I found my old Pixel 2 XL, put it through a factory reset, and now it’s sitting in front of me in airplane mode staring at me (dons tin hat maybe more than I realize).
What would you do with a it or any similarly outdated phone? I imagine I could use it as an impromptu dashcam, a ridiculous external SSD, and/or possibly an offline maps device using solely GPS and downloaded maps. Is it too big of a security concern that I should chuck it? What ways could it be hardened?
I’ve been using GrapheneOS on a Pixel 8a for a little while now, so if I was to put apps on the 2 XL I imagine I could download the apk’s onto my 8a, test them, then copy them over to the 2 XL. But I imagine most apps wouldn’t be backwards compatible unless I found archives of them for the 2 XL.
Not a huge deal, I just don’t want it to go to waste if it doesn’t have to.
Hmm then why not try using something like LineageOS to extent it’s life? Sure the unlcoked bootloader is not gonna help it here, obviously and I agree so for the love of god if someone says that again. I know so kindly shush for that.
Anyway rambling aside, At least you’ll be getting android security updates OS, unless I’m missing something of course. https://wiki.lineageos.org/devices/taimen/
(the wiki including the known issues/quirks)
[crDroid could actually be a better option since they roll their security updates more up to date it seems than LineageOS (and being based off that, well yeah)]
I think the reason I’m doing this is like, I would like phones to extent their lifespan I don’t want phones to be thrown away (Maybe being sold on say ebay for a new owner sure sure but if it is possible e-wasting especially when they work is just bad imo)
If you are using it offline for completely harmless things like as an alarm clock I wouldn’t worry about it. If you can’t find such a use for it then yeah I would recycle it.
As long as you assume any data you put on it is compromised then you can use it for whatever you want. Just don’t put personal info on it and you should be ok.
LineageOS 22.1 is still on November 2024 Security OS Update
CrDroid is up to date on Security OS Update also the pixel (at least I checked for Pixel 2 XL) builds are weekly.
I’m still learning, so aside from someone gaining physical access to it, are there other possible ways personal data could be leaked from it? I suppose I’m asking “how secure is airplane mode?”
Airplane mode works; it fully disables the Cellular, Wi-Fi, and Bluetooth radios, although the latter two can be re-enabled while in Airplane mode.
Using a device fully offline removes a massive attack surface, essentially eliminating remote threats. It’s the physical attacks where an outdated device has no hope of remaining secure. The exception being a device with a secure 8 word passphrase which is turned off where data decryption would be theoretically impossible forever.
Thank you for confirming what I had hoped to be true. Since you mention it, how “insecure” is a random 3 word passphrase? I ask because my 8a and each user profile on it uses 3 words each followed by a number. Obliviously the more words the better. I’d rather memorize 16 random char than have to type in 4 random words, maybe I’ll make that switch soon.
Yeah malware, an exploit in your cellular modem, there’s many many ways data will be leaked from an EOL device. Without support, you’re vulnerable to bargain bin malware that’s easily available and widely distributed.
This assumes you’re randomly generating it, not choosing it. If you’re choosing it, none of this is applicable and it doesn’t provide the same kind of security properties.
I think a 6-8 word passphrase is what’s recommended to be secure forever, although I would stick to the higher end of that just to be safe. Any less than that will be brute-forceable given enough time, and remember that it becomes exponentially more difficult for each word you add, but going beyond 8 is largely meaningless. It all depends on your threat model though, using a modern Pixel like you have (the 8a), as long as you are willing to rely on secure element throttling, even a 6 digit pin is unbreakable (until / unless a vulnerability is found).
Alright there!
Nice thanks for the pointers.
Yeah I guess both are an option to keep devices for longer around especially something like the Pixel 2 XL (well RIP DivestOS, Your project but yeah)
that is a good idea, I was initially thinking of buying a android auto device on amazon, not ideal. Having an offline android auto like device would be great on privacy and security especially on a old vehicle that’s not modern. Idk why I have’t though of that exactly
