I have already asked support about this, but have had no response or confirmation in four days, so asking the community instead:
I purchased a Fairphone 4 expecting it to be relatively open and easy to install my own software such as /e/os or iodé, but I find that it this is far from the case.
1, The bootloader requires a special code from Fairphone to unlock - wtf? I have never seen this before from any manufacturer, I am really surprised to see it from Fairphone!
(according to this thread, it is “likely” that Google are informed of the IMEI/Serial of any device that has been OEM-unlocked. Can anyone confirm if this is true?)
2, The bootloader unlock process apparently disables “important security features” it but doesn’t specify what is being disabled or if it is possible to re-enable them. Can anyone give me more info about exactly what is being disabled?
3, When I look at installing /e/os myself, I find that there is some evil thing called an “anti-rollback” PROM, consisting of electronic fuses (eFuses), which are irreversibly blown one-at-a-time by each update to Android, and will apparently BRICK the device if a non-Google-approved software is loaded, or if one tries to load an earlier version of Android than the latest that was installed on the phone. Again this is the very last thing I would expect from Fairphone!
4, I want to disable automatic updates (to try to preserve some of my eFuses… And what if I don’t like the next version of Android and I want to go back to the old one? Apparently I can’t?) but I am told that there is No way to completely disable automatic system updates, and that my phone will download and install the update itself (and presumably blow the next eFuse) in 30 days, whether I like it or not! WTF.
So Google can/will/did push a mandatory update that permanently damages my device (by blowing a physical fuse in the CPU) and I can’t do anything to stop it? This sounds like planned obsolescence to me, exactly what Fairphone are supposed to be against…
How many eFuses does the device have and how many are blown already? What will happen when some update blows the last one?
Why does Fairphone lock down its phones in this way? I feel that I do not own the hardware I just bought. What can be done about this? What is the unspecified effect of unlocking the bootloader?
If phones are bricking themselves so readily, it must mean that a lot more phones are going straight to landfill. Doesn’t this fly in the face of everything that Fairphone stands for?
Hi and welcome, just a side note: be lucky its so easily possible to unlock the bootloader (thats not the standard!) and relock the bootloader. All phones nowadays have a locked bootloader. You are concerned about security, so another point why you can be happy about the fact that the bootloader is locked. Also it is not a good idea to refuse updates when you are concerned about safety and security.
Have you done some reading/search in the Forum, this could give some answers already.
If you want a FP4 running e/OS without the need to unlock the bootloader, buy one pre-installed from Murena.
Thanks. Yes I already read that thread (it was the one I linked to)… But I can’t directly ask my questions there since it’s locked.
“Be lucky that it’s possible at all, all phones nowadays have a locked bootloader” is not really the answer I was looking for… I think Google (and Apple) need an antitrust lawsuit for this sort of behaviour TBH!
Indeed, if I had known about this locked bootloader with the fairphone-shop bought phones, I would have purchased my phone elsewhere, either from Murena or Iodé.
In terms of security, I am far more concerned about the threat from Google itself (invasions of privacy, leaking of my personal info to Google and third parties, forced installation of software that I don’t want).
As long as I can still encrypt the storage with my own passkey, I don’t see any security risk in running an unlocked bootloader and unsigned software that I compiled myself.
Maybe you would like to amend the title as the firmware, OS, software etc. is not locked, in the sense you cannot unlock it. It is only locked from the sense another person cannot install without your unlocking the GUI and then unlocking the bootloader.
So I don’t understand your problem, nor you assertions, just unlock the bootloader
Well, I can’t unlock it until I have asked Fairphone’s server for an unlock code, so in that sense it IS locked.
And even if I did request the code and unlock the bootloader, it appears I can’t do anything about the eFuses and the device potentially bricking itself. What security features are disabled by unlocking the bootloader? Can they be re-enabled after /e/os is installed?
I wanted to ask you, did you ever find a source for your suggestion that Google is notified when someone requests an unlock code?
Also, I notice that the “offline unlock code generator” script doesn’t work anymore, since they have changed the serial number format. Also, the code entry now requires internet access to contact Fairphone’s server (it fails with a “no internet connection” message if the phone is offline). I am curious as to why Fairphone are going to such lengths to track who is unlocking their bootloader.
I know this behaviour from LG for example, I even had to create an account for this. I think this is for warranty reasons, but I can’t make but wild guesses here.
The bootloader unlock process apparently disables “important security features” it but doesn’t specify what is being disabled or if it is possible to re-enable them. Can anyone give me more info about exactly what is being disabled?
If you unlock your bootloader, everyone with physical access to your phone can load a modified ROM on it, that’s most likely the “important security feature” which is getting disabled.
The anti-rollback feature should prevent that an older security patch level is applied to your phone and known breaches can be used to attack you. I never heard of eFuses in that context. I heard about them in combination with unlocking the bootloader, if I recall correctly for example Samsung with the Knox features. As far as I know, Fairphone doesn’t use such things to track if your bootloader was unlocked and I would be surprised if they did.
Mostly answered by 3, I think. In addition, you do not receive updates directly by Google. All updates are published by Fairphone.
Not sure who you directed this at as I didn’t mention it, but your post follows/i.e. responds to mine. But as the default OS is Google certified it does make sense that they would want to know when you dump them as they are very insecure.
After unlocking the bootloader you likely won’t be able to run *some banking apps, some mobile device management apps (if you are going to use your Fairphone for work emails) won’t run and some other apps may have reduced functionality.
Regarding forced updates: There is nothing worse than an unpatched device roaming the internet. I’m responsible for the operation of a companies IT infrastructure and cybersecurity…the devices that rob me of sleep are not necessarily the ones updating automatically but the ones where for some reasons we can’t or won’t update.
I agree that to some extent your mistrust in Google is valid. On the other hand I want to be able to use my Fairphone for banking apps and agree that - in order to protect their systems - they require some security features. As those features could be circumvented with an unlocked bootloader…I understand why Fairphone delivers their phones with a locked bootloader.