Having permission to execute such a file won’t brake security issues on e/OS? @AnotherElk .
I also read Qualcom does not provide that executable file as “public” for common users…
I do not recall a single event when the device was bricked because of FP actions and not repaired for free. Do you?
As said before, only because also harm can be caused with something, doesn’t mean you shouldn’t make it public. This is the whole philosophy behind Open source. Full access to your phone will always mean that you can do everything, also “bad” things.
Also if your phone gets stolen, it doesn’t help you if they can’t unlock it
You are technically correct - but only technically: If a thief cannot expect to unlock the phone and thus cannot sell it in working condition, the incentive to steal it in the first place will (partially) go away as there is little to no profit in this.
That said, I also dislike how FRP goes against some aspects of repariability. But the solution is not to make it easy for every thief to resell stolen phones (again!). While annoying, impractical, bothersome and not necessarily for free, I think the option currently offered by Fairphone is indeed fair: If you can prove legal ownership, you can get the phone unlocked.
This is better solved by IMEI blocking in my opinion.
I don’t know how widespread the practice is, or if there’s a flow to do that through support, but there must be a way because I’ve seen at least one Fairphone (alongside other phones) sold for cheap as “works flawlessly except for calls/sms” which is a clear sign of a IMEI blocked device.
Debatable, as this requires active intervention on the victim’s side and is not automatic like FRP. And as you say yourself: It would not even make the whole phone unusable - only the actual “phone” part. This is clearly not achieving the same thing.
Doesn’t mean that it was unlocked (illegally) after the fact. It could be that it was never set up with a Google account, had been factory reset by the rightful owner for some reason, or was old enough that FRP did not exist, yet.
Should Firehose be published?
For security reasons no. But: It’s only a matter of time until edl firehose loaders are leaked.
If you change your supposition behind your argument (“working condition”), there’s no way for us to reach an agreement or debate clearly on the points that make something valid or invalid. Resale value to casual users is close to nil, for a phone without phone capabilities.
If we where to think up alternatives; allowing enrollment of user controlled key, instead of purely Qualcomm’s keys, would still make the device un-flashable by thieves while giving more utility to end users. Similar to EFI keys management on classic computers.
Fairphone, the company, is a very small fish in the mobile market and I doubt they can even propose omissions from the NDA to Qualcomm.
FRP can be bypassed in seconds anyways… Plus if you know about firehoses at all then you’re smart enough to not steal random people’s phones. IMEI blocking should be used…
By anyone with enough determination and iq higher than average. FRP is so half-a**ed its basically like a puzzle game. You open talkback, screw around here and there until you get to settings app where you set a new pin lock, reset device, input ur pin, done.
Either firehoses should be released or a software update issued to add something like odin/download mode in s*msung phones, where in case of emergency you could flash new official OS without having the BL unlocked.
Also why tf fairphone can’t provide OTA zips for FP5 to update in recovery as in FP3??
This weakness of older android version has been removed and isn’t working anymore.
Wouldn’t be so sure lmao. I tried on my phone out of curiosity, android 15, and there is still many ways to get out of FRP
Yes, Fairphone security is terrible. That’s why GrapheneOS will never support the hardware. Releasing firehose files won’t be much more of a risk.
I am really sorry that I even mentioned the security impact of releasing the file. I really never intended to make this a big topic.
I stand with legal issues doing so and that is also the reason why I think it is utterly useless to discuss this.
Fairphones and Graphenes security is another topic debated elsewhere.
Probably so, because EDL mode alone won’t do much. Rather, you need the correct Firehose programmer (elf) file to actually flash or restore the device.
No one will ever understand how genuinely upset this makes me. I purchased this phone one year ago, assuming that, by the company’s values, I would have a phone which I could continue to use for a very long time. Instead, no, I get a phone which becomes unbootable if I accidentally run a simple command. I don’t want to be rude at all here, but is the “Fair” part of “Fairphone” a joke?
When I bought my computer, did the lack of preinstalled OS lead to me having an unusable, bricked device? No, I could enter the BIOS and easily factory reset the device using an operating system installer. “Oh, but what happens if the laptop is stolen?” That would be my problem, not a problem which has anything to do with the processor manufacturer of all people. I understand it’s a legal issue with Qualcomm, but now I can only wish I bought a phone from anyone else, because other companies have phones which I can fix. My so-called “repairable phone” is unrepairable without the help of either the device manufacturer, or the chip manufacturer, due to issues in software. This is garbage.
And, again, this is understandably the fault of Qualcomm, not Fairphone, and I should now understand that I could easily have done more research on this before purchasing my device. The only thing, which is absolutely ludicrous to me, is that I have to ship my phone to someone else on the other side of the world, pay them €99, and have all of my data wiped, just to have a working device again, when this should easily be an issue I can solve myself, when I make a software mistake on my own device. Imagine owning a house, but someone else owns the keys. You then get locked out, and need to go take a flight across the world, just to go and pay them for a temporary key to the house. Of course, instead of your house, it’s your text messages. Nowadays, the two nearly go hand-in-hand with one another.
I thought this phone would be a perfect fit for me, and last at least one decade of my life, but, as it turns out, my $700 USD investment could easily be taken away, by a soft-brick, with just a few keystrokes, all the while someone I don’t know on the other side of the world could just as easily fix my device, by use of a key-file, which I’m not allowed to have for “my own safety.” Then, of course, there’s the question of what happens when Fairphone goes bankrupt. What do we do with our unfixable soft-bricked devices?
To Qualcomm, why can’t we all have individually signed keyfiles? And, more importantly, why do we need to bow down to the chip manufacturer’s orders on what we can and cannot do with our own personal devices, which we bought and paid for ourselves? Why wasn’t I told that my device would only be repairable by someone else, when I believed this whole exchange was intended to be “fair” and “repairable?” All of this is exactly why the name “Fairphone” just sounds like some sick joke to me now. Of course it couldn’t be true.
Again, no hate intended. I really just wanted to post about this. It makes me so angry, and so sad, knowing that due to corporate greed, I cannot have a repairable smartphone, even when I purchased a device claiming to be “the most repairable smartphone ever.” I can only hope that the firehose file is leaked someday. I can only dream that we will one day find a lockpicker for our virtual houses. As someone who cares a lot about owning the devices I’ve paid for, I have lost sleep over this. Thank you for reading, and sharing my woes. I hope that somehow, some way, this post can help to make a change.
I am sorry that I have to tell you this, but with UEFI and secure boot, manufacturers are trying to lock up our PCs and laptops as our phones are. And frankly, this is not even purely greed. This also comes because of ignorant users that think they do not need to learn about computers…
The fact they released a software update that caused hard-bricking is a joke. With smartphones becoming easier to repair, Fairphone will eventually disappear.
For the future, GrapheneOS collaborating with Motorola looks promising.