I am not quite sure if the FSFE is correct about that. To my knowledge, when installing CM yourself, you always have to install Google Play Services manually. It might be different on phones that come with CM preinstalled…
Ok, I should have not been that specific. As I said, my priority is security updates for the OS which is on my phone, and I also like a google-free phone.
I thought CM was the “go-to” solution to the problem, since it is still android which means all the apps work etc, but I haven’t used it so far on my own phone and didn’t know about details like the ones you linked to.
I also share the demand for a OS that is as google-free as possible. As I said, I am not an expert on this, so: If for example CM-support is pushed by the fairphone team (which seams to imply getting drivers for the hardware from the manufactures and stuff like that), and everything related to this is made available to other OS-devs, that would be what you want?
And future versions of the phone could try to get hardware that is fair as well as open, to avoid these portability problems as much as possible…?
No, not exactly. What I mean is that they should get the “drivers for the hardware from the manufacturers” and let the programming stuff do other people. There is a CM port to the FP1(U), but it would be much easier for the developers if Mediatek would release all their source code + documentation.
In terms of sustainability, providing updates and patches in the first place certainly seems to be the essential issue here. These days, the UXSS bug,for example, and Google’s refusal to patch systems from 4.3 downwards worry me. Patching security bugs, however, can be done without upgrading to a new Android release.
Still, with new useful and interesting features being introduced in new Android releases, I think it can be considered a sensible contribution to the longevity of smartphone devices to provide their users with upgrades. Having a history of doing so might also open up a wider circle of potential Fairphone-buyers!
I just made a check concerning this vulnerability at http://m.heise.de/uxss-check (only in German unfortunately, but green means save, red doesn’t) and my Fairphone is not at risk.
But I fully agree with the rest of your post, the hardware and its software should be more controllable. From what I got so far this is the way the FP team wants to go anyway, and a big step into that direction is expected for the new device.
All users of Fairphone 1 should be aware of the following:
If you check the vulnerability of your FP 1 with http://m.heise.de/uxss-check, make sure you use the built-in browser. If you use chrome or firefox instead, you will (misleadingly) be told that your phone is not affected. If you wonder why you are not safe by just switching the browser, please read on.
The vulnerable “webview” component of android 4.2.2 (the version running on FP 1) is not only used by the built-in browser but also by many apps (e.g. for showing ads). Therefore, while switching the main browser is certainly (!) a good idea, it does NOT suffice in order to avoid the security risks imposed by the unsupported webview-component. For somewhat more detailed information about the problem, and about what you can do in order to avoid unnecessary risks, see: http://heise.de/-2552659 (in German).
However, some of the necessary security measures are quite complicated and/or restrict the usability of the phone, and the article also makes clear that the only really secure option would be to update to Android 4.4 or 5. I still hope, therefore, that Fairphone will find a way to make an update of the FP 1 OS possible, simply because the flaws of webview already puts FP users at risk.
I think it would be a shame not to offer upgrades to Android 4.3 or 4.4 if the goal is to make a phone that is supposed to last. Anyone who wants access to new useful features in Android or new apps that use these features will basically need to buy a new phone, even if there is nothing wrong with it. For instance, lately a lot of cool gadgets have been coming out that need 4.3/BLE to work; if I understand correctly then FP1 has a BLE chip that is unusable because Android 4.2 does not support is, which just seems like a waste. Not to mention the security issues that are discussed above. I understand the issues with the chipset, but if the folks at Fairphone are true to their philosophy then this should really be a priority.
I just heard about the new Fairphone 2 and thought it was really cool, but already got Fairphone 1 and cant afford a new one, but i heard that it will recieve Android Lollipop 5.1, will the first Fairphone also get a software update?
I think that the current version is fine, it meets most of my needs and it is a nice operating system. But i now have Andriod Lollipop on my Nexus 9, and it is in my opinion alot better, it looks nicer, has better and more features and is allround better. And now as the Fairphone 2 is promised to have Lollipop i don’t really see why you shouldn’t be able to apply it to the 1 generation older FP1.
[quote=“Rinkan_Finkan, post:91, topic:67”]
why you shouldn’t be able to apply it to the 1 generation older FP1
[/quote]FP could. MTK (manufacturer of FP1s SoC) doesn’t want them to and does not give the code FP needs.