- Edited
The article published at https://www.ifixit.com/News/111634/why-the-fairphone-6-should-be-your-next-phone promoting the /e/OS variant of the Fairphone 6 has major misconceptions and inaccuracies. The article promotes a product which is blatantly unsafe due to lack of basic privacy/security patches and protections as being the best option for people who care about privacy. People who listen to it will be significantly worse off on the privacy and security front than if they had bought an iPhone instead.
Fairphone 6 does not keep up with standard Android privacy/security patches and has no secure element to provide working disk encryption for typical users not using a strong password, among other flaws.
Lack of secure element throttling for disk encryption means users with a typical 6-8 digit PIN or basic password will not have their data protected against extraction. Brute forcing the PIN or password set by the vast majority of users is trivial without secure element throttling. Users are not informed they're not going to have working disk encryption without a strong passphrase on Android devices lacking this feature. Pixels and iPhones provide a high quality secure element providing this and other important functionality. Samsung devices from the past several years at least have a basic secure element providing some of the protections.
/e/OS dramatically reduces privacy and security compared to the Android Open Source Project. It lags far behind on OS and browser patches. It also doesn't keep important standard protections intact.
The article appears to be confusing our sandboxed Google Play compatibility layer with the privileged integration for microG, Android Auto and other Google apps/services in /e/OS.
which is kind of like adding Google Play Services to your phone as a regular user rather than an admin
Our sandboxed Google Play compatibility layer works exactly as the article describes: installing Google Play and other Google apps as regular sandboxed apps. That's not how these things work in /e/OS.
DivestOS, which has been discontinued, had mostly (not fully) unprivileged integration for microG unlike /e/OS and CalyxOS where it's privileged. /e/OS and CalyxOS also have privileged integration for Android Auto and other Google apps/services. If you install Android Auto on /e/OS or CalyxOS, it's a highly privileged app not running in the regular app sandbox and also receives extensive privileged access via special permissions only available to OS components. microG is similar.
GrapheneOS is vastly different from /e/OS. GrapheneOS is a hardened OS preserving the standard privacy and security features and model, then greatly improving both privacy and security on top of that base. /e/OS is not a hardened OS and it greatly reduces both privacy and security compared to the Android Open Source Project. /e/OS doesn't only lag very far behind on OS and browser patches. It also disables or cripples important standard privacy and security protections.
The article implies people can't buy devices with GrapheneOS preinstalled, which isn't right. There are multiple companies including NitroKey selling devices with GrapheneOS installed. This shows where NitroKey sells them:
https://shop.nitrokey.com/shop?&search=nitrophone
https://shop.nitrokey.com/shop?&search=nitrotablet
There are many other companies selling devices with GrapheneOS.
There's a high quality third party comparison between Android-based operating systems at https://eylenburg.github.io/android_comparison.htm with a privacy and security focus.
Android has a new OS release each month. It's a monthly, quarterly or yearly release.
The current release of Android is the July monthly release of Android 16 after the initial yearly Android 16 release last month. Prior to that was the May monthly release of Android 15 QPR2. Android 15 QPR2 came out in March 2025. Android 15 QPR1 came out in December 2024.
Fairphone 6 launched using the initial yearly release of Android 15 from September/October 2024.
Since Android 14 QPR2, quarterly updates are as large as yearly updates. Like many non-Pixel OEMs, Fairphone skips the monthly and quarterly updates. Non-Pixel OEMs are beginning to ship the quarterly updates, but in the past nearly none did.
Providing the latest monthly, quarterly and yearly update is needed to provide full privacy and security patches. Only High and Critical severity patches are backported to older releases in the Android Security Bulletins, often months later. Low and Moderate severity privacy/security patches are almost never backported to older Android releases. Privacy and security improvements not considered bug fixes aren't backported to older releases. Major privacy issues are fixed by newer Android quarterly and yearly releases which will never be backported due to not being considered fixing a bug.
Fixes for important leaks of data to applications, VPN leaks, etc. are rarely backported either due to being considered Moderate severity or a privacy improvement rather than a bug fix. The app sandbox and permission model significantly improves with each new yearly Android release and none of that is backported. Android and iOS provide backports to older releases as a stopgap. Android's quarterly releases go through months of public testing prior to stable release and yearly releases are publicly testing for more than a year. Android's stable releases are not the bleeding edge but rather are the expected baseline unfortunately not provided by most Android OEMs and aftermarket operating systems.
Here are the update notes for the Fairphone 6 stock OS:
https://support.fairphone.com/hc/en-us/articles/24463713641234-The-Fairphone-Gen-6-Release-Notes
Here's for the Fairphone 5:
https://support.fairphone.com/hc/en-us/articles/18682800465169-Fairphone-5-Release-Notes
Here's for the Fairphone 4:
https://support.fairphone.com/hc/en-us/articles/4405858220945-Fairphone-4-Release-Notes
You can see for yourself that it's typical for them to have 1-2 months of delay for the security backports to older releases. The yearly updates typically take a year or more. Monthly and quarterly updates aren't provided.
/e/OS is worse than this and unlike the stock OS, misleads users.
/e/OS changes the UI displaying the patch level to one which masks what's actually being provided. They also set an inaccurate Android security patch level ignoring the non-AOSP portion of the patches and part of the AOSP portion of the patches. /e/OS partially shipping the AOSP portion of the patches as providing the full monthly privacy/security patch backports, which isn't what that is. /e/OS also has major issues providing browser updates. Many apps use the OS WebView.
The article presents this conclusion:
this makes the Fairphone probably the best phone for anyone who values their privacy even slightly.
This is very wrong. Fairphone 6 with stock OS has very lacking security due to delayed patches (1-2 months for partial backports, much longer for full Android patches), no secure element, etc. /e/OS has absolutely atrocious privacy and security, not meeting even basic privacy/security standards. You're guiding people to an unsafe option.
iPhone users get a device with far stronger hardware and software security, far better privacy from apps/services and a bunch of well secured services with most of those supporting proper end-to-end encryption via their opt-in Advanced Protection Program. If people get a device with /e/OS, they're missing the most basic bare minimum privacy and security patches and protections. /e/OS has their own invasive services included, and it does still use various Google services too.
/e/OS has responded to this thread with inaccurate claims about GrapheneOS and attacks on our team which we've replied to below: