Is it still safe to use as long as apps continue to be updated and is supported by the play store?

How long would you say someone could safely use an Android phone that no longer gets security updates for?

  • henfredemars@lemdro.id
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    True that many potential RCEs are found, but I think there are a few points to keep in mind.

    • RCE classification is often conservatively assumed when it is theoretically possible even if it is not been demonstrated. Android bulletins appear to assume any memory corruption could be an RCE.
    • Remote code is no longer sufficient for privileged control. Next, you have to use it to break out of a restrictive sandbox for whatever service or application you have compromised.
    • argv_minus_one@beehaw.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Plenty of RCEs are in privileged components, like the operating system or the baseband firmware.

      And yes, it is correct to assume that any attacker-controlled memory corruption is likely an RCE vulnerability.