If the battery is removable, I would suggest using it for #BOINC (boinc.berkeley.edu). BOINC enables you to offer your spare computational capacity to scientific research, there are projects in all areas of science from open source drug discovery to finding pulsars to math and chemistry. Android tablets are more efficient-per-watt-of-compute than any desktop or laptop will be, even if the total output isn't huge. Not all BOINC project support Android, but you can consult the project list to find those who do. I believe #SiDock, #WorldCommunityGrid, and #Einsteinathome do.
Discussion
Says he doesn't want it on his Wi-Fi. And I'm assuming that means his Ethernet too.
Aah good point, I overlooked that. Many routers support an isolated AP or vlans to segregate it from your network if you want. Realistically, if your device is only connecting to BOINC projects and you're not using it for web browsing, the attack surface is pretty low. But to each their own.
A service that asks folks to attach their home devices to the internet to donate computation power isn't low attack surface when the folks doing this will be predominantly well-to-do and technologically challenged. It's a very, very attractive target for bad actors IMHO
Somebody would have to break into their LAN or Wifi to use any exploit or take control of a BOINC project and attack it that way (or some other background service the devices uses like an update service). At that point, the fact that an attacker was able to do either of those two things is a much bigger deal than the tablet running outdated software. For most users, this is a non-risk. BOINC community is full of users using outdated hardware on their LANs without issue. To each their own though.
Not the attack vector I was thinking of. BOINC lists several, the main one I was thinking of was is a version of one they mention: hackers can create fake projects to deliver malware. I'm thinking of a hacker hacking his organization's legitimate project.
TBF in 16 years with millions of computer-hours they've not had an incident. That they know of.
There are two distinct scenarios worth exploring. One is that somebody makes a fake BOINC project, this is only relevant if the user signs up for the fake boinc project, users must pick their own projects with discretion. The other is that an BOINC project may be hacked and forced to deliver malware to devices attached to it. This has never happened in BOINC 20+ year history, likely because all BOINC workunits are signed by projects and projects are instructed to keep signing keys offline. Possible, but exceedingly rare. BOINC also includes some built-in sandboxing but the degree of sandboxing depends on the way it's installed and which OS it's on. Android, of course, comes with some sandboxing of its own as well.
> TBF in 16 years with millions of computer-hours they've not had an incident. That they know of.
If somebody broke into a BOINC project and distributed malware, it would be known. People watch their BOINC executables very closely, it is a passionate community with many netsec and compsec people in it.