Hey guys, I'm looking into buying a refurbished Google Pixel 5 (I have couple of options between amazon and other stores), however I'm not entirely sure about the longevity of a refurbished phone.
Positive reviews are often left by people who just bought the phone, but most of the negative reviews I found were from people who used it for more than couple of months and it concerns me.
Price is good, I'm looking specifically into a Pixel 5 because of the size which is much smaller than my Galaxy Note 9 that I find really uncomfortable to use.
I haven't done much reading into it, but something to consider is there was a post just recently that I saw someone mentioning that their pixel 4a was becoming unsupported very shortly. You may want to see when the scheduled EOL for the 5 is as that might influence your decision if that is sooner than you'd be hoping for.
Am I naïve for thinking that manufacturers stopping support for devices, then claiming it affects your safety, is just to sell more phones?
I always buy refurbished, currently running an S9 and I'm not even sure if it's still supported. Recently retired a Nexus 10 from 2012 and had zero security issues in a dozen years
Am I naïve for thinking that manufacturers stopping support for devices, then claiming it affects your safety, is just to sell more phones?
Yes you are.
Vulnerabilities are constantly being found in the software stack used by Android, if you are running vulnerable software you're increasing the likelihood of some malicious app (or website, file, etc...) taking advantage of the vulnerability. The consequences of vulnerability vary from being able to fingerprint your device when it's not supposed, to escalateling privileges to root or even kernel mode. Although the later are significantly rarer.
and had zero security issues in a dozen years
That you know of... If the vulnerability is successfully exploited, the likelihood of you noticing are close to zero.
You could always flash a custom ROM to install the latest security patches, but you would still be missing the security updates for all the closed source components (such as the bootloader, device drivers, etc...). Not to mention all the security implications (good or bad) that comes with installing custom ROMs.
The consequences of vulnerability vary from being able to fingerprint your device when it's not supposed, to escalateling privileges to root or even kernel mode
To expand on the points mentioned above as well, although you may not be concerned by someone tracking your phone, something like root access is a concern. When the other commenter mentioned someone having access to your phone, it doesn't mean unlocking the screen and moving it around, it means they have the ability to run commands at the highest privilege level at which point, an attacker can do basically anything.
Find ways to export biometrics? Idk, probably, set it up to forward all requests to a man in the middle server? Almost certainly.
To say "if I can't see it, it can't be compromised" is definitely a naïve stance in my opinion. Whether this is being done intentionally by companies to sell more phones? Well.. I don't think many people would argue the contrary
A good example though for iphones is an sma that triggers an exploit that escalates access and allows the entity to install their software that monitors and controls your phone is possible. It even deletes the test. So the end user does not know. It's used and purchased by governments. I'm sure there are 0 days on Android that would do similarly.
They could steal all of your logins. This includes things like bank accounts. Your phone could be used as part of a botnet to commit criminal acts. They could shorten your battery life and use up your data plan by mining crypto in the background. You know, just like any other compromised computer.
I don't know about selling more phones, but it's definitely a profit angle. I'm not sure if using a phone without security updates for that long is a good idea. It's one of those it works until it doesn't, and you'll be regretting it very much when it doesn't.