I'll risk asking the first question. If it's not a good fit for the community, then at least I can serve as a negative example.
Here's the scenario. I'm going to be traveling over the next few months and expect to be in areas where I don't have a right to my digital privacy. My device might be inspected, cloned, etc without my knowledge. I might even be required to give up the passcode. I'll do my best to maintain physical control of my device at all times, but that might not always be possible. My intention is to responsibly recycle the device at the end of the summer once I return to a more secure environment. I'll try to take reasonable precautions like powering down the device completely when unattended but the potential for uncontrolled physical access has me concerned.
My thoughts are that I want something used to reduce my environmental impact but that still has up to date security patches at a reasonably low cost. I would also like it to provide an acceptable user experience. A used Pixel 4a 5G looks like a great candidate for that.
Are you using this device? Does it provide a good user experience today? I'm looking for some opinions or perhaps suggestions for a device that might meet my requirements.
I haven't owned a Pixel since the original so I'm not well placed to respond, but I just wanted to say that this is an excellent first post for the community and a great example for others!
You can probably flash Graphene still on a 4a. Then you can setup remote Auditor. This may let you monitor if the device has been compromised in some way.
I've never experimented with Graphene, but I definitely heard that it is security-minded. One concern I have with custom ROM is that having an unlocked bootloader might make it easier for an adversary to flash anything they want on my device without my knowledge. In theory a locked bootloader would prevent that.
I understand that an adversary with physical access is very powerful. I don't pretend that I can prevent compromise here, but maybe I can make that a little more difficult.
Graphene uses the pixels because it has hardware security locks. Bootloader is locked just like any OEM. The Auditor tool makes it possible to verify if the ROM has been tampered with. It is remotely checking that the software hashes correctly. There is no way to fake this type of check and verification.
According to the Google support page it looks like updates end in November which would be fine for the rest of this year. Ideally, I don't want it to be embarrassingly easy to exploit using known vulnerabilities, bypasses, etc.
I would prefer something running Android because that's what I'm familiar with, but it seems like that's a natural choice because the iPhone used market is more pricey. On the other hand, I'm trying not to support the junk that they sell at the very bottom of the new market.
Another device I looked at was the S10e, which is about the same price on the used market, but I think it just ended security updates making it slightly less up to date, but it's a pretty close contender. I don't think it's a bad option; I recognize I'll have to make compromises.
I think the 4a 5G will be a good pick. Just be careful as Google seems to be weird in allowing Pixels to use 4G/5G in markers that they aren't officially in.
I'm typing this on Pixel 4a 5G that I got shortly after its launch, and I'm still very happy with it. Can definitely recommend it, or any Pixel really - my family has used many Pixel models over the years
I can say that the Pixel 4a not-5G (sunfish) works great with Lineage OS + Google apps. But I can't speak to the security of it all, aside from the fact that it gets regular updates. And in bright sun, the screen doesn't get bright enough.