←back to thread

Google confirms Android attacks; no fix for most Samsung users

(www.forbes.com)
208 points mohi-kalantari | 3 comments | 08 Dec 25 16:32 UTC | HN request time: 0.016s | source
Show context
xnx ◴[08 Dec 25 17:09 UTC] No.46194816[source]
No fix yet for Samsung. Being reliant on the hardware manufacturer (or network operator?) for OS updates is the crazy world we live in.
replies(4): >>46194950 #>>46195302 #>>46196592 #>>46197233 #
bigbadfeline ◴[08 Dec 25 17:45 UTC] No.46195302[source]
> Being reliant on the hardware manufacturer (or network operator?) for OS updates is the crazy world we live in.

Being reliant on a single OS permanently nailed to the hardware is no less crazier. I'd like to be able to install another OS on a vulnerable device, it would help tremendously and not only with the security of that specific device.

Now I've got some expensive paperweights that I can't even use as such because every time I see them I have the urge to throw them in the trash can.

Provide a way to unlock the phones and a standard BSP, it should be the law.

replies(4): >>46195806 #>>46196802 #>>46197622 #>>46198025 #
chasil ◴[08 Dec 25 19:55 UTC] No.46196802[source]
If you are buying now, you want a device on a v5 Linux kernel with BPF support, where the bootloader can be unlocked and VoLTE is implemented in the 3rd-party ROM.

LineageOS has a build roster of current devices at this URL:

https://lineageos.org/Changelog-30/

The Pixels are the most flexible, but don't buy a model from Verizon (they don't allow unlocked bootloaders).

Most other OEMs require you to generate an unlock token and send it to them, then wait a week, which is extrememly inconvenient (and sometimes they just stop and refuse, as I understand OnePlus has).

If you want a locked bootloader at the end of the process for security, then you will be on a later Pixel with Graphene.

replies(1): >>46197512 #
askvictor ◴[08 Dec 25 20:52 UTC] No.46197512[source]
Unfortunately, even with the best after-market support, banking apps and/or contactless payments becomes a cat-and-mouse game, that, even if it works, can stop working at the drop of a hat.
replies(1): >>46197695 #
1. chasil ◴[08 Dec 25 21:11 UTC] No.46197695[source]
I can tell you that Wells Fargo works both on Lineage with Mind the Gapps, and Graphene with the Play store installed. I have it on my OnePlus 5 and Pixel 6a.

I understand that most U.S. banking apps work on Graphene.

As far as contactless payments, try a Pixel watch. I understand that it is entirely separate from the phone.

replies(1): >>46197910 #
2. tadfisher ◴[08 Dec 25 21:31 UTC] No.46197910[source]
Provisioning payment cards on your watch without being able to run the phone app will be quite a challenge, however!
replies(1): >>46197955 #
3. chasil ◴[08 Dec 25 21:35 UTC] No.46197955[source]
I have never tried this, as I am happier with RFID on my individual credit cards.

However, Google Pay will certainly run on my Lineage OnePlus 5. It will not provision localhost, but I am guessing that it will provision a watch.

I would go buy the parts and try it just to know, but I doubt interest would remain here by the time I assembled everything.

Edit: Graphene has a page on this subject, and Garmin appears to be the best option.

https://discuss.grapheneos.org/d/1040-compatibility-with-sma...