Safe alternative uses of a GrapheneOS device after retiring as a phone

Artn

Uses for an old Pixel device with GrapheneOS:
After EOL was announced for my barbet (5a) and the device was out of support by the project, I was wondering what safe uses of an old smartphone are to reduce electronic waste and extend the device’s useful life. I would like to discuss what unsupported Pixel devices on GrapheneOS can be used for with conservation in mind.
Is it a bad practice to use an unsupported device for any purpose? Can it be used in specific general scenarios?
Here are examples of what I use the old barbet for after a factory reset, removing\erasing the SIM card, and switching to lynx:
Profile 1) Outdoor: Offline maps and navigation for cycling. I can forget the device on my bike without worries; every app is disabled, and there is no media/info except the maps and locations.
Profile 2) Home: An offline media player connected to a BT speaker with almost all the storage for MP3 files.
Profile 3) Testing: I have a restricted profile with phone/SMS access off, and I use it for testing apps for older devices.
Do you consider such use cases safe? Is it encouraged to keep using older devices for specific use cases?

N1b

Artn I get your idea and was on the same page a while ago with my Pixel 3a (RIP). Good (official) answers are here and here.

You obviously did some research and threat modeling already. Personally I would be okay with your profile 1 and 2, but not 3. Connecting an insecure device to the internet or mobile network comes with lots of risks. For offline use (and offline updating maps in profile 1) it might be safe enough, but that's for you to decide. What's the worst case if all data became public information and a threat actor had full control over your device?

I'm not speaking for the project. And it's likely you'll get recommendations against even offline use from far more educated people than me.

Overlay1404

Artn Is it encouraged to keep using older devices for specific use cases?

no. its the opposite. its encouraged to not use EOL devices.

Artn I was wondering what safe uses of an old smartphone are to reduce electronic waste and extend the device’s useful life.

I think this is very much threat model dependent but, my guess would be most things you can accomplish while in airplane mode would be acceptable.

Since the phone is already a security and privacy risk just by being EOL, you would probably want to reflash it, just to be sure no data of value is on it before using the phone.

GrouchyGrape

Artn yeah it's tough to find the balance between e waste reduction and a more security conscious posture. Between your three proposals, I like Profile 1 the best. Obviously this depends on your threat model, but I think the vast majority of us would be just fine with a ALWAYS offline navigation device like this. As long as you understand the implications of full device compromise (let's assume the worst) and you're ok with that, then I imagine you're fine.

DeletedUser237

Artn If you can isolate the device from your 'main' network with vlans yeah I don't see a reason why not. Just treat it as a compromised one and don't allow any inbound traffic from it to your other vlans.

Artn

N1b Profile 3 is offline, installing and testing is done through adb.
Thank you for linking the two posts; I searched for similar topics but could not find them with the keywords I was searching for.
It seems the project's primary concern regarding using older devices is people using the phone as a regular phone in a production environment.
However, I aim to open the discussion for using an old device with remotely exploitable OS/firmware.
In some cases, like Profile no 1 and 2, it can benefit by keeping the main phone more secure and private.
An actual real-world benefit is possibly the fact that BT address is non-randomized, so using the old device as a BT device and turning off the BT device on the newer, supported device is going to enhance, rather than degrade, the security and privacy of the user.
Not to mention that an offline GrapheneOS device is possibly much more secure than any other alternative out-of-support-device with updates.

Artn

Overlay1404 I agree that for a general user it completely out of question to use the EOL device.
The long term GrapheneOS user however, is probably using their 2nd or 3rd phone with GrapheneOS, with usable and working EOL devices. Then for these users who are probably security-aware, the question is if those old devices can be used in scenarios where it would enhance the security of the main phone.
I know the following additional example is a very rare use case, but an offline EOL GrapheneOS device is a very easy-to use, OS-agnostic encrypted flash drive, specifically if used within a specific password protected profile: It is encrypted, not accessible unless unlocked, and provides 100+GB of secure storage, which can be wiped in a few clicks by just removing the profile.

Overlay1404

DeletedUser127

I agree which is why I said

Overlay1404 I think this is very much threat model dependent but, my guess would be most things you can accomplish while in airplane mode would be acceptable.

I was just a bit confused by @Artn comments. I am also not sure using your EOL phone for a different purpose is better then just getting a device built for that purpose, assuming budget allows.

mrket

Artn Profile 3 is offline, installing and testing is done through adb.

You can't trust the device to remain offline in this scenario, a malicious app could potentially find a way to bypass this, and on an EOL device an issue like this won't be patched.

Overlay1404

Artn GrapheneOS user however, is probably using their 2nd or 3rd phone with GrapheneOS, with usable and working EOL devices

I don't understand what you mean. Are you saying you think the typical GOS users has 3 phones and two of them are EOL devices that are still being used?

Artn Then for these users who are probably security-aware, the question is if those old devices can be used in scenarios where it would enhance the security of the main phone.

In what scenario would an end of life phone, that does not get security updates, improve security?

Artn but an offline EOL GrapheneOS device is a very easy-to use, OS-agnostic encrypted flash drive, specifically if used within a specific password protected profile

If your not using your phone as a phone, its kind of a different discussion.

DeletedUser127

Overlay1404 this is the whole point for offline use of EOL devices. Pretty much all vulnerabilities or attacks are network based.

Artn

Overlay1404 I don't understand what you mean. Are you saying you think the typical GOS users has 3 phones and two of them are EOL devices that are still being used?

What I meant was that a long-term GOS user (which at this point lets assume 5+ years as long term) is expected to own an older Pixel device which is EOL.

Artn

Overlay1404 True, "safe alternative uses of a GrapheneOS device after retiring as a phone" would be a better title.

Artn

DeletedUser127 I opened the discussion to get others views on use cases, for example, the offline USB storage usage can be considered unsafe as soon as devices with the update to 2022 also be vulnerable to something like Cellebrite:
https://discuss.grapheneos.org/d/14344-cellebrite-premium-july-2024-documentation

another example here:

mrket You can't trust the device to remain offline in this scenario, a malicious app could potentially find a way to bypass this, and on an EOL device an issue like this won't be patched.

So the question is not IF, but which use cases are safe.

DeletedUser64

Once my current 6a is replaced, whenever that is, I will personally destroy it. There will be no alternative use for it.

Eirikr70

I think I will use an old Android phone as an offline map and navigation device. Thanks for the insight !

Viewpoint0232

With some banks starting to ban GrapheneOS (like Revolut tried and Starling before them) or soon enforcing stronger Play Integrity that "custom ROMs" (I hate that term) can't pass - all while they have no problem supporting ancient insecure phones still running Android 8 and the like - I would be almost tempted to flash back the stock OS and use it for those banking apps that don't support GrapheneOS, out of spite.

"But it's insecure! Why would you do online banking on a phone that doesn't get security updates any more?"

Well, it seems like some of these banks deem an old unsupported Android phone secure enough to run their app, in fact more secure than the newest Pixel running GrapheneOS; so who am I to doubt their judgement? I am but a clueless average consumer with no interest or knowledge in technology. And if my bank also doesn't support any other ways of authenticating me for online banking (e.g. a hardware TAN generator or even a good old SMS TAN), then what other choice is there really? (except for changing the bank of course) Besides, in my country (UK) the law pretty much makes it the banks' responsibility to reimburse customers that were hacked or phished. So it's really not my problem if my bank wants me to use a Pixel 4 with stock OS rather than a Pixel 9 with GrapheneOS.

Even more so if it's just the McDonald's app rather than a bank!

(Note: this post might contain traces of cynicism, I don't need a lecture on why I shouldn't actually bank on an insecure device)

dregrinfuces

I use my old phones as clocks.

Artn

Here are use cases that I think are secure:
1) USB flash drive with encrypted storage: as long as commercial companies can not unlock the phone, for example:
https://discuss.grapheneos.org/d/14344-cellebrite-premium-july-2024-documentation
2) NFC and QR code loyalty card storage and retrieval
3) Offline (airplane mode) GPS device with maps.
4) Offline (airplane mode) BT device for playing music and controlling/syncing BT smart devices.

Here are some use cases that are NOT secure anymore:
1) Going online or using the device as a phone with data connection
2) Using the device as a tethering modem (both Wireless and USB)
3) Using the device for social platforms.
4) Using the device for banking apps.

Here are some use cases I would like to have the community feedback:
1) Using the device on local network (i.e. controlling smart home and connecting to home assistant).
2) Using the device in guest mode if a friend asks for a phone to look up something.
3) Using the device for compatibility testing own applications for the general non-GOS community on older Android versions.

de0u

Artn If the device were comprised, and a remote malefactor were able to communicate with the home assistant and control smart devices in the home, would that be acceptable?

Would it be acceptable if a remote malefactor were able to use the device to listen to conversations in the home?

Airplane mode is arguably not enough if the device has access to a Wi-Fi network (including credentials).

DeletedUser237

de0u I think you're overthinking this a bit, for a device that would 'just' be a more powerful raspi controlling home assistant it would have to be exposed to internet to be popped.. Obviously it could happen that it would pull a malicious update to some app or be compromised via some sophisticated TA who would pop their router first, but honestly just treat it as any IoT and put it in separate vlan with no traffic allowed to be initiated to your internal network and it's good to go.