FAIRPHONE 3 and 3+ A13 - Fingerprint sensor update

2 posts were split to a new topic: Fingerprint not able to unlock on A13 with parental control

How to stop the Android 13 update when it was paused

The Fairphone team had the great idea to push the update with a popup instead of a push notification. I thought this update was a Google Play update regarding the app I was using in that moment and quickly clicked “update”.

The Android update was paused because I have the battery saving mode switched on. I do not want to update to Android 13!

How can cancel the ongoing update. It didn’t start to download anything nore install anything.

Thanks for your help :slightly_smiling_face:

I was wondering if the ‘issue’ (rather: fix by Google in Android 13) is related to this research Arxiv: BRUTEPRINT: Expose Smartphone Fingerprint
Authentication to Brute-force Attack
which was mentioned e.g. here Chinese onderzoekers bruteforcen vingerafdrukscanner Android-smartphones - Tablets en telefoons - Nieuws - Tweakers anyone know?

Well, it appears google has lowered the security rating for the fingerprint sensor used in the FP3 with the release of Android 13 - the initial release of which predates the arxiv upload date of the paper you linked by several months.

That being said, I would not consider it absurd that google had prior knowledge of this attack and took this into consideration when changing their security requirements. Especially when considering that the bounds on the FRR and the FAR required for security level 2 (which the sensor is rated at now) are the same as those required for security level 3 (which the sensor was rated at before). They only differ in the requirement for its SAR (which also poses a lower bound on its IAR). After all the SAR/IAR are the best generalized indicators we have to express how vulnerable a fingerprint sensor is to bruteforce attacks in general.


3 posts were split to a new topic: Downgrade from A13 to A11

From another thread:


Perfect. Thanks. Hope that prevents it from upgrading!

Gosh, I really wish I had gotten some information about this problem before I was offered the update. Fairphone regularly sends me e-mails to ask what I think about their device, but informing me about this crucial problem was unfortunately not on their radar it seems. Very annoying situation.

1 Like

My Fairphone is working great with the new update. Only my banking app ABN-AMRO is not using fingerprints anymore but the 5 digit code works fine.
For the rest: great update!


There is variant to this, Hanlons Razor: “Never attribute to malice that which is adequately explained by stupidity.”

But I agree seeing malice/complott is rediciolous. Anyway, this is super annoying. (BTW: Austrian here too, but I never used so far “digitales amt” a.k.a. digital office anyway, but also to note maybe untypicially configured it to English main language) got super annoyed noticing FlateXSecure stopped working not allowing me trading anyway. Interesting tough, after deinstalling the app, reinstalling the app, and authenticating it again with a QR-Code and SMS Code it works now (I guess it just now accepts a level 2 security as well). But the other Flatex App to see your account on mobile keeps being bunked. Also fingerprint login to Bank Austria (it asks for the Pin as alternative but I can never remember that nor do I want to enter this 20 digit alphanumeric code every time)

If I knew this I would have NOT upgraded to Android 13, but I got only the message, hey security updates, 1GB download… and bugged me for a month to do this, until I found time and WiFi for it… and now bunkered out. Also rediciolous with Android 11 it was considered secure, but now dark-magically after installing security updates, its not secure anymore…

And also super annoyed this is a non-exchangeable part, I mean seriously, I was excited from the whole FP concept, but things like these make me question the whole premise. Next time I rather buy a cheap throw away phone after a few years again…

1 Like

But seriously in that case they should have not used this kind of chip with a closed firmware blob and a manufacturer that does not subscribe to a longlivity idea as FP does. I would rather have more understanding if they said, “sorry its in the hardware fix soldiered, rather than oops no new firmware from chip supplier”.

I’m still quite mad about this, a 3 year old device a core functionality has been bunked (and no it affects multiple Apps for me that I cant fix) and to blame the apps is also a weak evasion. And yes the whole premise of FP was longlivity, since otherwise with the same functionality set at a given moment one could get cheaper and small form factor on the market… You buy the FP3 for the premise of repairability and longilvity and then oops, used a chip that doesnt care…

In a case like this there must be a new firmware or not the respective Android 13, and if it needs to be absolutely Opt-In. Few normal user will read all the updat notices considering if the message that pops them up that strongly suggests to make an update for security reasons, is actually a good idea. If at all it needs to be in bold red letters not to upgrade if you want to use your banking apps, or eGoverenment, or securities trading… now all you can do is unlock the device with it, which is more inconvenient than a pattern anyway was (since I always had to hit the fingerprint readers 2-3 times to register anyway).

PS: And please note the description above about Google guidelines and pins and so on is basically just a long winded way of saying “fingerprint sensor got broken, but you dont need it anyway, you just didnt realize…” and enough people ate that.


hmmm, then I guess the FP3 would not have had a fingerprint reader at all.
Because on the one hand, I doubt that there are even suitable fingerprint readers with open source firmware. At the firmware level, closed source is still the de facto standard in many areas.
And secondly, I don’t know if Fairphone had enough economic power at the time to force other companies to provide firmware updates for longer than they had planned.
They probably just laugh when a company that only orders a few tens of thousands demands something like that.


In end effect it certainly would have been better, considering its now useless anyway. Would have reduced the price of a unit and people who needed it wouldnt have bought it.

It is by no means useless. Only apps that require a higher security standard no longer support the fingerprint reader. And besides: All people who use custom ROMs are not affected at all, either :slight_smile:


Which are often blocked by higher security apps, when detecting a custom boot loader/kernel flag.

But besides that, still you cannot sell long support devices, if you use parts that are not long support. the whole premise is a lie. this should be logical not?


I can only speak for myself, but here in Switzerland I don’t have a single banking that doesn’t work with iodéOS (LineageOS fork). The same goes for friends and family members.
So no, I don’t think this is a general problem with custom ROMs nowadays.

But a lie would imply that Fairphone knew years in advance that this would happen when they were still selling the FP3 and didn’t inform their customers - I don’t think that’s the case here.
And the FP3 is still supported - both software-wise (as you know, it has been updated to A13) and software-wise (spare parts).
The claim that the FP3 is now no longer supported is not true at all.


What I searched depends on the App if it checks for bootloader/kernel flags, there used to be a feature to lie to the App but that has been removed on newer versions again. Anyway, all this “but custom ROM” argument is in other words “you support it yourself”, so in this regard, why buy a long support phone? Custom ROMs I can do on cheaper phones with no updates.

Look, that is not how support works. If you promise to support a system you need to secure yoursel support for all components. “Didn’t know the componant had an issue” is not how support works. So in this regard, the promise is a lie and if no chip manufacture offers this, then the whole concept is not working.

And yes, they did stop supporting the fingerprint reader as authentication service (other than low level like unlocking the phone). Now they are pointing to other companies… but Google, but the chip manufacturer… Look customer should not care, the customer bought a system with a promise, either FP should have argued with Google (as been posted above they did losen requirements for already in the field phones before) or they should have secured a contract with their chip manufacturer or better yet an OpenHardware design as basis. And yes, if this is not available, then the whole concept is not feasible as been sold.

The fingerprint reader was working fine before, then an update came, and no putting it somewhere down in the release notes does not “solve” the issue, much less forgetting to put it in the first place. FP broke a key feature and now they say “we are not going to fix it because of other companies”. Also the representative saying with many words “but you actually dont need the fingerprint reader (albeit many do)” is just beyond redicolous. This is and stays unacceptable and all this fan excuses only make the emotions about it more maddening, so please just stop. You are making it just worse… Anyway, as this issue demonstrates I cannot recommend but warn all my contacts about the FairPhone, with the states as is it seems to better to buy cheaper throw away phones, and for this it doesn’t matter if its FP own fault, or they are living in an industry environemnt that makes the requirements for the promises they are given in essence unfullfilable.


@ all I think we heard now all opinions about this and repeating one or the other will not change anything and everyone can draw their conclusion, so I would kindly ask to stop those repetitions from all ends.


in the beginning of october the google pixel 8 is coming.
i’ll buy it instead of FP5 so i can always tell for sure it’s googles fault… :crazy_face:


Hi all and should you be reading, hi Fairphone emplyees and business angels,

since the upgrade, apart from the whole business with the sensor:

  • phone is slower, in some cases much slower
  • screen blacks out erratically
  • i have no calling signal when dialling/calling people
  • i can’t change volume of certain signals
  • i couldn’t spot a single improvement in usability

This feels very normal, like completely similar to when I bought phones from Samsung or Apple! Congratulations are in order, I guess. As long as one can’t control the OS development, you have to kind of make do with whatever Google gives you, I guess. Sad, but it seems to be inevitable.

But also…

  • I am very disappointed to read messages that basically boil down to “our hardware provider messed up” instead of taking responsibility for your own actions and decisions
  • I absolutely don’t want any kind of sales messages, trying to sell me a new phone while I am still well within the all-important goal of stretching the usage out to six years. I am not being sarcastic, here. You sold me an idea, more than anything else. The idea that a phone can be fair to everyone from the people mining the resources to the end-users themselves who - guess what?! - can replace and repair individual components to ensure the longevity of the product.

Now, after this upgrade experience, when I read an e-mail saying “we know you are eyeing the Fairphone 5!” I wonder: Are you ok? What is the matter with you?
I am not!
I am eyeing my Fairphone 3 and I am sad to say with ever growing suspicion.

Your product is an idea. Don’t dispose of it as easily as you want me to with my FP3, apparently, judging from your sales e-mails.

I also think, other than just proving to an industry that what you did can be done (which is awesome!), in order to make a real impact on the business as a whole, you should be willing to win substantial market shares. You know? Make a dent in those cake diagrams!
The way to do that is to not sell a phone, but an idea, get people to dedicate themselves to it, in other words: Gain their trust.

And the only things with a dent in it right now is the protective case of my FP3 and my trust. Both are still working.

But I am eyeing both, like I said.
Please get it together, because I actually love(d) recommending you to friends and acquaintences and would love to take this up again.