Dear all, a new update from our side!
(Thanks for your patience… I hope you understand it takes a while to write these updates as we are a big team, and insights are needed from many people)
The Android 13 rollout finished on the 29th of July, which means it is now available to all users. However, we want to give everyone who prefers to continue using their Fairphone 3(+) with Android 11, the option to do so until the moment Google stops providing security updates later in (early) 2024. Until then, we will be providing users of the Fairphone 3(+) with Android 11 security updates for manual installation every two months.
This also means all users who updated to Android 13 will be able to revert back to Android 11, if they want to.
If you are still on Android 11 and want to stay,
now it should be possible to ignore your Android 13 update notification (the notification will only appear every 2 weeks and in time we will remove this).
If you are already on Android 13, please follow the instructions here to revert to Android 11.
This will allow for you to go back to using your fingerprint sensor with secure apps.
Please beware! Following these instructions will mean you will need to erase your data). Reverting to Android 11 will not change your Google security patch level.
From now on, further security updates on Android 11 will not be provided Over The Air (OTA), but will need to be updated manually via a laptop or computer. You can expect a new Android 11 software update every 2 months here. You will get the news via our forum.
Please note that this will not influence our regular security update process for Android 13. Users of Android 13 will continue to receive updates as usual.
A reminder that,
all apps that offer biometric login also offer the option to login using your password or pin code. This issue therefore does not mean you will not be able to access your apps at all with Android 13. We are so far only aware of one app where this is not the case - the Austrian government application “Digitales Amt”. However, we have confirmed that login is still possible for this app by using an inexpensive hardware key (see a list of compatible hardware here).
We’re sorry
We realize these are only workarounds or temporary fixes. However, please keep in mind that, as inconvenient as the pin/password workaround might be, the update to Android 13 does provide many new perks and features that we hope will enhance your user experience and inspire you to keep using your Fairphone for as long as possible.
New FAQs
We have updated the FAQs below to include multiple new questions and answers that some of you have been raising (eg. around the possibility to provide a new fingerprint sensor). Apologies that it took sometime to bring the teams together to have an informed answer on that one! I hope this clarifies things a bit.
If you have any issue reverting to Android 11 please contact our customer support.
Thanks for your continued support.
Miquel (& and many others!)
New and updated FAQs
Why can you not upgrade the hardware / offer a new fingerprint sensor module for the Fairphone 3?
Click here to read the answer
Before answering this question we wanted to make sure we had enough information.
The fingerprint sensor itself is just one of the components within the fingerprint sub-assembly. The design, pin configuration, and other aspects of the sensor may vary between different manufacturers and models. Therefore, the FPCs (flexible printed circuits) would likely require re-layout, and the module would need to undergo a comprehensive process of review, firmware/driver development, testing, validation, and certification when considering a new fingerprint sensor.
When designing Fairphone 3, we underestimated the risk of this happening and did not make the fingerprint sensor an easy replaceable module. We are at the moment trying to make sure this does not happen in the future with Fairphone 4.
In order to offer a hardware fix now, we would need to find a manufacturer that is willing to put in the effort outlined above. This is very difficult. Normally, manufacturers would require a minimum lifetime commitment on sales of over 100,000 units in order to earn that development back. At this point, we are not selling FP3s anymore so the uptake would be very small. With what we know now, this is a very unlikely possibility, but please trust that we are considering all options. In any case this change would take a long time. We therefore believe that the option to downgrade to Android 11 is the only possibility in the short term.
Will I no longer be able to access my banking app / other apps that I usually use the biometric login for? - UPDATED 8th August
Click here to read the answer
All apps that offer biometric login also offer the option to login using your password or pin code. This issue therefore does not mean you will not be able to access your apps at all. We are so far only aware of one app where this is not the case - the Austrian government application “Digitales Amt”. However, we have confirmed that login is still possible for this app by using a hardware key (see a list of compatible hardware here).
(When) will you fix this? Is there a workaround? - UPDATED 8th August
Click here to read the answer
Fix not, workaround yes: Affected apps can still be unlocked via PIN/password, which is by default configured as a fallback option in any context that makes use of the fingerprint sensor. In addition, we are offering affected users the option to continue using Android 11 until Google stops supporting this operating system in early 2024.
If you are already on Android 13, please follow the instructions here to revert to Android 11. This will allow for you to go back to using your fingerprint sensor with secure apps.
Please beware! Following these instructions will mean you will need to erase your data). If you have any issue doing this operation please contact our customer support.
(How) can I go back to Android 11 to get the functionality of the fingerprint sensor back? - UPDATED 8th August
Click here to read the answer
Going back to Android 11 will not solve this issue forever: Android 11 will eventually run out of security support early 2024. Apps with high security requirements won’t work anymore at that point – these will be more or less the same apps that require strong fingerprint security.
If you are already on Android 13, please follow the instructions here to revert to Android 11. This will allow for you to go back to using your fingerprint sensor with secure apps.
Please beware! Following these instructions will mean you will need to erase your data). If you have any issue doing this operation please contact our customer support.
If I manually downgrade to Android 11, will I lower the Security Patch Level of my device? - New! 8th August
Click here to read the answer
No, as both the latest software release based on Android 11 (4.A.0023) and the latest software release based on Android 13 (6.A.018) include the same Security Patch Level: 5th of June, 2023.
Also, Android 11 will receive bi-monthly security updates as long as it is supported by Android (probably early 2024). These updates, however, cannot be installed over-the-air but need to be manually flashed. Please follow the instructions here to revert to Android 11
If I downgrade to Android 11, will I receive a notification when a new bi-monthly Android 11 update is available (e.g with a new security patch)? - NEW! 8th August
Click here to read the answer
Unfortunately, no. It is impossible to technically differentiate if you willingly decide to stay on Android 11. You can expect a new Android 11 software update every 2 months here. You will get the news via our forum.
This also means that our update system will be proposing you to upgrade your device to Android 13, in case you change your mind and you still want to benefit from the latest Android features. You can dismiss this notification, and you will only see it at most every 2 weeks.
I use [alternative operating system] on my Fairphone 3/3+. Will this issue affect me as well? - Updated 8th August
Click here to read the answer
Contrary to what we communicated earlier, it is indeed possible to continue using the biometric login when using alternative operating systems (OS). This is possible because these OS do not have to undergo Google’s official approval process. However, from a security and privacy perspective, we cannot recommend circumventing these restrictions.
Which apps are affected by the issue? - Updated 8th August
Click here to read the answer
Since the issue is connected to the security certification of the sensor, the issue affects those apps with high-security requirements, such as banking apps. Our forum members have started to assemble a list of affected apps here, but there might be other apps affected, too. For nearly all of these apps, it is possible to log in using a pin or password instead of the fingerprint sensor. For the Austrian government application “Digitales Amt”, we have confirmed that login is still possible using a hardware key (see a list of compatible hardware here).
Previous FAQs - Published on 28th of July
What exactly is causing the issue with the fingerprint sensor?
Click here to read the answer
Due to updated test requirements, Fairphone 3’s fingerprint sensor is now certified at a lower security standard, according to Android’s security requirements. We cannot get an updated firmware from the fingerprint sensor supplier, in order to increase the level again. Android biometrics security requirements are continuously increasing to stay aligned with latest research in the field, for example on reproducing someone else’s fingerprint to log into their device and apps.
Could Fairphone have prevented this?
Click here to read the answer
We could have written the explanation proactively for the end users.
We are also having conversations with all our software and hardware suppliers to get their support for a longer time for our more recent products. On Fairphone 3, we unfortunately didn’t manage to have a long-term commitment from the fingerprint sensor manufacturer.
Why wasn’t this issue included in the release notes?
Click here to read the answer
We were aware of this issue before beginning the roll-out of the latest update, but failed to include it in the release notes. This is a major oversight and should not have happened. We realize that we need to be more proactive about how to communicate and present known issues/regressions and potential workarounds before releasing updates to the public. It is now clearly indicated in the release notes and in the update notification.
If Fairphone was aware of this, why did you choose to release the update, anyways?
Click here to read the answer
Some workarounds could be put in place, see the section “What do do for the affected users?”. This is not convenient for the users using the fingerprint sensor with some apps, but they can still use those apps, unlocking them via PIN/password. Android 13 provides many new perks and features that we hope will enhance your user experience and inspire you to keep using your Fairphone for as long as possible.
If the fingerprint sensor is certified as “weak”, does this mean it is not safe to use / wasn’t safe to use before the Android update? - Shortened on 8th August
Click here to read the answer
Android security requirements changed with Android 13, which require changes in the firmware of the fingerprint sensor. Because of the lack of this firmware update, the fingerprint sensor could not be qualified “Strong” anymore and “Strong” could be a prerequisite for some apps to use it, like the banking apps. Our fingerprint is now classified as Class 2 and you can find more information here in the Android Compatibility Definition Document (CDD).
Will the fingerprint sensor on the Fairphone 4 stop working as well, once the Fairphone 4 receives the Android 13 update?
Click here to read the answer
No, as the fingerprint manufacturer for the Fairphone 4 didn’t drop the support. We’re also already preparing now to avoid similar situations for Fairphone 4 as much as possible.