Google and by extension banks, are claiming that the phone on, Android 9, without security updates AT ALL since 2009 is perfectly safe and secure to use.
Meanwhile, really well locked OS, hardened so well some of the improvements were later picked up upstream (both by Google and Apple), running _the_ latest AOSP version and releasing new security updates within hours is not considered safe and secure, despite assuring full chain of trust (including locked bootloader, verified boot, etc).
This is what Play Integrity does.
Of course Android supports better scheme, hardware attestation, but od course Google enforces their iron grip on the ecosystem, and instead uses the outdated, flaved system that certifies only the devices with preinstalled Google services running in the privileged mode. Snooping on everything you do and have.
Thats the reason.
1) an old iPhone with 0 personal data on it and in no way linked to my identity, which is used for completely untrustable commercial apps, and rarely even leaves the house.
2) a LineageOS Android which is my daily smartphone for things like camera and GPS, running almost exclusively open source apps, except for unavoidables like WhatsApp which are run in an separate profile
3) a GPD Micro PC running Void Linux, which is roughly the same size as the phone and a true swiss army knife. Its purpose is to reliably do what I want, when I want it. No systemd, for it does not spark joy. It is used for web browsing, note taking, light productivity, and playing movies on the TVs of friends who have overinvested in streaming and dongles only to find that $CHOSEN_MOVIE is not on any of their services.
I am not entirely happy with this state of affairs - too many devices, and still not enough siloing of closed apps like WhatsApp.
Funnily enough that's actually a good thing in a twisted way. Long term, it will either force manufacturers to become much better with their update support, because apps will refuse to work on non-patched devices... or they won't and we'll all have one of those devices at home rooted through a long known CVE as a proxy for device attestation.
* Enforce Hardware-DRM * Enforce PlayServices * Enforce apps which don't circumvent their business model e.g. YouTube-Downloaders ("Watch my ad again...") * Payment fees from PlayStore
Taking a look at the dangerous crap in the official Play Store confirms that. It is full of awful and dangerous apps. It was never about the security of the user.
I'd enjoy suggestions as to suitable unhindered devices.
P.S. I just hope we can continue to access / create unhindered devices -- and programs/apps (cough Manifest v3 cough).
Is it though? Almost every new service has it, and all existing services keep offering it.
I am really learing to live life without the internet anymore. Between the lock in, the privacy risks, and just the hassle, it is easier to act like I am living back in the 1990's and just get used to the "inconvenience" of life without a smartphone. I can leave my smartphone in a faraday bag and just pull it out when I need it, or just wait to be in wifi. (I am homeless living in a minivan so this makes it much harder for me.)
I just do not know how much this will effect GrapheneOS or I would get a Pixel 9a. It seems like it will not, at least for the older phones.
At least we still have linux (for now).
But more and more computer technology is looking like a trap.
If anyone has any recommendations for a dumb phone that will work with AT&T please let me know.
Been doing this for a while. I have a smaller Samsung S22 for the apps I absolutely need that won't run on my Graphene phone. The majority of my day-to-day stuff is handled on my older phone running Graphene.
Been tinkering with Ubuntu Touch, but AFAIK they haven't figured out how to solve the issues with VoLTE yet here in the US but its on my radar to try and make the switch soon.
I find void linux super lightweight, can get great battery life out of it on an old thinkpad.