Keeping a device after its EOL date

nandohyphen1

Just a quick question. Is it fine to keep a device after its EOL date and continue using it daily? I know it gets less secure since theres no more updates, but if I have a low threat model, does it really hurt to keep the device for 1-2 years longer after EOL? My Pixel 6a reaches EOL in 2027, so thats why I'm asking. Not a huge deal, just curious if its fine to continue using the phone if my threat model is low and its still working fine.

Sigismund

nandohyphen1 It depends. Obviously from strict security point of view you should replace it before it reaches EOL. Having said that one have to also consider other factors at play here, one of them as you properly mentioned is the potential threat model. But this also needs to account for attacks not aimed specifically at you, watering hole attacks etc.

To give some pointers (as I am not going to give you a definitive answer here) is to consider your habits, network hygiene and how probable is that you will be hit by collateral damage during your EOL time. To account for it, one may limit the sensitivity of data held on and/or actions taken on said device.

Novalissoide

nandohyphen1
https://discuss.grapheneos.org/d/19457-safe-alternative-uses-of-a-grapheneos-device-after-retiring-as-a-phone

nandohyphen1

Sigismund DeletedUser495 LeslieFH thanks for the replies. I'm glad to get everyone's opinions on this! Like @DeletedUser495 said, using it offline is actually something I never thought of and is a pretty good idea. Now I can have an iPod Touch - but GrapheneOS. :)
Novalissoide I agree. My plan is for sure to look for a new phone by then, I was just curious as to weather or not my 6a will still be worth keeping/using for minor things. I honestly think it would actually make a good dash camera after EOL, since I can devote all it's storage to videos. Or possibly a music player. :)

DeletedUser495

sensitivity of data held on and/or actions

Yes, this is the important factor here. I would use EOL device strictly offline, this doesn't mean it doesn't have a lot of potential uses.

LeslieFH

With a low threat model, I'd feel fine using the device past EOL for some time, the privacy gains of using GOS are significant even with no more security updates.

Novalissoide

Fellow P6a here. Since we've got well over a year worth of looking for a newer device, the lookahead for july 2027 shouln't be about keeping it past Eol. The only rationale would be if you really cannot afford any newer device, including any used, but newer pixel you've looked up.

DeletedUser499

May use it as a Briar mailbox.

tumbord

good question. i do wonder too, if the oem updates will cease immediately on EOL, as the table speaks of "minimum oem support".
is this just marketing talk or are there examples of google extending security fixed even after eol?