This means, that this information will be better communicated to the user. That’s good. But it is not a solution to the problem.
Will there be any solution at all? Maybe by rolling out a different firmware to the fingerprint reader? Or a user-selectable switch to accept not-so-safe fingerprint readers for all apps?
Or anything else?
Any information about that would be helpful and end speculations.
Thank you very much!
hmh I am not sure but I suppose this firmware for that fingerprint reader is closed-source and not openly available source code. So fairphone might not have any rights to release modified firmware.
But regardless of that:
Since these security measures are implemented by Google, I can’t imagine how Fairphone could get around these security decisions without loosing Google certification and thus all Google-related things like GPS (Googl Play Services) and GMS (Google Mobile Services).
I use the LineageOS fork iodéOS and so far all my banking apps are working flawlessly even with fingerprint and Magisk Root activated.
But that might depend on every specifiv app, of course.
Since a number of users have upgraded already and are experiencing other issues apart from the fingerprint sensor situation, a manual install from scratch could be used to determine whether certain issues are really due to the Fairphone OS version itself or rather due to the in-place upgrading process.
If you need the fingerprint functionality in Apps which refuse to work with it now, and if Fairphone can’t somehow come up with something to counter Google’s requirements, then it seems currently you would indeed be left with custom ROMs which don’t adopt Google’s requirements, like LineageOS.
It’s important to note that security-aware Apps (especially banking Apps) might not like running on custom ROMs by default, so some consideration is needed with this approach, too.
The closest to a Google certified stock OS in my view should be LineageOS + Google Apps and services (via installer projects like MindTheGapps) + Google’s device registration for the use of Google Apps and services on non-certified Android OSes (https://www.google.com/android/uncertified/ to play it safe with one’s own Google account).
Martas explanation is better late than never …I suppose? Thanks to the dedicated angels, people with knowledge, and others already burned by this “upgrade” we kind of knew already though.
I’m pleased that the rollout of A13 has been paused. I’m in total agreement with Soupape50 in this now closed thread . I think the OTA update should be halted permanently, well unless a solution is offered (seems unlikely). If members of the commune want Droid13 knowing the side effects, then let them download it manually. As this removes phone functionality it certainly should not be pushed.
I will continue using A11 until the time comes when the various apps I use stop supporting it. A11 is supported by Google until the end of this year I believe? How about Fairphone supporting A11 until its end of life date?
If the problem is the sensor, I will happily pay (a fair price) to upgrade it to a new module, I’d even put a deposit down. Perhaps FP should poll to see how much interest there is in this option? Solution may not be as simple as replacing the sensor though. I hope @Roli gets a reply from Fairphone on this issue.
Beta testing : What is the point of beta testing if after a set period of time, FP roll out that release regardless of negative reports by their testers?? Does FP understand that the principle of beta testing is to iron out bugs before a major release? Companies often release several beta versions before settling on a stable one. Question for beta testers. Have you ever reported a serious flaw, and if so, did Fairphone rectify the issue before general release?
I’d rather not use a custom ROM. I’m just not that confident I wouldn’t do permanent damage, maybe kill my phone entirely. However, if FP don’t come up with any sensible solution before my favourite apps stop supporting A11, I think I may investigate Lineage. Thanks very much to @yvmuell for posting the link.
I’m one of those Beta testers.
The issue was well known but not seen as a deal breaker maybe as not that many testers had a big issue.
Out in the real world even 10% maybe or some 2000 users that find it a problem 10% of beta testers? there aren’t 100 even.
Clearly more people use apps that are effected than Fairphone new about or anticipated. But back in April is was being looked at and of course now is again
Our aging device currently can’t really cope with updated Android biometrics test requirements. Android’s biometrics requirements are documented here: Biometrica | Android Open Source Project – BIOMETRIC_WEAK (Class 2) just isn’t allowed to access the Android keystore (it’s still usable for other contexts, including lock screen).
So it must have been decided to to push A13 for other reasons, and yes a big WARNING on the notification for the new OS would have been greatly appreciated by some
Yeah, I know you are, and I appreciate the fact you took time to report the issue. 100 beta testers is sensible. You’d probably have picked out most faults between you all as not everyone uses every feature. Usually I’d say the more testers the merrier, but there needs to be enough people in the dev team to read the reports. Did FP give you a response to your feedback?
FP likely opted for security over functionability, but as I said previously that decision should be down to the end user. I agree with you that a warning should have been given.
I didn’t report I was made aware of the issue and there are probably only 40 testers. The 100 was just to make a point that it’s a small percentage and things will get missed. But this was noticed. I wouldn’t have as i don’t use banking apps.
Well could, and I think they now agree it was an error not to.
I installed Lineage with Gapps and TWRP on some old devices before (for testing and for family) and I am very impressed how stable and functional this community-backed OS is - often even better than the original stock ROM.
But on the FP3+, as my daily driver, I wanted to go with the stock ROM - the main reason about buying it, was the software support for at least 5 years, so I want to use that. Until now.
As I have to rely on the FP3+ both for business and private reasons, I can not switch to Lineage that quick. I first need at least a day off to do that.
And that’s my main point: Not all the users of the FP3 (must be around 100.000, right?) know how to flash a custom ROM. So there has to be a solution offered by Fairphone. Simply stopping the roll-out just creates losers: The ones already updated suffer from a software regression, the other ones stay with an old OS version (and probably no security updates anymore soon).
So: Using Lineage can be a good solution for many people. For others, Fairphone has to provide a solution.
And that’s what I am still waiting for.
Whereas the implementation is not an issue, as you note, can Fairphone still get Google approval and a license? or as previously mentioned, maybe someone will create an unofficial version, but then there are other OS options if someone doesn’t want official A13
I am pretty sure about that. The reason is that Google - as other software developers - always try to avoid regressions at any cost.
Beginning with a certain version of Android, Google required all devices to be encrypted. But this was just mandatory for new sold devices, not for updates of already existing devices.
The reason is simple: Older devices lacked the AES instruction set in the SOC; software encryption would make the devices slow and the battery drain a lot. Regression → Frustration → Problems for all involved parties.
Google requires a specific minimal kernel version for each version of Android. If it is a new sold device. If it is an upgrade of an already existing device, they are not too strict about it.
Reason: The kernel (or better: it’s modules) contain firmware BLOBS which are released by the component and SOC manufacturers for a specific kernel version.
Best example is the FP3: It is running exactly the same kernel version on Android 11 as on Android 13. Google is not forcing Fairphone to update the kernel, but still get the certification.
I am pretty sure, that Google has no problem with the fingerprint reader. It is an upgrade of an already existing device, not a device that hits market initially with Android 13.
So we don’t know why Fairphone disables the fingerprint reader for apps with higher security demand, as the new standards in Android 13 most likely are just valid for new sold devices, and not mandatory for updates.
There is no public issue tracker, no code repository or public road map where decision like that are discussed. Software development at Fairphone happens behind closed doors, and as I already mentioned before, I hope they will tell more about the backgrounds for this decision and the way they are going to solve that.