Auto-Updates: A Fairphone first!

Originally published at: https://www.fairphone.com/es/2018/01/23/f-droid-auto-updates/

I’m an open source fan. Which is to say, I believe so much in the principles behind fully transparent, fully shareble, fully user-tweakable software that I’m willing to sacrifice some personal convenience for the sake of the community benefit, longer-living phones, and security open source has to offer.

Today, I’m happy to announce a major step in bridging the “convenience gap”: Fairphone is the first phone manufacturer that offers a phone and an operating system that supports auto-updating of your open-source apps - thanks to the amazing community behind F-Droid.

The open source choice

The Fairphone 2 comes with two standard operating system (OS) choices: Fairphone OS (which includes Google Services and other non-open software), and Fairphone Open, which comes with the tools to enable root access and no Google Services installed.

For those who aren’t (yet!) open source users, you may not realise just how big an advance this is. Customers of the Google Play or Apple stores have long been able to switch on an option for auto-updates. That means whenever an app is patched or a feature is added, the new version silently replaces the old one in the background. When it comes to security updates, that can mean a much more secure phone - there’s less delay in the arrival of the patch on your device, so less time for an exploit to get its hooks in there.

An inconvenient truth

Those of us who stick to a strictly open source diet have had to make some pretty hefty efforts to update each app individually whenever there’s a new release, enable the “Allow unknown sources” option, set and reset security permissions, and usually repeat the entire process when we update our OS. With Fairphone Open getting monthly updates, that’s a lot of repetitive inconvenience.

Not any more. Members of the F-Droid community, the leading distributors of free and open-source software for Android, came to us with an idea for integrating their “privileged extension” into our operating system, allowing F-Droid to automatically install application and security updates. These folks are seriously good developers - we released a beta version on the forum in December, folding their code into the Fairphone OS with almost no effort. Then our community did its magic - testing, tweaking, sharing experiences and making improvements.

Alpha, beta, boom!

The first time I got to do a trial installation was in late December in Leipzig, at 34C3, the Chaos Communications Congress where I brought five Fairphones (none of which came home with the same operating system, but that’s another story!). A couple guys from the F-Droid community were there and together we installed the beta of Fairphone Open with the privileged extension into one of my phones. We held our breath. We watched. We waited. Would we get the cackling gremlin of a little dead android on his back?

Nope. The world’s first open source, automatically updating, hassle-free version of Fairphone Open installed on my phone on the first try.

Security, Convenience, Privacy

Silent background updates could of course be a source of exploits, but the F-Droid app cannot execute these operations itself. Android shows a screen on every install, update, or delete to confirm this is what the user actually wants. But you don’t need to constantly enable and re-enable “unknown sources”, which can be a security risk in itself. When integrated into the operating system, the privileged extension gives only F-Droid access to its install and delete commands.

F-Droid needs only a tiny bit of essential code running with extra privileges, so it keeps security and privacy tight and is easy to audit. You can see there’s no snooping going on: the app doesn’t track your downloads, your purchases, your location, your music preferences, or whether you’d like an app to go with your cheeseburger.

Open Curious? Give it a try

We are mighty proud of our cooperation with the F-Droid community and are already working towards deeper integration of F-Droid into our operating systems.

Open source software makes for a more secure phone. F-Droid also reduces storage in the system partition, helping your phone last longer. And a phone which respects your privacy is a phone that brings better satisfaction. As an advocate of FLOSS (Free/Libre Open Source Software), I’m hoping the added convenience of auto updates is going to bring more users into the open source community. For those of you already in the open source camp, why not use all that time you won’t be wasting manually updating apps and resetting permissions to drop into the community forum and help a newbie out? Or take a moment to vote in our poll on whether you think the F-Droid shop should be pre-installed in Fairphone Open.

For many of us fans and fanatics, open source has always been the right choice - auto updates are just one more step to making it the easy choice. Thanks, community! Thanks, F-Droid (and especially Chirayu Desai, Hans-Christoph Steiner and Dominik Schuermann)!!

Wow, that is really great!

I am do deep in Google Services at the time, but I was using a Fairphone 1 without Google for a year or two and installed everything from F-Droid, so that would have been a huge time-saver!

Very good effort and I hope this can be carried on to the next Fairphone in the future. Maybe it will be even possible to choose the Fairphone with Google or Fairphone without Google OS and with F-Droid when ordering ( I know, quite a bit of infrastructure would be need for that). Even if I would personally choose the with Google option, I know several people how would be very happy to have the Fairphone Open OS from the start.

…I think it’s a bit strange you call it “open source” 12 times and only mention “free” twice. Especially after you consulted the community.

But kudos on the F-Droid integration.

How can I help getting this to LineageOS?

Not at all!? Or more precise: not anymore…
At least on my installation (LOS w/ microG, release of 2018-01-16) this option seems already to be there:

Didn’t test it yet, though.

Edit: just activated this checkbox shortly while being on WiFi and apparently it works:

A nice article appeared in Wired the other day.

Thought you might like:

Oh, you are right, I have it, too I don’t use F-Droid that frequently so I didn’t check the settings again. Enabled it just now. Let’s see what happens

That is weird, I do not have it on LineageOS. Installed the latest update yesterday…

I use LineageOS with automatic f-droid updates, but this only worked after I flashed the privileged extension manually. As far as I know it is not integrated in LineageOS itself.

The great thing about Lineage OS: You don’t have to integrate such things in the OS. The user can choose whether to make modifications to the OS like adding su, f-droid privilleged, microg, xposed or - god forbid - gapps and OTA updates will still work and the modifications will remain.

Great news! We’re working on making it easy to install F-Droid itself on Fairphone Open, now that Privileged Extension is built in.

About using F-Droid with Privileged Extension on LineageOS, that has been supported for a while in two ways:

• flash Privileged Extension OTA like you would gapps or other things
• use LineageOS for microG, which has it built-in

Ah, I’m on normal Lineage so I’d need to flash the extension. Automatic update just asked to enable “unknown sources”.

I have to admit I find the information on F-Droid Privileged Extension | F-Droid - Free and Open Source Android App Repository hard to understand. I had to read it a handful of times and am still not sure I understood it correctly.

For example the following advantages: “Reduced disk usage in the system partition” and “The process of installing into system via root is safer”. Compared to what and how so?

And that part I think should be rewritten

Instead of this build, most users will want to install the
“Over-The-Air” (OTA) update ZIP file is called
[[org.fdroid.fdroid.privileged.ota]]. This is here to update
Privileged Extension when it has been installed using the OTA ZIP.

Assuming I understand what it is supposed to mean I would phrase it something like

Instead of this package, users should install the “Over-The-Air” (OTA) update ZIP package called [[org.fdroid.fdroid.privileged.ota]]. After the installation of the OTA package it will take care of updating this package.

Is that correct?

Yes, I think, that is the difference to FP oOS with F-Droid, privieged Extension. For me that doesn’t matter, because I am also using the Yalp store. For this last one I also need to allow “unknown sources”. But If you only use F-Droid, the FP solution is the safer one.

Sorry, but it seems you confuse open source and free software. Open source only means that you can study the source code, not the other freedoms you mention. I recommend reading e.g. this article from RMS:

https://www.gnu.org/philosophy/open-source-misses-the-point.en.html

And while I really appreciate FP’s cooperation with F-Droid, personally, I don’t like the way you give the false impression that using FPOS with F-Droid instead of the Play Store gives you kind of "a more secure phone. ". As the minimum, I would have expected some mentioning of the fact the the FP2 requires ~200 MB of blobs for operation. Blobs which make FP direclty dependant for security updates on a vendor that regards the FP2 platform mostly EOL.

Does “Fairphone Open” will have a relationship with eelo project ?

See here.

Thank you

To make choosing F-Droid even easier, we’ve made an Fairphone Updater installer for F-Droid itself. The idea is that it can be installed from the Updater just like someone installs Fairphone Open, or how FP1 installed Google Play. I just made the release now, once it is built, it will show up here:

https://f-droid.org/packages/org.fdroid.fdroid.ota

How does this sound as a way to install F-Droid itself? It could also be used with regular FairphoneOS to allow people to install F-Droid next to Google Play.

Did you receive any answer for the Fairphone team about this feature request, Hans?