WIP: Software-Updates on Android or obsolence by design

fair account, ben, for all points i’m familiar with (at least superficially). you didn’t mention it explicitely but i understand from your post that you’d like fairphone to follow apples lead with respect to durability/repairability/upgradability. if so, i happily agree. so far, i’m happy with the performance of my regularily updated FP2 (my son loves my “old” FP1 despite having shattered the screen). but having read (here in the forum) about the various issues a fair number of FP2 users have with their device and the fairphone support i think it would be a wise decision to plan for a more solid (=apple-like) soft-&hard-ware supply chain for FP3. (and if the screen size of the FP3 would be that of apple’s 5C i would place my order immediately)

1 Like

Except for the fact that your analysis does not cite any references I partly agree with some of your conclusions. However, I doubt Google designed the Android system with obsolescence in mind. It’s simply the lack of pressure and incentives for the manufacturers to provide (security) updates in a responsible fashion.

There are some reasons behind this that also differentiate them a bit from Apple:

  • the manufacturers produce too many devices with too many chipsets per year
  • many manufacturers do not care at all about maintainability when choosing a platform (no incentives)
  • customers do not make buy decisions based on these factors and there is simply too little choice
  • customers do not claim their rights like they should and regulatory bodies are deeply asleep (on purpose?). At least in the EU, for any new goods you buy get 24 months of a limited warranty (“Gewährleistung” in German) and it’s your right to receive a product that is free from faults. Why do people that buy such products that have known, severe security issues do not claim this warranty? Why do institutions only do small campaigns such as [1] instead of getting those cases to court?

After lengthier consideration, personally, I decided not to get a FP2. Not only because it’s a inferior product, but because Fairphone decided for a non-free platform where they again made themselves direclty dependant from a chipset manufacturer for providing updates. They did not learn their lesson. They could have chosen a platform that is (much) more open and that is supported by free software out of the box. Imho, this is the only way to solve the update disaster in the long run.

As long as Google continues to provide security fixes for Android 6 things will stay fixable. Once they stop (maybe in a year or two, who knows?), FP2 will become as obsolete as FP1 is today - at least if you want to have a phone that is not vulnerable to old and well-known security issues.

Regarding Custom ROMs: Yes, they are currently the only solution but they are not for everybody (installation, warranty…). Fairphone still is MUCH slower than e.g. LineageOS in providing security updates, and I don’t understand why they mess around so much with their firmware instead of concentrating on the hardware and partnering with/supporting community projects like LineageOS for providing the software.

[1] https://www.golem.de/news/unsichere-android-version-verbraucherschuetzer-verklagen-haendler-1707-129064.html

2 Likes

I guess, you just answered that question yourself:

A company as small as Fairphone can neither change the world in one go, nor can it offer support like apple or tackle each and every task at the same time.
From a business point of view it is convincing to first develop a smartphone that is durable, as fair produced as possible and that has the potential to get the message of fair electronics to as many people as possible (i.e. that’s marketable).
Once that has been successful, a phone optimized or even especially developed for the technically advanced user willing to experiment with the OS might be a serious option.
I for one would not have got me Fairphone, if I would have had to take a computer course first. :wink:
And to be honest, when browsing this forum’s threads for other operating systems like LOS, Ubuntu etc. I still can not see myself to try a change from the original Fairphone OS (with google-stuff disabled as much as possible of course).

5 Likes

Then you might have misunderstood my suggestion: My point was not to leave the software part alone and see what the community does, but to support projects like LineageOS. One such model could be if Fairphone dealt with the device-specific parts (like maintainers of other devices do) while the community would deal with all other stuff “for free”. The second duty would be of course to test the resulting ROMs (FP part + community part) and make available official releases of the tested versions. This way, end users would not need to do any tinkering themselves.Well, I think we are too much into discussing possible solutions already…

So, coming back to the problem: Selecting a hardware platform that relies on 180 MB of non-free blobs for proper operation is what I would call a careless approach towards obsolescence.

This is exactly the way to go if you want to achieve “obsolescence by design” in an unintended way :frowning:

The practical difference between FP and other manufacturers like those mentioned by the OP is that FP is a bit more “Apple”-alike. Yes, FP also has just one product, but as we’ve been told by FP1 this does not help at all if you made the wrong decision for the hardware in the first run.

2 Likes

Do you know an open platform that is ready to be used in a smartphone that should be more or less competitive, is designed to be opened and that incorporates conflict-free minerals? As far as I know there is no such platform. OpenPhoenux (formerly OpenMoko) is not modular, and the specs are mediocre.

6 Likes

I fully agree, that a google-free OS is most desirable.
I just have my doubts, that Fairphone would have made it past the pre order phase had they opted for a phone with a kind of OS that needs to be bugfixed and developed by a community.
As long as there is no widespread, free and easy to use OS, I don’ t see 15,000 or more people willing to fund it. Although I might be wrong of course.
And … you always have to keep in mind, that fairphone aimed at sourcing fairer raw materials, enhancing the working conditions and realizing easy reparability. Given all that already has been achieved in that regard, I am even surprised, that the FP2 already seem to be running under LOS, Ubuntu and Sailfish; not to mention the officia Fairphone Open OS.

3 Likes

I have no knowledge about minerals in this regard, but I have serious doubt that manufacturers of the QC platforms care about this at all. I assume FP had to negotiate some contract for use of more fair gold or whatever with the SoC manufacturer themselvey, and I don’t see why this should be different with others in principle. Things they can probably better influence are assembling the logic boards into the devices etc.

And yes, there are much more open platforms such as Allwinner A20 (EOMA68-A20 is based on it as well), Freescale etc… Maybe not as powerful, but on the other side much cheaper. Recently, some people even managed to build a phone around a Raspberry Pi Zero, a device that has been recently liberated to some point.

I don’t see why people would not Crowdfund a project based on a customized Android firmware like LOS. Have you looked on sales numbers of manufacturers like bq or Oneplus who used to sell hardware with such custom Android firmware? These devices are still among the best-supported ones by LOS, OmniROM etc.

For me, all the fair mineral mining is not of much help if the device gets obsolete too soon. Buying a used Galaxy S2 from 2011 is a much better option since no new minerals have to be mined for it. And it’s much more open - if you can live without 3d support, wifi and gps you can run a completely blob-free OS (ReplicantOS) together with some lowlevel stuff you never have to touch (bootloader, modem firmware) on it. This means that it can be ported to newer Android versions with ease and without any help from the chipset manufacturer needed at all.

=> Using hardware components that are supported by mainline Linux and free drivers is the proper way to go if you are into long-lasting hardware.

1 Like

No, it’s a very different solution – like buying no coffee at all instead of fair trade coffee. Not buying a product is good since you avoid being part of production chain that is unhealthy, unfair and destroying the environment. But it’s not a solution of which the miners profit. Instead, I think the approach of fairphone is much better: Help those working in bad conditions to improve their situation.

I think these a different issues that should both be addressed. But that is about all I would like to say in this regard, to keep this thread on topic.

8 Likes

Ok, I guess we are going in circles.
You might have got a phone crowdfunded like you propose, but you would not sell 100,000s of them. I really do not know anyone in person, who would buy such a phone.
Of course a long living Samsung might be more environmental friendly, than any new phone. But that way nothing ever will change for the mine-workers and the people in Congo or for the factory-workers in china/asia.
Starting small means that sacrifices have to be made.
Given the problems Fairphone faces even with google’s android on their self developed modular phone, I might not imagine the troubles they would have to go through with a less common OS.
Seriously, let’s just wait and give them some more years to get the business up and running smoothly for the carefree customer, before demanding more.

3 Likes

@kuleszdl: Yes, in general I agree, but this approach won’t solve the structural problem of the exploitation of human beings and the environment in the electronics industry.

@ben You were a tick faster with your reply. I was still trying to figure out how to get back on topic.

In my opinion the crucial point here is Fairphone’s work. Sure that a Samsung Galaxy SII doesn’t have to be produced anymore, but if you buy it nothing will change in Samsung’s / the industry’s behaviour. Fairphones are not the best supported phones in the world, but I can be sure that by buying one I contribute to overcoming the big challenge of fair mobile communication.

Also, the lack of updates for the Fairphone 1 might even have had a positive notion by having people open their eyes upon the things that are going wrong in the industry. They are wondering what’s the reason for the missing updates and that opens up a discussion about software updates in general. Even if there is a planned obsolescence, in the end people will be conscious about it and vote with their wallets against it.

PS.: It is ridiculous that every Nougat phone should have accelerated 3D graphics whilst many many users only want to use their phone as a phone and for basic task such as e-mails and browsing the web. Google deliberately uses people’s dependency on the Google Service to force them into buying new phones.

4 Likes

I disagree. With this argument, you could also say that buying a new FP every year is better for the miners because it helps them staying employed in “good” working conditions, so having a short-living FP would be even better.

I am not talking about avoiding “carefree” customers at all. And not about “less common OS” either. For some reason you seem to think that “custom OS = tinkering”. That’s not true. Again, look at bq and Oneplus who ship these OSs by default without any need for tinkering on the customer side. And there are many customers who value such an OS much higher than something crippled by one of the regular suspects with one of their “great” customizings.

Talking about wallet-voting: FP did not learn many lessons from FP1 regarding longetivity and they sell a phone that is much worse than a used S2/S3 in terms of freedom or security. How long will QC continue to provide updates for this 180 MB of blobs? Are they even providing any updates at all? How can you know in this closed world? Many Android exploits are device-specific btw. which is why only updating Android will not help if you have a bunch of firmware around this is not supported by the manufacturer anymore.

I don’t like this move by Google either because they should be well aware of the consequences. However, to me it looks like the actual cause is not with Google but with QC who refuse to spend efforts for providing updated drivers. Afaik it’s not the hardware that has these limitations.

Again, this is a typical situation where having a free driver would have made it possible to overcome it with the help of the community. On the other side, having a blob from QC makes FP completely dependent on them with no incentives on their side to spend efforts for such a dated chipset.

3 Likes

I added a new section to my original post to reflect that I do not consider alternative open source OS like Sailfish a solution.

That might even be true in the short run. As in most thinks in life, it’s about the balance.

I don’t think so. Google does many thinks, but this simply makes no sense. For one part, it is still unclear if it is device encryption or a 3d graphics API that the Snapdragon misses, for the other part, Google puts a lot of development power into making Android Updates easier, look at project tremble, for example. I am 100% sure this is not planned, but a just stupidity. In the long run, Google engineers did probably know this, but they need to balance different interests.
If the 3D API is the reason for the Snapdragon 801 not receiving Android 801, it’s probably about virtual reality. For developers, especially when targeting VR scenarios, it’s great to know every Android 7 device support either OpenGL ES 3.X or Vulkan. By pushing these standards, Google can push AR and VR on Android.
If the device encryption support is the reason, it might be security considerations.

Google does not need to force people into buying new devices, they make money with their services, not hardware.

In which way is that? Samsung does not support these custom roms at all. The S2 or S3 are no longer sold, there is no software or hardware support, the latest update to the S3 was Android 4.3 in late 2013.

This is why the Android Security Bulletins and Patch Levels contain two parts, the first patch level is Android Core, the second is device and driver specific updates. A device that advertises a specific patch date, must include all updates, including the device specific, until that day.

I would love an open phone with fully open SoCs. But there is none. I do not see Fairphone should be the company risking everything the pursuit this goal which no other manufacturer, ever, successfully did.

4 Likes

I should have added that it’s worse than a used S2/S3 running a custom Android version. To my knowledge, FP does not support running custom OSs either, and unlike a FP1 which heavily relies on blobs by the hardware vendor an S2/S3 can run Android 6/7 (without Vulkan and hardware-aided “truly random” pseudo-encryption) just fine.

As far as I know this only accounts for Nexus/Pixel devices where Google provides the blobs they received from the chipset vendor themselves. In how far does this affect other OEMs like Samsung, Sony or FP? How can Google dictate them which driver-specific updates they have to ship, possibly not even knowing which hardware they shipped?

Edit: Okay, I guess I got the point. They list some known CVEs for components of various (mostly chipset) manufacturers and require these to be fixed if the security tag is applied without requiring the application of certain patches.

I see a couple of reasons here:

(a) because it’s the only way that makes it possible to escape the update obsolescence trap,
(b) providing “lifetime” updates would be a real killer argument and demonstrate that it’s doable, showing that other manufactures simply do not want to
(c) because it would have possibly allowed for a FP2 in the 300€ price range
(d) because such components exist.

They didn’t try, or maybe they did but we cannot know since they are not transparent about this type of decisions at all (despite claiming the opposite).

The whole “built to last” thing is a promise that was already broken at the time the chipset manufacturer was selected. It’s just as wrong as claiming that they provided support and security updates for the FP1 for a long time while the device was never in a state where all known vulnerabilites were fixed.

1 Like

It’s most probably not missing encryption capabilities. See my analysis here.

What if I don’t want to use AR or VR and if I will never install such an app? Is this justification enough to keep me locked out from newer Android versions and earlier stop of security updates?

Why is the CTS so strict then? If Google was so benevolent towards older devices, they wouldn’t impose restrictions on them that they cannot meet.

@kuleszdl Please post only once in a row, to keep the forum tidy. :slight_smile:

1 Like

VR and AR are often considered the next big thing. Google and Apple are racing towards best platform support. I do not think it is a good decision, just that I think that old devices left behind is more like collateral damage to them, in fact, the more devices would have support Android 7 with the new APIs, the better for AR and VR efforts.

I can understand a and b, but c is pure speculation and I disagree with d. I know of no hardware platform that provides sufficient features and performance and is 100% libre.

3 Likes

Regarding c: Yes, pure speculation. I guess most costs went into engineering the modular design, not into manufacturing the devices.

As mentioned, A20 could have been a good candidate, and using the old Exynos SoC from the Galaxy S3 might have even been a better choice (less libre but more powerful). And I am not talking about 100% libre. Following the “one step at a time” approach it would be sufficient to have something more libre than the old SoC. Instead, the FP2 platform is even worse - 180MB of blobs is a pure nightmare.

Too many cheap Android devices that were giving Android a bad name (because they could barely run some of the feature that people were expecting), driving people to iOS as the ‘only usable mobile OS’. The only way to change that is by guaranteeing a certain android experience.


OT: As for the other chipsets:
For the FP1 they weren’t really in the market to design their own device, so the licensed an existing design in which large changes to the chipset may not have been supported. I’m going by the FP1 comparison, as the chipsets you mention all seem to be FP1-era specs. And people are already complaining the FP2 spec is stale.

I’m not saying it isn’t a good choice, but out of interest: was that ever updated beyond 4.2.2? I thought only A31 and upwards got enough support to support lollipop. Do community ROMs exist (I honestly don’t know!)?

If you could get it licensed - there was a whole spat about IP restrictions (see for example this report).

4 Likes

Yeah, but FP2 for sure won’t convey that impression. It is far beyond being “barely” able to run “some of the features that people are expecting”. What I’m saying is that it artificially speeds up the device cycles if Google says that any phone that wants Google Services on Android 7 needs to have support for 3D graphics. I do think that most of the people are not expecting to play heavy 3D games on their phones.

1 Like

It has mainline support in the linux kernel - only because nobody provides a ROM beyond 4.x for it doesn’t mean it’s not able to run it. The only caveat could be the 3d driver part, but the Mali 400 MP2 was also used e.g. in the MT6572 chipset for which a port at least to of LineAge 13 is available:

https://forum.xda-developers.com/android/development/rom-lineageos-t3598113

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.