FP Security Updates need to be more frequent

@KurtF I am on FP5 and I can only sympathise with those on FP4 still waiting for the update. Yet, I am aware there will be time that both FP5 and FP4 will be getting security updates on a two-monthly basis or three-monthly basis. It is now the case of FP3, is it a dealbreaker for you?

1 Like

I guess several people can agree to disagree, no further repetition will change this or add any new information to the topic. So referring to the forum rules I would kindly ask everyone here to stop trying to convince others.

Normally I only post on forums when I’m looking for solutions to problems.
Today I’m making an exception, even though I don’t expect Fairphone to change its update communication policy for me (or anyone else) because of this post.

I bought the Fairphone 4 around 18 months ago for two main reasons and was prepared to pay around twice the price of similarly equipped smartphones at the time:

  1. 5 year warranty and (that includes this warranty for me) updates as well as
  2. a smartphone that is as sustainable and repairable as possible.

Fairphone obviously fulfils the second point and the company has earned my respect for this.
I have not yet had to make use of the hardware warranty.

However, the company’s update policy is its archilles heel and can probably be described as catastrophic. In particular, the lack of communication is shameful. The company’s newsletters have nothing to offer apart from marketing blah-blah. This would be a way of informing customers about problems and delays. That would be transparent.

In my opinion, Fairphone sells a hardware and software package and is responsible for both during the warranty period.
For me, the security of my smartphone is now a central point and I expect every provider to release security updates promptly within the warranty period.
Why a stock Android smartphone needs more than 30 days for the release of security updates is beyond me, other (also smaller providers) have a better handle on this. I expect updates to be released quickly for the purchase price paid. An appropriate amount must be included in the calculation for this.

Feature updates and version upgrades are of secondary importance to me as long as the Android version used is supplied with security updates and the smartphone works trouble-free.
To put it another way: I bought an internet-capable smartphone and not a camera. A device on which I store personal data and which is potentially vulnerable gives me a very bad feeling. Is Fairphone liable in the event of identity or data theft that could have been avoided with the current patch level?

Lessons learnt:

  1. spending a lot of money on a smartphone does not mean getting adequate service,
  2. my view of warranty is not the same as Fairphone’s view,
  3. Fairphone is not ready or willing to communicate properly with its customers,
  4. as long as nothing changes here, my next smartphone will definitely not come from Fairphone and
  5. I must also warn my friends and family against buying a Fairphone smartphone, as without regular security updates it has the potential to become overpriced electronic waste and is no different from cheaper Chinese goods in this point.

I suspect I’m not the only one who feels this way.

The hope remains that someone official from Fairphone will stumble across this article, pass it on to those in positions of responsibility in the company and that it will generate a positive response there.

15 Likes

very well put. already been asked in the past, does a statement basically

  • whatever timespan worth of updates

also apply when only delivering like an update the first month and the last day of such a time span? to exaggerate the situation.

fairphone should be very ashamed of not spending adequate funds on their software people, their software, security stack etc.

and you are exactly right. you CAN and SHOULD release monthly or even faster SECURITY updates and you can always postpone or slowly (slower) evolve your features or version upgrades or OS level upgrades etc.

come on people we are in the age of modern software engineering, there are such things as diff and git and you name it and you can always ship very tiny updates (security updates) and always add the feature stuff later on etc.

such a shame that i have wasted not enough funds on fairphone to allow them pay beyond their marketing and mining folks.

the software and tech folks are apparently starving or fleeing from this company :frowning:

8 Likes

Yes.
As @Mephisto already stated further up, I expect them to follow the spirit of their promise, and not only the letter. Meaning, releasing essential security patches during the whole commercial lifetime of the phone. Because that’s what one would expect reading their marketing blurb.
Releasing a random security patch every now and then is useless. Security patches are a chain, and if some links are missing the chain is broken.

1 Like

Yes, except those are the things the marketing folks want, because that’s what looks good on a marketing blurb, and Fairphone is famous for their panegyrical and utterly breathless marketing statements… :smiling_imp:

Just briefly, releasing a security patch from March will include the one from February, at least this is how I understand this. So there should be no gap in the security chain

5 Likes

This is most unusual! As far as I can tell, most people consider their phones to be cameras first and foremost: almost all reviews focus principally on the camera, the phones are largely marketed and differentiated by the camera and so on. This makes little sense to me either. It’s probably something to do with the rise of Instagram and TikTok and other “communicate by sending video everywhere” stuff: as someone who lives words this is totally alien to me too.

I’m probably just in the wrong generation…

3 Likes

Yes, most buyers are interested in how many megapixels a smartphone’s camera has and not how safe and reliable the device is to use.
However, Fairphone should be clear about which group of buyers it is targeting. TikTok and Instagram users may be there by chance, but in my opinion the majority of buyers are solvent (at the advertised price), responsible (e.g. sustainable development) and value security (security updates).
However, Fairphone currently only addresses two out of three of these points. This only works as long as Fairphone owners are not due to make a new purchase or existing customers are to be used as (free) advertisers for the company.
However, I fear that the marketing department will not understand this until it has driven the company to ruin.

btw: welcome to my generation

3 Likes

Indeed. They apparently think the “Fair” argument and their superlatives-overloaded advertisements will cover any dissenting voices, and generally ignoring problems long enough will make them go away.
It’s the usual problem with marketing people: Marketing knows what marketing wants people to want, but they never care checking if people actually want it…

I still remember the ambiance in this forum in the beginning of 2023. Way to waste so much goodwill. :frowning_face:

After over 300 posts in this thread, I still don’t get what exactly some people are not happy with…

When I bought a FP, I knew I wasn’t getting a Samsung or a Pixel and that’s exactly why I chose FP. But some posters apparently chose FP because it’s not Samsung or Pixel and are now not happy because FP isn’t Samsung or Pixel?

:joy:

3 Likes

Hint - It’s in the thread title… :roll_eyes:

8 Likes

What’s so hard to undersand about this? Trailing 1 or 2 months behind on security updates isn’t ideal, but still somewhat “tolerable”. But after 3 months, even Android settings will start showing you a warning. That should tell you something.

8 Likes

He/she/it is just trolling…
His point was, to put it a little more bluntly, “you’re all -bleep- who don’t know what you want”. Oh well, it’s just the Fanboi hit squad attacking, check his “likes”… :roll_eyes:

1 Like

You clearly did not read the thread then. Vulnerabilities that do not get fixed in time are not just a theoretical risk to your data and those of people you share a network with, but cause users to not be able to actually use their Fairphones anymore, e.g. when work profiles get deactivated due to company security policies that disallow a device being too far behind the latest security patches. Its not only a real risk, it renders a phone unusable, and it did so for users in this thread.

That is just unsustainable! Maybe we can agree on that we like Fairphone for offering a device that is far more sustainable then others. But this is undermined by their lacking security update cycle: If the phone cannot be used due to missing patches, be it in part or fully, it becomes unsustainable, as its service then has to be replaced partly or fully by other hardware (even if it is temporary). That is wasting resources, apart from putting users at risk, and thus it should be frustrating to everyone, also those not too concerned about the risks security vulnerabilities cause.

6 Likes

In case it is of interest to anyone:
The update FP4.TP2D.C.0112 with patch level March 5, 2024 is out tonight (April 5, 2024) with release date April 4, 2024.

7 Likes

Thanks for your message :smiley:
I can download update too (my network provider is Orange France), for information it takes 534 MB

1 Like

I agree with most people in this thread. Security updates are essential and need to be released quicker. A month late isn’t great, and is on the edge of acceptable. Two or more is downright bad. When they advertise “10 years of software updates”, this should entail “10 years of frequent security updates”.

6 Likes

Agree! “10 years of software updates” does not mean 2 cosmetic updates at 10 years interval!.. :laughing:

Unfortunately that is just our common sense: In Real Life there is “lawyer talk” (aka “weasel words”): They actually didn’t specify “frequent”, so legally it indeed only means “10 years” + “software updates”, without any legal commitment about those updates’ frequency or pertinence… :face_with_raised_eyebrow:
This did bother me since the beginning (but then again it’s my job to be paranoid…). I quickly discarded the idea because doing that would be utterly stupid, no matter how much under-the-carpet-sweeping you do and how stupid crowds are, Internet has a long memory, and Fairphone staff would be discredited for life. That’s a stunt you would only do once, after that your name is mud…

5 Likes

[Over a month later]

– passes, whistling – :roll_eyes:

5 Likes