Hi,

My pixel 4a battery is dying a little faster everyday, and so I'll soon have to replace it, but the size is just perfect for me, and I can't bring myself to buy a bigger phone unless it is really necessary (I gifted a 7a to a close one, all set with GOS, and it just feels big & heavy...).

I know that 4a and 5a are both end of life for Google, but they are still receiving extended support for GOS. From my understanding (and I'm no expert!), the phones being end of life mostly means that it no longer receive hardware/software update, which can be a security issue (the drivers being a major vulnerability?). In my case my threat model is pretty 'soft', I mostly care about not having my data sold or used to fingerprint me, and I want to communicate as privately as possible with my friends and family (so far, none of them have moved to SimpleX, so Signal remains my main app for chatting).

I feel like in this case, going for the 5a is not such a bad idea, but since I'm no expert, I felt like I coule learn a thing or two by asking for advice here!

Cheers and thank you for your help,

    Please don't buy a 5a, it'll be end of life extremely soon and will start getting progressively more insecure.

    With time, on top of mounting insecurity, it will also stop receiving new GrapheneOS features (as is the case for 4th gen Pixels at the moment), and core functionality might also eventually break, such as sandboxed Google Play, due to lack of the compatibility layer updates.

    Please see https://grapheneos.org/faq#recommended-devices. A used 6a or 7a might be reasonably affordable for you if budget is a concern, and those still have years of support left to go.

      Msanders

      Do not get q 5a. Try to get a 6a if you're going for an older Pixel. It's actually smaller than the 5a, IIRC and you'd be getting an actual (and quite robust) upgrade in a 6a with the 1st gen Tensor. That is a big deal. Google updgraded the janky fingerprint sensor from 6 and 6Pro for the 6a, to boot.

      The 5a would save you a few Andrew Jackson's (is he still on the $20? I only have $1s, myself) but it's worth it to go 6a. With a 6a, you'll have security updates thru Summer of '27.

      With the pixel 9 out in a few weeks, so many suppliers have deals on 7 and 8 series better than the 6s.

      5a is the most comfortable phone I have ever had. It has reliability issues: easily broken screen. Nonetheless I love it and shall keep it.

      I cannot recommend it, because it goes EOS for Graphene in a couple months. If you want one and don't mind its being EOS, it is a delight from the point of view of usability.

      The only situation where I would even consider buying a Pixel 5a is if I needed a backup phone, and in that case I would be using DivestOS on it. No way would I daily drive it. The security risks, especially with long-term use, aren't worth it for me.

      matchboxbananasynergy and core functionality might also eventually break, such as sandboxed Google Play, due to lack of the compatibility layer updates

      But App Store provides GmsCompatConfig updates? Or does it specifically stop letting EoL devices download app updates?

      Anyway the 7a really wasn't that much bigger than the 4a for me...

        Ammako GmsCompatConfig is a small configuration text file that allows to ship updates for some specific things about the compatibility layer.

        A lot of the time, however, updates are needed to GmsCmpat that cannot be shipped via GmsCompatConfig, and therefore require an OS update.

        I have a 5a and I wonder what the actual security risks are. What entry point(s) would there be for compromise of the security? I realize this may be off-topic and may have been addressed elsewhere.

          IHD I have a 5a and I wonder what the actual security risks are. What entry point(s) would there be for compromise of the security?

          The obvious case is remote code execution (RCE) vulnerabilities in the firmware (baseband, Wi-Fi, Bluetooth, GPU).

          Pixel firmware RCE bugs have been found, reported to Google, announced, and patched in the past (2023 example). If somebody finds an RCE bug in 5a firmware now, Google is unlikely to track and fix it, so the vulnerability may well be sold to a zero-day market. If that happens, affected users will not get timely notice they're vulnerable and will not get a patch.

          Once firmware support is over it is prudent to assume that nasty people are secretly building up a portfolio of exploits for bugs that are present and will never be fixed. There is no way to predict exactly how vulnerable a device will be on any given day, but the risk level starts climbing the day firmware support expires.

          Thank you! Excellent answer. I need to plan on when I can afford to move past the 5a.

          • de0u replied to this.

            IHD I need to plan on when I can afford to move past the 5a.

            A gently-used 6a might be a good value, and has almost three years of support remaining.

            • IHD likes this.
            19 days later

            I can't edit the initial message, but I wanted to apologize for the delayed answer, some personal events prevented me from answering earlier.

            Thank you all for your answers, with the Pixel 9 being out now, I will be keeping a eye on deals for Pixel 8. It is significantly bigger than the 4a, but you all made it clear than keeping it is a pretty bad idea. I have checked the 6 & 7 as well, but the 8 seems better than these to, and most importantly the 8 will get 6 years support for android & security updates.