10+ local and remote escaalation-of-privilege vulnerabilities unfixed, which could mean getting your phone pwned by malware in several scenarios that should normally be prevented by Android, such as opening a malicious media file.
Is this normal? What has been the usual time between published secuity updates from FP? Other phones I’ve owned get them monthly quite soon after Google publishes the updates on their end.
Which devices did you own before and how long did they take to patch things? From what I’ve seen, Fairphone is usually 2 months behind. This isn’t great indeed. But it’s still better than most phones out there. I think high-end Samsung phones and OnePlus phones get updates in time and of course Pixel devices. Fairphone has a smaller team, it’s kind of unfair to compare them to those giants.
Just to give you a heads up, Qualcomm doesn’t support a SoC for 7 years. So those Qualcomm fixes you see won’t be available for Fairphones after a number of years. This might change, since the EU is pushing for higher standards. But I guess this won’t include the FP4. Then again, this is me, I’m not in the inner circle, aka Fairphone employee. Best is to just #contactsupport and relay these concerns you have. Please share their response here.
Samsung sometimes even beat the Pixel phones with the monthly updates If you have a well automated pipeline with tests and make use of project Treble, then I guess you can release faster while keeping quality high. But I don’t have a relevant background. If it was easy/cheap, I guess FP would’ve done it already.