I have a old phone, Samsung Galaxy S10, I'm using as a secondary phone (on the gym etc.) that will never have sensitive data on it besides login to some services like music streaming, podcast app, maybe some browsing data. Network connection via wifi only. I'm wondering from purely security perspective does it make more sense to stay on the stock OS or to flash a LineageOS on the device? The stock OS had the last security update on March 2023, but I'm also bit concerned about the apparent lack of verified boot on the LienageOS. I'm really not worried about the physical security of the phone though, much more so on the attacks from being connected to internet with lacking security patches.

I've had been using LineageOS for the past 4 years on one of my devices. I don't get updates anymore on Stock Android but with this one its possible. I don't use any google apps and it works great. I don't see the usual performance degradation compared to Stock OS, perhaps because of having less background activity. If you are keeping the phone as a secondary device without sensitive information I don't see why not. Do note that there is minority of apps such as certain banking applications that won't run on LineageOS but anything else is fine

    Does anyone have good enough understanding of the Android security model to say if LineageOS would not be desireable to install over stock OS (even if outdated), like the apparent lack of verified boot?

    It will be highly insecure without many of the High/Critical severity patches regardless since it still lacks firmware/driver updates with an alternate OS. Security patches are more important than verified boot, but LineageOS can't provide you with all the security patches and loses more security features/properties than verified boot. There is no good answer.

    jackFang It's highly insecure without many of the important security patches regardless. It's best to stop using end-of-life devices, including avoiding the extended support releases of GrapheneOS.

        • [deleted]

        • Post #6

        Due to the partial newer patches and reduced attack surface by Lineage not including the massive amounts of outdated stock apps on the Stock OS, it should be an improvement.

          GrapheneOS yep, LineageOS in 2024 might not be the best choice with regards to security, but thats the best you can get on non pixel phone? I plan to use gos for anything critical

              I'm gonna deviate a little, and not talk about a purely security perspective as you wanted, but I'm gonna say that you have to identify you threat model and — maybe more importantly in this case — the use case. If you do not put absolutely anything of value on that phone, like not even an account like Spotify, and use it only for offline o anonymous services (like AntennaPod for podcasts, for example), that carry little to no personally linkable information, maybe you are more interested in privacy, and I'm gonna say that you should install a more privacy-respecting OS like Lineage (or better sill DivestOS, based on Lineage, but sadly there is no build for the S10; if you know how to implement the propiertary blob, you could compile it for yourself).

              Samsung is one of the worst companies in terms of privacy, as they record and store every tap, movement or request you make on you phone, including your voice, your location, your clipboard, your IP, etc.; literally everything (it's written in their EULA and their privacy policy, I'm not making up anything).

              So if you use it just like an iPod on steroids, maybe sacrificing some security for better privacy is worth it. But I should stress again that you think carefully about your use case, your threat model, and make sure not to put any remotely exploitable information about you, your life, or the life of the people you know (family and friends) on that thing. I do agree with the official GrapheneOS reply here — and frabkly no one could disagree, as they are the only true experts here —, so try to not use end-of-life device and, if you have the means, I suggest you invest a little to gain so much in terms of usability, security and freedom.

              jackFang [deleted] LineageOS on an end-of-life device is highly insecure and lacks basic privacy. It doesn't qualify to even be on a list of reasonable options for privacy and security. You do not have basic privacy/security patches, failing the most bare minimum requirement. The next best option after GrapheneOS for privacy and security is an iPhone, not an insecure OS rolling back security from AOSP on an end-of-life device where they can't provide anywhere close to full privacy/security patches...

                  This thread is attracting harmful advice and inaccurate claims so it has been locked.