How to upgrade Fairphone open OS, with xposed/xprivacy?

I’ve been getting notifications about a new version of the Fairphone OS for weeks, but I’ve been putting off installing it because the process is always so painful. Today I finally got around to looking into it, and realised I don’t even know where to start.

The main question is: how do I install xposed framework?

The problem with updating the OS is that in the brief period between updating the OS and installing xposed, xprivacy is disabled. If any app runs during that time, it will have access to my address book. Since all Android apps are actively hostile, I have to assume that as soon as they notice a new address book entry they will upload it to the developers immediately. And since Android apps may run at boot, the conclusion is that once I start the upgrade process, I can’t let the phone boot for even a second until xposed is installed.

OK, so I’ve got Xposed Downloader. It tells me there’s a fresh version, I’ve downloaded it. Now what? If I boot into TWRP I won’t be able to install it, because I’ve got encryption switched on, and TWRP can’t handle encrypted data partitions.

So I guess I have to find a new SD card and copy it onto that. That’s difficult because I’m using my SD card as part of the data partition and even if I ask the OS to unmount it, the phone crashes.

So perhaps I would be better off putting xposed on the SD card on my computer. But then it really does seem to be impossible to find a reputable-looking website that actually allows you to navigate to a download page and download the file. It looks like is the most official webpage, but it strongly directs me to using the phone to download it.

Is there any way to get this done that actually makes sense? It really does look like you get to choose any two of a patched OS, protection from malicious (i.e., all) apps, and an encrypted phone. But if you want all three, it’s just impossible.

So perhaps I would be better off putting xposed on the SD card on my computer. But then it really does seem to be impossible to find a reputable-looking website that actually allows you to navigate to a download page and download the file. It looks like is the most official webpage, but it strongly directs me to using the phone to download it.

To answer your question, this is the official page.

But I’d just suggest to put your phone in flight mode or switch off mobile data after downloading the newest OpenOS version and the newest XPosed framework, so apps can’t “phone home” and steal your data.

1 Like

OK, I’ll take that as the official page. I’d seen it, but it feels dodgy as hell downloading an own-your-phone piece of software from just a post on a forum!

Flight mode doesn’t prove much. The app can still cache the data and send it later.

  • You can prevent apps from accessing your contacts in Settings / Apps / Permissions. You don’t need third party tools for that specific purpose.
  • TWRP has no issues accessing an encrypted data partition. Just flash the latest version.
  • There definitely are some hostile developers who distribute malicious apps to steal your personal information. But I’m not sure if using these apps and then trying to prevent them from doing their evil work is such a great idea. Maybe not installing them in the first place might be an option? But that’s just my personal opinion.
1 Like
  • denying apps permissions

Yes, you can do that. And I’m noticing lots of apps are now reacting to that by outright refusing to run unless you give them the permission they demand. This is war, they play dirty. Xprivacy takes the next logical step, by granting them permission and then giving them fake data.

  • flashing TWRP

This seems a pretty far step to take. The main reason I bought a fairphone was that it is a supported, warranty-intact way to buy a rooted phone. Wouldn’t I lose that if I reflash TWRP? Is there any chance that a later version of TWRP that is able to read encrypted partitions might make its way into the official images?

  • just say “no”

No, and I believe it’s really important that anyone involved in technology understands this. If my friends and colleagues choose to use a messaging app, I literally do not have the option to choose not to. Human beings require social networks to survive, and as those networks migrate online none of us has the option of opting out.

The malicious apps I’m talking about in particular are WhatsApp, Skype, Messenger, and WeChat. Those happen to be the most popular messaging apps on the planet. Choosing not to use any of them is not practical for anyone who doesn’t live in a cave. WeChat in particular is so utterly dominant that opting out doesn’t just cut you off from your friends, it cuts you off from employment and everyday transactions. At the same time, the Chinese government is obviously scraping every last bit of communication out of the app. And if you’re saying “don’t live in China”, you’re ignoring the trends in the US pointing in the same direction.

The sad reality is, if you care about privacy, Android is enemy territory. You have to treat using an Android app as if you were marching into a battlefield.

1 Like

OK, obviously we have very different opinions about how to handle malicious apps and services. I’ve no interest in fighting any wars. If I don’t trust an app then I don’t use it, period. That’s why I’ve never used any of the messaging services you mentioned. But you’re right, I have no idea about life in China. And this could become a lengthy discussion without actually solving your problem, so let’s just agree to disagree. :slight_smile:

On topic: Flashing a new TWRP will not void your warranty because you can revert that anytime. The recovery is only active while using it and does not interfere with Android. There is even a way of booting the latest TWRP without having to flash it; you’ll find it here on the forum. (In contrast, installing Xposed heavily modifies Android and is certainly not supported by Fairphone. Which doesn’t mean that you shouldn’t do it.) If your phone is encrypted you should really use a recovery which supports encryption. It makes things much easier. I have no idea why Open OS comes with an outdated TWRP and if / when this will change.

1 Like

OK, those are all useful answers, thanks! I guess I will update TWRP as the cleanest way to get this process underway. Definitely a weekend job though…

Are there any hints as to how to actually install TWRP? I ask because I found this link:

$ adb reboot bootloader
* daemon not running. starting it now at tcp:5037 *
* daemon started successfully *
$ fastboot flash recovery twrp-3.1.1-2-FP2.img 
target reported max download size of 536870912 bytes
sending 'recovery' (10468 KB)...
OKAY [  0.332s]
writing 'recovery'...
OKAY [  0.258s]
finished. total time: 0.590s
$ fastboot reboot

finished. total time: 0.005s

And now when I boot TWRP it says it’s version 3.0.2-0. That’s weird right? How come the install didn’t work?

What is the minimum version that can read an encrypted partition?

You mean besides the detailed wiki post about :pencil2: Using TWRP on the Fairphone 2? :wink:

One important step is to boot directly into TWRP after flashing it. Don’t boot into Android first, this might restore stock recovery.

If that doesn’t work, try booting TWRP without flashing it and proceed from there.

For what it’s worth (link is dead and the latest TWRP version should work anyway) …

1 Like

Aha! Yes, I must have rebooted into Android last time. I reflashed and now it seems fine. Thanks!

Yes, latest should work, if not please tell me!

Alright, I got the phone updated. It’s a little complicated now. Installing the new OS also downgrades TWRP again. So I had to use adb to reflash TWRP. Then I could install XPrivacy, and finally boot the OS. I guess I have to do all three steps every time I install an update in future. It doesn’t seem to be possible to install an OS update untethered.

Incidentally, TWRP now insists on installing its own app, and it looks highly suspicious. Why does it need to access my GPS location and my call history? That’s exactly the kind of thing that makes me unwilling to allow the phone to boot without XPrivacy running. The app is entirely useless too, since it doesn’t support the Fairphone 2. But if I uninstall it I get constantly nagged.

Don’t update via the built-in mechanism, but download the package to your SD and flash it from within your (new version of) TWRP. This shouldn’t downgrade your TWRP and you can re-flash your custom stuff directly. This is how I did it for a long time with FPOS.

And yes, they try to install a suspicious app, but it’s optional. As long as you take care, nothing happens :wink:


OK, I’ll try it that way next time. Hopefully I’m done for a month or two now.

I second that. Also …

I’ll consider LineageOS, once it’s had a few months to settle in. I do hope that works out well. It’d be great if Fairphone could just switch to supporting that project instead of maintaining two entire OSs of their own.

Just to be clear … I didn’t want to promote LineageOS with this (as much as it deserves it), I was just too lazy to type my TWRP backup - update routine ad again :wink: .

1 Like

What retsifp and AnotherElk said. Also, there is an app called FlashFire which makes updating modified devices even easier. I wrote a how-to about updating with FlashFire when using Magisk, but it should work pretty much the same way when using “standard” (non-systemless) Xposed.

You don’t need this app (as you noticed). The installation prompts can be disabled in the TWRP settings.

FPOS 17.11.2 is currently in beta testing, so you should have another opportunity to test your update procedure in a few days! :sunglasses:

Not going to happen. The vast majority of “western” Android users (yes, even Fairphone users) wants the Play Store (and maybe other Google services). While the Open OS and LineageOS communities are very active here on the forum, most FP2 owners use the phone just like it is.

1 Like

“Don’t update via the built-in mechanism, but download the package to your SD and flash it from within your (new version of) TWRP.”

I’m trying to upgrade again (I skipped last month’s, just couldn’t face the complexity). How do I actually do the sentence above?

What I did was download I stored it on my (encrypted) SD card and booted into TWRP. I selected the zip file - and TWRP failed to install it. It was happy to install Xposed, however.

Looking at the download page and a few other forum posts, it looks like it’s supposed to be installed by tethering to a computer and putting the phone in fastboot mode. But when I tried to do that, my computer just hung after this step:

** Fairphone Open 17.12.1 Manual Flashing Script **

Validating files...
Validation complete.

Is there a different file I’m supposed to download to flash from the phone?

Also, this forum post makes it seem like I have to do all kinds of crazy editing if I don’t want to downgrade TWRP (if I downgrade TWRP I can’t access my encrypted data). Is that true or is that misleading?

1 Like