FAIRPHONE 3 and 3+ A13 - Fingerprint sensor update

I really, really hope that this is a path leading to a solution for the issue. Would be nice to get a statement from FP regarding the viability of this approach.

1 Like

Hello everyone, thanks for all the messages. I would like to add to this discussion a bit from our side. I’m Miquel Ballester co-founder and Head of Product of Management and together with the Software Longevity team we work on our software updates.

Let’s start with a quick summary for new readers:

Since the update to Android 13 for Fairphone 3(+), the fingerprint sensor at the back of the device can no longer be used to log into certain apps with higher security requirements, such as some banking and government apps. This is because of updated security requirements for Android 13, which has lowered our sensor’s security certification from Class 3 to Class 2. This is very common as phones become older. After all, software upgrades will always align with the latest tech available in the market. However, there is no need for alarm. A Class 2 certification is still quite strong and will allow your fingerprint sensor to work normally for a multitude of apps. For apps that require a higher security certification for the fingerprint sensor, you can still access them through a PIN or passcode.

We want to again sincerely apologise for the oversight on our part in communicating this issue before. As we said already, we were aware of this issue before starting the roll-out of the latest update, but failed to include it in the release notes the first time.

These are the actions we have taken to minimize the effects:

  1. Once we realized this, we stopped the rollout of the update on the 11th of July. Only 10% had got the update until then.
  2. We updated the release notes and published them again.
  3. We resumed the rollout on the 17th of July

Noticing this is not enough information, on 28th of July:

  1. We are updating the notification that users see before they accept the download to warn them about this regression.
  2. We are updating the release notes to provide clearer communications on the regression for people downloading the software update.

One thing to keep in mind is that although biometrics (fingerprint) are more convenient, they are potentially less secure. It’s never as safe as logging in with a strong password, which is an option that remains available for nearly all apps. This is documented in the official documentation of Android, please see here. Android states that:

“in the tiered authentication model, pins, patterns and passwords are primary authentication and they provide the highest level of security. Biometrics are the second tier of authentication and offer security and more convenience”.

Despite the previous statement, some apps only use biometric authentication to login.

The apps that lost access with the fingerprint sensor are exactly those with the highest security requirements (like banking apps), here’s a list of all the apps and their status for fingerprint support (thanks Ingo and to everyone who updated the list). We are sad to lose this convenience feature on those apps, but it is the right thing to do to keep these accounts as secure as possible. You can still access your accounts via login methods that are more secure than using your fingerprint, like passwords.

Every iteration of fingerprint sensors and chipsets makes progress and offers higher and higher levels of security. In our Fairphone 4, we could implement a newer, even more, secure version of fingerprint sensors and chipsets with higher standards of security. This is why we can still offer to log in via the fingerprint sensor on those apps with the Fairphone 4.

While this development is not something we are happy about, please do understand we are trying our very best to future-proof our phones as best as possible. Like the later software updates for Fairphone 2, this is the first upgrade we’ve completed without the support of the chipset provider and that comes with its own set of teething problems. With our unique approach to software, we are challenging the industry every day, going way beyond what our other brands and partners are doing.

This way of challenging the industry standard comes with risks and regressions that are sometimes beyond our control. Sometimes, like on this occasion, we reach a hard limit that isn’t resolvable from the technical side. Despite this major regression in Android 13 for Fairphone 3, our users get much more from us than they would get from any comparable device on the market of similar hardware and age, as we are already offering software updates since its launch in 2019.

Having said that, we would like to profusely apologize once again for not communicating this clearly in the release notes. We should have been more proactive in letting you know about this development and it is something we will be more actively concerned with in the future.

I hope this answers your questions. And thanks all for being so engaged in the conversation.

Miquel


In case it helps, here we include as well some FAQs:

What exactly is causing the issue with the fingerprint sensor?

Due to updated test requirements, Fairphone 3’s fingerprint sensor is now certified at a lower security standard, according to Android’s security requirements. We cannot get an updated firmware from the fingerprint sensor supplier, in order to increase the level again. Android biometrics security requirements are continuously increasing to stay aligned with latest research in the field, for example on reproducing someone else’s fingerprint to log into their device and apps.

Could Fairphone have prevented this?

We could have written the explanation proactively for the end users.
We are also having conversations with all our software and hardware suppliers to get their support for a longer time for our more recent products. On Fairphone 3, unfortunately, the manufacturer declined to offer us long-term commitment for firmware support.

Why wasn’t this issue included in the release notes?

We were aware of this issue before beginning the roll-out of the latest update, but failed to include it in the release notes. This is a major oversight and should not have happened. We realize that we need to be more proactive about how to communicate and present known issues/regressions and potential workarounds before releasing updates to the public.

That said, this only affects apps with higher security requirements, like banking apps. In general, you can keep using the fingerprint sensor normally.

If Fairphone was aware of this, why did you choose to release the update, anyways?

Some workarounds could be put in place, see the section “What do do for the affected users?”. This is not convenient for the users using the fingerprint sensor with some apps, but they can still use those apps, unlocking them via PIN/password. In this case, we prioritize continuing software support despite losing this feature.

If the fingerprint sensor is certified as “weak”, does this mean it is not safe to use / wasn’t safe to use before the Android update?

Android security requirements changed with Android 13, which require changes in the firmware of the fingerprint sensor. Because of the lack of this firmware update, the fingerprint sensor could not be qualified “Strong” anymore and “Strong” could be a prerequisite for some apps to use it, like the banking apps. Weak is one of the categories of the Android Compatibility Definition Document (CDD) which evaluates the security of a biometric implementation. The Biometric Class “weak” (called class 2) now is considered “secure” but not secured as the Strong level, see the Android specification (the table below describes each class for new Android devices). Biometric security is classified using the results from the architectural security and spoofability tests. A biometric implementation can be classified as either Class 3 (formerly Strong), Class 2, (formerly Weak), or Class 1 (formerly Convenience).

Will I no longer be able to access my banking app / other apps that I usually use the biometric login for?

All apps that offer biometric login also offer the option to login using your password or pin code. This issue, therefore, does not mean you will not be able to access your apps at all.

(When) will you fix this? Is there a workaround?

Fix not, workaround yes: Affected apps can still be unlocked via PIN/password, which is by default configured as a fallback option in any context that makes use of the fingerprint sensor.

(How) can I go back to Android 11 to get the functionality of the fingerprint sensor back?

Going back to Android 11 will not solve this issue: Android 11 will eventually run out of security support. Apps with high-security requirements won’t work anymore at that point – these will be more or less the same apps that require strong fingerprint security. As a temporary workaround, it is, however, possible to go back to Android 11. Please see https://support.fairphone.com/hc/en-us/articles/360048050332 for instructions on how to manually install older Android versions.

Will the fingerprint sensor on the Fairphone 4 stop working as well, once the Fairphone 4 receives the Android 13 update?

No, as the fingerprint manufacturer for the Fairphone 4 didn’t drop the support. We’re also already preparing now to avoid similar situations for Fairphone 4 as much as possible.

I use another alternative operating system on my Fairphone 3/3+. Will this issue affect me as well?

Yes. Alternative operating systems all use the same fingerprint firmware as our official software, since there is no alternative or open source firmware available for Fairphone 3’s sensor. Therefore, in terms of fingerprint detection and spoofing security (reproducing someone else’s fingerprint), other systems will be as secure as our official one.

24 Likes

The “Digitales Amt” app, which is necessary for citizens in Austria, works exclusively biometrically. It is necessary in order to submit applications and communicate with authorities. Therefore, the phone is now worthless. You admit that your supplier did not inform you in time. This is your legal issue. So what to do? Throw away the sustainable Fairphone? As a result of the violation of the duty to warn, better find a solution or at least make an offer.

6 Likes

So you feel any possible commitment oft your supplier to provide an Firmware Update once?

Hey there,

As we explained in the post, that app does not follow the recommendations of Google. By only allowing to use biometrics, it is closing the door to other more safe ways of logging in, like a password. I hope you will continue to enjoy you phone for other uses for a long time. We will keep providing software updates, beyond any other brand in the industry. Thanks

11 Likes

We have been trying for months now. Unfortunately, one of the bottlenecks in the industry, as component manufacturers are not used to provide long term commitments. Sometimes our drive for longevity wins, but sometimes it doesn’t. I hope for your continued support, thanks for engaging in the conversation.

11 Likes

If you are referring to whether LineageOS, for example, now also classifies the fingerprint sensor as Class 2: No, it doesn’t. LineageOS has reverted the commit that would implement this security check:

12 Likes

According to this post this isn’t true for LineageOS and, most importantly, they intend to keep it this way. Has there been any changes on that side which haven’t been posted by the LineageOS’ team?

2 Likes

Thank you for your statement. While I would have liked for it to be available sooner, I understand that stuff like this needs to be coordinated.

I have a few remarks and questions, though.

Where in the post did you explain this? Found it now, thanks to AnotherElk. However, this part:

I don’t use the “Digitales Amt” app, but those statements seem to contradict each other – it seems that not all apps that offer biometric login also offer the option to login using your password or pin code. You might want to clarify that.


Also, the following is a bit misleading in my opinion:

While it is true that the firmware of the fingerprint sensor is the same and therefore not more or less secure as on stock OS, this isn’t really what the question is about – the question asks if Custom ROMs will have the same problem in Android 13, and the answer, at least for Lineage OS, is no. Your answer sounds different.


Last but not least: Android 11 still isn’t EOL for at least a few months, I think. For those users that want to stay on Android 11, are you planning on providing security patches for Android 11 until the EOL date?

4 Likes

Thanks,I was not aware. We will update the post.

1 Like

Hi there, thanks a lot for your response. I understand, that it is difficult for Fairphone to provide all the updates and solve all the problems. I also think that the biometric thing isn’t secure and that passwords etc. would be much better. But there is nothing I can do about it, when I need it for “Digitales Amt” in Austria which I need for work as I work for a tax consultant. When there is no solution, is there at least a possibility that we get a discount if we have to order a Fairphone 4 and change the phone because of this issue? Are there plans for a Fairphone 5? And another question I have:: Is there a way that you can still suppport Android 11 for those who can’t install Android 13 because of the fingerprint issue? At least for a while? My fairphone tells me daily that I have to update the software.

I understand your situation, but still I ask you to also understand our situation, I bought my FP 3 in 2021 and it makes me sad that I probably can’t keep it any longer. And to buy a Fairphone 4 for more than 500 EUR, not knowing if I can still use it in 2 or 3 years … this may force me to switch to another smartphone brand, which also is able to handle “facial recognition” for example. It’s not that I am fond of these things (this biometric stuff) but if our authorities in Austria or some banks force us to use this stuff, we have no other chance.

Thanks for your understanding and sorry for my not so good English.

Best regards from Austria,

Silke

3 Likes

2 Likes

It was reported here that the authorities in Austria indeed offer legacy means of getting things done. Yes, this might be inconvenient in comparison, but nobody is forced to use the App.

And banks forcing App usage onto customers is an unacceptable practice, customers swallowing this are voluntarily sitting in a cage. Offering Apps is fine, forcing Apps without keeping alternative channels open is not.
(I once terminated a bank account myself the moment a bank wanted to force me to use an App. Given, it was not my primary bank back then, but I wouldn’t hesitate much if it was my primary bank either.)

Forcing biometry without alternatives is bad App design, as described.

7 Likes

Thanks, you’re right. I must have overlooked that part. Editing my post.

1 Like

In the assessments which were made, what disqualified offering a swap of the fingerprint hardware for a more secure one (at least regarding Google’s classification) as a fix?

2 Likes

I have just sent an e-mail to a-trust (Digitales Amt), hoping that I will get a reply next week. As I’ve said I need this stuff for work, that’s why I am “forced” to use this App. If it would only be for private reasons, it would be less annoying.

8 Likes

Please don’t get me wrong here – I have supported LineageOS and other custom ROMs for a long time and wish them to succeed and gain popularity and users –, but I’m reading this with a bit of disbelief. Does this mean that apps like Digitales Amt will just “swallow” any custom ROM’s “thumbsup” when it comes to trusting a fingerprint sensor?

Again, I really want that custom ROMs can replace Google’s downrating of the FP3 fingerprint sensor and thus keep its functionality for all apps that used to work with it before … but can it really be so easy? :open_mouth:

It sounds a bit hacky, to be honest, but the original “degradation” of the sensor was done in a completely software way too. In the end, the OS is in control of the machine (whatever the OS and the machine are), so an app can either trust it or trust it (which is why some apps refuse to work if they detect rooting or other stuff which could change the default OS behavior for critical stuff).

1 Like

At least all my banking apps have been working flawlessly with the fingerprint sensor on Android 13 (iodéOS) for months. (ABS, Airlock 2FA TWINT, PayPal)…

I just tried Digitaes Amt. However, it doesn’t like my rooted phone as soon as I try to log in.
Maybe someone can try it without rooted FP3 on LOS/iodéOS/etc.? :slight_smile:

3 Likes

Hi, I want to delay upgrading to AOS 13 as long as I can - is it possible to block the daily upgrade notification, it gets quite tiresome!

1 Like