The write-up is excellent! Well worth the read for anyone operating at the hardware-software interface coal-face.
A security researcher has turned up new ways to silently hijack and infect Android devices via malicious Wi-Fi packets over the air. Scotty Bauer, a Linux kernel developer, described in detail on Monday how he found a bunch of exploitable programming blunders in the qcacld Wi-Fi driver that supports Qualcomm Atheros chipsets. …
please can I have a patch for my phone? Tnx.
Dear Reg readers... is there ANY brand of <200quid phones that actually provides long term (> 2year) patch support?
Or, put another way, what are the chances of me ending up with a non-bricked, fully-functional phone if I try installing lineageOS on it?
"Dear Reg readers... is there ANY brand of <200quid phones that actually provides long term (> 2year) patch support?"
Any phone officially supported by lineageOS will likely have longer term patch support. In terms of <200quid phone, there are a number of brands that have phones at that price like asus, sony, LG, xiaomi, etc. It'll be better to search it yourself. If you can't decide, start searching from their second to first recent released phone.
"Or, put another way, what are the chances of me ending up with a non-bricked, fully-functional phone if I try installing lineageOS on it?"
If you picked a phone from the lineageOS official support list, then you'll have the highest chance of getting a non-bricked near fully-functional lineageOS rom. Otherwise, if you find your phone under xda-developers with threads of users tested the rom, then you'll have the second highest chance of getting a non-bricked near fully-functional lineageOS / custom rom. If you search around and only found one thread, a video or a website with a lineageOS / custom rom link, unless it gave you clear instruction, it'll have the lowest chance of not bricking your phone OS (if you didn't physically break the phone, you can reflash and try another rom).
*near fully-functional because some developers will tell you some roms have known-issues.
Since it sounds like you haven't flashed a lineageOS before, here are a few key tips if you are interested in flashing lineageOS / custom rom.
- Unlock bootloader - Most OEM locks your phone so your phone can only install their rom. Unlocking it is required to install lineageOS and other custom rom. Different phone has different ways to unlock them. Search them first.
- Phone driver - some phones require specific driver to be recognized by a PC before installing/ booting a custom recovery. Some phones may need it. Search them next.
- Custom recovery - this is a different recovery from the OEM recovery, and it let's you wipe your phone and flash your firmware, lineageOS rom, root manager, and gapps. One known custom recovery is twrp recovery. Search for the device specific custom recovery should it be required.
- rooting - this is to get admin right of phone. LineageOS should now come with it, but you'll need a "root manager" like Magisk to manager your apps for root. Most root manager needs to be flash in custom recovery and some need the apk installed afterward for it to work.
- gapps - this is a google apps bundle. The bundle is device cpu specific and will not flash if you downloaded the wrong one. The bare minimum is gapps pico. This is optional for lineageOS but you might need it if you use google apps and apps that dependent on google api.
- backups - if you haven't backed up before flashing lineageOS, well... do it now. Google backup only goes so far in terms of phone backup, so do test the backups before wiping the phone.
tl;dr research lineageOS rom ahead to ensure no phone brick.
But if I want to buy a new/recent phone, how will I know whether lineageOS will eventually support it? There are (eg) lots of Moto phones suppported atm, but if I decide to buy a G5 it looks as if I'll just have to buy and hope! AFAICS each different generation seems to have a randomly chosen chipset/cpu, so it's not even like I can say "ah, the G5 seems to have a similar chipset to the G4, so it's a good bet I'll be ok"
No, you have to spend money to get support. Software support is expensive (but you could argue they are getting the OS for free and should have diverted savings to software support)
Premium Sony (not the mid range)
These all get monthly or bi montly patches.
Does anyone know if there's ever been an attempt to force long term support through consumer rights? Could security bugs be classed as a defective product, giving (in theory) six years to claim. I don't know if there's any actual legal grounds for it, but it would be interesting to pursue, and would have the added benefit of making electronics firms take security seriously.
@Dr Mantis Toboggan, price has nothing to do with it. Even the Samsung Galaxy devices we have, which are premium devices, lag seriously behind.
None of the devices we have, have received Oreo yet and the "best" devices have a patch level from Nougat August 2017... That's 3 months of patches out of date, including no KRACK patch.
"is there ANY brand of <200quid phones that actually provides long term (> 2year) patch support?"
Well depending on how you want to interpret "ANY" there is, well was. I bought my Microsoft 640XL for £122 at the end of June 2015. It got its last feature update in April 2017. It will continue to get monthly support patches till 11th June 2019. So monthly patches for a couple of weeks under 4 years.
Microsoft managed to cock up a lot of things with their phone offering but they got the patching side right.
Amazon will sell you a used Samsung S5 in good nick for considerably less than 200 quid. (Other tat-vendors are available...) The S5 is one of the most widely used phones with Lineage (https://www.lineageoslog.com/statistics) so it won't just be you if something goes wrong. You don't have to root the phone (https://wiki.lineageos.org/devices/klte/install). If you are particularly doubtful of the procedure, you could try it on an even older phone. The S4 Mini is about a third of the price and also works OK.
I'm citing these two Samsungs because I've actually done it with them. (I haven't looked back.) It shouldn't be taken as an endorsement of Samsung. (I put Lineage on because Samsung's support was so crap.) A glance at the stats will show that other brands also have thousands of users out there and your current handset may even be among them.
Edit: If you do switch, give some thought to how you will transfer things like address books and saved media/messages/etc. Mostly these aren't terribly difficult as long as you plan ahead but are obviously nigh-on impossible after you've nuked the old contents of your storage. :)
If only someone had the foresight to engineer a system where signed driver and system patches could be applied to existing devices, without needing to affect any OEM specific bits.
I mean you'd think by this stage some sort of proper update system might have been added, it's not like they haven't existed for years.
Though I guess if forced obsolescence is your goal this isn't exactly a priority.
We need a FSF phone OS that works on all phones => problem solved. Ideally, the system would have some sort of hardware detector to activate drivers ... I mean GNU/Linux does it quite nicely, we need that for phone OS' and I do not care if it is android based, it HAS TO BE FSF so we can apply patches as we see fit ... just like GNU/Linux.
EDIT: so miffed I originally wrote FFS iso FSF ...