I wonder if that insane musking urgency is in any way related to baking up local elections that will take place there some time soon

if this is used, or there is some whitelist that gives permission for background microphone use in voice interaction services, apps with tracking capabilities probably use some set of predefined keywords (hardcoded inside the app itself) and those can be triggered while being on standby/in background, when there is a match some pinging goes to outside servers…

take a look at this and this

That’s disappointing, they should mandate obligatory WhatsApp use country wide.

You can be a random person walking in a busy metro area and happen to get in range of someone who is scanning for a particular device to use a side-channel attack on. You don’t have to be a POI.

I guess if you’re broadcasting all the beacons your phone can be pawned even if you miss the last month OS update on your latest, greatest, shiny toy. This is just inevitable.

It’s generally best to get a phone that receives software updates and security patches for more than 2-3 years.

See first paragraph again, not everybody is as affluent as you’re, look at the problem from the other perspective

Additionally, threats can come from various sources like:

malicious apps,

will take control of the phone from the inside out, nothing will withstand that

texts,

Pegasus will use 0day, nothing to do about that

USB devices, or physical access,

Once somebody have physical access because you’re some POI and not an average Joe, not much you can do

Choosing a manufacturer that supports phones longer can help reduce these risks over the life of the device.

See first paragraph, parenthesis content. Also phones are made with short lifespan on purpose, this gives steady inflow of money for the manufacturers, only few will give you what you want

So for the average users that only want to go on with their lives and not buy brand new phones every 2-3 years (or don’t live in places where fairphone and pixel phones are available) what would be the solution?

If a person is not some POI, don’t you think that wouldn’t be better to flash something that at least includes some relatively up to date security patches?

And how those rootkits are being loaded to phones with outdated firmware? Bundled with the last OS that was flashed or remotely by exploiting security flaws? Not a dev, but curious about it.

so few devices are supported >?<

I don’t agree with that, take a look at this:

Officially supported devices and the list of unofficial /e/ builds part1 and part2 (those might not be working as good as official builds)