Please do not drop support for them though. These phones are not that old yet
Discussion
It is inevitable due to the fact there is no longer firmware and driver support. I just want to garner what people will do when it finally happens. The point where there are too many regressions it will go.
So wouldn't this also affect any other OS? I would have to buy a new phone anyway. But I will stick to GrapheneOS anyway.
Prolonged firmware/driver support sounds like another good reason for the Fairphone ;)
Fairphone devices don't meet our security requirements. They receive the Android Security Bulletin patches late, are missing recommended security patches, don't have a secure element with the required features, have insecure/broken verified boot and attestation and other issues.
It's very misleading for them to say that the device will have 6 years of support when for half of the lifetime it won't have full security patches. Pretending it has verified boot when it's known to be completely broken/insecure is also a pretty big issue, and that's a pattern.
One major example of how not having the hardware security features we expect impacts users is that disk encryption doesn't really work for most users without a secure element providing Weaver. With Weaver, a random 6 digit PIN is highly secure. Without Weaver, it's near useless.
Without hardware support, an attacker can do as many attempts as they want regardless of what's enforced by software. Software-enforced attempt limit doesn't really work. Weaver is hardware-enforced throttling by a secure element. It's what makes a random 6 digit PIN secure.
To summarise, they ship the mandatory ASB patches 1-2 months late each month, their SoC is configured insecurely and their verified boot implementation is broken. It's missing years of recommended security patches for vendor code. It doesn't have the expected hardware security features either.
Yes it does affect other OSes on other devices, however other OSes aren't up front about what their 'support' of End of Life hardware means and misleads/misrepresents doing so as secure/private. They treat users as ignorant and the terms as marketing gimmicks.
GrapheneOS takes users security and privacy seriously, you matter which is why we are brutally honest in such matters and only recommend OEM supported Pixel devices as they are the basline the majority of other OEMs never match.
Thanks alot for the detailed explanation, I will not talk about Fairphone again. So when do you recommend to replace Pixel 4a phones?
In line with this:
Also happy for anything to be discussed, nothing to stop any OEM stepping up their game.
Thank you. Also for your work. Glad I donated via opensats.