English

Timely Rollout of Google Security Patches

It is early July and any day now, Google will release its Android security patches for July. Meanwhile, my FP3 is still on A.0120 with patchlevel as of April 5th.

I do not find the Fairphone’s support in this area satisfactory at all at present. They have managed to roll out a new OS update A.0124 including the June patches to Vodafone customers only (who in the past did not receive any updates until they put another SIM card into their devices), but not for the rest of us. No announcement, no explanation, nothing.

I would like to see an official patch roadmap with official announcements (and explanations for delays). We live in times where software is eating the world and timely patch rollouts are really important from a security standpoint.

19 Likes

@rae, @lorahaspels: Could Fairphone do something about the communication in this regard?

9 Likes

Updates of /e/ are better: Latest updates are from June 25th and July 1st, i.e. more than one update per month.
Also Stock ROM should update 1 time per month.

1 Like

My guess would be, that they are busy working on Android 9 for the FP2, that is really behind schedule regarding security updates.
And - especially in CoVid-times - they don’t manage to keep both developments on track.

That’s just a guess for an explanation of course (and not meant as an excuse).

1 Like

As far as I know there are now separate development teams for the FP2 and FP3 software, but in any case you are probably right that there are some delays due to the virus.

1 Like

AFAIK Fairphone does not do the OS development itself, but has is outsourced to a (Chinese?) service provider. Since the FP3 OS is so close to stock Android, adapting amd testing should really not be that much of an effort.

Either way, the conclusion that I am probably going to draw when buying my next phone is to either go for an iPhone or and Android phone with reliable updates, like Samsung:

Unless Fairphone gets this fixed, of course.

I believe, the company that did some FP2 development for them was Finnish, not Chinese. Nevertheless I forgot their name.

While I really understand your desires (@teezeh) ; I am always a bit surprised by statements like that.

Fairphone is a small company.
They have just released their third phone after more than 6 years and sold in that time less phones than Apple does in a few hours.
Still they are expected to perform like one of those global brands.

Don’t get me wrong.
I am absolutely OK with those expectations.

But in that case - as I see it - one should clearly not buy such a brandnew (designwise; i.e. modularity) device.

For me personally, the ethical and social developments of the FP are the really important feature. Privacy-wise I have now opted for /e/, to keep Google out as much as possible. Otherwise I never do important stuff like paying or banking with my phone, so my possible worries regarding safety are - to me - way less important, than the ethical achievements.

7 Likes

I understand what you say but I also remember Essential was able to update its smartphone every month whereas it was a small company. I really have the feeling it became easier to push security updates nowadays and I consider them as more important than upgrades to a new Android version (and the fact we now talk about a new Android version on the FP2 while we don’t get security updates on our FP3s does not help neither).

I come from an Android One phone that is now used by my wife and I will go back to it if Fairphone cannot do better in terms of security updates so I am in the same situation as @teezeh. I find it sad since it is important how workers are treated and that minerals don’t help to finance wars.

Finally we should not forget most of the people do everything on their phones and don’t use a computer anymore at home. In a sense, it is good since it means less waste but it is bad if their phones don’t receive security updates (more and more banks force you to do everything online).

1 Like

Fairphone does a good job with updates. It only takes a little to much time.
Samsung can be good (not always) and the phones are pricy.

Pixel are best regarding updates.

I plan to get a shiftphone sometime.

Na ja … macht Samsung sich mit wichtig auf 1 oder 2 Tage kommt es bei den Updates nicht an, oder ?

Es geht hier nicht um ein oder zwei Tage. Das FP3 ist aktuell auf Stand der Sicherheitsupdates 5. April (außer man hat eine Vodafone-SIM). Die OEMs kriegen die Infos über die Patches noch dazu einen Monat vorab.

1 Like

:de: Aber regelmäßig wird das Update auch erst bis ca. einen Monat nach dem Stand des Patches ausgeliefert, soweit ich das mitbekommen habe.

:uk: Regularly the update is provided around one month after the date of the patch; if I remember correctly.
That’s just to make clear, that the patch-date is not the date the update is delivered, because the manufacturer has to adjust it to it’s device.

Nimm kein Samsung. Mag sein, dass die Software zeitig aktualisiert wird, aber Unmengen an Bloatware, kein Stock, nach zwei Jahren ist Schluss mit updates. Dann wirklich iPhone, oder Pixel oder vielleicht Motorola.

The last one is from April and we are on July 7th…

The link about Samsung being great at updates is misleading, not to say a lie. Most of Samsung phones don’t receive regular updates, especially the low- and mid-range models, whereas the Nokia 1 from 2018 is still supported and even receive upgrades…
If you want updates with a Samsung phone, take a flagship. With Nokia, updates come later but are for three years. And with Fairphone, it can be up to 5 years but we have to be patient :roll_eyes:

4 Likes

Sorry, the last one is from 05.06… To get this you may be have to change your SIM to a SIM (also inactive SIM works!) from another Network-Provider. Also don’t throw away your old SIMs but collect them…

1 Like

I understood that Fairphone cannot deliver an open market software for everybody for Fairphone 3 as it was for Fairphone 2. New demands of network providers regarding VoLTE and VoWiFi made this currently impossible. On the other hand, providers mostly have timelines with quartely updates. I believe Fairphone does a good job, but there is a gap in processes and communication.

2 Likes

No, it’s different this time. Only Vodafone customers have received the A.0124 update so far (used to be the other way round). And except for the patchlevel, nothing much is known about the contents of the update. It might be partly provider-specific.

I respectfully disagree. Provider updates is a different story. OEMs get monthly patches from Google and should deliver those in a timely manner for security reasons. Fairphone seemed to be on track at the beginning of the year. But there were issues for Vodafone customers, who would not receive newly available updates.

Now it’s the other way round: Vodafone customers (some at least) have received an update which contains the June patches from Google. But the rest of us have not. So I don’t think that Fairphone or its SW development provider is not doing a good job these days.

And there is indeed a gap in communication. Paul Watzlawick famously said: You cannot not communicate. I think that Fairphone should communicate its update roadmaps way more transparently. I totally understand that there can be all kinds of issues which keep them from releasing an update, but I can tolerate those much easier when I know what’s going on behind the scenes.

7 Likes

Rather than arguing the toss between all of us who don’t know (because none of us do know what’s going on)… has anyone actually contacted FP directly to ask them what’s happening and why the update has only gone out to Vodafone customers?

3 Likes