Oder wenigstens sollte es so sein. Denn heute ist der 23er September, und die letzte Sicherheitsupdate beim FP4 ist vom 5en Juli…
Ich kann mir auch ziemlich gut denken was da passiert sein muss: Fairphone wollte wohl ursprünglich die September-Sicherheitsupdate mit dem (damals angekündigten) Android 14 Update zusammenlegen, so wie sie es immer machen, und da die A14 Update nun auf eine fernere Zukunft hinausgeschoben wurde sind die Sicherheitsupdates auch weg… 
Du meinst das es dann ggf mit A14 welches dann bis q1 kommen könnte wieder auf dem aktuellen Stand ist? 
Hi all,
We appreciate all of your feedback. We will work internally to ensure we provide more clarity on the comms for our software roadmaps going forward.
Thanks,
Ioiana
Thank you. Please also work internally to ensure you provide the promised security updates at least bi-monthly, as clearly promised…
Fairphone 4 Android 13 releases:
Yes, yes, I know, there are still 3 whole days to September!..
Seriously now, sorry but the dates Fairphone released the individual updates are quite irrelevant, what is important is their content, and that is definitely and totally outdated.
Security patches (because that’s what I am talking about) are perishable goods. Try selling your army suits of chain mail and you’ll understand what I mean.
Already getting those patches 60 days after Google informed the whole world about the underlying vulnerabilities is borderline pointless, by now they are literally yesterday’s news. Still, it’s better than nothing (and it’s not like we customers can do something about it).
(I do notice you avoid the terms “patches” or “security updates”, you just speak about harmless, innocuous “releases”… But the whole point here is security updates, check the thread title. And those need to be as fresh as possible.)
Here it’s stated:
Monthly security updates for about 3 years, and then we will switch to bi-monthly security updates* from mid-2026 until the end of the software support.
For the FP5 it looks like this:
Seems to be in check, nice 
I had to delete my previous post, because in this thread I cannot edit my replies due to the slow-mode.
But with context of patch level it is still consistently a whole month+ behind:
October ASB is 10 days away, yet September isn’t shipped.
@lucaweiss
hi, long time no see.
imo 1 and 2 month delay should not be a smiley, that’d be <2weeks
especially given that vendors receive access to these in advanced.
…So they can release them as close as possible to the official Google release date, after which those vulnerabilities are made pubic and thus are trivial to exploit.
There is really no way one can be proud about releasing security patches one month later, and even less 2 months later, for reasons I explained above. 
Any proof for your statement?
cool story as always…
safer sex… but the protection applied… what? a month? two? or even more afterwards?
nice security concept you have there
Well, the words “not always” and “sometimes” in the quote tend to show that this might happen but isn’t the norm. Else it would be “always” and “every time”…
One thing which is the norm though, is that whatever Google might do each month, Fairphone releases security patches at least one month later (sometimes two, or three), so no matter how you look at it, there really isn’t anything to be proud about.
can’t post this yesterday due to slow mode
nonsense
Yes, lets look at some dates of the actual patches of the Septmber 2024 ASB.
https://source.android.com/docs/security/bulletin/2024-09-01
so most of the September 2024 patches were made 3 months before
I’d also lastly like to point out that GrapheneOS consistently ships the full monthly ASB the same day as Google publishes it for their ~20 devices. And that I provide the core AOSP patches of the ASB for Android 7 through 13 consistently within 3 weeks for ~175 devices. Neither of us have early ASB access.
I document patch dates of GOS/COS/DOS/LOS/eOS here: Patch History - DivestOS Mobile
Meanwhile over here Fairphone, a phone company, can’t manage to ship the ASB until 1-2 months after Google publishes despite only having to support 3 phones and despite having early access to these bulletins.
maybe its time to put all these companies reluctant of speedy operation out of business and out of their misery, and maybe even the wind over in the u.s. changes quite a bit when i read their CISA boss’ statement
Makers of insecure software enable cyber villains – CISA • The Register
its product defects after all and the user base is fed up with the constand incapability of the vendors to even try to deliver important stuff.
the fact that security updates are being bulk-applied only once a month (google, windows/msft) etc is laughable, when you look at all the upstream components and security updates that linux vendors and teams are capable of fixing and deliverings quite swiftly most of the times close to the source of the various software components.
its mostly the big and giant corporations that let down the average joe constantly and repeatedly.
the oldyurop people should probably sue and enforce their consumers rights etc. there seems to be little progress otherwise in the software industry.
release early release often, what happened to this mantra? fairphone and just everybody could release security updates on a daily basis, and fix and add to the updates on a daily or weekly basis, where is it cast in stone that they need to wait for google or a monthly cycle (lol) or so to deliver product remedies to their userbase and customers.
i am really fed up with fairphone regarding these software incompetencies 
That’s really impressive what you do. But I think the difference is that you don’t provide any warranty. Fairphone likely needs more time to make sure everything works properly. Otherwise they might get lawsuits or lose customers. But that’s just an educated guess of course.
As an example, which is different, but conceptual the same: Debian comes without any warranty and sometimes patches software faster than Red Hat. Red Hat is one of the core maintainers of many open source projects, including the kernel. So they do have the skills, they just have extensive testing pipelines and procedures. Because their customers paid for that service and expect every update to not break anything.
But I do hope and think FP can speed things up a bit. Especially the major releases, without delaying the monthly updates.
Do you know how much that would cost??? 
Seriously, while obviously desirable, I don’t think it’s commercially viable. I’d already be over the moon if they tried to release their security updates as close to the initial (Google) release as possible, and not just “eventually”…
.
Unfortunately they don’t even seem to be able to keep their newly announced “bi-monthly” schedule.
I rather hope Fairphone will be able to avoid slowing things up even more. Because at some point security updates will become a joke.
True, but a comparison with GrapheneOS might not be fair. An OS focused on security above all, and only avaibale for Google Pixels partly because keep them close schedule with latest Android updates.
However Fairphone could be better and it would be more intreseting to compare with other manyfactures such as Samsung, Huwaeii etc.
Samsungs android devices seems to have monthly, quarterly, and biannual security updates Samsung Mobile Security Compared to that it doesn’t seem that bad.
Though Fairphone took an awful time to fix the bugs of the Fairphone 4, such as dark screen in bright light and automatic reboots while travveling. But that’s another issue.
Don’t forget the part of the providers. Where some providers manage to supply the update from Fairphone quickly, others take forever.
Like the August update arrived only 3 days ago through provider KPN in the Netherlands. Shame on you KPN.
For most people the providers are responsible for maximum a 1-2 week delay, not a 2 month delay.
That is true, but just makes things worse: If Fairphone released security updates on time, provider delays would be a minor (and limited) issue. Now they aggravate an already bad situation even more.
There is no wiggling out of Fairphone’s responsibility in this.
If I had known “regular updates” means I’ll get security updates “eventually”, I would most likely had bought a Samsung again. The “regular updates” thing was a major reason I bought a Fairphone (along with the ease of switching batteries). 