The problem lies more with the phone itself no longer being supported, as both Calyx and Graphene only do harm-reduction updates after end of life, not full security updates. You will be taking a risk using either, but both are better than stock android.
For some reason you’ll find a lot of Calyx/non-graphene os hate on lemmy (just look at the dowvotes on anything calyx related, even on this post). But if your threat model is just combatting coprorate data harvesting, de-googling, or further securing your phone, it works well and does as promised.
You should also look into Fairphones with Calyx. They’re a bit pricey, but they get hardware support for 10 years instead of 5 (most android phones) and they are built with replacable parts in mind to prevent e-waste and unnecessary cost.
So in other words, yes you will have to buy a phone every 5 years (or 10 with fairphone) in order to have comprehensive security, even with graphene or calyx.
The problem lies more with the phone itself no longer being supported, as both Calyx and Graphene only do harm-reduction updates after end of life, not full security updates. You will be taking a risk using either, but both are better than stock android.
For some reason you’ll find a lot of Calyx/non-graphene os hate on lemmy (just look at the dowvotes on anything calyx related, even on this post). But if your threat model is just combatting coprorate data harvesting, de-googling, or further securing your phone, it works well and does as promised.
You should also look into Fairphones with Calyx. They’re a bit pricey, but they get hardware support for 10 years instead of 5 (most android phones) and they are built with replacable parts in mind to prevent e-waste and unnecessary cost.
So in other words, yes you will have to buy a phone every 5 years (or 10 with fairphone) in order to have comprehensive security, even with graphene or calyx.