I was upgrading my Pixel 4a recently, and one of my top concerns was security updates. I wanted a phone that would continue receiving timely Android security fixes for at least 3 years, ideally 5+ years.
I liked the idea of Fairphone, but I was skittish about their ability to fund a team to keep up with the latest Android updates for the next several years.
Does anyone know how small players like this keep up with Android updates? I don't know much about how difficult it is to continue pushing Android updates out, but I assume it's at least somewhat difficult, as many of the major phone vendors do it so slowly and eventually stop after 2-3 years.
I realize those vendors have perverse incentives to stop updates to encourage customers to upgrade phones, but I assume some of it is legitimate difficulty of continuing to provide the updates.
Fairphone 4 owner here. IMO Fairphone has a bit of a mixed record.
On the one hand, they have proven themselves in the past with things like working with the community to get Android 10 ported to the Fairphone 2 [1].
On the other hand, they always seem to be pretty behind on security updates. They got particularly eviscerated by the GrapheneOS project lead [2].
My hot take is Fairphone is a pretty small company that is trying to fill too many niches at once. It's great that they're working on making the supply chain for gold less awful ([3]). It's also great that they're continuing to prove that repairable / user-upgradeable flagship(-ish) phones are possible. I originally chose Fairphone for those reasons, because they align with my values.
Ultimately, though, I want a phone that I can rely on to be rock solid, secure, and highly usable. It's the thing I carry with me everywhere and rely on in emergencies, etc. To that end I recently ordered a used Pixel 6 Pro and plan to switch to that + GrapheneOS in the near future. I hope that Fairphone continues to succeed and help reform the (completely awful, IMO) mobile handset industry.
AFAIK They have the best track record of upgrading Android smartphones, across all their models. Most of the upgrades they are doing it largely themselves beyond what SoC-vendor provides.
It's not extremely difficult (though Google makes it harder every year), but does require people dedicated to "simply" upgrading. A team of 10 of decent software engineers (juniors are okay as long as they have proper embedded systems education, and they aren't afraid of huge code bases) should be able to handle that. Rock-stars should be able to manage that single-handedly (again assuming they only do that).
That being said, for Fairphone 5, they are using a ""special chip"" for which Qualcomm will provide longer software support than they do for other chips (But I think they still need to extend upgrades themselves after Qualcomm stop). In this case, IMO, it's just a way for Qualcomm to make more money off long support. (The chip probably has some difference compared to standard Qualcomm smartphone SoC, because modern smartphone Qualcomm SoC may suicide itself pretty fast with a removable battery)
I can't speculate on the extremely long term, but my fairphone 3 is still getting OS updates pretty regularly. Fairphone 3 was released 3 years ago and I think the last OS update I got was ~3 weeks ago, so they're at least doing 3 years, time will tell for 5+ though.
I think they're focusing primarily on security updates, not Android updates in general (though a couple of those as well). And I believe they're also leaning heavily on the work of LineageOS, but don't hold me to that.
I didn't upgrade yet to 13 because they said the vendor for the fingerprint reader in the FP3 has not registered/validated/whatever for Google's security standards on Android 13 yet, thus possibly causing issues with apps that require strong security (banking apps, for example). What is strange though is that if a banking app can't use the fingerprint reader on 13, it will then default to PINs - aren't PINs weaker security-wise than biometric logins?
>aren't PINs weaker security-wise than biometric logins?
Depends on how you look at it. I'll focus on fingerprint here.
Sure, there are far more possible fingerprint features that can be identified for accept/decline decision "Does this match a registered fingerprint", than 1,0000 PIN combinations (4 digits).
But if the fingerprint reader is too lax in matching, it's possibly worse.
If you can crash the fingerprint reader system, which then accepts all future patterns, that's worse.
If you can trick the system into revealing all the biometric data it's collected, and then replay it directly without using the sensor using their debugging interface, that's worse.
That's not to say defaulting to PINs is or isn't the "least bad" option. Just that it's more complicated than the question makes it look.
There are other issues around your question in general that aren't particularly relevant in context:
You can't reasonably change or revoke your PIN.
Your device is likely covered in your fingerprints.
I liked the idea of Fairphone, but I was skittish about their ability to fund a team to keep up with the latest Android updates for the next several years.
Does anyone know how small players like this keep up with Android updates? I don't know much about how difficult it is to continue pushing Android updates out, but I assume it's at least somewhat difficult, as many of the major phone vendors do it so slowly and eventually stop after 2-3 years.
I realize those vendors have perverse incentives to stop updates to encourage customers to upgrade phones, but I assume some of it is legitimate difficulty of continuing to provide the updates.