my phone is 5 years old, running Android 5, rooted, deGoogled, and all my apps are installed from .apk files from Aptoide, APKPure, and APKMirror.
If you get hacked, most of the time what the attacker wants is for you to not notice anything at any given point for as long as possible. The point isn't to destroy your machine as fast as possible, the point is to exploit it for as long as possible in the case of a botnet for instance, or in the case of simply spying on you. Of course there are exceptions, such as ransomwares for instance which lock your machine ultimately.
You're lucky nobody tried to exploit the dozens (if not hundreds) of known security flaws on your OS, that's all.
Security updates are like the safety belt in your car. 99.99% of the time you can do without it. But the 0.01% of the time you actually need it, it makes the difference between life and eath, except of course if you run into a concrete wall at 300mph, in that case you're fucked no matter what, but you get the idea.
No one is targeting Android 5 at this point. And, like I said, I kept Google services as minimal as possible, and have a TWRP backup that I reflash often.
The question isn't whether Android 5 is the main target or not in the hacker "community", if there is even such a thing.
You are the target, first and foremost. And right now, in this thread, you gave critical information to a potential attacker (let's say a crazy leftist hunting nazytrumpsupporters); You gave away the fact that you don't perform security updates, and you gave away the version of the outdated OS you use...
Now, the "attacker", can also very well be a relative, like your kid, your wife, it's not necessarily some shady guy wearing a hoodie in a basement far far away
Now you do what you want, I'm not here to change your mind, I'm just arguing for the sake of it at this point
(post is archived)