undefined | Better HN

0 pointsZaoLahma3y ago0 comments

I bought a Big Brand Flagship Phone (tm), the Samsung Galaxy S9, in 2018. They stopped upgrading the OS with new functionality in 2020 only two years after its release, and this year they stopped providing security updates!

Considering how much functionality and information is on that phone that could affect my life in absolutely fantastically negative ways if it was hacked (online accounts including owned licenses for software, banking), I have little choice but to buy a new phone now, even though the hardware is more than adequate for my needs and even though new phones don't really do much more much better.

Planned obsolescence, or whatever you prefer to call it, really drives this behaviour.

0 comments

arsome3y ago

I've always been curious about this one - what kind of exploits are you concerned about that could wind up with those sorts of consequences? Most of the security updates tend to patch things which are local only or barely exploitable in the first place. Assuming you're not installing entirely untrustworthy software on daily basis, it's probably not much of a difference. Looking at the latest Android security report, even the "Critical" vulnerability reported is a code injection in data that's usually only available to the app that wrote it in the first place.

Important applications like the browser, webview, media players, etc are patched via Play Store regularly so untrusted data is usually processed through those pipelines regardless. Perhaps hardware decode on untrusted content could still provide a vector there, but judging by the practice it's not exactly a large one.

There haven't exactly been worm-grade exploits flying around in the mobile space, even big public things like StageFright pretty much turned out to be non-starters and the targeted attacks are so far ahead that I wouldn't even worry about public exploits - the private ones have you covered already even on the latest OS.

Maybe I'm the minority here, but I wouldn't exactly rush out and blow $1000 over anything short of an unpatched and readily exploitable RCE.

fullstop3y ago

Regarding installing untrustworthy software, you also have to be mindful of software which has been acquired by another entity. Your trusty file manager could turn into something entirely different just by applications automatically updating.

This happened with ES File Explorer.

ehnto3y ago

This is the duality of automatic updates, on one hand you don't automatically get security updates, on the other, you don't automatically get exploits from new owners or compromised accounts.

In a software project this is really a responsibility I think people don't appreciate that they have, especially in regards to package managers.

But for end user devices it's encouraged to have automatic updates on. I think this is a personal responsibility as no-one really has your back on your device, except the highly automated app store verification. Which in fairness to them, likely stops a lot of exploits/malware making it to user devices.

bombcar3y ago

This alone is a huge reason that the iPhone is doing well - iOS 16 still runs on the 8 and iOS 15 releases are still getting patches: https://support.apple.com/guide/iphone/supported-models-iphe... https://support.apple.com/en-us/HT213490

olau3y ago

Interesting perspective. I have an iPad 3rd generation where Apple doesn't allow OS updates and doesn't allow installing a non-Apple browser engine. So it's essentially getting bricked as web sites start relying on features not implemented in the ancient Safari engine on it. Twitter, for instance, refuses to load. Youtube does work okayish, as long as you don't log in.

Once it's completely bricked, I'm throwing it out and not getting anything with an Apple logo. Unless something like the EU manages to make them open up.

Retric3y ago

What 10 year old iPad alternative is still receiving updates?

I get the annoyance, but I just don’t know of viable alternatives.

3 more replies

Angostura3y ago

For context, this model was discontinued 10 years ago

dotnet003y ago

To be fair the situation regarding updates is starting to improve now that new phones bring very little to the table besides faster processing and marginal camera improvements and similarly OS updates don't do much besides change the UI slightly.

Samsung (and IIRC Google) now promises at least 4 years of regular updates and 5 of security.

thorin3y ago

Is this in the US only? I have a Samsung S9 (and a spare S9 actually), and the last update was installed on the 23 Sept 2022.

j / k navigate · click thread line to collapse