Advice for EOL device

I have an LG V60. I like the phone and haven’t found a newer (maintained) device that matches the feature set. Xperia 1 series comes the closest.

The device no longer receives updates and is on Android 13. The bootloader is currently locked and as far as I am aware not relockable after unlocking. From a security standpoint, is keeping stock July 2023 Android 13 with a locked bootloader better than unlocking and loading an aftermarket OS? Would there be any security benefit from unlocking, keeping stock OS, and loading Magisk? Are there security hardening Magisk modules that would be an improvement over locked stock?

Would your advice be different for a device still running Android 9?

1 Like

As a prior ROM builder/maintainer, I can say that if you leave it stock, stuck on Android 13, eventually it will be insecure due to new exploits, if it is already not at risk already.

Also, your apps may eventually outpace it, requiring newer Android versions, causing you to have apps stuck on older versions with potential security weaknesses.

Unlocking the bootloader does present its own risks, however, most of those risks involve physical possession of the device.

The key words are potentially, and eventually. Given enough time, eventually any old operating system will potentially become a security risk.

Now, installing root permission also allows a new set of potential security risks. It also allows some other options for security, such as non VPN means of ad/malware blocking, etc. I use root on my non stock ROM phone. But, what I tell people is: if you don’t have a specific purpose for root, you will be just fine without it. If you have a purpose for root, and are tech savvy enough to use it, then by all means, use it, it can be a great tool.

Hope that helps.

P.s. I’m also the dumbest person I know,so take it with a grain of salt. :grinning:

2 Likes

I also use an older LG phone. It is a K31 with Android 10. At the moment I am unemployed so just using what I have. That being said, I don’t really use much of the Google software that came with it. Instead I am using mostly tools from F-Droid including the Simple sweet, NewPiped, Fennec, Hypatia, and DNS66. I have had a few instances where my phone was acting weird and I thought there could be someone trying to attack me but I just put the phone in airplane mode and turn it off. I have never had a positive hit on Hypatia but for some reason I got a hit when scanning the phone with ClamAV from my laptop. Looked like a false positive but I just deleted it to be on the safe side. When even the biggest corporations get breached, I feel a little apathetic about how much of a security professional do I really need to be? If I can keep most of the ad domains from resolving on my phone and my camera covered with tape I think I am doing ok.

1 Like

I should have started your post backwards. I got hooked at “taping the camera”. That had me glued for few seconds. :saluting_face:

1 Like

:rofl: That reminds me of an old website “www.googleityoumoron.com”.

I am aware of aftermarket operating systems. My question was more to seek insight regarding locked stock OS versus unlocked with Magisk (even unrooted). I am considering unlocking and loading Magisk just to have an updated Webview. I am startng to think that it would provide more benefir than keeping my outdated webview with a locked bootloader.

You know that unlocking a bootloader has nothing to do with root or Magisk?

Unlocking a bootloader is required for Magisk.

If you care about security, I’d recommend against Magisk and other root access tools because giving superuser privileges to anything is a risk.

An outdated OS with a locked bootloader VS an up-to-date OS with unlocked bootloader is a more difficult question. The answer depends on which kind of attacks you’d like to protect from. IMHO an average Joe should care more about malware from the Internet than bootkits that police, secret services, etc. could potentially install on their device.

5 Likes

Yes, I agree with your entire post. My understanding is that an unlocked bootloader also could allow malware from the internet to survive reboots and perhaps other means to remove it. I also don’t intend to enable the superuser privilege access aspect of Magisk. So my two choices as I see them are:

  1. Locked stock with outdated security updates & webview
  2. Unlocked stock with Magisk and updated webview & netswitch

There is conflicting information on whether or not I can enable VoLTE & VoWiFi on my LG V60 running an aftermarket OS. If not, then using an updated OS is not an option. If I can, then other options would include

  1. Unlocked aftermarket OS (preferably with an integrated up-to-date webview)
  2. Unlocked aftermarket OS with Magisk and updated webview & netswitch

If there are any other Magisk modules that would provide additional security benefits, I would be open to using them as well with either option 2 or 4.

Option #3 would be my choice right now if I can ensure VoLTE at least.

yep
verified boot is only enforcing when locked

webview should still be updatable from Play Store even on EOL stock as long as you’re on Android 8 or higher

There is effectively zero support for VoLTE on aftermarket systems on Samsung and LG devices.

It doesn’t seem to be the case, though based on my current version it has been updated recently.



This post on XDA suggests that it is possible.

https://xdaforums.com/t/lg-phones-g8x-g8-v60-velvet-volte-enable-for-all-carriers-unlisted-countries-also.4575655/page-2

I misread that post. That takes out aftermarket OS as an option for my main phone.

Whatever issue the Play Store had seems to have resolved itself and the Android System Webview is able to be updated again.