Comment by plqbfbv
7 hours ago
> There's no way to verify the integrity of the system, and any malicious app can just grab your banking credentials or enable criminals to unlock and drive away with your car.
I get that Google doesn't want to be sued for failing to protect its users and indirect users of the mobile phones sold by other companies, but for advanced users there should be an option to update the signing keys used by the bootloader, so that you can unlock, flash your custom ROM, update keys, and relock bootloader. Such a phone should still be considered "trusted" by Google Integrity APIs. But currently there's no way to do this, so basically you don't really own your hardware.
I gave up on custom ROMs trying to extend my devices' lives and bought a Fairphone instead, so I have the assurance from the vendor that I will have software updates for a very long time.
Note that Fairphone does not provide software updates for anywhere near as long as they claim, and using a modern device with 7 years of support, such as a pixel or iphone, will be far better in the long term. Fairphone is basically e-waste out of the box.
Somehow that stands in stark contrast with the many Fairphone users that I know use their device for many years. One of them uses it as their primary computing device, not owning something like a laptop because the Ubuntu Touch that runs on it plugs into a screen and keyboard and works like a desktop as well as a phone for them. I don't understand why the derogatory statement about that being e-waste out of the box when it obviously works great, at least for those willing to pay the premium for as-fair-as-they-can-make-it part sourcing
Im not disputing the ability to use the device for many years. Using the device for a long time and the device being supported for a long time are different things.
Fairphone doesnt make their own phones, its outsourced to an ODM and Fairphone has very little input on how its designed. They havent "sourced" anything. Fairphone also stops providing kernel updates very quickly and delays userspace/driver/firmware backports for months. They delay yearly updates for years too. This doesnt even touch upon the fact they used public signing keys in the past.
It is not derogatory to say that it is e-waste out of the box, it is simply accurate. Choosing to continue using it despite how unsafe it is does not change the abysmal support it is given. A modern iPhone/android used from launch to the end of its 7 year support time, then properly recycled, would be far better for privacy, security, and for the environment. A support window that long would also provide a strong used market to continue using these devices. Cheap ODM phones with short support windows, and not benefiting from economies of scale, is a waste.