I’m a few decades old now and I’m here to tell you that’s fearmongering. There is some truth to it sometimes, but that’s just plain not an issue for most people who don’t have elevated threat models. That’s you and me.
If you phone doesn’t leak data in 2023, it’s not likely to leak anymore data in 2025. Or in 2027. Unless, like I said, an exploit is discovered in the meantime. And if it’s truly bad enough, even outdated devices that normally don’t receive updates anymore usually do get a security update.
Besides, the trick to avoiding most security issues is to not install unknown stuff without vetting where it comes from and what it does, or visit sketchy sites willy-nilly. If you’re willing to put some effort into not doing unsafe things, you almost always avoid problems even with possible-insecure OSes.
People these days really drank the constant-update kool-aid and have no sense of reality anymore. Small wonder we all managed to survive until online updates became a thing…
I’m also a few decades old and active in the IT security community, both as a professional and as a hobby. What you’re saying here is completely false. The threat is very much real. It’s not a commercial scam. It’s a legit reason to move on to a new device.
If only you truly had such control and avoid any issues. You really don’t, even if you minimize your app selection. Best you can do is wipe the device and power it off if there are no security updates anymore.
Maybe signup for an ethical hacking course You’ll change your mind really fast.
Well, I did enough hacking in my days to almost end up in the pokey 23 years ago. Which is why I don’t usually give my name. So don’t worry, I don’t need a course.
I’m not saying security updates aren’t important. Things get updated all the time for very good reasons. What I’m saying is that not everything needs to be buttoned up like it was a critical server, and often good computing hygiene and common sense is plenty secure enough.
I was about to launch into a lengthy argument to explain why, but actually I don’t think I can be bothered. Not to mention, it’s getting quite off-topic and I wouldn’t want to get scolded again by the forum’s Gods.
You do you and I’ll do what I’ve always done, and we’ll both be just fine
Exactly my point: if you keep those things on your phone, you’re bonkers. Such data belongs on your encrypted, backed-up NAS at home, not on a mobile gadget you carry around and leave on your desk all day long at work or forget at the local bar.
And if you keep those things on an out-of-date phone, you’re even more bonkers.
That’s what I keep saying: don’t do unsafe things.
I have very good reasons not to provide anything you can verify, and I don’t really need to prove anything to anybody anyway. I was just saying, just because I’m a random dude on a random forum advising against automatically hopping on the compulsory update treadmill - which isn’t only driven by the need for security, I might add - without applying some critical thinking first doesn’t mean I don’t know what I’m talking about.
CIP is geared towards industrial and automotive use as well as anything a specific partner may need.
Rebasing a Qualcomm kernel onto a CIP branch would be non-trivial, may even be easier to simply push forward the kernel as projects like postmarketOS (vendor to mainline) and LineageOS (3.18->4.4, 4.9->4.14) have been doing recently.
Indeed, still +/- six months or so, would be nice for more accurate dates.
All I really want to see.
The vast majority of people do exactly this, hence why such security is so critical.
Literally people here right now with an FP3 who think it isn’t outdated, despite running an EOL kernel.
You probably think of a file that says “financial data”, “medical data” or “personal data”. Things don’t have to be labeled or be in a specific folder. You at least have a browser (with passwords stored and a page/search history), email (which often enables someone to reset accounts and gain access) and probably a messenger on your phone. That already is a goldmine, even if your phone is encrypted. Because that storage is not encrypted when that software runs in memory (like your NAS). Then your phone maybe gathers information about you, such as the amount of steps you take. That information is precious. Surely a security professional would understand that. And you’ll probably come back with some reply why you’ve protected yourself against certain things. Anything but keeping up with security updates, right?
Anyway, this is becoming a one on one conversation. Best is to DM me. And otherwise I’ll DM you if you still reply here. Let’s not hijack this thread.
I see the conversation about software support, that’s a part of being sustainable. It’s also about production, transportation, repairability, reuse of parts, refurbishing and more. It’s about closing the loop. I see that Fairphone is struggling with this, but is expanding the support (hard- and software) with each phone, what they learned from previous phones.
I believe that the best part is, set your goals to be 100% sustainable, lifelong support (without EOL), closing the loop, reuse all parts and materials (maybe not using new materials). And I see already bits and pieces of this to other phone companies.
So Fairphone is in my opinion a pioneer of sustainability.
Yeah, it’s probably better advice to just switch to a custom ROM once your manufacturer provided image is no longer updated. In my experience LineageOS on average providers New Android veraions for old phones for much longer periods of time. That can give you a few more years of security updates.
And in contrast to other manufacturers Fairphone doesn’t exactly make it hard to do so and even provides some degree oft service even if you had flashed a custom ROM before. So in the end it could of course always be better, but at least in comparison to other companies Fairphone is pretty far up there.
Anything is possible with enough time or money.
As in, someone has to be dedicated to it somehow.
People really like the LG G5, Pixel 1, and OnePlus 5 so they went beyond to make them work on newer kernels (Because Android 12 requires Linux 4.4+). They’re also widely available second hand and cheap!
This is something I don’t really understand. On one hand, FP upstreams support for FP4 into mainline kernel. On the other hand, it ships the ancient 4.x kernel on the official OS. When I asked support for newer kernel (to e.g. get support for newer USB network cards), they told me it’s not impossible, but it’s nowhere on their roadmap. So why do they do all the work with upstreaming? Is it just to ease development of things like Ubuntu Touch? I’m really lost in this…
Well, Fairphone might be the most sustainable smartphone on the market but it is not sustainable enough. I am asking simply LIFELONG SUPPORT, both in software and spare parts.
My wife and me bought both a FP2 in 2018, for about 520€ or so. We set it both on Fairphone OS in order to avoid Google and I was really shocked, when Fairphone announced in spring this year, that there will be no additional software support. So now we have two FP2 with no updates and with a high risk concerning safety.
Talking about sustainability, I have to say that from the quality point of view, the FP2 is not really good. For instance the material of the slim case is so bad, that it breaks very easy and I have the 4th in 5 years, my wife her 3rd and I have now a stock of 3 more, due to the fact, that FP2 is not supported anymore. In addition my white slim case takes dirt in one day. Or even one hour in the pocket of my jeans, and there are blue traces. In total, I have spent 200 € in slim casesl!!! Is this sustainable?
The camera module of my wife FP2 does not work anymore. Now I have to buy one for about 40 €. OK, I will do it because we will go on to use the phones for a certain time. But… yes, next phone might be a refurbished iPhone, which can be considered as sustainable too because of long using.
But at the end I can understand, that Fairphone has to do a certain model politics for earning money and pay the people.
I agree, that iPhones are supported by Apple quite long compared to most Android phones, but even Apple doesn‘t have lifetime support. Models like the iPhone 7 of 2016, the same year as the FP2 are not fully supported anymore.
So what you request is just completely unrealistic. Maybe desirable, but not doable.
Fairphone puts a lot of effort in supporting their phones very long (FP1 was a quite sad experience) but starting with FP2 their first own design, it was much better and they did more than announced originally.
Except that there are car hunters out there looking for old cars to crash into, and these hunters are fully automated… So no, it is not a good idea to keep using an old phone from a security and privacy point of view. You’re asking to be railroaded.
First of all, I’m positively surprised about the high ambitions and expectations that some owners/community members share here about the longevity. Although it’s wrapped in complaints that it is not long/good enough.
At each phone release, there pretty clear about the ambition of the longevity, mainly about durability of the software support. Is it so that till now, Fairphone is exceeding those ambitions each time, to support the phones even longer than first communicated? Also Fairphone is exceeding those ambitions by learning of the communities complains, remarks, questions and suggestions and make the next model better?
The Fairphone 5 has an more durable soc (QM6490), for professional applications such as handheld terminals. So not the fastest, but fast, more reliable and also longer supported.
My Fairphone 3 still works great, even the camera (software) function is improved over time (which was one big personal irritation factor). The update to Android 13 has some bugs again, but I trust on the experience I have in the capability and expertise of this company they will fix it.
Buying a Fairphone has earned it’s money at the start!
For changing the system, step by step, for better work environments, better wages. And even when its the same lifespan as a ‘normal’ / disposable phone, (when average lifespans compared shows it’s not) it’s better and cleaner produced, with less pollution, less waste and therefor worth it!
Fairphone needs to compete with other smartphones on the market. Most people don’t value the sustainability and fairness as much. They just follow advertisements, maybe read some reviews or compare specs. Therefore, most people wouldn’t even consider buying a phone that’s more than 2 years old. But it’s exactly these people Fairphone wants and needs to reach in order to change the industry. So Fairphone needs a phone that’s at least 2 years old to draw new customers in, and maybe prevent them from buying another, non-sustainable non-fairtrade, non-repairable phone.
Let’s split the people who buy a Fairphone 5 this year in 3 groups:
Those who wouldn’t buy a new phone this year if the Fairphone 5 wasn’t released
Those who would have bought a Fairphone 4 / 3+ this year instead
Those who would have bought a different brand phone this year instead
The only thing that is less sustainable of more frequent release cycles is group (1). But I’d argue, most people who buy a new Fairphone were looking for a new phone anyway. I don’t think Fairphone has the inertia (yet) to make people go “I totally need a new phone NOW” just because a new Fairphone is released. Even more so, as the changes between the models are arguably small. So I’d argue, groups (2) and (3) make up the majority of Fairphone 5 buyers.
And both are positive to the global sustainability footprint. Group (2) because a new Fairphone 5 has new hardware that is longer supported by manufacturers than a 2-year-old Fairphone 4, so the phone can be potentially used 2 years longer.¹ Group (3) because a different brand phone will most likely be not fair produced and used much shorter, as it’s not repairable or supported as long.
So I’d argue, a new Fairphone release prevents more people from making a less sustainable decision than it convinces people to make one.
Of course, I’m making claims here, this is very opinionated. Feel free to have a different opinion. But that’s why I think a 2-year release cycle, which is already longer than most other smartphone brands, is not a sustainability issue.
And this is nothing Fairphone can change, as Fairphone is not big enough (yet) to convince manufacturers to extend their support period.