSP too, so you're not 100% reliant on LineageOS et al for these updates.

There's nothing stopping you from grabbing those blobs out of Google's AOSP images and updating them, but there's no way to ensure the abstraction layers work correctly with them unless you test it.

As always, it depends.

[Aunche]

How important are these security updates to your average user? If they're meant to prevent hypothetical targeted attacks, I honestly wouldn't be too worried about them. Plenty of people continue to use their Android phone despite not receiving security updates, yet I haven't heard anyone having a issue with this.

[fulafel]

Losing control of your email/google/social media accounts and reputation (eg scams made in your name, blackmail, etc) is a comparable risk to most people. Banks are experienced at handling fraud and you're also legally shielded from bank fraud in many jurisdictions.

(though banks are also clueless in other respects, outlawing devices with lineageos but allowing devices with out of date vendor OS)