@TCB13 I'm not an expert in the matter but I wonder how large the attack surface actually is for a web service that has a single port exposed via a tunnel which can even contribute to doing some security filtering.
The application / server component can actually be updated since it's just an APK. And someone else in this thread actually linked to whole linux distros that can be installed and run without root. In theory even if the underlying OS is insecure, more secure OSes can be installed on top, or risk can be severely limited by only exposing a single port.
Basically, while flashing a new ROM would be ideal, I think there's likely a way in which a sandboxed and possibly even updated environment with updated TLS cyphers, CA stores, etc... can be run in a secure manner on top of a stock Android ROM.
Furthermore, developers packaging their apps into APKs could run security checks and by the time it says "your OS is insecure" you're already on your third phone and can host stuff on your second. I mean... Android phones are in their prime for two/three years at most in my experience :P
TCB13@lemmy.world 11 months ago
When you install another one “on top” you’re essentially speaking about a very thin layer above the base OS. In most cases that’s simply a container that uses the base OS kernel. This is what happens today and it works for a while but it comes a point (way less than 10 years) when you won’t be able to have a modern top layer OS sitting on such older base OS because the kernel is way too old.
Even if you went to the trouble of virtualization to actually have the top layer running a modern kernel it will most likely fail. It would require a LOT more effort coding the support for the old hardware and a ton of other virtualization pains to just end with, most likely, a very slow system. We’ve examples of this: it is next to impossible to virtualize Windows 11 in a Pentium 4 that runs Windows XP, for instance a versions of Vmware that supports Windows 11 won’t support a host system older than Windows 8. The same applied to VirtualBox.
Yes it would but for that you would have to completely break the phone’s boot security and that isn’t feasible in all cases. Most phones doesn’t allow you to unlock the bootloader thus you can’t install another ROM/OS. Even on those you can some will only accept software that was signed by the manufacturer so unless there’s a leak of the key they use or it gets bruteforced in some way you won’t be able to do it.
Take older routers as examples, those don’t even protect the firmware, nothing is signed, and yet the time and effort (weeks/months) required to make a simple open firmware to turn a SINGLE model into a dumb switches / routers that it isn’t worth it - after all you can get a < 30€ device today that is faster and more power efficient than those old units.
With phones things are considerable worse as modern day devices are way more locked down than those router ever were. There’s also way more fragmentation (hundreds of phone models all running very specific hardware and software hacks). It’s very likely that in 10 years you’ll be able to buy some ARM / RISC board, such as a raspberry pi, that is open, run a modern OS out of the box and most likely cost you 30€.