I use an old LG V20 that I bought in 2017 (by then it was already succeeded by the V30). It runs android 8. Everybody now tells me that it’s not safe. I get the thing with security patches and all that stuff but I really hate it to throw away a phone that’s fully functional. When I searched the internet about the actual dangers everything was about “could be” “vulnerable to” etc but I couldn’t find anything comparable to the dangers of security issues on a pc. No one was ever locked out of their phone, no reports about someone who lost his google account or whatever. Everything was about what could happen but there was nothing about anything that actually did happen.
Don’t get me wrong: I don’t want to be stubborn and I don’t want to claim that everything about security is just a conspiracy to make more money with new phones. I’m just very much against producing electronic waste and I don’t see a concrete danger if I don’t update.
Any help here? Opinions? I really try to make up my mind here but I don’t find the information I need.
Even the German ministry for security in IT says I shall update but doesn’t elaborate on it.
Guess it depends on what you’re doing on it. A 6-year-old phone probably hasn’t been getting security updates for awhile. Maybe consider doing your banking and keeping your collection of “selfies” on another more secure device.
If you’re just making calls and listening to music on it, I don’t imagine it matters much how old it is.
It’s the usual stuff: Email, Fotos, Signal, some shopping apps like amazon. Still, my impression is that if anyone wants to get my data they get it from corporation servers not by spying out my phone. Like I said: I don’t want to be stubborn, I just don’t see the actual threat scenario.
Corporate servers may or may not be patched. Your phone isn’t.
Good question! Kudos to you for being sensitive to e-waste and all that.
I can’t speak to anything specific about Android, but I can say definitively that attacks against general consumers mobile devices are absolutely being done in the wild on a very regular basis. That is, not attacks against you as an individual(**), specifically, but rather “let’s try to hack as many phones as we can and some percentage of them will be vulnerable and we’ll get something interesting out of it.” Think of it as conceptually similar to how spam emails work. 99.9% of recipients ignore them. That 0.1% is enough to be profitable.
For an old version of the OS, the risk profile is similar (talking very generally here) to running an old unpatched version of Windows on your laptop and connecting it directly to a bunch of random WiFi access points w/o a separate firewall or anything like that between it and the internet.
Whether that’s a risk profile you’re comfortable with, only you can answer. IMO, the advice to use it for only non-sensitive information like music and such is very solid. I would definitely avoid having the device have access to banking login info or anything like that. This includes having access to Google cloud sharing where those passwords are stored (if you use those features).
That said, I am personally more paranoid about this stuff than the average person, as I have been on the front line of designing and developing mitigations and defenses for a number of years. It’s a frankly terrifying world out there.
This sort of thing definitely happens. I can’t speak to the relative frequency compared to PCs or whatever, though, as I don’t have that data.
A more common scenario for a phone, is the device is stolen, and an attack is used to unlock the device and reset it to factory settings so the device can then be sold as used. Defending against this is why Apple, for example, associates the device with your Apple account in a way that persists across resets and to sell the phone, the owner of that account must de-associate the device manually. I don’t know if LG phones have something similar in place.
** There are also targeted attacks against specific individuals. That’s unlikely to be the case for you, and if it is, you likely would already know it. Higher ranking government officials, journalists investigating oppressive regimes, etc, are common targets.
edit: Just to be a bit more clear. The age of the device isn’t the main concern for security issues (with some variation depending the details). It’s whether the device is still receiving security updates for the OS that it’s running.
Thanks a lot for the explanation. That was pretty much what I was looking for. I was so surprised that I couldn’t find anything about cases of hacked smartphones when I searched for it. That was the reason I asked here. If someone wants to steal my phone and unlock it: good luck finding a buyer :-) but if there’s really a chance that someone can access my passwords, account data or whatever through my phone that’s a different story. Like I said: I was just curious because all you ever hear from is hacked corporation servers not consumer devices.
Glad to help! Best of luck whichever way you go.
FWIW, anytime you’re hearing about jailbroken phones, that’s, from a technical perspective, the same basic thing as a hacked phone. The difference is that the hacking is being done by the owner of the device rather than a malicious third party.