I imagine the community here will frown but, I'm considering installing GrapheneOS on the refurbished Pixel 4 I just bought..

What are the practical implications of using a device that doesn't have production support and isn't receiving security updates?

For argument's sake, what if I was still using a Pixel 4 with GrapheneOS in 2025? Would it be any less secure than just running stock Android on it? How else would it be different?

And if I do go this route, what would be some things to keep in mind to ensure things are relatively secure (apart from 'don't click random links')?

I'm privacy/security conscious but I'm a light user in general and don't use my phone for anything critical (I think I've been using the same 10 apps for 5-10 years - podcasts, IM, weather, etc).

It's a pity the current generation devices aren't smaller...

    I don't have permission to edit.. I wanted to say: I realise my post kinda defeats the whole point of the project, but I'm guessing there are many people using Pixels that are EOL, so maybe it's worth addressing the question a bit more thoroughly, shrug.

    I have a Pixel 4a5g, which is supported until the end of the year.
    And I might run it without support for another year or two. You could install DivestOS but I don't want to install all my apps again and manually restore all backups and appdata...

    I should mention that I ran an old xiaomi device beforehand with LineageOS, also no updates for a long time.
    Sure, developers have to tell you that it is insecure and not recommended, but running a stock phone without updates doesn't make it better :)
    Maybe there will be some "emergency" update if google decides to push an update after EOL.

    But I assume this kind of conversation is not wanted for obvious reasons...

    • [deleted]

    • Post #4
    • Edited

    The Pixel 6 and 7 series have some substantial advantages over any other Pixel device, and the Pixel 8 series will introduce even more substantial privacy and security advantages.

    I would advise everyone to use a Pixel 6 or 7, or ideally wait for a Pixel 8, and avoid anything EOL or with extended support releases.

    Would it help if we reframed it? What if it were an aircraft? Fully operational, nothing visibly wrong, but one that is no longer maintained? How many months would it be before you'd refuse to board?

    Or how about something less dire: you find an overlooked package of ham at the back of your fridge. It looks and smell fine but it's 6 weeks expired. Would you make a sandwich with it?

    What happens in 2025? Would you be just postponing inevitable while feeling inadequate/compromised the entire time? (P7a EOL is mid-2028).

    You're here, implying you've considered questions regarding privacy/security. And even though spending money on a new phone could be quite demotivating to many, I see the options as either doing it "right" with 7a+GOS or later, or, not having a phone.

    Here's Naomi: yewtu.be/watch?v=c48mGsFyCjw

    First point. Quite poignant.

    Consider that her interviewee's advice is to folks with run-of-the-mill tech, not those with any interest beyond lowest denominator.

    Hope this helps you decide!

      [deleted] You're here, implying you've considered questions regarding privacy/security. And even though spending money on a new phone could be quite demotivating to many, I see the options as either doing it "right" with 7a+GOS or later, or, not having a phone.

      That's not correct. Any not EOL Pixel device is good.

          [deleted]

          Lukas, you're helpful and knowledgeable, but can you please read between the lines?
          Are you suggesting getting P4a? Yes, it's technically good for another two months, but makes for a poor advice.

          We don't need 15 page essays covering everything. 7a is an excellent (best?) balance of life-left and cost. I interpreted OP's question as cost being of possible concern.

              [deleted] I didn't read that correctly. That's a mistake from my end.

                widget
                If you already have a device and want to try out grapheneos then sure . but I wouldn't but one at this point .
                I have a 4a for testing no sensitive data and when its eol it will still be used for basic browsing or maybe another os . but I wouldn't think of it being a device to depend on .

                    • [deleted]

                    • Post #10
                    • Edited

                    Skyway Especially when you can get a used Pixel 6a for like 200 euros.

                    I especially like the ones that have something like cracked back or some other damage that could be just hidden by the case because you can get these kinds of phones for dirt cheap and they're fully functional.

                      [deleted]

                      I appreciate what you're saying. (I watched the first couple of minute of that video, will watch the rest in a bit.)

                      The airplane analogy falls flat though - I don't view compromised WhatsApp activity as being a matter of life/death.

                      I knew it was a stupid question to begin with :) I think I was just looking for some affirmation ("you'll be fine man, I still use my Pixel 2, just don't do any banking or install any dubious apps").

                          • [deleted]

                          • Post #12
                          • Edited

                          widget We're telling you what you need to hear, not what you want to hear :)

                            • [deleted]

                            • Post #13
                            • Edited

                            @widget But if you're still going to use an EOL phone, then using GrapheneOS is an improvement.

                            • [deleted]

                            • Post #14

                            widget I used a Pixel 3 EOL for a few months until the 7 came out. In my case, running EOL Graphene was better than dealing with OnePlus running 2 Android versions behind and getting security updates every other month. 🙄 You have to figure out the best balance for you in terms of cost and threat model. Pixels ain't free.

                            That said, you'll consistently get recommendations here for a 6+ as this is a security focused community. The key reason is the 5 years of security updates vs 3 years on the 4/5, though there are many others. Thanks to Advanced Memory Protection, the 8 will be more secure than the 6/7 series when released.