I have an LG V60. I like the phone and haven’t found a newer (maintained) device that matches the feature set. Xperia 1 series comes the closest.
The device no longer receives updates and is on Android 13. The bootloader is currently locked and as far as I am aware not relockable after unlocking. From a security standpoint, is keeping stock July 2023 Android 13 with a locked bootloader better than unlocking and loading an aftermarket OS? Would there be any security benefit from unlocking, keeping stock OS, and loading Magisk? Are there security hardening Magisk modules that would be an improvement over locked stock?
Would your advice be different for a device still running Android 9?
As a prior ROM builder/maintainer, I can say that if you leave it stock, stuck on Android 13, eventually it will be insecure due to new exploits, if it is already not at risk already.
Also, your apps may eventually outpace it, requiring newer Android versions, causing you to have apps stuck on older versions with potential security weaknesses.
Unlocking the bootloader does present its own risks, however, most of those risks involve physical possession of the device.
The key words are potentially, and eventually. Given enough time, eventually any old operating system will potentially become a security risk.
Now, installing root permission also allows a new set of potential security risks. It also allows some other options for security, such as non VPN means of ad/malware blocking, etc. I use root on my non stock ROM phone. But, what I tell people is: if you don’t have a specific purpose for root, you will be just fine without it. If you have a purpose for root, and are tech savvy enough to use it, then by all means, use it, it can be a great tool.
Hope that helps.
P.s. I’m also the dumbest person I know,so take it with a grain of salt.
I also use an older LG phone. It is a K31 with Android 10. At the moment I am unemployed so just using what I have. That being said, I don’t really use much of the Google software that came with it. Instead I am using mostly tools from F-Droid including the Simple sweet, NewPiped, Fennec, Hypatia, and DNS66. I have had a few instances where my phone was acting weird and I thought there could be someone trying to attack me but I just put the phone in airplane mode and turn it off. I have never had a positive hit on Hypatia but for some reason I got a hit when scanning the phone with ClamAV from my laptop. Looked like a false positive but I just deleted it to be on the safe side. When even the biggest corporations get breached, I feel a little apathetic about how much of a security professional do I really need to be? If I can keep most of the ad domains from resolving on my phone and my camera covered with tape I think I am doing ok.
I am aware of aftermarket operating systems. My question was more to seek insight regarding locked stock OS versus unlocked with Magisk (even unrooted). I am considering unlocking and loading Magisk just to have an updated Webview. I am startng to think that it would provide more benefir than keeping my outdated webview with a locked bootloader.
If you care about security, I’d recommend against Magisk and other root access tools because giving superuser privileges to anything is a risk.
An outdated OS with a locked bootloader VS an up-to-date OS with unlocked bootloader is a more difficult question. The answer depends on which kind of attacks you’d like to protect from. IMHO an average Joe should care more about malware from the Internet than bootkits that police, secret services, etc. could potentially install on their device.
Yes, I agree with your entire post. My understanding is that an unlocked bootloader also could allow malware from the internet to survive reboots and perhaps other means to remove it. I also don’t intend to enable the superuser privilege access aspect of Magisk. So my two choices as I see them are:
Locked stock with outdated security updates & webview
Unlocked stock with Magisk and updated webview & netswitch
There is conflicting information on whether or not I can enable VoLTE & VoWiFi on my LG V60 running an aftermarket OS. If not, then using an updated OS is not an option. If I can, then other options would include
Unlocked aftermarket OS (preferably with an integrated up-to-date webview)
Unlocked aftermarket OS with Magisk and updated webview & netswitch
If there are any other Magisk modules that would provide additional security benefits, I would be open to using them as well with either option 2 or 4.
Option #3 would be my choice right now if I can ensure VoLTE at least.