| From what I found they're brilliant on repairability, but not so much on security, which is a bummer :( Couple of pieces on hardware: - Fairphone does not include a secure element making brute-forcing PIN trivial - Fairphone 4 used TEST KEYS for verified boot: https://forum.fairphone.com/t/bootloader-avb-keys-used-in-ro...
The above alone shows insecurity by design. I cannot find any of Fairphone technical documentation that would provide details on their implementation of the TEE/HSM.
As of now I believe it's only Pixel's Titan and Samsung's KNOX that provide a discrete secure element on Android devices. Android project recommends secure element to process sensitive data: https://source.android.com/docs/security/best-practices/hard...
What it's supposed to provide: https://developer.android.com/privacy-and-security/keystore On vendor:
Drivers, firmware patches, OS upgrades are a necessity, not an option: most security and privacy updates are not backported. Vendor can't just wait for AOSP to deliver all the patches. Vendor must show a track record providing updates to their hardware - After a lengthy two-year delay, the phone got a taste of Android 12 in February 2023, with Android 13 arriving relatively quickly in October 2023. For Android 14, Fairphone promised to roll out the update in H2, 2024, almost a year after Google released it. Now, with less than two months left in the year, the company is postponing the update's release to 2025. -- https://www.androidpolice.com/fairphone-4-long-delayed-andro... - their Security Bulletin patches are consistently 1-2 months behind - Fairphone 5 is still on Android 14 (since Jul 2024). Android 15 has been released in September 2024. Year and a half later AOSP is on Android 16. - Fairphone 6 is still on Android 15 - Fairphone 5 and 6 latest security patches are from June 2025: https://support.fairphone.com/hc/en-us/articles/244637136412... For comparison GrapheneOS had eight releases in July alone (GrapheneOS had a full A16 release on 30th of June for all supported devices).
Security patches are usually released within one-three days (or earlier, from the tree, without waiting for being published in the bundle) GOS Release for Pixel 9 was ready three days after the device launch. Exploitability matrix as per Cellebrite: https://discuss.privacyguides.net/t/updated-cellebrite-iphon...
That supports the claim the hardware + OS holds. |
> - Fairphone 5 is still on Android 14 (since Jul 2024).
The Android 15 update was actually released this week! https://support.fairphone.com/hc/en-us/articles/186828004651...
> - Fairphone 6 is still on Android 15
Android 16 was released less than half a month before the release of the FP6, which itself is less than a month ago. Seems reasonable that it wouldn't ship the latest version under those circumstances.