I’m in the process of looking around at various privacy and security focused Android OS’s and I’m reading quite a number of criticisms of /e/ around security, e.g. coming from people that like GrapheneOS, CalyxOS, et. al. The criticisms focus on two broad areas, the first being that /e/ inherits the userdebug builds from LineageOS and thus disables a very large swath of Android security protections, the second being that /e/ supports (focuses?) on old devices that have not had updates to their proprietary blobs for a long time and that run older kernels with known vulnerabilities.
I don’t want to start another argument here, my question is whether there is any “official” response to those criticisms. I understand this is both a touchy and tricky topic (not unlike privacy) and would love to hear /e/‘s reasoning for why it’s OK to use LineageOS’ security stance as a base and why it’s OK to promote the use of old phones in the face of the security issues.
Personally, up to about a year ago I did not really care about my phone’s security: I simply didn’t have much of value on it and I avoided all SMS verification stuff. At this point, however, I have to accept that I can no longer avoid apps and SMS that affect my finances and other personal safety/security aspects, which means I have to take my phone’s security seriously and sadly this raises some important doubts about /e/.