Are the latest versions of Android really imporant for Fairphone(s)?

But what could be more fair in that respect than not having to use any materials at all while the phone lasts for years?
Or the other way around: how fair can it be to use more and more ‘conflict free’ minerals to build new phones while they only last one or two years?

As long as I am OK with the phone, I won’t dispose of it. And this is not dependent of the OS it is running. I am happy with the telephone function, Firefox Mobile as a browser, and the calendar. Actually I don’t need much more in a phone.

1 Like

So you accept even the security holes that are not going to be fixed? Better not use your banking account (or any other stuff that needs privacy or could be hacked).

Anyway: that’s not much help for (I guess) 98% of the FP-users, who are depending on a safe system.

As long as I am OK with the phone, I won’t dispose of it. And this is not dependent of the OS it is running. I am happy with the telephone function, Firefox Mobile as a browser, and the calendar. Actually I don’t need much more in a phone.

Don’t underestimate the risk of a smartphone with security issues. The list is long, I will just mention a few things of concern, which come spontaneously in mind:

  • You don’t want anyone to be able to intercept the mobile TANs your bank sends you to confirm online banking processes.
  • Most people use their phones to read their emails. Most people of this group use this email address as fail safe for online shops. Anyone, who is able to compromise your phone, is able to compromise your email address. The cool method “send new online shop password to my mail address” is then compromised, too. Ergo: Anyone gaining access to your phone, can gain access to Amazon etc. and buy a lot of things in the name of your account.
  • You don’t really want people to listen to your conversations or read your chats, too. Although most people don’t seem to be very concerned about this point.
  • Anyone gaining access to your phone, could probably go shopping in the google play store, too.

This list could be continued, but I think I have made my point. You definitely don’t want to use a phone with open and well known security holes. Fairphone being stuck to a specific Android version means having these security holes, nevermind the good intentions of the FP team of backporting security patches. They won’t be able to backport every fix. And you will definitely not be safe forever by just using Firefox instead of the built in browser. New security holes will be discovered.

Keeping the OS version up to date is definitely a very big factor in creating a fair phone. As other users have already mentioned, you force most of the users to get rid of their old phone, if you don’t update the OS regularly, which is going contrary to the initial intention of building or buying this phone.

2 Likes

One addition: Even if you only use your phone for basic functions like, I don’t know, phoning, it’s not a good idea to use an insecure OS. Other people calling their friends over seas on your bill isn’t very fun, either.

If it’s really the case, that the Android version is stuck and a Cyanogenmod-port is not being able to be done because of the Mediatek processor, the Fairphone project in my eyes has failed, as one of the main goals (sustainability) could not be fulfilled because of a poor hardware choice.

1 Like

I would agree with you if we could be sure also firmwares are as secure as operating system and apps running on it.
Modem and Wifi firmware are closed and nobody can tell if they contains bugs or malware (but reading about NSA and so on I suppose they are not very safe…) so I have to accept the risk of data leaking even with the most up-to-date operating system and/or applications.
I normally use my phone for non-critical data use but if I had to, I think I would not use any phone :wink:
I know there are several projects aiming at open firmwares (like OsmocomBB for GSM) but they work only on limited hardware and I don’t know if this could be a good start point for the FP2, given that normally SoC embed different critical devices (Modem, Bluetooth, Wifi and GPS) and the number of devices product by Fairphone.
OpenMoko was a good tentative idea but it failed due to lack of numbers and software support.
Bye! :smile:

2 Likes

I think they do, but still the original mission is to improve mining and manufacturing conditions as i understand. So i doubt everything whished for here will be possible.

Note that we have a fair amount of discussions regarding Fairphone OS updates here. I think it would be better to continue such topics there. This poll is about discussing if you would generelly pay an developer to port Android 5.0. Not about the general requirement of updates or not.

2 Likes

A Luddite’s comment on security:

:sunglasses:

6 Likes

I don’t think I’ve ever had a phone that has been kept up to date… just saying :wink:

It’s an industry wide issue, and it’s not helpful that the structure that manufactures have to rely on usually means that only the most recent phones are updated ‘‘officially’’

2 Likes

Let’s face it - the problem is Google and their bad designed update model!

it’s funny that they are pushing Microsoft with every minor security hole their “project zero” team finds, but their main OS in 2015 still doesn’t have a patching solution.
i don’t mind not to have a android 5 on my fairphone. like i don’t mind to have windows 7 on my core2dual laptop (and sorry to go back to MSFT) - but for god’s sake - allow me to patch the device! and have cross-compatible drivers, or easy-to-manage ones so i can just install an image as soon it’s available.

MediaTek want to save their proprietary software, And don’t want to run and create a new image after every Google patch/upgrade. and personally i can understand this two standpoints (as long they are not overriding the open source licenses). i also completely understand why FairPhone chose to work with MediaTek

The long term solution is not to invest in android 5 or 5.1. we need to invest to get another OS on it! and i’ll put also 20£ just for MediaTek to release drivers for the Firefox OS.

Gidi

1 Like

I’m aware of the problems with firmwares and closed hardware components. But the fact, that there are other attack vectors doesn’t mean, that it’s the right way to just ignore the security issues you can do something about. Widespread and well known problems like security issues in Android systems are also the security issues, which are most exploited.

Using the phone only for non-critical data kind of contradicts the concept of a smartphone.

I always thought, that sustainability was as important to this project as improving mining and manufacturing conditions. Perhaps I didn’t follow the project closely enough to get that right. But for me, a fair phone has to be produced as fair as possible and it also has to be as “fair” as possible to the environment. And the best way to ensure this, is to be able to use the phone as long as possible.

1 Like

I didn’t say this, I said that knowing there are “lower level” potential security issues I have to accept the risk
And this doesn’t depend only on source code availability (I remember some months ago the echo on the bug on OpenSSL which was present for many years although its source code is available since ever) so unless everyone is not able to investigate as deep as possible on every part of the device, we have to accept the risk of data leaking.

Why? If you know your phone might be insecure can you trust it?
Furthermore nowadays it is not simply a matter of your phone because with so many apps which leaks all kind of data, also your friends’ devices might pose a risk on your data. Some months ago for example I received an SMS from my mother and the text was an advertisement of Whatsapp, something like “Install Whatsapp to be able to talk with your friends” and so on (with also the URL to the Whatsapp website), but my mother NEVER sent me this SMS as she’s unable to write in English nor write an URL, BUT she has Whatsapp installed and I’m sure her contacts list was sent to their servers…Now I can’t imagine how many companies have my phone number even if I didn’t give it to anyone…

I fear we’re a bit OT so we can continue this interesting discussion in another thread if you like :smile:
Bye!

4 Likes

Post #45 to Post #60 were moved by me to this topic. I think they fit best here. Happy discussion! :smile:

BTW: I fully agree with @DjDas and his post.

I always say, if someone wants to know every single detail of my life, they can already achieve this, so why bother. In the meantime, I don’t do online shopping on my phone, nor let them send emails to my device. This actually is because I do not want to be pestered by advertisement mails on my phone. But if it improves my security, even better so!

This worries me a bit. I do not use a mobile banking app on my phone, but occasionally let them send a smsTAN to my phone. This is only valid for 5 minutes, so probably not very risky.

Don’t have Google Apps installed! :stuck_out_tongue_winking_eye: It corrupts the system far too much, the FP is less buggy without it!

1 Like

Well, I use my mobile banking app only because my bank uses two codes authentication (one as login password and one for operations involving payments) and sends me another OTP code by SMS when I have to do fund transfers, otherwise I wouldn’t use their app.
Although the question could be extended to my laptop or desktop PC and all that involves devices with firmwares and network connections, but I think this would be an endless paranoid loop :wink: (I for sure don’t want to buy IoT enabled devices as soon as I can…)

Me too! :smile: very happy with F-Droid and BlankStore for those apps I cannot find elsewhere than Play Store.
Bye! :smile:

1 Like

That opens up a whole new can of worms though.

The grass always appears greener on the other side, but I’m not convinced it is.

1 Like

That is right. However, as stated in other threads and here, no really free and usable smartphones exists at the moment. And in the same way the Fairphone tackels conflict-free or fair minerals and production on step at a time they are adressing the software problem as well. Even projects like Firefox OS and Sailfish OS rely a lot on closed source software – be it device drivers and other binary blobs in Firefox OS or even most parts of the user interface in Jolla. Even now, some Firefox OS devices face the same problems most cheaper Android devices face: They are no longer supported with software updates.

If you want as much updates as possible, even major OS releases, a Nexus, Firefox OS developer device or and iPhone might be your best option currently. Fairphone’s options are limited due to resources and market impact with such a small number of devices. And even much larger companies are having the same problem.

I do not think Fairphone has failed because missing software updates. It might have been a mistake to choose Mediatek, but nobody knows if another chipset would have make any difference. I am pretty sure Fairphone will be more careful in this regard in the future. But i do not want to forget why i bought the Fairphone. Free Software was never a promise and not a reason for me. It might be that it is the best match for the Fairphone and i would really love it, but i do not want Fairphone to lose their focus.

3 Likes

It would. My previous phone was a HTC Desire. It was only supported by HTC until Android 2.3. But they provided a tool to unlock their bootloader. Based on these things, a wide variety of ROMs existed. At the end, I could even run Android 4.4 quite well.

The HTC Desire was released in March 2010. In 2015, my 1 year old Fairphone is still stuck on Android 4.2. In the case of the HTC Desire I finally replaced it because the hardware had reached its end of life (GPS was dead, storage was way too small). I would not like to see the Fairphone end just because the OS cannot be upgraded.

And it’s not just about having the lastest OS. In my case I simply want support for Bluetooth LE. A lot of devices don’t work without the new Bluetooth standard. And the Mediatek Chipset supports Bluetooth LE. Therefore the OS used on the Fairphone is even incomplete when comparing it with the hardware capabilities.

It’s not. It’s just juggling with dependencies.
Can we depend on Google to fix the bugs in a “legacy” OS? (Btw, Android 4.2.2 just turned 2 years old) No we can’t, since they said they won’t.
Can we depend on Firefox/CM to write a better code? No, I don’t think the googles devs are worse than others.
Can we expect Firefox/CM to be better supported? Yes, but only if they got complete access to the code. If there is a part that is provided compiled only (drivers, firmwares), then the support will be incomplete and is expected to be dropped about the time one of the compiled objects cannot be linked in the updated OS.
This comes down to the old question: Can we expect MediaTek to un-jail the code for our chipset? No. I don’t think they’ll release it, ever. They did announce it several times already, so I think they just can’t. My fear is that it’s because the code is very buggy, very messy and/or contains backdoors. In any case releasing the code would have a major impact on the company. So they’re going with the small impact of me(us) having next phone not MTK based.

It’s not about ‘as much OS updates as possible’ or having ‘the latest OS’. It’s about being up-to-date, related to security & compatibility.

Just the same as we can’t use Windows XP; it’s not being updated and hence insecure to use (for whatever what purpose). A pity to see my ‘fair’ phone having such an unfair short life; really the very last thing I expected when joining the project.