I am very interested in switching to a fair/sustainable smartphone, but security and privacy is also important to me, which is why I am currently using GrapheneOS with a google pixel device.
However, in order to maintain a reasonable security level, proper software support is needed: fairphone seems to offer several years of support.
So I was very surprised, when I discovered this posting:
@fairphone team: is this statement correct, that proper software/security updates are limited due to insufficient SoC vendor support?
If yes: what is the reason for not choosing/providing/implementing hardware components (secure element, alternate SoC), that allow proper device security and software maintenance/security upgrades for the whole period of time the device is expected to be used?
The reason for not choosing a SoC that is maintained by the supplier for the time a Fairphone is supported with updates is, as far as I know, it simply doesnât exist in the market.
I hope you are aware that this is just a user forum, so getting answers to such from Fairphone is unlikely, although opinions do abound.
You could direct you query directly to support@you got the rest.
It may also be of interest that whereas Qualcomm only provide limited future support, as I imagine everyone does, the FP2 has recently been updated to A10 via inhouse.
So some 6 to 7 years down the line even the FP2 is âsupportedâ. I see no reason the FP3 and FP4 wonât get the same level of support.
Regarding the secure element/trust zone functionality, I have discovered this thread:
⌠according to which the fairphone software/hardware-status remains unclear (at least for me): a titan M does not seem to be implemented, and it is unknown, whether there is an equivalent alternative, that can be used.
Despite Fairphone offers Android upgrades for a long period of time, this does not directly mean, that the kernel / patches / hardware drivers are maintained properly â usually this depends on the SoC vendor, which is responsible for its kernel patches and hardware drivers, which are highly security relevant. So if those vendors continue to not mainline those drivers, it is a lot of dedicated work to maintain legacy and heavily patched kernels. But perhaps fairphone also performs this type of maintenance work?
Regarding the SoC/vendor support: the security support, that is offered by google for their pixel devices, is differing for pixel 5 (3 years) and pixel 6 (5 years):
So there is at least one SoC with 5 years of security supportâŚ
Furthermore it seems like the Pixel 6 SoC is based on a Exynos 2100, which is perhaps(?) also available for other smartphone vendors to use in their products:
(please see next post, because ânew users are only allowed to put 2 links in their postsâ )
So if google offers security support for the Pixel 6 devices, those patches might also work (to a certain/high(?) extend) on an original exynos2100 based product.
This is quite a lot of speculation, but (and if fairphone support does not include kernel maintenance) it seems to me like the only way to realize a android-based smartphone, that is really eligible for long-term use (longer than 2 or 3 years): at least with the notion, that it is not a reasonable option for users to be exposed to (kernel level) security issues, that remain unpatched after vendor SoC support ends (usually after 2 or 3 years).
Please correct me, if I am wrong⌠Otherwise it could make sense to contact Fairphone with such a suggestion.
The SoC FP4 uses has a TEE (Trusted Execution Environment) which does offer verified boot and other security features. But they donât seem to support it for 3rd party ROMs. Itâs not a Titan M, but itâs equivalent.
But the bottom line is that a FP4 with the stock ROM offers good enough security. I donât know the real details of what Titan M offers extra. And of course Google releases timely updates for their Pixels. FP lags behind by about a month with the FP4. In a few years it will release updates less frequently, just like some Samsung models.
Security is important. But security comes in many forms. If we donât change our values and which companies we reward, we will enter an uncertain future where digital security will be a useless luxury. That sounds dramatic, but the trends and science doesnât lie. We need to change and start supporting a sustainable direction. If that means I get a security update a month later, then thatâs a trade off Iâm willing to make.