The Fairphone (Gen. 6)

available with /e/OS too https://shop.fairphone.com/the-fairphone-gen-6-e-operating-s...

As I near the eol of my daily driver, I'm considering a Fairphone, but what it's missing is a folding card holder, like the Satechi wallet stand for iPhone. Putting the phone in horizontal mode on a table and using a bt keyboard is how I do a lot of my writing

eOS uses microG. I'd wish Fairphone offered partnership with GrapheneOS, especially now that Google broke their workflow. Sandboxed Play Services is pretty much a must for a lot of people.

>I'd wish Fairphone offered partnership with GrapheneOS

The makers of GrapheneOS have indicated that Fairphone doesn't meet their security requirements:

https://grapheneos.social/@GrapheneOS/114737139118874189

I think there are some fundamental flaws with how Fairphone operates, plus they don't seem to release security updates promptly.

Unfortunately there seems to be bad blood between the two :(

It would be good if Fairphone could make a product that meets GrapheneOS requirements, but they measure the tradeoffs between security, usability, and cost (to do hardware and software things) differently. Each team is free to make the choices they deem fit. If only the intersection of GrapheneOS and Fairphone users were bigger, market forces would push them towards a common vision.

So Fairphone is NOT secure?

This question always comes up:

The Reason GrapheneOS isn't made for Fairphones Officially is that Fairphones lack a lot of base requirements for official support:

https://grapheneos.org/faq#future-devices

There's nothing preventing anyone from making a 3rd Party port of GrapheneOS to Fairphones, it just seems no one does.

> Unfortunately there seems to be bad blood between the two :(

There's is no bad blood here, it's merely that fairphone doesn't meet the required standards for them to be a target the graphene team is interested in supporting offically. There's nothing preventing anyone from porting it themselves and nothing preventing fairphone from porting an inferior version of grapheneos to their phoens.

This seems to be missing the new focus features introduced with the physical switch, or am I missing something here. Also quoted as 50/100€ more expensive (two prices on the same page?)

The $50 extra, for a pre-installed eOS goes toward the eOS Developers;

However you could also install eOS yourself instead of course, if you prefer.

Security is a policy-driven spectrum of considerations and solutions. GrapheneOS targets very specific threat models, which is not possible with Fairphone hardware/BSP. Whether it makes it not secure for your own use cases, it's up to you to decide.

Case in point: re-lockable bootloader requirement. Not everyone is a target for an evil maid types of physical attacks or possible state actor pressure. But when you actually need it, it's not negotiable.

> plus they don't seem to release security updates promptly.

They did announce they're going to do daily linux patches though, so that's atleast something https://www.phoronix.com/news/Fairphone-6-Linux

Which features specifically do Fairphones miss? It seems to me like most of those requirements are all part of the (mostly open-source) software stack. The Fairphone uses a standard Qualcomm chip that should work as well or as badly as a Pixel SoC.

The "Complete monthly Android Security Bulletin patches without any regular delays longer than a week for device support code (firmware, drivers and HALs)" part isn't even true for Pixels.

Fairphone is as insecure as most non-flagship Android phones. Make of that what you will.

GrapheneOS takes security very seriously. Your average desktop PC or laptop won't come close to their requirements. That makes GrapheneOS an excellent OS for people who want the security of iOS without the many downsides of Apple. Their patches reduce usability but make the phone more secure than Google's own, official Android build.

However, if you've ever used a Windows (or Linux) laptop, you've already experienced the kind of insecurity that GrapheneOS tries to prevent. No hardware encryption accelerators outside of the CPU, rarely any patches that roll out within a weak of announcement, firmware protection being basically nonexistent, no A/B updates, almost certainly no verified boot (even with Secure Boot enabled), and usually no firmware USB lockdown.

> The Fairphone uses a standard Qualcomm chip that should work as well or as badly as a Pixel SoC.

I suspect it's the features of the titan m2 security chip. It's a pretty cool piece engineering [0].

[0] https://www.androidauthority.com/titan-m2-google-3261547/

>The "Complete monthly Android Security Bulletin patches without any regular delays longer than a week for device support code (firmware, drivers and HALs)" part isn't even true for Pixels.

Doesn't the ASB get published at the same time as pixel updates? So by definition it's up to date.

I'm actually interested on this. Has anyone used previous Fairphones with /e/os? ¿How painless is the experience?

While I use CalyxOS not /e/os the experience was very painless. I assume it's the same with /e/os.

Yes, but vulnerabilities don't always get backported to older (supported) devices immediately. I distinctly recall one case where an Android CVE was patched months later on one Pixel model compared to the others that were in support. However, because search engines have all become terrible in the age of AI, I can only find vague references.

I did, for instance, find a case where Google Project Zero published a blog post on a vulnerability while their Pixel 6 was still four days away from the first updates: https://9to5google.com/2023/03/20/pixel-6-march-2023-update/

I myself regularly find my Pixel only noticing updates half a month later unless I manually check while my Samsung tablet notifies me immediately once my quarterly update is available. It's quite annoying to have to check for updates manually every week, but I suppose updates are technically available.

The tech is impressive, but not exactly Google exclusive. If the ROM developers intend to only support devices with Pixel exclusive features like the Titan chips, they might as well say they're not interested in supporting non-Google phones.

I've used it on both my previous phone (Fairphone 2) and now on the Fairphone 4. It's very painless, their installer is easy to use. The caveat here is that my most-used app is Firefox, and I don't use banking apps or Chromecast, which people seem to be worried about often.

This is a misunderstanding. It's just that Google Pixel are the only devices that have this level of hardware security engineering AND are open to thirdparty roms like grapheneos to a decent degree.

Samsung Flagships and Iphones seem to have similar level of security engineering in them (Pixels use Samsung CPUs essentially) but aren't open to the required degree for third party roms.

There's nothing else on the Market that delivers on that Level. The GrapheneOS guys are working with someone one a potential custom phone to get the required level of hardware security but nothing has materialized. Companies like Fairphone are free to deliver hardware that is competitive in the security space and i'm sure that the grapheneos team will consider them then. But until anyone else does i'll keep buying whatever phone grapheneos wants me to buy, i don't care.

Interesting enough, GrapheneOS runs exclusively on google devices. This fact makes it obsolete for me. I don't trust google in anything, soft or hard ware.

Thanks for the answer. I finally ordered the Fairphone 6 with /e/os. I hope I do not regret this decision.

I hope so too! The fallback is switching back to regular Android. If /e/OS doesn't work well enough for you, it wouldn't work well enough on other phones either, so in that sense this purchase isn't a waste.

here's a pretty good thread about compatibility:

https://grapheneos.social/@GrapheneOS/114721666000552094