Hey guys, I’m looking into buying a refurbished Google Pixel 5 (I have couple of options between amazon and other stores), however I’m not entirely sure about the longevity of a refurbished phone.
Positive reviews are often left by people who just bought the phone, but most of the negative reviews I found were from people who used it for more than couple of months and it concerns me.
Price is good, I’m looking specifically into a Pixel 5 because of the size which is much smaller than my Galaxy Note 9 that I find really uncomfortable to use.
Thank you!
Am I naïve for thinking that manufacturers stopping support for devices, then claiming it affects your safety, is just to sell more phones?
I always buy refurbished, currently running an S9 and I’m not even sure if it’s still supported. Recently retired a Nexus 10 from 2012 and had zero security issues in a dozen years
Yes you are.
Vulnerabilities are constantly being found in the software stack used by Android, if you are running vulnerable software you’re increasing the likelihood of some malicious app (or website, file, etc…) taking advantage of the vulnerability. The consequences of vulnerability vary from being able to fingerprint your device when it’s not supposed, to escalateling privileges to root or even kernel mode. Although the later are significantly rarer.
That you know of… If the vulnerability is successfully exploited, the likelihood of you noticing are close to zero.
You could always flash a custom ROM to install the latest security patches, but you would still be missing the security updates for all the closed source components (such as the bootloader, device drivers, etc…). Not to mention all the security implications (good or bad) that comes with installing custom ROMs.
I’ll not pretend I understand the consequences 😂
What does that mean for the average user?
From tracking your to full access of your phone and capable of doing anything without you knowing it or lifting a finger.
Tracking me happens all the time. Also I’m old but tech savvy so I’d know if someone had any access to my phone.
I’m still not sure what I should worry about?
This is really a bold claim. How or why makes you so sure of that?
If the attacker/app manages to get some application running in the background as root, how would you know that they had access to your phone?
To expand on the points mentioned above as well, although you may not be concerned by someone tracking your phone, something like root access is a concern. When the other commenter mentioned someone having access to your phone, it doesn’t mean unlocking the screen and moving it around, it means they have the ability to run commands at the highest privilege level at which point, an attacker can do basically anything.
Find ways to export biometrics? Idk, probably, set it up to forward all requests to a man in the middle server? Almost certainly.
To say “if I can’t see it, it can’t be compromised” is definitely a naïve stance in my opinion. Whether this is being done intentionally by companies to sell more phones? Well… I don’t think many people would argue the contrary
A good example though for iphones is an sma that triggers an exploit that escalates access and allows the entity to install their software that monitors and controls your phone is possible. It even deletes the test. So the end user does not know. It’s used and purchased by governments. I’m sure there are 0 days on Android that would do similarly.
They could steal all of your logins. This includes things like bank accounts. Your phone could be used as part of a botnet to commit criminal acts. They could shorten your battery life and use up your data plan by mining crypto in the background. You know, just like any other compromised computer.
I don’t know about selling more phones, but it’s definitely a profit angle. I’m not sure if using a phone without security updates for that long is a good idea. It’s one of those it works until it doesn’t, and you’ll be regretting it very much when it doesn’t.