zlacker

[return to "Delayed Security Patches for AOSP (Android Open Source Project)"]
1. arcane+3n[view] [source] 2025-09-07 17:03:26
>>transp+(OP)
Seems like there needs to be a split of both hardware and software. Mobile phones morphed into something else lately. Not all of us need all the features of a smart phone, but still need a comms device. We need a simpler OS with simpler hardware that focuses on comms and less features. Simpler OS, lower attack surface, simpler to maintain without the help of a gigantic corporation. I don't need a supercomputer in my pocket.
◧◩
2. gruez+bn[view] [source] 2025-09-07 17:05:00
>>arcane+3n
>Not all of us need all the features of a smart phone, but still need a comms device. [...] I don't need a supercomputer in my pocket.

What's stopping you from using a feature phone?

◧◩◪
3. arcane+En[view] [source] 2025-09-07 17:07:08
>>gruez+bn
Security/privacy?
◧◩◪◨
4. gruez+3r[view] [source] 2025-09-07 17:24:31
>>arcane+En
So you want a $100 feature phone that has serious security features like monthly security patches and dedicated security coprocessors? It's tough to make the economics of that work out. All the serious security features costs money to implement, either in the form of development costs or added costs to the BOM. Those costs can be absorbed if you're selling a $600 phone, but not a $100 phone. If you try to add those features to a $100 phone, it'll end up making the phone more expensive, which means nobody but security freaks would buy your phone, and you lose economies of scale that's needed to make a phone at all.

Back to your point, there's already a "split of hardware and software" in the PC market, and we know how it works out. Security there is a joke. Windows might be getting monthly security patches, but the same can't be said of the panoply of third party drivers/firmware. Whenever microsoft tries to push for better security they get shouted down by people claiming it's some sort of conspiracy to implement DRM.

◧◩◪◨⬒
5. arcane+Dt[view] [source] 2025-09-07 17:37:39
>>gruez+3r
You missed my point, a simpler hardware/software phone needs less resources to maintain. No eyecandy/cushy features to maintain, security becomes easier to maintain by the community. No constantly added features and gimmicks which break and introduce weak points.

Let's not forget that all these "features" which enable corporations like Google take complete control over the project also end up driving price up, constantly. Cheap phones are a sh*t iteration of more expensive phones, instead of being simpler more basic implementations of must have features without the "quality of life" bloat on the top tier models. They should have a different tier OS rather than the same one.

I would also not make the parallel between comms devices and PCs, they're different beasts.

◧◩◪◨⬒⬓
6. gruez+Hw[view] [source] 2025-09-07 17:54:59
>>arcane+Dt
>a simpler hardware/software phone needs less resources to maintain

And a such a product is going to absolutely niche, which means no economies of scale producing or maintaining it. You try to justify that by saying it'll be maintained by "the community", but who's going to want to do unglamorous work fixing security issues, compared to developing features? Mainstream phones have dedicated security teams and freelance vulnerability researchers going after them for fame/clout. Who would want to do security research for what's essentially a glorified nokia 3310 that maybe 1000 people use?

◧◩◪◨⬒⬓⬔
7. arcane+dy[view] [source] 2025-09-07 18:04:03
>>gruez+Hw
Ignoring how strangely against this idea you are, for no justifiable reason, it wouldn't look like a 3310, it would still look like a smart phone, probably OLED so more battery life. It would just miss a lot of modern features which are absolutely irrelevant to anyone who wants a privacy/security focused mobile phone. Probably not the latest CPU, not the latest mobile chip, but still decent for what it has to do.
◧◩◪◨⬒⬓⬔⧯
8. gruez+NA[view] [source] 2025-09-07 18:20:48
>>arcane+dy
>Ignoring how strangely against this idea you are, for no justifiable reason

Ignoring how you assert this, when I outlined plenty of reasons which you've yet to rebut...

>it wouldn't look like a 3310, it would still look like a smart phone, probably OLED so more battery life. It would just miss a lot of modern features which are absolutely irrelevant to anyone who wants a privacy/security focused mobile phone. Probably not the latest CPU, not the latest mobile chip, but still decent for what it has to do.

Sounds like a $200 mid-range phone that's sold in much of Asia. Question is, who's going to make it? How are you going to amortize the development costs? You mentioned that it's going to use custom software/hardware to keep security maintenance burden low, but how would that be funded? Most of the SoC vendors are going to be providing kernels/drivers to you with the expectation that you're going to use it to build an Android phone. Good luck convincing them to provide engineering support for your custom software/hardware stack.

Not to mention the questions about maintenance you haven't addressed aside from some handwaving about it'll be simpler and therefore can be "community maintained".

[go to top]