Why did Fairphone use an outdated SoC for the FP4 even though they knew Qualcomm would not support it longer?

So, as honorable as Fairphone‘s promise about 5 years of software support is, I just don‘t understand why they used an old SoC with a limited support duration of only two more years.

In December 2020 - 10 monts ago - Qualcomm announced that they would start giving 4 years of security support for newly released SoCs:

Previously they only promised 3 years of security updates.

The Snapdragon 750G was announced in September 2020 - a year ago

Source: Qualcomm’s new Snapdragon 750G has 5G, faster speeds, and improved AI performance - The Verge

This means 3 things:

1. the FP4 SoC is over a year old on it‘s release date

2. the FP4 SoC is too old to benefit from Qualcomms newly made promise

3. according to the previous promise of 3 years of security support, the SoC will only benefit from 2 more years of security updates from Qualcomm

So why did they choose this SoC? The timing is just so bad, it almost feels deliberate. They had 10 months to switch to a SoC that would automatically get 2 additional years of easy updates (because it would be younger and get an additional year of support from the promise).

Furthermore, I must also mention that I am skeptical about their efforts in keeping a device secure with no support from the SoC vendor. There are vulnerabilities that are not fixable for them without a firmware update (that only the vendor can reasonably provide). A somewhat recent example would be Intel‘s Spectre vulnerability:

This means I could not trust the FP4 to be completely secure after Qualcomm drops support and therefore the FP4 will become unusable for me in exactly two years which is just not sustainable.

I believe it’s unfair to assume that 10 months is long enough to switch SoCs. It’s not just a matter of switching out the actual IC,they’re not pin-compatible. You pretty much need to re-engineer your entire phone, starting with the main board. There’s a lot of finicky things to get right to make sure all the lines on the PCB meet their timing demands, don’t have too much resistance, don’t cross-talk and fit within the designated area for that PCB. Then the other components need to be integrated, which means more of that finncky PCB design. After that everything needs to be tested and produced to scale, shipped to the assembly line, shipped to the retailers. Before you know it 10 months are gone.

Quite an elaborate title

Presumably you didn’t want an answer or you would ask Fairphone not other users. ?

So I imagine you just want to discuss your disappointment There are other topics that bring up the same and similar issues which I will attempt to append as the day goes by.

Does this mean you will definitely not be buying the FP4 ?

I wonder what will make the phone unusable for you specifically. Do you have special requirements that surpass the common user?

• The Android OS is likely to be update for another 4 years at least
• Security update will accompany the A11 A12 A13 A14 A15 etc.
• The FP1, FP2 are still usable and I imagine the FP3 will be for a few years.

All the best for now.

NOTE Fairphone updated the FP2 with Android 9 without support from Qualcomm. It took some time and effort but they did it

OTHER TOPICS/POSTS that discuss the Qualcomm 750G and it’s weaknesses

• FP4: The specs and your opinions - #252 by Aurelio_Lopez
• FP4: The specs and your opinions - #333 by UPPERCASE
• Customers, a species of camplainers? - #45 by Incanus
• FP4: News/Rumours and Updates - #60 by UPPERCASE

Hello everyone, (I’m reposting on this topic because it seems that my topic is similar)

I would like to buy the fairphone 4, but I wonder if the processor is powerful enough in the long run?
Won’t the phone get really slow over time? Even for basic use?
I can’t imagine the fairphone 4 supporting an android 14 or 15 properly.

Personally, I would have preferred to pay a little more for the phone and have a more viable processor in the long term.

What do you think about the processor ?

Thanks in advance !

Well according to fairphone it will
People are still using FP1s and FP2s that run on French Fries

It depends upon what your future plans are.
It seems you are just poking the fire, do you have any real problems envisaged.

You are not alone, have you checked out the links in the above post.

Personally as long as the hardware hangs on I may well be using an FP4 in ten years, but then I’m not a heavy game player, nor trying to edit videos.

@RSpliet

I believe it’s unfair to assume that 10 months is long enough to switch SoCs.

Yeah, that is a valid answer. I’m not an expert in the phone making business. It may take that long, especially for a smaller company. However, personally, an additional year of support is such a big deal for a company that promotes longevity that I would assume they would make some sacrifices to make it happen.

@anon9989719

Presumably you didn’t want an answer or you would ask Fairphone not other users. ?

You are right. It’s more of a rhetoric question. I assume that Fairphone actually reads their forum and I just wanted to point out that I think this is quite a big mistake on their part (IMO). On one hand they are complaining that Qualcomm doesn’t support their chips longer:

On the other hand they deliberately choose an SoC which Qualcomm will not support for very long anymore. Seems like they shoot themselves in the foot.

I wonder what will make the phone unusable for you specifically. Do you have special requirements that surpass the common user?

No, but I think the normal user doesn’t understand that they should actually stop using a phone that doesn’t get firmware updates anymore. It’s just a big security risk. You risk the money you use on banking apps, you risk your passwords and personal notes, you risk your private photos, you risk your business reputation by having your e-Mail linked etc.

• Security update will accompany the A11 A12 A13 A14 A15 etc.

You need to understand: it’s impossible for them to patch the firmware. Some vulnerabilities are tied to the SoC in such a way that they cannot patch them no matter what they do. Intel’s spectre vulnerability is such an example so we know this stuff exists and isn’t just theoretical.

NOTE Fairphone updated the FP2 with Android 9 without support from Qualcomm. It took some time and effort but they did it

I respect that a lot. But first of all it would just be easier for them to support the phone longer if they had official support from Qualcomm, and secondly they have the same problem there that they just can’t patch the firmware.

@Diurne

I would like to buy the fairphone 4, but I wonder if the processor is powerful enough in the long run?

Honestly, this is not a concern for me at all. I think the processor is absolutely powerful enough. We kinda hit a wall with performance requirements a few years ago. Windows for example doesn’t get more demanding anymore. Any processor that was capable enough to run Windows 7 is also capable enough of running Windows 11 (it’s just Microsoft imposing some artificial restrictions that make it complicated)
Google for example just recently released the Pixel 5a with a 765G processor which is only slightly faster than the 750G and it will support the Pixel 5a to at least Android 14.

(post deleted by author)

(post deleted by author)

It’s not really ‘their’ forum, although they host it. Given the amount of posts there are I doubt they are even interested unless they start the topic or someone actually pings them over a support issue.

I suppose this is the real debate.

‘Security and Firmware updates’ maybe that should be the title as it will always apply rather.

Qualcomm support OS updates for a while, hence Fairphone’s own efforts for A9 on FP2

Wouldn’t it be an idea to change the title to something like

Fairphone and SoC Firmware Vulnerabilities as that seems more to the point.

I.e. it’s not really a question but a concern that you have.

Also can you point to where such outdated firmware on the previous FP models have caused you concern. Else the topic can be seen as just a wind up.

This is not just an FP4 issue, though you mention this model.

I believe its safe to say Fairphone always release a device with a year old SoC. They did the same with the FP2 and FP3. The question is: why?

@anon93683458

I would suggest raising this ticket with support as this is strictly a user forum

I don’t really know what Support could or would do about it. If Fairphone doesn’t monitor their own forum for free user feedback then it’s kinda their own fault.

When it comes to the SoC that came after Qualcomm’s announcement, we don’t know how much they would have impacted size, weight, price, stability, thermals and battery life of the phone. These are all things to take into consideration. A benefit to using old and proven technology is of course the fact that you know what you are dealing with, it has had time in the field with users. Other benefits are a reduction in price and components.

You are absolutely right. But it will likely also cost them a lot to support the Fairphone without support from Qualcomm.

Then there is the fact that we don’t really know how likely it is for security vulnerabilities to impact the average user versus the cost of performance for mitigating them - these are things that need to be carefully weighed as well, regardless of future support.

It’s actually not extremely common for patches to impact performance a lot. That was mostly specific to Spectre because the vulnerability affected a performance enhancing feature.

So really I think this post is simply too late to have any impact on the current phone, but if you want to affect development of the future phones they have then I would still recommend getting in touch with their support - that would be your first realistic link to getting their attention and any possible answers.

You are also right. But I think this post should be enough. If not then it’s on them.

@anon9989719

I suppose this is the real debate.
‘Security and Firmware updates’ maybe that should be the title as it will always apply rather.
Qualcomm support OS updates for a while, hence Fairphone’s own efforts for A9 on FP2
Wouldn’t it be an idea to change the title to something like
Fairphone and SoC Firmware Vulnerabilities as that seems more to the point.

I choose the title to be provocative on purpose.
Well, I don’t really think there is a lot to be debated. Would you use a lock on your door that can be opened with a paper clip? Or a lock like that on your car?
And this doesn’t even begin to touch the whole privacy issue. IMO devices that have cameras, microphones and GPS trackers installed should only be used with absolute highest security guarantees.

Also can you point to where such outdated firmware on the previous FP models have caused you concern. Else the topic can be seen as just a wind up.

You are asking me to find a specific vulnerability in a specific device that is currently exploitable. This is the job of a security researcher and PenTester. But I’m neither. I’m just a concerned customer who values security.
However, I can still point you into directions:

This is an article from 13.05.2021. If you check out the the corresponding security bulletin from Qualcomm:
https://www.qualcomm.com/company/product-security/bulletins/june-2021-bulletin
Then you find this list of affected devices:

APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8084, APQ8096AU, AQT1000, AR6003, CSR6030, CSRB31024, MDM8207, MDM8215, MDM8215M, MDM8615M, MDM9150, MDM9205, MDM9206, MDM9207, MDM9215, MDM9230, MDM9250, MDM9310, MDM9330, MDM9607, MDM9615, MDM9615M, MDM9625, MDM9628, MDM9630, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8108, MSM8208, MSM8209, MSM8608, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8976SG, MSM8996AU, QCA1990, QCA4004, QCA6174, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6694, QCA6694AU, QCA6696, QCA9367, QCA9377, QCA9379, QCM4290, QCM6125, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QET4101, QSW8573, Qualcomm215, SA415M, SA515M, SA8155, SA8155P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD480, SD632, SD660, SD665, SD670, SD675, SD678, SD690 5G, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD820, SD821, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888 5G, SDA429W, SDM429W, SDM630, SDW2500, SDX20, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM6250, SM6250P, SM7250P, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6850, WCN6851, WCN6855, WCN6856, WHS9410, WSA8810, WSA8815, WSA8830, WSA8835

They don’t list the SD801. Does this mean it’s not affected even though essentially every other current Qualcomm SoC is? Unlikely. They probably just don’t include vulnerable chipsets that are EoL. To confirm this you can check out all the bulletins over the last years and you will see that the SD820 was affected by something almost every single month since its release. The SD801 was never listed.

@JeroenH
You are right. It’s just that this time there was this Qualcomm announcement which makes it especially weird for me.

Security vulnerabilities are a lot like software bugs in the sense that they will always pose a risk. Just by downloading apps you are presenting a risk, even if they are on the Google Play Store. I think that since this is such a recent change for Qualcomm, it may have been unavoidable. Hopefully future phones will have the same or better support from Qualcomm.

On a side-note: It might even be time for the phone manufacturers to start putting pressure on Qualcomm to do better? OnePlus Nord 2 5G and other mid-range devices have been using the MediaTek MT6893 Dimensity 1200 5G SoC - I have heard good things about this. If they were to start losing sales to competitors, then they would have to improve their offering.

To conclude though, maybe Fairphone can provide their reasons for this. Or maybe they have a plan to remedy this issue in some other way? I still think you should send a ticket to support. You can ask them to escalate the ticket and also link directly to this post.

Well

a) they could answer which could have avoided the need for this topic in the manner it is presented
b) Given what appears to be your concerns you may be better able to explain them.
c) As explained this is not the ‘Fairphone’ forum for developers or for that matter the staff in general.

• You may find a post about the blog engine being updated
• A post about an update to the OS
• This is not a forum for user feedback it for user interaction with each other, not Fairphone. On the front page of the forum there is a note to this affect

• Find solutions and ask community for help with your FP product. If you have a HW or SW issue this is the right place. For general questions about FPs please go to The Products. ATTENTION: This is not the official FP company support. Please contactsupport for official help and support.

This is a exactly reason why I decided don’t buy this phone. Google Pixel 6 have currently 5 years official updates.

(post deleted by author)

As I understand the security updates come with the OS updates and that is projected to at least Android 15

But as has been pointed out this does not equate to SoC firmware updates from Qualcomm.

Updates to what? The OS or the Firmware ?? or is it just the Titan chip?

Not knowing much about the security issues, for the security must haves, the Pixel does sound a better option, but luckily that’s not something I’m concerned about.

What about security?

Another thing Google has shouted about is how secure this chipset is. Tensor has a security core (which means sensitive tasks can run in a dedicated environment) and it’s joined by a Titan M2 security chip. Between the two, this makes the Pixel 6 range more resilient to attacks than previous models in the range.

In fact, Google claims that the Pixel 6 and Pixel 6 Pro have the most layers of hardware security of any phone, and independent security lab testing has shown that it can withstand all sorts of high-tech threats, such as electromagnetic analysis, voltage glitching and laser fault injection.

The Google Tensor chipset also allows the Pixel 6 to get five years of security updates, where other Android phones mostly only get a few years of these.

All far beyond my requirements I imagine.

Full OS updates

I see the launch date is 25th Oct as is the FP4
However the issue is not so much security, which the Pixel has in abundance but why the FP4 doesn’t have such.

It’s been fairly well established that Fairphone don’t have the same resources to design a phone as quickly and their focus is on fair trade. Add to that the user replaceable parts and that’s a lot of work that other companies consider less important.

Well I support the Fairphone company on the fair trade as the driving force, so I accept that security issues are not the priority.

It’s difficult to keep to the topic and find any feedback that brings any resolution to the OP

@anon93683458

Security vulnerabilities are a lot like software bugs

Actually, they are software bugs (or hardware bugs)

Just by downloading apps you are presenting a risk, even if they are on the Google Play Store.

Yes. You are right. That’s why it’s important to keep your software up to date such that malicious apps cannot interfere with your data.

I think that since this is such a recent change for Qualcomm, it may have been unavoidable.

It was public knowledge for 10 months. Hardly unavoidable. Expensive? Maybe, but definitely not unavoidable.

On a side-note: It might even be time for the phone manufacturers to start putting pressure on Qualcomm to do better?

I agree 100%. They should do better, but this has to come from larger players than Fairphone. Those may not be interested in longevity, they prefer to sell you newer devices.

@anon9989719

I will consider opening a ticket.

Another reason for posting this was that I just wanted to let the community know about this. Not everyone might read tech news. Hoping that if more members of the community are aware that this puts more pressure on Fairphone to align this better in the future.

@soong
I’m in the same boat. I will also get a Pixel 6, even though I would much rather give my money to Fairphone than to Google.

@anon93683458

Has anyone asked Fairphone how many years of security support they will provide?

• Software support for at least 5 years

We also aim to provide updates for Android 14 and 15. However, since Qualcomm will not offer support in the development, we cannot guarantee them.

@anon9989719

Updates to what? The OS or the Firmware ?? or is it just the Titan chip?

Google makes their own SoCs now. This means they can provide updates to EVERYTHING for as long as they want.

All far beyond my requirements I imagine.

We can agree to disagree. I think a Smartphone is such a central device in many peoples lifes that security should not be a compromise anyone is willing to make.

I see the launch date is 25th Oct as is the FP4
However the issue is not so much security, which the Pixel has in abundance but why the FP4 doesn’t have such.

It’s been fairly well established that Fairphone don’t have the same resources to design a phone as quickly and their focus is on fair trade. Add to that the user replaceable parts and that’s a lot of work that other companies consider less important.

Well I support the Fairphone company on the fair trade as the driving force, so I accept that security issues are not the priority.

It’s difficult to keep to the topic and find any feedback that brings any resolution to the OP

I see. You summed it up pretty well and you seem to fully understand me.
I can also accept this as a resolution.

The only thing that I would add to this is that one part of Fairphone’s marketing is focused on longevity of the device. In their FAQ the fist point is literally:

• Long-lasting design

IMO in the context of this thread this just seems like an afterthought at best and a lie at worst.

It seems a bit harsh. Qualcom release the SoC 750 Sept 2020 and expect it to be in use by 1st Jan 2012/

Fairphone have to design around a SoC and it take 9 months… By the way where did you get the info that there is only 2 years of Qualcomm support for the 750

and ???

In December 2020 - 10 monts ago - Qualcomm announced that they would start giving 4 years of security support for newly released SoCs:

Is that 2021 10 months ago ??