I’m curious as I’ve been running DNS66 on my previous and current phone and whilst it does exactly what it says (blocks all ads across the device) my concern is that the last published update in fdroid sas 2021.

I’m currently running AdAway which has been more recently updated and does an equally good job of blocking in-app ads.

My question though is more, if the software is still doing what it was intended to do is there a fundamental risk in using software that is no longer being updated?

  • variants@possumpat.io
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    So I have an older phone lying around and I’ve always wondered how risky would it be to connect it to Wi-Fi. Just because it has lost software updates a while back does that automatically open a gap in my network? Or would someone have to put in a lot of effort to get through like my routers firewall

    • jayandp@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      Your router’s firewall only blocks access to unauthorized ports. If your device is talking to the Internet, then that device is exposed to that connection. Your router’s firewall does not prevent your device from using an outdated and exploitable software on the Internet.

      Theoretical example, your device is stuck using an old web browser for whatever reason, that browser does not have a recent patch for an exploit involving loading infected pictures. You use that device to load a website with those infected pictures and your device loads malware because of that. Now your device could become a conduit for somebody to tunnel into your home network and look for any other things to exploit, whether those devices connect to the Internet themselves or not.

      Obviously, you can often update web browsers on older devices, use a fork specifically designed for older devices, etc. But there are oversights. Old Android versions can’t update Webview outside of OS updates. Webview is what apps use to load web pages inside the app, and if you’re using an old app, which uses the old Webview, to load a webpage that the owner abandoned and has been taken over by a malicious third-party, your device could be exploited just by that app loading that webpage without you meaning to.