I fully agree on the Framework laptop, but Fairphones are insecure and suck. Get yourself a (preferably used) Google Pixel instead and load GrapheneOS on to it, it’s very easy and maybe takes 10 minutes.
unfortunately as someone who fixes phones day in and day out I cannot own a pixel. absolutely horrendous build quality. there’s a gap behind the screen which is held on solely by shitty adhesive on a thin bezel, and the amount of devices I’ve seen totaled by a drop on a corner destroying that bezel so a new screen can’t be installed is insane.
My experience is not that they suck. But yeah, they sure don’t have the same spec as a premium iPhone or a Pixel. But they have a modular design, just like the Framework Laptop. I don’t know any other modern phone that does. And they use a SoC that is guaranteed to receive support for a long time.
Fairphone fails to properly sign their own operating system. They use the publicly available (!) AOSP test private keys instead of an actual secret key. This breaks fundamental security features of Android like Verified boot, rollback protection, etc. They’re also pretty slow with updates, including important monthly Android Security Bulletin patches. This is just the bare minimum for any OEM, and Fairphone fails to properly implement it.
Google goes above and beyond, and offers cutting edge hardware security in their Pixel devices. They have features that currently can’t be found in any other Android phone, like ARMv9 MTE (hardware memory tagging), the Titan M2 secure element, which supports Android StrongBox, the Weaver API and comes with insider attack resistance. GrapheneOS takes full advantage of these features, and combined with their numerous software security improvements offers the most secure mobile OS + hardware combination on the market. You can read more about all the hardening of GrapheneOS on their features overview page: https://grapheneos.org/features
Plus it’s degoogled by default, so it doesn’t come with any trackers or bloatware. You can opt to install Google Play services, but they are confined in the standard Android application sandbox, just like any other user-installable app. They don’t get any elevated privileges like on other Android-based operating systems.
I’m sorry, there’s no other way to say this, but such a major issue slipping through is just a massive sign of incompetence. I support Fairphone’s mission and philosophy, but I just can’t trust this company. This isn’t the only security issue either. I wouldn’t recommend their devices to anyone for this reason.
I fully agree on the Framework laptop, but Fairphones are insecure and suck. Get yourself a (preferably used) Google Pixel instead and load GrapheneOS on to it, it’s very easy and maybe takes 10 minutes.
unfortunately as someone who fixes phones day in and day out I cannot own a pixel. absolutely horrendous build quality. there’s a gap behind the screen which is held on solely by shitty adhesive on a thin bezel, and the amount of devices I’ve seen totaled by a drop on a corner destroying that bezel so a new screen can’t be installed is insane.
Thank you for your insight.
Why do you think Fairphone (5) is insecure?
My experience is not that they suck. But yeah, they sure don’t have the same spec as a premium iPhone or a Pixel. But they have a modular design, just like the Framework Laptop. I don’t know any other modern phone that does. And they use a SoC that is guaranteed to receive support for a long time.
Fairphone fails to properly sign their own operating system. They use the publicly available (!) AOSP test private keys instead of an actual secret key. This breaks fundamental security features of Android like Verified boot, rollback protection, etc. They’re also pretty slow with updates, including important monthly Android Security Bulletin patches. This is just the bare minimum for any OEM, and Fairphone fails to properly implement it.
Google goes above and beyond, and offers cutting edge hardware security in their Pixel devices. They have features that currently can’t be found in any other Android phone, like ARMv9 MTE (hardware memory tagging), the Titan M2 secure element, which supports Android StrongBox, the Weaver API and comes with insider attack resistance. GrapheneOS takes full advantage of these features, and combined with their numerous software security improvements offers the most secure mobile OS + hardware combination on the market. You can read more about all the hardening of GrapheneOS on their features overview page: https://grapheneos.org/features
Plus it’s degoogled by default, so it doesn’t come with any trackers or bloatware. You can opt to install Google Play services, but they are confined in the standard Android application sandbox, just like any other user-installable app. They don’t get any elevated privileges like on other Android-based operating systems.
Sounds like they at least addressed the test key issue
https://www.fairphone.com/en/2024/01/30/security-update-apex-modules-vulnerability-fixed/
I’m sorry, there’s no other way to say this, but such a major issue slipping through is just a massive sign of incompetence. I support Fairphone’s mission and philosophy, but I just can’t trust this company. This isn’t the only security issue either. I wouldn’t recommend their devices to anyone for this reason.
Alright. Thanks!