Comment by zipy124
1 day ago
This is ignoring the fact that the main reason retired phones are e-waste is proprietary firmware blobs and locked-down systems preventing users from maintaining their phone with security updates, and very limited support length from OEM's leads to VERY insecure devices after they drop out of support.
You should not be connecting these old devices to an internet accessible network.
Google notably does well here with 7 years of support, but others such as Sony are 4 years, and Xiaomi on non-flagship devices are similar, or Samsung on their lowest budget models...
Obviously you'd have to replace the OS with an up-to-date one to use the phone as a cluster node.
But... if Google can do so if handed a random pile of old phones, then why would a consumer not be given the same option for their phones? If it works only for phones sold by Google once, same question holds. And applies to other vendors.
As you said: the "phone becomes useless just because OEM drops support" cycle needs to be broken. Well.. that and ability for end-users to replace batteries, screen, fix connectors etc.
Also it's unclear how data would move in & out of these old-phone-compute-nodes. USB-C? Article is a bit light on details there.
Replacing the OS is only one part of the equation, it doesn't mean you're replacing the low-level firmware blobs provided by various chipset vendors (like Qualcomm).
For phones before the Project Treble era (~2018), the OS, the kernel, and the vendor blobs were all deeply intertwined with each other. Because you can't get newer blobs from the hardware vendors, it's generally not possible to run a newer OS on those devices. Community-made custom ROMs (like CM/LOS) had to rely on hacky workarounds to get newer Android versions to run on older kernels, which lead to stability issues and the famous "what works/what doesn't work" meme.
For Treble-supported phones, the OS framework is decoupled from the vendor implementation. This means that you can run the latest OS (using a Generic System Image) on top of the older vendor blobs. BUT you are usually still stuck with an older kernel, as those proprietary blobs still rely on the vendor's specific kernel drivers, although it's a bit more stable compared to pre-Treble due to the decoupling and the standardised vendor interface.
In either case (pre/post Treble) the main problem is that your low-level firmware remains permanently out-of-date, which puts your device at risk. An up-to-date OS can mitigate application-level risks, but not all of it. For eg, it cannot protect against attacks targeted towards the baseband modem, the Wi-Fi or Bluetooth controllers. If a vulnerability is found in the cellular modem firmware (like the infamous Broadpwn or Kr00k exploits), no custom ROM or other OS (PostmarketOS etc) can patch it because only the chipset OEM has the source code to update that specific chip.
So unless all the various chipset OEMs come to the party and either release the sources or provide updated blobs, these devices can never be trusted for use in a production environment.
[dead]
Firmware blobs for…what? It doesn’t matter if the camera or fingerprint sensor is working if you’ve harvested the motherboard.
7 replies →
The lack of open, replaceable software is the main blocker. The article talks about only keeping the motherboard anyway.
End users don’t need to replace screens, ports and batteries if there is reasonable cost parts and skilled labour available.
I’m happy with a trade off where a device has extreme miniaturisation and water resistance but needs someone with some surface mount soldering skill and the right tools to work on it.
Regardless, many (most?) phones hardware will last longer than the software running on it.
> why would a consumer not be given the same option for their phones?
Because it's more profitable to force customers to buy new phones every n years, and nobody is interested in stopping this behavior. There is no other reason that is grounded in any type of fact.
The OS that would be put on those old phones, would be a bare minimal, stripped down OS. No need for managing screen, audio, radio/GSM/EDGE/3-4-5G.
Not sure about the IO interface, could reuse the USB, but maybe there is some internal (and standard enough) bus to reuse too...
>This is ignoring the fact that the main reason retired phones are e-waste is proprietary firmware blobs and locked-down systems preventing users from maintaining their phone with security updates, and very limited support length from OEM's leads to VERY insecure devices after they drop out of support.
Approximately nobody is throwing away phones because the OEM stopped providing security patches. They're doing it for more practical reasons, like the phone getting slow, the battery wearing out, or wanting a better camera.
Moreover being able to replace firmware blobs/kernels/whatever doesn't mean such updates will actually materialize. For lineageos, many phones are stuck on 22.2 (android 15) because android 16 requires linux 5.4 and above, which means phones with earlier kernels are out of luck. Prior to this, there were phones from as early as 2016 (eg. the original Pixel) that could be upgraded to the latest Android. This isn't a "firmware blobs" or "locked down systems" problem. The kernel sources are available, and the kernel can be replaced, but nobody is going to bother upgrading the kernel for a 10 year old phone.
https://lineageos.org/Changelog-30/#legacy-devices
>You should not be connecting these old devices to an internet accessible network.
This depends on the use case. If you're using this as some sort of NAS or compute cluster running trusted workloads, you should be fine as long as there isn't some sort of RCE in the kernel.
> Approximately nobody is throwing away phones because the OEM stopped providing security patches.
This becomes a practical reason more quickly than you think. If a company only provides 4 years of security updates and they only provide 2 android MV releases, you quickly become out of date. I had a BlackBerry Key2 that I bought in 2018, I had to replace it in 2024 and I was really holding onto it despite a lot of practical problems - Slack dropped support for the version of Android a year earlier, it was only when I tried to install Google Wallet and could not that I finally decided despite the hardware and software functioning fine it really wasn't practical to use a device that was stuck on such an old version of Android. (I would've tried to figure out the kernel myself if the bootloader wasn't locked.)
But that's feature updates, not security updates? If the manufacturer kept providing security patches for your old Android version, it wouldn't have helped you install Slack and Wallet.
> Approximately nobody is throwing away phones because the OEM stopped providing security patches.
I thought that, but a surprising number of people think that no support means that their device becomes vulnerable on the very next day. Not all of them act upon it but that seems to be the understanding of people who know what a security update is (not my grandma, but my mom for example) but aren't real techies or just not in this area. And it's not like these people are installing non-OEM patches! Nice as that would be...
Some time before and during covid, I feel like security update awareness became a lot more mainstream. Maybe because there's not much else to talk about in smartphones anymore anyway, so you shift from "ooh this fancy new one has a fingerprint reader in the power button and its notification LED on the back!" to "I don't want a new one; which one can I use for the most amount of years to avoid this hassle"
Probably also a culture thing. I guess most people in low- and middle-income countries have other worries; I'm speaking from a northwestern european viewpoint
> Approximately nobody is throwing away phones because the OEM stopped providing security patches. They're doing it for more practical reasons, like the phone getting slow, the battery wearing out, or wanting a better camera.
I did this just last year because my Pixel 4a stopped getting security updates and some app I needed to use for work (I think Duo?) refused to install or run because of it. The phone was otherwise running perfectly fine and I had no reason to change it. I'm on a Pixel 8 now which is supposed to have 7 years of security updates, and I don't see myself replacing it until then.
Phones don't get "slow" on their own. It's usually due to bloatware from upgrades. Many phone cameras are already quite good. The only remaining reason to upgrade is possible security vulnerabilities, but even that doesn't require heavy software. Supporting larger apps is the main reason the system requirements continue to increase, since Niklaus Wirth wrote, "A Plea For Lean Software" in 1995.
But even if people could trade in their phones for a small deposit, how many actually do (and not because they would use it- typically storing it in their drawer is safer than and less time consuming than figuring out how to run a factory reset before giving it to a datacenter.
I've thought about a program where people could drop it off in their mailbox and have a delivery service pick it up (possibly the USPS, but I think they wouldn't want to be burdened with handling lots of lithium batteries).
20 years from now phones will be powerful enough that they can run on capacitors, thinner than a credit card, and deconverged from the multimedia omnibus systems that they are today. Sure it is convenient, but I think the feature adds will plateau.
> Many phone cameras are already quite good.
Of course, you and I know that. But most people just listen to the marketing material.
My mother's most used feature on her phone is the camera.
She asked me about getting a new phone when she has a perfectly working Samsung flagship phone from 3 years ago. The marketing says "The S26 camera is _SOOOO_ much better". But, really, it's exactly the same sensors as the S23.
1 reply →
Phones don't actually get slower, or, they shouldn't, if they are reasonably well maintained. A battery swap might be necessary to preserve battery life under load. A NAND might start going bad.
Apple just shipped iOS 27, which has support for 2019's iPhone 11. So we are around 7 years there. It's probably fine for many people's use!
For a task like openclaw or hermes, or even something more aggressively graphical & GUI, it's not hard to imagine an 8 year old phone doing fine.
> Phones don't actually get slower, or, they shouldn't, if they are reasonably well maintained.
Relative to ever rising hw requirements of apps they obviously get slower. That is why I personally buy new phones.
2 replies →
Have you ever owned an older phone or older computer in general? Whether hardware or software caused, they get slower.
2 replies →
Battery swaps usually don't work very well, unfortunately.
1 reply →
I’ve got a Pixel 4a as a second phone just for work… it’s a perfectly fine phone
I’ve stopped using it because Google abandoned it after 18 months
There are plenty of Android phones out there that are usable but get abandoned by the makers
The article seems to be fairly clear about this: it is Google focusing on Google phones (so unlocking the bootloader should not be an issue) and they did mention that the kernel would have to be replaced (albeit for other reasons).
I would think the main factor against such clusters is cost. Even if the four year old phones are free, they have to be dismantled, tested, and supporting hardware/software has to be developed. All of that would have to be done on an ongoing basis. While Google may have the volume to be able to build uniform clusters with a given generation of hardware, generations are measured in months. Using four year old hardware also trims four years off the expected life expectancy of the components, and that is comparing like to like (not consumer grade hardware to server grade hardware). I've got to wonder how all of that extra work affects the carbon-footprint they are trying to reduce. It would probably be more effective to increase the use life of the phone as a phone.
All of that is fine for a research project or, on smaller scales, hobby projects. It would be extraordinarily difficult to make it commercially viable.
I pretty much agree with everything you said. But I think there is a chance for this to be commercially viable if it is offered in a different way. I,e not just raw cloud computing maybe you can run games on these clusters and jack the price a little. This is highly dependant on the virtual age of these clusters if they survive 10 of continuos work maybe there is a chance
I wonder if this is a research project about mitigating the risk of not being able to procure compute hardware if the AI industry soaks up all available hardware manufacturing capacity and raw materials?
I wonder if someone's trying to work out if they can keep GCP alive when there's no ram or cpu to be bought at any price because the AI companies (including the AI division in Google) and Nvidea have completely broken commodity compute hardware supply chains?
1 reply →
Exactly this. Few phones allow bootloader unlock let alone open drivers that can be brought forward to a mainline kernel.
The article seems to refer to a 2023 Pixel Fold as one of their candidates - I guess a good opportunity if those fragile screens get damaged but not a cheap used device otherwise.
Even normal slab pixel devices have limited support for true android replacements like PostmarketOS let alone cheaper 3rd party devices usually running Mediatek/Exnos SOC that have zero open docs or support.
I'm using a OnePlus 7, as my daily driver. Because it was bootloader unlockable, and LineageOS exists, I still can use it. And it performs respectfully, and serves my purpose. Except, my banking software, and digital payment applications, all works
So, OEM just have to let us unlock the bootloader, just let us unlock it after they stop selling it, and it would reduce so much waste.
They are just so greedy
Google has so much influence over the hardware manufacturers. They should do more.
Does anyone in the industry know why so much firmware is proprietary?
I've worked with manufacturers who shipped us binary blobs for their hardware. They are often willing to customize the software for you, but they want to own the modifications, which they can use for other customers. A big part of many contracts is a services component where they provide features or advanced functionality, and this lets them mark up their bill substantially. They're existentially scared of their hardware being cloned or their customers building in-house solutions, so they have to stay competitive on that front.
It's also a huge pain in the ass for them to release software as open source. They would need to track all the different forks and modifications in an organized manner (they often do a lot of copy paste and one-off nonsense). They run pretty light staffing on a lot of these components and doing all of that is just another chore for their overworked devs.
Lastly, I've heard they sometimes use other commercial, closed-source software components which they can't easily relicense.
Is this all bullshit? Yes absolutely. I'm not defending them but these are the excuses they give.
Agreed. All parts of a device that we buy must be user replaceable. Phones can have decades of life. After their initial use as a first phone, they become a hand me down for their children, and they can become further hand me downs for people in third world countries or continue to live on as computers that can take on a variety of other roles.
The OS must be user replaceable so we can run what we like. If this is not possible, we should at least be allowed to a run a VM on the phone (we can assume <5% loss of performance).
Silicon lives matter. We must make sure our device has many afterlives until its eventual death (5 decades later).
Back before I got used to Google cancelling all of their projects, I was immensely excited, then disappointed by this:
https://en.wikipedia.org/wiki/Project_Ara
> This is ignoring the fact that the main reason retired phones are e-waste is proprietary firmware blobs and locked-down systems
Couldn't Google somehow fix this? Since they control the substrate (Android) and they would be doing it for their convenience
Unfortunately it is a bit more complicated than that. All these phones run firmware, bootloaders, libraries under license from SoC providers, who package components from other vendors under a license themselves. Opening up the bootloader can be done, but two things have to happen: either the phone is crippled of various functionalities or the manufacturer is in breach of license because all the binary blobs become open and can be reverse engineered. No one wants to go through all of this for a few hundred people who are interested in running their home assistant on an exotic device.
I haven't ever heard of an SoC supplier demanding that the device's bootloader must be locked. Are you sure that this is happening? I've only ever seen devices delete first-party blobs, presumably of the manufacturer's own volition.
1 reply →
They're literally doing the opposite, right now you can't install a custom operating system, but in the near future you won't be able to install custom apps either: https://keepandroidopen.org/
You can install a custom operating system on (a non-carrier-locked model of) every phone Google has ever made.
What do you mean you can't install a custom operating system? The bootloader is unlocked on google phones, isn't it?
This website is full of false FUD.
Why would they?
They're actively working on closing the ecosystem even more (no more sideloading), DRM features, etc.
Maybe they'd do it for themselves, but they clearly don't want you, the customer, to do whatever you want with the device you bought and paid for.
Which consumer ever cares about "security" updates on phones?
People get scam emails all the time and most dont know the weird ui to display the sender adress and/or dont know what an untrustworthy mail address looks like.
They might not understand the paranoia is real.
Remember people running 20 virus scanners and 3 firewalls on their win xp machine? Then it finds 12 suspicious cookies?
Some fraction of the ones that use the phone for password storage and banking. The latter seems to be nearly everyone, the former is very likely if there's a techy in their lives but since maybe 5-7 years it also seems to be becoming quite mainstream
Just ask Mythos to jailbreak the phone OS for you ;-)
> proprietary firmware blobs and locked-down systems
caused by the very same Google...