I’ll risk asking the first question. If it’s not a good fit for the community, then at least I can serve as a negative example.

Here’s the scenario. I’m going to be traveling over the next few months and expect to be in areas where I don’t have a right to my digital privacy. My device might be inspected, cloned, etc without my knowledge. I might even be required to give up the passcode. I’ll do my best to maintain physical control of my device at all times, but that might not always be possible. My intention is to responsibly recycle the device at the end of the summer once I return to a more secure environment. I’ll try to take reasonable precautions like powering down the device completely when unattended but the potential for uncontrolled physical access has me concerned.

My thoughts are that I want something used to reduce my environmental impact but that still has up to date security patches at a reasonably low cost. I would also like it to provide an acceptable user experience. A used Pixel 4a 5G looks like a great candidate for that.

Are you using this device? Does it provide a good user experience today? I’m looking for some opinions or perhaps suggestions for a device that might meet my requirements.

  • ijeff@lemdro.idM
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    I haven’t owned a Pixel since the original so I’m not well placed to respond, but I just wanted to say that this is an excellent first post for the community and a great example for others!

  • j4k3@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    You can probably flash Graphene still on a 4a. Then you can setup remote Auditor. This may let you monitor if the device has been compromised in some way.

    • henfredemars@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      I’ve never experimented with Graphene, but I definitely heard that it is security-minded. One concern I have with custom ROM is that having an unlocked bootloader might make it easier for an adversary to flash anything they want on my device without my knowledge. In theory a locked bootloader would prevent that.

      I understand that an adversary with physical access is very powerful. I don’t pretend that I can prevent compromise here, but maybe I can make that a little more difficult.

      • j4k3@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        Graphene uses the pixels because it has hardware security locks. Bootloader is locked just like any OEM. The Auditor tool makes it possible to verify if the ROM has been tampered with. It is remotely checking that the software hashes correctly. There is no way to fake this type of check and verification.

        • henfredemars@infosec.pubOP
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          This sounds like a really good option! I think I’m going to go with this. I have enough technical background that I shouldn’t have too much trouble getting it installed.

  • Devgard@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    I believe the Pixel 4a may be losing updates soon as it is nearing its end for promised updates by Google.

    What are your other choices of devices? Any brand you absolutely wouldn’t want?

    • henfredemars@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      According to the Google support page it looks like updates end in November which would be fine for the rest of this year. Ideally, I don’t want it to be embarrassingly easy to exploit using known vulnerabilities, bypasses, etc.

      I would prefer something running Android because that’s what I’m familiar with, but it seems like that’s a natural choice because the iPhone used market is more pricey. On the other hand, I’m trying not to support the junk that they sell at the very bottom of the new market.

      Another device I looked at was the S10e, which is about the same price on the used market, but I think it just ended security updates making it slightly less up to date, but it’s a pretty close contender. I don’t think it’s a bad option; I recognize I’ll have to make compromises.

      • Devgard@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I think the 4a 5G will be a good pick. Just be careful as Google seems to be weird in allowing Pixels to use 4G/5G in markers that they aren’t officially in.

  • Erich@lemmy.fmhy.ml
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    Can’t really add anything to this discussion but I gotta say this is an interesting situation to use an older phone that makes sense.

  • tvmole@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I’m typing this on Pixel 4a 5G that I got shortly after its launch, and I’m still very happy with it. Can definitely recommend it, or any Pixel really - my family has used many Pixel models over the years

  • Welp_im_damned@lemdro.id
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Supports end in November but you can flash graphene os. I do have family that still uses it and it’s been holding up fine for them.

  • Andy@programming.dev
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I can say that the Pixel 4a not-5G (sunfish) works great with Lineage OS + Google apps. But I can’t speak to the security of it all, aside from the fact that it gets regular updates. And in bright sun, the screen doesn’t get bright enough.