~$150 Budget Android Hardware [Suggestions Needed]

Out of curiosity I just tested on my sub $150 Samsung:

Very unscientific but:

• 30 second cooldown after the 5th incorrect pin
• 30 second cooldown after the 10th incorrect pin
• 30 second cooldown after the 11th incorrect pin
• 30 second cooldown after the 12th incorrect pin
• 30 second cooldown after the 13th incorrect pin
  (there is also a popup that requires user input between each cooldown)

So it seems at least on this cheap phone, after the 11th failed attempt, there will be a 30 second cooldown between each attempt. I have no idea if this is a universal android feature, nor if it is bypassable with or without a locked bootloader, or whether it is done in software or backed by hardware.

Congratulations, you have eliminated every single option

This generated a lot of discussion, if I might just contribute my short two cents:

It would be good to recommend a budget option. Is it as ideal as a brand new pixel running graphene os? No. But, many people cannot afford expensive phones. Or, they just need a spare for particular situations, like traveling internationally.

I do believe that PrivacyGuides should recommend a $150USD budget option, and I think DivestOS is a great start. If there IS no option, perhaps PrivacyGuides should consider partnering with, or at least lobbying, DivestOS or Calyx to make a ROM for a cheaper option, like a motorola.

Security and privacy are not ideal if only the rich can afford it. Privacy should not be a concept rooted in classism

@jonah If you guys are now considering the introduction of non-Pixel phones, that as you say are not optimal for security, shouldn’t you also add other “I give up” sections? Like a Windows hardening guide (that you are already doing), apps for people without GrapheneOS (eg. Netguard), etc. ?

I’m not sure about suggesting these phones, it always depends on what PG wants to be.

In terms of budget, it depends on what angle you’re looking at it from. Is it a cashflow issue, or can you afford to take total cost of ownership into consideration?

The Pixel phones, for instance, have great total cost of ownership compared to most other phones. This is because cheaper Android phones are supported for a short period of time, so it ends up being more expensive to replace it every 1-2 years than to hold the same phone for 5-8 years.

Once you go into budget phones, you start needing to make a lot of different compromises. You need to know what is more important to you. There should be a minimum bar for privacy on phones, and for Android phones, it makes sense for that bar to be “you can flash an alternative OS on it.” This will get rid of all the bloatware and spyware.

If that’s the case, and it’s a cashflow issue, phone contracts are not an option. As far as I know, all phones you pay off over time come with a locked bootloader that isn’t rootable (?). So despite achieving a lower cost of ownership by paying for it through a contract, you wouldn’t be able to flash an alternative OS onto it.

Second-hand phones make a lot of sense, then. I don’t know any budget Android phones myself (coming from iPhones, the Pixel is plenty cheap for me).

Another question: is PG willing to tolerate people owning a phone for months, maybe even years after the official software support for the phone has been dropped? There are people out there who still carry around 2000s flip phones, after all, and they don’t have many problems with malware because they only use them for SMS and phone calls.

If you’re willing to sacrifice security here, you can get a much cheaper phone with the ability to use an alternative OS.

Personally, if I were in this situation, I would sacrifice security for privacy and budget. If we think of it like the classic Project Management Triangle, you have three options: Secure, Private, Cheap. Choose two.

Pixels are Secure and Private, but they aren’t as cheap as they could be.

Honestly? I think getting the iPhone SE on a contract plan is probably the only option that is Secure, Private, Cheap. You get great total cost of ownership because iPhones get supported for so long while being able to keep your cashflow in check with the contract plan, and you don’t need to mess around with alternative OSes, meaning it’s easy to use.

As a verified Apple detractor, I wish it weren’t so. I guess I finally understand why iPhones are so damn common in my country now.

I agree with this wholeheartedly. As Cory Doctorow writes, companies often test the worst privacy-invasive practices on those who cannot afford to opt out. These people are also often the most at risk if their privacy/security is compromised. Making budget privacy a priority makes a lot of sense.

Have you ever seen an indigent person with a phone? It’s very common to see the unhoused out in the world close to an electrical outlet while they charge the only electronic device they own, a phone. Maybe it’s paid for by family to keep in touch, I don’t know.

My point is, there are individuals who have no real property and still prioritize a owning a phone. The goal here, appears to be, to find the best of the options where there is no good option today.

The indigent still benefit from privacy and security, and there is little linked in this thread to show that an unlock bootloader is the end of security. I don’t believe it’s possible to simply access encrypted user data with an unlocked bootloader after a few simple commands. It’s more complicated than that. Personally, I would need more than a single stack exchange comment, with no upvotes, to believe differently right now.

Again, we have seen in the past vendors adopt new security guidelines to meet a market demand of PG. I have to wonder if the PG team could see that here.

Recent Pixel and iPhone models will remain the most secure phones, I don’t think the intention here is to replace the Pixel recommendation.

It varies depending on where you are. Here in Portugal carrier locking is illegal, for example. Also, celular service contracts are not tied to any specific hardware, nor do you get any discount when you buy a phone from a carrier as opposed to any random electronics store.

That’s a toughie.
On the one hand, I would love to see a little blurb recommending Chris Titus’ Windows Tool, because it truly is the best. On the other hand, the issue at hand is a cost barrier to entry. It doesn’t cost anything to switch from windows to linux. It costs quite a bit to get a new secure phone that is a pixel.

I think thats a crucial distinction

How was this fact established? Reading vendor claims? Reverse engineering proprietary software and firmware? Wishful thinking?

I would be surprised to know that this case is common. Normally, if media encryption key is encrypted using user-provided passphrase, the latter is not used directly. A new key is derived from it. This is basics.

This is obviously not a brute force performed by a user trying to get past the lock screen. We are talking here about custom firmware with unrestricted access to data. It can carry on as long as needed. Better yet, move the data and the procedure to more computationally capable system. Only strong enough key can protect from brute force.

I will just end my partipication in this discussion with this quote:

We can try and find a good dirt cheap phone for privacy and security that doesn’t exist or accept the reality. I’m choosing to accept the reality and not engage in this topic any more.

The only recommendations I could actually make for budget oriented people are used Pixel and iPhone devices.

Pixel phones are obviously better, but iPhones fill the gaps where Pixel phones aren’t available to buy.

Hardware security = hardware security features, etc.

Samsung, Google Pixel and iPhone devices are the only ones with decent hardware security/hardware security features. The only problem is that Samsung breaks hardware security if you flash an alternative OS on them.

It’s irrelevant what OS you’re using if you’re using it on insecure hardware, and it’s running insecure firmware, etc.

Let’s just use GrapheneOS device requirements:

• Support for using alternate operating systems including full hardware security functionality
• Complete monthly Android Security Bulletin patches without any regular delays longer than a week
• At least 4 years of updates from launch (Pixels now have 7)
• Vendor code updated to new monthly, quarterly and yearly releases of AOSP within several months to provide new security improvements (Pixels receive these in the month they’re released)
• Linux 5.15 or Linux 6.1 Generic Kernel Image (GKI) support
• Hardware memory tagging (ARM MTE or equivalent)
• BTI/PAC, CET or equivalent
• PXN, SMEP or equivalent
• PAN, SMAP or equivalent
• Isolated radios (cellular, Wi-Fi, Bluetooth, NFC, etc.), GPU, SSD, media encode / decode, image processor and other components
• Support for A/B updates of both the firmware and OS images with automatic rollback if the initial boot fails one or more times
• Verified boot with rollback protection for firmware
• Verified boot with rollback protection for the OS (Android Verified Boot)
• Verified boot key fingerprint for yellow boot state displayed with a secure hash (non-truncated SHA-256 or better)
• StrongBox keystore provided by secure element
• Hardware key attestation support for the StrongBox keystore
• Attest key support for hardware key attestation to provide pinning support
• Weaver disk encryption key derivation throttling provided by secure element
• Inline disk encryption acceleration with wrapped key support
• 64-bit-only device support code
• Wi-Fi anonymity support including MAC address randomization, probe sequence number randomization and no other leaked identifiers

Source: Frequently Asked Questions | GrapheneOS

You can go ahead and compare all the devices against this and come up with the same conclusion which is that Pixel, iPhone and Samsung devices are the only ones that have good hardware security, etc.

I suppose this issue at hand is that it’s not clear why all those hardware security features are needed to have ‘decent’ smartphone security (even though that question feels a bit vague tbh).

It’s impossible to create a definite list of all hardware security features one needs. It’s the same as saying you require 100% security, it simply does not exist.
All of these features however improve your security and therefore defences against exploits. Therefore, you must strive to have as many as them as available.
@Lukas copied in a good list of all features that Pixels offer that we cannot find in all phones. GrapheneOS also therefore does not support other devices and keeps updating the requirements for support with the highest amount of security features available on market. I am not sure why this needs to be repeated.

I guess I touched on this too. It’s like basing the entire argument on a premise which is questionable. You start with high-level, tangible requirements for “decent” security, not low-level hardware or firmware features.

Google Play Services, Android Auto and countless other apps and services have privileged access on basically all the phones.

There is also telemetry, bloatware, spyware, backdoors, etc that might come with a phone, and all of those stock operating systems are proprietary.

That’s why you would want to an alternative OS that would improve your privacy, security, and freedom by a mile.

Lots of off-topic/ad hominem posts removed.
Please get back on topic and remember our code of conduct:
https://discuss.privacyguides.net/faq