So, I have already bricked this phone once and had to get it repaired, so I am scared to death of bricking it again; however, I hate Android 12 and 13 and also don’t want /e/OS. (Which is what the phone came with.)
I have already unlocked the bootloader and uploaded Android 11. I was hoping that going from /e/OS to a completely different operating system would allow me to lock the bootloader; however fastboot flashing get_unlock_ability returns 0, which I know means my phone will be bricked if I lock the bootloader.
So I have a few questions…
-
Is there any possible way for me to get Android 11 on this phone and lock the bootloader?
-
If it is not possible to lock the bootloader with Android 11 (because it is an old OS version), would it be possible to lock the bootloader with Android 13?
-
If I decided to just leave Android 11 on my phone with an unlocked bootloader, what are the security risks? Should I not use my phone for banking apps or any sensitive date?
Thank you for your replies.
Not if your phone ran a newer version at some point, no.
Yes.
If you don’t lock the bootloader you disable an integral part of the Android security system that ensures your OS hasn’t been tampered with, so yes. A lot of apps with higher security requirements will also detect an unlocked bootloader and refuse to run.
Most importantly though your system won’t get any further (security) updates since Android 11 doesn’t get supported by FP anymore.
In short, don’t!
1 Like
Dont lock the bootloader. Just root it with kernelsu and install tygsik next and play integrity fix + shamiko all from github and telegram. This will fix bank apps and gwallet while you still use androod 11.
I disagree, that isn’t a solution for staying on A11 permanently, there isn’t one.
If you aren’t on the latest security updates you shouldn’t use your phone for security critical apps, and things will only get worse in the long run. Just because your apps don’t complain doesn’t mean it’s a good idea.
Nothing against rooting, my phone is rooted as well, but don’t solve this problem by further weakening the Android security model!
2 Likes
Well yeah i dont like that google push rooting so much. I used pixel experience 12 on my xperia 5 only due to newer security patches but google now need your device to be rooted otgervise every app just complain
That is a problem for phones that aren’t supported anymore or have an unlocked bootloader, but I’d argue that while you can, you absolutely shouldn’t run stuff like banking apps on outdated devices.
But there’s no need for any of that in this case, there is an up-to-date version available and with a locked bootloader the apps won’t complain.
There is no way around newer Android versions if FP doesn’t support A11 anymore, and I don’t think we’ll see anyone backporting fixes to some A11 based LineageOS version or similar for people who don’t want to switch.
3 Likes
Ok… So it sadly sounds like I will be forced to go to Android 13. So can you guarantee that I can lock the bootloader if I upgrade to the latest version of Android 13?
So all I need to do is turn on auto updates and let my phone update to Android 13 on its own, then lock the bootloader?
I’d suggest a clean install of A13 so you get your get_unlock_ability back to 1, in case something goes wrong:
- Download the latest factory images
- Open (don’t run) the file
flash_fp4_factory.command and set AUTO_REBOOT="true" in line 18 to "false"
- Run the installation as usual and don’t boot into Android userland afterwards
- (Optional) Check that
fastboot flashing get_unlock_ability returns 1
- (Optional) Lock the critical partitions with
fastboot flashing lock_critical
- Check that
fastboot flashing get_unlock_ability returns 1
- Without rebooting lock the bootloader with
fastboot flashing lock
6 Likes
Hey,
I know it has been a while since I asked this, but I am just now getting to following your instructions and trying to upload the latest factory image so I can lock the bootloader.
I am running into an issue with the first step though. I have flashed a factory image onto this fairphone several times before, but for some reason now it give me an error every time. This happens no matter which version of factory image I try to upload.
This is the error I’m getting when I open the batch file.
ERROR: Checksums do not match.
ERROR: Please download the package again.
ERROR: Aborting now (press Enter to terminate).
Do you have any ideas on how to fix this issue so that I can get the latest factory image downloaded on this phone?
Sorry for the late answer, haven’t been here in a bit.
Since you marked it as solved, did you manage to solve your problem already? 
If not, the issue is that modifying flash_fp4_factory.command will change it’s checksum so you have change the corresponding line in the SHA256SUMS file. After you’ve done that the installer shouldn’t complain anymore.