OS System Update via WIFI that was not mine

anonymous_joe · December 23, 2025, 6:52pm

Dear Community,

I am using my new Murena Fairphone Gen 6 for little over a week by now and I am very pleased.

Yesterday I got the information that a new system update was available. Since I wasn’t at home and did not know when I could use my own (secure) WIFI I updated my phone at a friend’s place using his WIFI.

Now I might be a bit over-cautios but I do not know whether this friend of mine runs regular updates on his router or had a network corrupted in any other way. I asked an AI for the risks of updating a smartphone via a potentially unsecure WIFI connection and it said the risk basically boils down to three questions:

Does the smartphone’s OS validate digital signatures?
Is the smartphone’s bootloader locked?
Was the server the update was loaded from compromised?

I think (hope) we can rule out #3. But what about #1 and #2? Does /e/ validate the signatures of the update packages and is the booloader of the Murena Fairphone 6 locked?

Info: I did not change any of the developer settings after the phone was shipped.

Thanks in advance!

tcecyk · December 23, 2025, 11:46pm

It’s #1 - Android validates the signature of the incoming ota. Any wifi is fine for this

(Store FP6 are relocked. But it doesnt matter in this context)

anonymous_joe · December 24, 2025, 8:20am

Hey!

Thanks for the swift reply! One more question:

Store FP6 are relocked.

What does that mean? Is my phone’s bootloader locked?

AnotherElk · December 25, 2025, 3:35pm

Yes.
Every FP6 initially comes with Fairphone’s own OS and a locked bootloader. So whoever then installs /e/OS (including Murena) needs to unlock the bootloader for this, then relock after install (if desired, and it is desired on Murena’s side as a seller).

system · February 21, 2026, 6:52pm

This topic was automatically closed after 60 days. New replies are no longer allowed.