There has been very limited improvements from a general user perspective in either phones, PCs etc over the last decade. It’s been incremental cosmetic only for many. An iPhone 4 or old Nexus phone does most of what current phones do. Graphics has improved for gaming, but games are often less fun and more grinding and cosmetics. It’s infuriating.
See I find this trend kind of interesting. Performance in desktop PC's plateaued long ago, and soon after laptops, then phones were a little way behind but now they're at the same point. There really isn't that much benefit to getting a new phone, so long as your current phone still works (and the main thing there is battery life).
Phones definitely need to be more open. However, I believe that state actors have got their fingers far too deep in the pie - no open source hardware has ever managed to find its way to market, because doing so would deny low level access to the device, perhaps via the black box "security chips" that encryption is often offloaded to. But these are the most personal of devices - they're the ones we carry with us everywhere we go. They're the ones we should have the greatest level of privacy with, and instead they have the lowest fundamental security for the user. Even in hackable phones, you often have to "ask permission" from the manufacturer to unlock the bootloader.
Granted, I don't think low level exploitation is something that most people need to worry about. It seems like whatever backdoors may be in there are kept very well guarded and seldom exploited - rather, they'll exploit the apps you use first. But apps have so many security holes it's almost comical.
The NSO's Pegasus toolkit infiltrated Android phones by sending a WhatsApp call. Through this, they were able to gain full access to the phone in a zero-click exploit. I'm sure there was a bit more nuance to it, but ultimately they expoited privilege WhatsApp had that it really, really shouldn't have had. WhatsApp patched the exploit, not Android (although I suspect maybe it had something to do with hidden Facebook system apps that manufacturers bundle, outside the Google Play Store).
TL;DR Don't run any apps unless you have to, or you particularly feel like you can trust them. FOSS is a good start, in particular popular FOSS apps where you can be reasonably sure that someone else is checking the code for their own benefit.
See I find this trend kind of interesting. Performance in desktop PC's plateaued long ago, and soon after laptops, then phones were a little way behind but now they're at the same point. There really isn't that much benefit to getting a new phone, so long as your current phone still works (and the main thing there is battery life).
Phones definitely need to be more open. However, I believe that state actors have got their fingers far too deep in the pie - no open source hardware has ever managed to find its way to market, because doing so would deny low level access to the device, perhaps via the black box "security chips" that encryption is often offloaded to. But these are the most personal of devices - they're the ones we carry with us everywhere we go. They're the ones we should have the greatest level of privacy with, and instead they have the lowest fundamental security for the user. Even in hackable phones, you often have to "ask permission" from the manufacturer to unlock the bootloader.
Granted, I don't think low level exploitation is something that most people need to worry about. It seems like whatever backdoors may be in there are kept very well guarded and seldom exploited - rather, they'll exploit the apps you use first. But apps have so many security holes it's almost comical.
The NSO's Pegasus toolkit infiltrated Android phones by sending a WhatsApp call. Through this, they were able to gain full access to the phone in a zero-click exploit. I'm sure there was a bit more nuance to it, but ultimately they expoited privilege WhatsApp had that it really, really shouldn't have had. WhatsApp patched the exploit, not Android (although I suspect maybe it had something to do with hidden Facebook system apps that manufacturers bundle, outside the Google Play Store).
TL;DR Don't run any apps unless you have to, or you particularly feel like you can trust them. FOSS is a good start, in particular popular FOSS apps where you can be reasonably sure that someone else is checking the code for their own benefit.