The biggest downside of Fairphone IMO is that they don’t maintain their hardware support in LineageOS and for the retail product then branch development off, add a bit of custom branding and adapt whatever Google requires these days. It would greatly improve custom ROM support in general.
Agreed. I was debating between CalyxOS and GrapheneOS, and I ended up w/ GrapheneOS because I ended up picking the Pixel 8 due to the long software support cycle. If I picked any other phone, I would’ve ended up w/ CalyxOS.
no other manufacturer than google ever will have graphnene os support. their requirements cannot be met unless you are a tech gian, and with exceptionally good connections to the hardware manufacturers
Fairphone brand is basically saying to everyone “Hey look at our generic Android phone with everything you need from Google, including AI stuff and data collection” and when you ask if you can have a privacy friendly features they basically say “Nope, we just do a phone with replaceable parts, that’s all. Don’t ask for more”
That is not the only issue, it’s just one of the more major ones that shouldn’t be dismissed like it’s nothing. Another major one is the unlocked bootloader. You can take a look at all the Android ROMS here.
I think people should treat carefully when changing the OS of a mobile device. Changing your OS to something less secure just because you want to shove it to Google and Apple is not enough to warrant it. Better to stay with something safe that you know than with something insecure like /e/OS.
Luckily we have Graphene so you can actually switch to a more secure and private OS that is not made by an American corporation hungry for data.
I am not dismissing it, I am saying that is not as big as you make it to be. Most users lag behind in updates anyway, besides using minimal and trusted applications, the outside exposure to exploitation is relatively small, for a device without a public address. I am not the one APTs are going to use the SMS no-click 0-day against.
Similarly for the bootloader issue. The kind of attacks mitigated by this are not in most people threat models. They just are not.
As someone else wrote, it’s possible to relock the bootloader anyway with official builds (such as my FP3). But anyway, even for myself the chance that my phone gets modified by physical access without my knowledge is a fraction of a fraction compared to the chance that someone will snatch the phone in my hand while unlocked, for example (a recent pattern).
If these two issues are what prompts you to call a “security dumpster fire”, I would say we at least have very different risk perceptions.
If these two issues are what prompts you to call a “security dumpster fire”, I would say we at least have very different risk perceptions.
We do. I can’t in good conscience recommend it as an alternative to friends or relatives when even stock Android has improved security. I can’t speak for your social circle, but all the people I know update their phones accordingly. Maybe they delay the update for a few days, but they don’t stay months with their phones like that. Fairphones improve the situation a bit since you can lock the bootloader, but the substantial delay in security updates is still a major risk.
I don’t get why anyone would choose /e/OS over Graphene if they had the option. Graphene offers the highest security and privacy, it works wonderful and most banking apps support it. /e/OS just has the advantage of supporting more models, but if you can get a Pixel what’s the point?
Generally speaking privacy and security are related but not really linked to each other. Google services might be very secure, but a privacy nightmare for example.
In this particular case, even more, because the chances that using a “googled” phone will mean data collection (I.e. privacy issues) are almost certain, while the risks we are talking about are much more niche and - as I elaborated on another comment - in my opinion not really in most people threat model.
I would like to hear your perspective instead, because I am not really into using authority arguments, but as a security engineer I believe to at least understand well the issue with security updates, vulnerabilities and exploits. So yes, I do think to know what I am talking about.
Shame there is no Graphene OS support for it
The biggest downside of Fairphone IMO is that they don’t maintain their hardware support in LineageOS and for the retail product then branch development off, add a bit of custom branding and adapt whatever Google requires these days. It would greatly improve custom ROM support in general.
And it doesn’t support US bands for TMobile
For 4G. 5G is fine.
T-Mobile supports these bands:
5G: n2/41/71/258/260/261
5G,ER: n25
4GLTE: B4/5/12/71
4GLTE,ER: B25/66
2G,GSM: B2
Fairphone 5 supports these bands:
5G: n1/2/3/5/7/8/20/28/38/41/48/71/77/78
5G,ER: n66
4GLTE: B1/2/3/4/5/7/8/12/20/28/32/38/40/41/42/48/71
4GLTE,ER: B66
It looks like the Fairphone 5 covers T-Mobile’s 5G Frequency Band 1 frequencies (bold), but Frequency Band 2 is not covered (italic).
Regarding 4G, the Fairphone 5 covers all LTE networks (bold) except for extended range band B25 (italics).
It covers some, but not all.
Was thinking the same thing. Not Graphenes fault though but a failing of OEMs to provide what’s necessary.
It has CalyxOS support though. A decent alternative.
Agreed. I was debating between CalyxOS and GrapheneOS, and I ended up w/ GrapheneOS because I ended up picking the Pixel 8 due to the long software support cycle. If I picked any other phone, I would’ve ended up w/ CalyxOS.
Both are great projects.
Indeed. I am currently waiting for Calyx to be released for my phone, it’s a Moto g84, and support seems to be coming along nicely.
I probably would have picked a pixel if I could, but they are not available for sale in my country.
no other manufacturer than google ever will have graphnene os support. their requirements cannot be met unless you are a tech gian, and with exceptionally good connections to the hardware manufacturers
Fairphone brand is basically saying to everyone “Hey look at our generic Android phone with everything you need from Google, including AI stuff and data collection” and when you ask if you can have a privacy friendly features they basically say “Nope, we just do a phone with replaceable parts, that’s all. Don’t ask for more”
And it would be such good marketing strategy “replaceable parts + privacy”
At least someone commented CalyxOS supports it which seems to be a good alternative to GrapheneOS
You could always go for /e/os though
Edit: Didn’t know it was this bad…
/e/os is a security dumpster fire. It’s even worse than stock Android. Stay away from it.
Can you explain?
Every other version of Android gets security updates out within a couple weeks of release at most.
/e/OS users are lucky if they get them within a couple months.
No offense, but that’s not what a security dumpster fire is. Security updates are important, of course, but they are also not the biggest deal.
In fact, I bet that the vast majority of users (on Android or otherwise) are lagging way behind in updates anyway.
That is not the only issue, it’s just one of the more major ones that shouldn’t be dismissed like it’s nothing. Another major one is the unlocked bootloader. You can take a look at all the Android ROMS here.
I think people should treat carefully when changing the OS of a mobile device. Changing your OS to something less secure just because you want to shove it to Google and Apple is not enough to warrant it. Better to stay with something safe that you know than with something insecure like /e/OS.
Luckily we have Graphene so you can actually switch to a more secure and private OS that is not made by an American corporation hungry for data.
/e/OS has official builds for the fairphones, you can re-lock the bootloader there, afaik. At least according to this: https://doc.e.foundation/devices/FP5/install
You can also buy the phone directly with /e/OS pre-installed & closed bootloader, from what I read on the fairphone website.
I am not dismissing it, I am saying that is not as big as you make it to be. Most users lag behind in updates anyway, besides using minimal and trusted applications, the outside exposure to exploitation is relatively small, for a device without a public address. I am not the one APTs are going to use the SMS no-click 0-day against.
Similarly for the bootloader issue. The kind of attacks mitigated by this are not in most people threat models. They just are not. As someone else wrote, it’s possible to relock the bootloader anyway with official builds (such as my FP3). But anyway, even for myself the chance that my phone gets modified by physical access without my knowledge is a fraction of a fraction compared to the chance that someone will snatch the phone in my hand while unlocked, for example (a recent pattern).
If these two issues are what prompts you to call a “security dumpster fire”, I would say we at least have very different risk perceptions.
We do. I can’t in good conscience recommend it as an alternative to friends or relatives when even stock Android has improved security. I can’t speak for your social circle, but all the people I know update their phones accordingly. Maybe they delay the update for a few days, but they don’t stay months with their phones like that. Fairphones improve the situation a bit since you can lock the bootloader, but the substantial delay in security updates is still a major risk.
I don’t get why anyone would choose /e/OS over Graphene if they had the option. Graphene offers the highest security and privacy, it works wonderful and most banking apps support it. /e/OS just has the advantage of supporting more models, but if you can get a Pixel what’s the point?
good on you for asking the question. OP does not know what he is talking about
So an OS that boasts about the “privacy” it offers… Doesn’t need routine and consistent security updates?
Sure thing bud, keep going on like you know what you’re talking about.
Generally speaking privacy and security are related but not really linked to each other. Google services might be very secure, but a privacy nightmare for example. In this particular case, even more, because the chances that using a “googled” phone will mean data collection (I.e. privacy issues) are almost certain, while the risks we are talking about are much more niche and - as I elaborated on another comment - in my opinion not really in most people threat model.
I would like to hear your perspective instead, because I am not really into using authority arguments, but as a security engineer I believe to at least understand well the issue with security updates, vulnerabilities and exploits. So yes, I do think to know what I am talking about.
That’s concerning to hear from a supposed “security engineer”.
If you really are, you should be familiar with the age old adage, “no security, no privacy.”
But even then, you seem very blasé about security, so again, really don’t trust you know what you’re talking about.
Thanks for the answer. How does it compare against other Android forks in terms of security update speed?
Also, isn’t Fairphone once also criticised for falling behind on Android security updates or was I misremembering this?
It’s literally the worst.
Also correct, though I am not particularly familiar with Fairphone. Seems like they are down to bimonthly updates, if that.