I know that it is importat to keep each device up to date, in order to make sure that the latest security update is installed. Fine.
But, in reality, how risky is it if we do not follow that recommendation for /e/OS phones, and an old version of /e/OS is installed?
Would the answer be different if the phone is extensively used connected to the internet, or only connected for app updates from the stores / messaging apps (but no syncronization with online services or browsing)?
My personal opinion after decades in the world of electronics: too much panic.
Updates bring in the first place some advantages for the companies. Here i talk about google Microsoft apple and so on. As a small goodie to move you to do the update in their favor they talk about things like “better camera” and “better battery life”. Everyone who is critical checking these points would realise it is nonsense.
At the top they put you an update button whenever they like and one day you will push the update button by chance while writing a message or something. Worse is not possible? well, they just do the update over night without any further questions. Why a company force you to have a “better camera”?
The updates of e, now i come to this one, are in my opinion mainly a stability thing and a support thing, which means in the first versions the wifi was maybe not working for a certain model or they fix bugs (open the camera app and then the settings will restart the phone for instance). Something that does almost not exists at google/samsung/apple. Their teams are much bigger and all is checked and so on.
To conclude: if your phone is working as it should be and no function is missing (newer version has a feature that you need but still not have) then don’t update. Forget about security. This is nonsense talking from the big ones to move you with fear to newer versions with better surveillance codes. Nothing more.
There is raisons to update : each /e/ version is a build from the last Lineage version which include the last Linux core and Android security patches and that’s not counting what the eelo team included themselves.
You can get more informations here, there are even links to lineage branches and android security patches list in the readme :
gitlab.e.foundation/e/os/releases/~/releases/
Now about upgrading the SYSTEM, as the apps are containerized, if they are up to date there are no big risks.
If even the apps are not up to date, you let open some doors. The choice is yours.
By the way, Android is very much fragmented and if Google can measure it, we can’t measure how many devices have been infiltrated. At least, it shows that you’re not the only one running an old OS version.
I have always run older / non-current ROMs as I never felt the need or desire to move up to later versions just because folks cry that if you’re not running the latest and greatest it’s an automatic security risk. Bah! Humbug!
Use what you have / like but always practice safe computing. IMO what one does, the apps one uses, and the places one goes is more of a risk than the OS version.
As far as /e/OS goes I run 1.8.1-q and 1.14-r and don’t plan to move up (A12+ is not to my liking).
My daily driver Moto runs a Pie ROM and another Moto was recently multibooting Oreo.
Never felt unsafe or at risk.