Hi,

A friend wants to degoogle his phone, so I suggested the OS I’m currently using. The one we can’t talk about… He wants a small/compact phone, so I suggested pixel 4a (not buying second hand though), but I’m afraid that planned obsolescence may kill the phone rather soon. What’s your opinion?

Cheers and thank you for your help,

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        5 months ago

        I think phones are the MOST secure devices most people have. They are locked down, they run software in very restricted containers, they have more restrictive feature allowance. for 99% of the people the phone is the most secure device, full stop.

        Can you do better on a computer? Sure, but it takes a bunch of work and isn’t the out of box experience

          • jet@hackertalks.com
            link
            fedilink
            English
            arrow-up
            1
            ·
            5 months ago

            Please help me understand your point of view. So far all you have said in this conversation is that other people are wrong. That may be, but your not helping us understand you

            • delirious_owl@discuss.online
              link
              fedilink
              arrow-up
              2
              ·
              5 months ago

              The key to encryption is to have your key encrypted with a strong passphrase.

              Phones are literally designed to be convenient. Convenient is the antithesis of security.

              You want a 20-100+ character passphrase to symmetrically encrypt your private keys, and you want to never type that in public.

              Most people have 4 digit pins on their phones, and they constantly type them in public, in plain view of others. And its super easy to snatch out of their hands and run.

              Phones are, by design, not secure devices. Marketing teams trying to sell you something say otherwise. Don’t be gullible.

              • jet@hackertalks.com
                link
                fedilink
                English
                arrow-up
                1
                ·
                5 months ago

                TPM in the SOC to transform the “convenient” pin into more robust encryption keys is the gold standard for civilian devices.

                “computers” (of which a phone very much is) also use a TPM for this very reason.

                But even taking what you say as gospel, the device isn’t insecure, its how people are using it.

                I will stand by my comments a phone is the MOST secure device a civilian will use. Even with a secured desktop computer where someone diligently types in a 64 bit random code to unencrypt the hard drive… if they use the computer as a general purpose device, the threat surface raises dramatically. Now information and programs are not compartmentalized, install one bad program and it can trivially take over everything.

                • delirious_owl@discuss.online
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  5 months ago

                  TPMs protect the data on the drive if the drive is separated from the computer. If the drive is still in the computer, then it doesn’t protect the data. It doesn’t provide protection from physical attacks.

      • delirious_owl@discuss.online
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        5 months ago

        So you’re saying that, in order for me to steal everything on your phone, all I have to do is stand behind you in a supermarket and film you unlock your screen once. Then, on the way to your car, I quickly pull a knife on you and force you to tap your finger on your phone, then I hop on a motorbike and ride away.

        Hope you didn’t have any banking apps or crypto on your phone, because now that’s gone.

        QubesOS on a laptop is much much safer.

          • delirious_owl@discuss.online
            link
            fedilink
            arrow-up
            2
            ·
            5 months ago

            They would need to kidnap you to type multiple different passwords. The point is that they can’t quickly unlock the device. Mobile phones are literally designed to be easy to unlock.

        • zephyr@lemmy.today
          link
          fedilink
          arrow-up
          1
          ·
          5 months ago

          If you have GrapheneOS, I’m pretty sure you can randomize the numbers on the pin. You can also set a password instead of a pin and disable biometrics if you use stock Android. All the more difficult to obtain access.

          For banking/crypto, I assume a wallet app would allow you to set an app password/pin.

            • zephyr@lemmy.today
              link
              fedilink
              arrow-up
              1
              ·
              5 months ago

              I suppose you are correct there. Maybe try a privacy screen protector or use a password. It would be harder to catch each symbol with either of those.