If there is no update tomorrow late in the afternoon, then there is truly a delay developing for FP. According to their own standards they are still on time.
1 Like
june patch? who are you kidding. we have the july android security releases as of yesterday. security is a constant process and cant be delayed or postponed. the whole userbase is running dated stuff on the flagship product. sucks.
1 Like
Of course it can be. They will only change their way of operating if people start caring about patches. And people definitely don’t.
I’m seeing an update ready to download just now. Not sure if it’s a beta update or not, but it’s something.
Edit: It’s a beta update
Yes, you are right.
And how much time do you think the QA needs to check the new fixes for regressions?
The news with the patch infos were just posted this morning and you would seriously expect an update ready to be rolled out to the public by the afternoon? Even if FP got the patches earlier this week, this is something no company is capable of.
I guess we will get the June patches in the next days, and we will have to wait for the July update a bit longer. Or they skip the June update in favor of jumping directly on the July patchday.
2 Likes
According to this article, Android Partner vendors receive the monthly Security Patches at least one month in advance:
If you are an Android Partner, you immediately have it a whole lot easier. Android partners are notified of all Android framework issues and Linux kernel issues at least 30 days before the bulletin is made public. Google provides patches for all issues for OEMs to merge and test, though vendor component patches are dependent on the vendor. Patches for the Android framework issues disclosed in the May 2019 security bulletin, for example, were provided to Android partners at least as early as March 20th, 2019*. That’s a lot of extra time.
8 Likes
Till August, actually.
From what I’ve seen in those last 7 months, Fairphone releases those patches always (at least) a month late.
I don’t know if there is only one guy doing software for Fairphone, and he’s swamped between the monthly patches, the fixes and the future v.13 Android release, but I wouldn’t be surprised if it were true… 
The problem is that releasing urgent patches one month later kind of defeats the purpose, because the minute those monthly patches are released, Bad Guys worldwide know exactly what and how to attack, and the still unpatched Fairphones become sitting ducks.
Ideally one should install patches the very minute they are made public, a mere couple hours later those vulnerabilities are actively exploited.
But well, as I’ve already said last month, some phones don’t receive patches at all (even if that’s admittedly no consolation).
8 Likes
It really depends on the vulnerability. Not every vulnerability is equal. For example, there’s StackRot (CVE-2023-3269) and clearly Android and SteamOS (and all the IoT shit you know and not know about) each contain this vulnerability, and its a big issue if you use say OCI such as Docker. But I’m not sure how it affects AOSP.
What? StackRot affects kernels 6.1 and later. I doubt if any Android phone is remotely that recent, and there’s very little chance that the huge ile of changes that StackRot was part of (maple-tree-ization of core parts of mm) would ever have been backported to any of them.
FP4 in particular is running 4.19.157. There’s about as much chance of StackRot affecting that as of it affecting a Commodore 64.
1 Like
True, Android is based on Linux LTS versions.
From Android (operating system) - Wikipedia
Android’s kernel is based on the Linux kernel’s long-term support (LTS) branches. As of 2023, Android uses versions 4.14, 4.19, 5.4, 5.10 or 5.15 of the Linux kernel (and since modified Linux kernels is used, Android names like android13-5.15 or android-4.19-stable are used).[189] The actual kernel depends on the individual device.[190]
According to teltarif.de the rollout of A13 to the FP3(+) has started. In the article (see 
Update-Rollout: Fairphone 3(+) erhalten Android 13 - teltarif.de News ) they write that the rollout for the FP4 is planned for the end of this year. This side note really makes me unhappy 
I unterstand your disappointment (in case this info is true). however I would rather like to see a quick fix of the screen dimming issue instead of A13 which I personally don’t mind to wait 6 more month for.
6 Likes
Yes, you are absolutely right. The fixes definitely have priority. On the other hand one does not necessarily exclude the other 
I realize I’m replying to myself since I posted this back in November last year, and I’m now leaving my FairPhone project all together.
I’m not blaming anyone at FairPhone really, you are probably doing the best you can. It just isn’t good enough, it’s unacceptable. And it’s sad. Because I was hoping making the right choice would be a good choice. But it’s not. And honestly, I wonder if FairPhone as a product is aiming at corporate users like me at all.
FairPhone could have had a good case for corporations and public bureaus that require that you divide between work phone and private phone, especially where I live, Norway, because we (officially) aim at chosing sustainable solutions.
And FairPhone could have made a good partner in Norwegian relations. Only, nobody I talk to here have heard of FairPhone. So with a limited customer base comes limited resources and attention. And, apparently, limited security updates.
I gave it a try for 2 years. I love idealism and caring for the world around me. But I also have a job to do. And I do understand that nobody cares, it’s fine.
I’m moving to iOS. Good luck with future updates and products. Please have a closer look at the Norwegian market. Not everybody here wants the latest and the most expensive.
5 Likes
And again according to heise.de ( https://www.heise.de/news/Patchday-Kritische-Schadcode-Luecken-bedrohen-Android-11-12-und-13-9239055.html) there is a critical problem that needs to be fixed. All Android 11-13 users should get 2023-08-01 or 2023-08-05 patch level to have this fixed.
3 Likes
We beta testers are on the exact same update as you non-testers. If I had to guess, I’d guess the Android developers are on holiday.
So it would seem that this update will take quite some time to release unfortunately.
1 Like
All the more reason to hire more devs instead of support staff 
Meanwhile the ghost touches are back. FP is really testing its user base. I really hope they can solve this in software as they claim.
5 Likes
@Marta_Artigas
In a post, Google explicitly warns of a “critical” system gap
https://source.android.com/docs/security/bulletin/2023-08-01?hl=en
do we have to wait two month for a Fairphone update?
7 Likes
did anyone come up with a precise statistic or details about exactly how many times (how many days) a fairphone of any version was up-to-date with its security updates and patchlevel? i can not remember that many situations where we have received the monthly security update still within that very month before the next update release from the month+1 first/fifth. anyone have any numbers? 
similar to … this and that many days without any incidents, deaths, deliberately unpatched and late security exploits… you get the idea.