[wolvesechoes]

I don't want a new phone. I am more interested in keeping older phones alive, because they are usually more than capable for my usage (banking app, web browser, maps), and the only problem is lack of updates. Thus I am more interested in LineageOS.

E-waste is bigger problem for me than few security improvements.

[Itoldmyselfso]

The patches provided by LOS aren't anywhere close enough to keep the phone secure/private. LineageOS breaks android security model in all but selected few devices, mainly Pixels I think. Your phone is very likely more secure by sticking to the original OS your phone shipped with.

[jeroenhd]

My old phone is vulnerable to a kernel RCE by anyone in the vicinity for simply having Bluetooth enabled. I doubt my phone is more secure sticking with the original OS.

I am interested in why the LineageOS patches are causing security issues, though. Do you know where I can read more about this?

[Itoldmyselfso]

https://eylenburg.github.io/android_comparison.htm

https://www.kuketz-blog.de/lineageos-weder-sicher-noch-daten... (use browser's or google's translate)

GOS developers have many numerous comments about this, if you google "LineageOS grapheneos" you should also find plenty of them.

[RealStickman_]

GrapheneOS, or specifically Micay is known to be hostile to many other projects like microG, /e/ OS, Calxy etc. There are certainly truths to some of what they say, but it comes over as extremely hostile.

[wolvesechoes]

Hm, looks like it is more than just few security tweaks.

[npteljes]

What do you think about selling your old phone, and buying a used Pixel? This would get you a Graphene-approved phone, but generate no e-waste.

[wolvesechoes]

My Pixel 4a is perfect phone for me (I hate big phones), but Graphene dropped support quite while ago.

[strcat]

The most recent 3 generations of Pixels have 7 years of support rather than the 3 provided by the Pixel 4a. Pixel 4a no longer has driver or firmware updates or official support for current Android releases, so GrapheneOS doesn't officially support it anymore. We did provide extended support releases and legacy extended support releases past end-of-life until earlier this year (2025012701 was the last one), but lack of community support led to those being paused and few people still use the legacy devices based on update server stats of update check counts.

It's why 5-7 years of support are one of the requirements our OEM partner has to provide to meet our official list of requirements published at https://grapheneos.org/faq#future-devices. We'd like to require 7 years of support to match Pixels but didn't want to raise the bar too high. We can settle for 5 and have OEMs work towards 7 for later devices after starting with a 5 year commitment.

[npteljes]

I feel you. Phones move so fast, they require a lot of compromises from the user. I am currently using a Pixel 7a, 8mm longer and 3mm wider than the 4a, and I'm reasonably happy with it. Although to be honest, I also have my pet peeve with it - the build is not as nice as my previous Samsung Galaxy S9, and I miss that. You could also consider 8a, same size as 7a, and support will last even longer, so if you get accustomed to that, there will be no need to change for a while.

[strcat]

The most recent 3 generations of Pixels have 7 years of support from launch. One of the hardware requirements for GrapheneOS is 5-7 years of firmware and driver security patches. We continued allowing 5 years to avoid locking ourselves into Pixels since it's the hardest requirement from https://grapheneos.org/faq#future-devices for major OEMs to fulfill. Most of the rest are done for them by Qualcomm with a flagship Snapdragon SoC.

[npteljes]

So, according to endoflife.date,

Pixel 7a is still good for 2 years and 6 months (until 01 May 2028)

Pixel 8a for 5 years from today (until 01 May 2031).

These are great numbers. I love this project.

[strcat]

The numbers on that site aren't quite right. For the Pixel 8a, May 14th, 2031 is 2036 days from now which is ~5.58 years rather than 5 years. They're using the 1st of the month instead of the launch day and for some reason the number of months is also sometimes dropped. In practice, a Pixel being launched in May will mean it's going to get a final update in May and the first missed update will be June rather than May. That means their end dates are 1 month early in practice. Not clear why the number of months gets dropped for some of the values they show such as the Pixel 8a.