FP Security Updates need to be more frequent

Hi !

Along with my FP4, i use a 1253 days old Zenfone 8, last update was a year ago, and i don’t feel so insecure, sorry.

And well, it’s the longest we’ve ever waited for an update. 23rd of the following month means 49 days now since 5th of October and no sign of the update yet.

So far the longest wait was the month before, 39 days for the 5th of September update.
It becomes hard to believe it’s a priority to get those out quicker to me.

2 Likes

Oh sorry, you missed the update: FP4 security patches now only come every other month, meaning we can’t expect the next FP4 patches before December:frowning_face:

(Cue the usual yesmen telling us that patches are for weaklings, and we shouldn’t have any, because we don’t need any. Did our grandfathers have patches? No!.. :roll_eyes: )

5 Likes

My FP5 is also still on the September 5 update. Not sure if an update came out and is blocked by my carrier or if there hasn’t been an update released at all, but frankly that shouldn’t even matter. I bought my phone directly from Fairphone so I’m expecting timely updates from them one way or another.

If they are running GrapheneOS probably :wink: .

Again, I always said, that security updates are important and necessary. But a constant nagging, that every single day of delay makes a device unusable and unsafe is just wrong.

And if your work phone needs monthly updates, a Fairphone (and many other phones on the market) is probably not the right phone under these circumstances.

Meanwhile your attitude here is nearly unbearable. Nobody here said this, and please penetrate Fairphone Support with your requirements and accusations, if you want, but don’t flood the user forum again and again and again. It doesn’t help anybody.

8 Likes

Depends. Graphene doesn’t get full patches either, mainly for the SoC.

And yes, it’s an issue if you’re 3 months behind with security updates. Especially when this should only be the case after 3 years with a FP.

I’m still on the September update. It’s almost December!!! This is really not okay. Especially since this is the flagship phone at the moment. It’s the one that gets the earliest updates at the moment.

But you are one of those few that will try to make anything sound okay. Even the initial terrible camera software on the FP4 was okay and it wasn’t possible to improve, according to you and a few others. This can and should improve. And I’m sure they will, in time.

7 Likes

I’m talking about the FP5 Security Patches though, they are still monthly for a year and a bit.
Sadly cannot update my previous post to clarify.

It’s end of November and the most recent update inlcudes the 5th of September Security Patch. Tomorrow that’s 50 days.

Nope, that’s still the latest: https://support.fairphone.com/hc/en-us/articles/18682800465169-Fairphone-5-OS-Release-Notes

6 Likes

Guys, @Incanus, @KurtF , @UPPERCASE , @janweiss

Thank you so much for caring and sharing.

Now given the discussion about October security patches I am also impatiently waiting for the next patch and would love to hear some update from the company.

The thing is if it wasn’t for this forum I would have much less insight to what matters and why.

So while you may disagree on the communication style, the priorities and possibly have different work experience, again thanks for your input

5 Likes

Judging from Android’s 2024 security bulletins, it seems like about 50% of all monthly updates are fixing remote code executions, including all of the last 3 monthly updates. And these are just the AOSP patches, as described by a helpful Fairphone Employee above

Exactly. For any reason that is not related to resources and electronics production (including working conditions), that is the only sane thing to do. If it were not for the production process, I would lobby for governments and carriers to lockout and shut down those dangerous 85% of the market, as they pose a high risk for the modern digital societies (as do lots of other connected devices with horribly catastrophic security record such as connected cars, routers, “smart” appliances, …)

Maybe people want both, a smartphone produced in a way that it does not harm people and planet and a smartphone updated often enough to not be a risk to privacy, safety and security.

Your phone can still be part of a botnet, DDOSing a hospital or power plant, putting people’s lives in danger. Your phone can still be abducting your private data. Updating it late increases the risk that any of this happens.

5 Likes

You always have to make compromises in live. It ain’t possible to follow all goals to 100%.
As I said already several times, I fully agree, that frequent security updates are necessary and important. But you just expect, that a company like Fairphone is able to handle that like far bigger ones. And even they have delays.
So if you are working in an area with security regulations that strict, a Fairphone isn’t the right phone for you, period.

4 Likes

What to do now that DivestOS support has been discontinued for FP3?

They do advertise Fairphone for businesses. The previous CEO even boasted on social-media to the previous Dutch prime minister to get a Fairphone. I know that’s marketing and marketing doesn’t always align with reality. But expecting your phone to have security updates within 3 months isn’t a big ask. Your whole personal and professional life is on that device.

I think they do have the resources, considering they threw tens of millions into their support department. But I think they are not always that effective with their money. When I talk to FP support I don’t get anywhere. And bugs last for years. And when I reply to one of those already closed tickets, and finally someone who’s more technical replies, it turns out development still wasn’t informed about it. I think that if they improved the support workflows and the communication with the devs, they could do more with less. And then throw those tens of millions into more developers. Then they can solve issues faster, less issues to report to support and they probably can release updates faster.

Of course I understand I don’t know anything about how things are actually going at FP. I could be totally wrong. I’m just basing this on what I’ve personally experienced over the years.

7 Likes