This is relatively minor. The bigger risk when running a downstream OS is that the team does not have the finances, the staff, or the broad-ecosystem visibility to support their own security research and development in any functional capacity, and there is an unavoidable delay in integrating security updates from the upstream OS.
This is a big problem. It makes running any small-team derivative OS a high-risk choice.
The last sentence doesn’t follow from everything before it. You could have said that it increases some risks, but decreases other risks. That would have been accurate.
And this is the point, right? Many people want to use alternative operating systems on their phones so that they aren’t vulnerable to Google itself. This itself is a massive reduction of a certain type of risk.
This is relatively minor. The bigger risk when running a downstream OS is that the team does not have the finances, the staff, or the broad-ecosystem visibility to support their own security research and development in any functional capacity, and there is an unavoidable delay in integrating security updates from the upstream OS.
This is a big problem. It makes running any small-team derivative OS a high-risk choice.
The last sentence doesn’t follow from everything before it. You could have said that it increases some risks, but decreases other risks. That would have been accurate.
And this is the point, right? Many people want to use alternative operating systems on their phones so that they aren’t vulnerable to Google itself. This itself is a massive reduction of a certain type of risk.