The Pixel 5 device, which has been our standard and most affordable "ghost phone" option for over a year, and the Pixel 4a, which was our prior standard when we first launched, are no longer receiving "official production support" by GrapheneOS (the open source operating system that runs the device).
This post intends to address this head on and answer the basic question, "Does this matter? ...and if so why or why not?"
Short Version:
Q: Are devices receiving "official production support" by GrapheneOS "more secure" than those not receiving this support from GrapheneOS?
A: Yes.
Q: Will your device stop working or have more issues and errors if it is not supported?
A: Core functionality will be fine, although there is a slim chance some applications may experience issues.
Q: Should you rush out and purchase a new device if yours is no longer supported?
A: No.
We would certainly sell more phones if we said yes to that last question, and raised a bunch of alarms, but the fact is our team and our families currently still use Ghost Phones that are no longer officially supported by GrapheneOS (Pixel 3, 4a and 5 for example) because we believe the potential security risks involved when no longer receiving some or all new updates from GrapheneOS are not significant enough to warrant investing in purchasing and using a new device.
We believe the non-supported Pixel 3, 4a and 5 devices are extremely secure as it is and thus "secure enough"... so why pay to upgrade something if it isn't really "broken"? We also believe that if there were to be a major vulnerability found in non-supported Pixel 3, 4a and 5 devices by the community of users around the world, the word would spread fast enough that we could both notify our customers and make our own personal decisions as to if the new vulnerability found is drastic enough to necessitate investing in a newer device.
Though we like to think our opinion is a fairly educated one, it is still simply our opinion. What's right for us is not always what will be right for you. Please do the homework and decide for yourself what is right for you and your own digital security and privacy.
Hopefully the information and links provided below can help you make such a decision on your own.
Long Version:
What actually is The Ghost Phone?
First, let's break down what The Ghost Phone actually is.
- A Pixel Phone that is
- Carrier Unlocked (phone can work with ANY US based carrier)
- OEM Unlocked (phone is capable of having the Google Android operating system removed/changed)
- Running the GrapheneOS operating system based on the Android Open Source Project
- Pre-loaded with various applications and setup w/ some basic settings configurations to ensure ease of use out the gate
Another way to look at this is that the device is made up of
- Hardware (the physical components that make up the device)
- Firmware and Drivers (the code that allows the various components to speak to each other and the operating system)
- Operating System (the code that provides the management layer of the device and interface between the firmware, drivers and applications on the device)
- Applications (the code that you interact with to "do stuff" on the device like make phone calls, take pictures, send/receive text messages and email, surf the web, play games, etc.)
What are the various updates that a phone receives?
Hardware Updates:
Updating the hardware in the device itself would constitute something like installing a new battery, installing more storage or even adding a screen protector and case to the device. Due to how fragile these mini-computers are, we consider adding a case to the device an ESSENTIAL update that you need to make if you hope to protect your investment and use the device for a long period of time!
If you have an old smart phone that you know you'll never use again, a fun project is prying open the device, looking at what's in it and trying to identify what each component does. If you have kids, this is especially important so they can learn how these mini-computers work and hopefully gain a new respect for how intricate, delicate and complicated they are!
Firmware and Driver Updates:
These updates are issued by the various manufacturers of the components within the phone; such as the front and rear camera, network card, sensors, media and audio, location, bluetooth and Wi-Fi. Updates for these components are designed to ensure optimization, reliability and in rare cases resolving open security vulnerabilities that may have been found.
As new and upgraded components are developed and installed on newer devices, the time and money spent to support older components installed wanes over time. As a result, a manufacturer may no longer support or provide updates to components that they no longer wish to continue to pay to have to support.
This is especially the case if the objective is to incentivize people to use their new(er) components. Within a planned obsolescence economy, and one where technology is advancing so quickly it's hard to keep up with all the different versions of the same component that have come out over any given 3-5 year period, this practice of not supporting components that came out 3-5 years ago, starts to make sense.
Android Updates:
Open Source Android is the underlying operating system code base that is freely available and modifiable by developers around the world. This code base is maintained and guided by the Android Open Source Project (AOSP) and is customizable by any developer(s) who wishes to build off the core functionality that Android provides.
Because the operating system is the management interface between the components and the applications on the device, any firmware and driver updates issued need to be cleared through the AOSP to ensure that they do not create problems with the core functionality of the device or its core applications.
Google, for example, uses this open source Android code base and customizes it for Google Android, which is the operating system running in nearly all non-iPhones that are sold in the market today. Google Android is optimized for Google's specific applications and their desire to track and monitor everything you do on the device, which in turn helps them make more money by selling your data. Google also makes their code proprietary and closed source (aka, secret) so that no one but their own development team can see exactly what the code is that runs behind the scenes. Even then, teams rarely get to see the totality of the code base in the system, as access is very compartmentalized.
GrapheneOS has also customized open source Android. They, on the other hand, have focused on developing a mobile operating system that is as secure, private and transparent as possible for those who use it.
Minor updates and security patches usually push out every month from AOSP. Major Android version updates typically push out every 6-12 months.
GrapheneOS Updates:
As mentioned, because GrapheneOS is built off of Android, any updates to Android by the AOSP must also be tested and cleared through the GrapheneOS team to ensure these updates do not interfere with, or create errors for, the specific features that they have built into their customized version of the operating system.
GrapheneOS also updates and adds features to their own operating system and stock applications over time. Hence, when an update to GrapheneOS comes through, you are likely receiving a combination of updates to the firmware and drivers, updates to the core Android code base as well as updates to GrapheneOS. These updates may also cover security updates in addition to general optimization updates.
The release of these updates usually follows within days of new releases from the AOSP unless there is a critical GrapheneOS specific update that needs to be released.
Application Updates:
More often than not, software applications are in a constant state of evolution, as new features and functionality are built. If an application is dependent on a specific component and the component changes, the application itself may need to also update to ensure it can still use the component as intended without issue. Hence, as operating systems and components are constantly updating to ensure reliability and optimization, you will want to make sure you spend the time to update the applications you depend on as well.
This is why it is often the case that when an application stops working for some reason, performing an update to the app or uninstalling and reinstalling the app to the most recent version resolves the issue!
We are a big fan of updates in the world of Free and Open Source Software (FOSS). To learn more about why and how to update your Ghost Phone or Linux devices, check out our post HERE.
What devices does GrapheneOS support currently?
You can read through the details of this directly from GrapheneOS, however, in summary, the list below shows the device followed by the level of support GrapheneOS provides:
Pixel 8a - Full support through May 2031
Pixel 8 Pro - Full support through Oct 2030
Pixel 8 - Full support through Oct 2030
Pixel Fold - Full support through June 2028
Pixel Tablet - Full support through June 2028
Pixel 7a - Full support through May 2028
Pixel 7 Pro - Full support through Oct 2027
Pixel 7 - Full support through Oct 2027
Pixel 6a - Full support through July 2027
Pixel 6 Pro - Full support through Oct 2026
Pixel 6 - Full support through Oct 2026
Pixel 5a - Full support through Aug 2024
Pixel 5 - No firmware/driver updates but extended support for GrapheneOS + AOSP
Pixel 4a (5G) - Noo firmware/driver updates but extended support for GrapheneOS + AOSP
Pixel 4a - Minimul support
Pixel 4 XL - Minimul support
Pixel 4 - Minimul support
Pixel 3a - No support
Pixel 3 XL - No support
Pixel 3 - No support
Q: If my device is not supported or only receiving minimal support will it still work?
A: Yes.
In fact, we have team and family members using Pixel 3's and 3a's running GrapheneOS who have experienced no issues using their devices over the past 4-5 years.
The core functionality of the phone (calls, texts, browser, most applications) will not be affected. However, it is entirely possible, although rare, that issues may arise with some applications not working once they are updated as they may be configured to be optimized on the newer operating system that your device does not have installed because it is not supported. There are often ways to work around this if it happens, such as reverting back to a version of the application that worked fine on the prior version of the operating system. This, however, takes some time to learn where to find the prior version and tinker with the versions until you find one that works.
For some this is too confusing and difficult to tackle on their own and so it's simply easier to upgrade to a device that may not have these issues at all.
Q: Will hackers access my device if it is not supported and getting regular security updates?
A: Highly unlikely, but one should never say never... even with the devices that ARE supported.
Due to the size of the community using GrapheneOS, and various other AOSP based mobile operating systems, we trust the "hive mind" such that if a major vulnerability were to be found that affects devices running specific versions of AOSP, or GrapheneOS, it will be shared widely and quickly through the growing network of open source advocates around the world.
If such an event were to occur we will promptly share this information with you and provide you with our opinion on how to best handle things along with a discription, such as the one here, walking you through why we feel the way we do.
Still Confused?
Hopefully this article has helped to demystify all the talk about updates and support. If you're still confused, however, feel free to schedule a FREE 15-30 minute consultation with someone from our team to talk through your concerns and questions.