bradboimler

I would have gotten a 3rd party device but had to opt for the steam deck because of tracpads if it has no tracpads I am not buying it because allot of my games require tracpads.

I guess I sell it when I'm done or my kids get it just depends.

Understandable I keep my phones for 2 years only, 1 year now with my 7a just had to replace a cracked screen and installed a new battery so good for another year.

So after more research linage OS and calyx only allow Micro G apps to spoof and the verify via the app signature key the are signed with to verify this is the only way LinageOS would agree to adding micro G support so it is secure but still makes me feel unsafe at least to me just my opinion but yes it can be done securely I would use Linage OS with Micro G if the supported relocking the bootloader I know pixels support this but requires you to build your own version from source of linage and the sign your device with your own key that you also sign your build with as well I think I'll stick with GrapheneOS.

So never go to Ohio got it.

Then buy a newer one with longer support this will always be a issue since the support window is the same as Google. Once a manufacturer stops updating drivers and device firmware the said device can no longer effectively be secure because any exploit in the drivers or firmware will forever go unfixed compromisimg the devices security. Doesn't matter what devices you buy this will always be the case it just depends on what your personal threat model is.

Correct but GOS reverses alot of Google patches like always on voice requires kernel privalage it is disabled on GOS etc. But kernel level signature spoofing gives way for a malicious app to spoof as micro g and infect your device and you would never know because micro g requires the same thing to function it is making itself look like Google when it is not google. So using microg opens your device up to allot more ways for it to be compromised and also makes it harder to detect or notice once it is compromised. For me the security risk of kernel level spoofing is way to high to use on a production device used everyday. Also I trust neither Google or microg I only use Foss apps I don't have Sandboxed play services installed at all I just don't use Google anymore.

No because the data is encrypted especially on Graphene OS and even on stock pixel phones data at rest is fully encrypted and pixel phones also have a onboard security chip as well. So unless you can unlock the user data it would be useless. That is why a locked bootloader is so important it is needed to ensure at rest encryption its a requirement for it.

It could be included as both with a unlocked bootloader all user data could be easily retrived with physical access to device.

So contactless is still broken and that is because it is signed by a certificate granted by Google GOS does not have this cert so contactless is. Broken Unless your bank has thier own implementation then it may work. Also if the app your using comes from the play store you must have sandboxdd play services installed or. Yes you are correct notifications will be broken as it relies on play services for them to work but if you use play services sandboxed everything should work minus any app that enforces play services integrity check..

I use GOS and agree with you completely some of the things GOS has done and said in the past should have never happened and hurt GOS more than it helped it. Also on the micro G front You are correct still being debated but as long as Micro G is signature spoofing it is my opinion it is not secure as signature spoofing requires kernel changes that in fact weaken Android's security model.