Please put the complete date of the security patch date in the release notes

olli0371 · July 17, 2025, 6:23am

Hi,

in your release notes it just says :

Security fixes

This /e/OS 3.0.4 version includes the Android security patches available as of June 2025.

Please give the complete date in the documentation as this is important for the anti rollback feature that may brick the phone.

Example:
e/OS Version 3.04 has the patch date of 01.06.2025
Latest Fairphone OS has the patch date 05.06.2025

In this case i can not lock the bootloader as the e/OS patchdate is older than the official FairphoneOS that was installed previously.

I needed to install several tools to extract the flashfile to find this out. Please put the exact date into the documentation - would be very helpfull and cost no efford.

Thank you
Oliver

Regain your privacy! Adopt /e/OS the deGoogled mobile OS and online services phone

Manoj · July 17, 2025, 6:29am

Have passed on the feedback to the team.

aibd · July 21, 2025, 10:50am

I have added the tag documentation-inputs @Manoj.

Since about early this year there has been a change in the way that the Android Security Bulletins https://source.android.com/docs/security/bulletin/2025-06-01 are dated as per example in OP.

How does this affect users in the “Can I lock my Fairphone” decision ?

Does the Anti rollback index rely on

day - month - year
or is the month of the Android SPL sufficient?

tcecyk · July 21, 2025, 1:39pm

if you mean the 1st vs 5th of date distinction framework vs vendor, it was introduced July 2016 or even earlier

examples of ril index integers I’ve seen are unix epoch derived from the date, so the full date matters

aibd · July 21, 2025, 2:04pm

Thanks for the clarification. Sloppy wording on my part but I guess I was just drawing attention to the bulletin’s date of publication where I gave a recent example of the bulletin itself containing the date 01-06-2025.

It seemed to me as if Google have become more upfront about dating as many of us have got used to seeing Android SPL consistently 5th of the month until more recently.

tcecyk · July 21, 2025, 2:31pm

the implicit meaning of what the OP presents is: /e/ v3.0.4 doesn’t include the vendor firmware partition updates that fairphone currently ships. Or one forgot to set the string.

fietje · July 21, 2025, 6:39pm

I struggle with assessing how out of date (or not) /e/OS is for the different Fairphones… how would one properly assess this?

Also, one step further, if Fairphone provides security updates, it does mean all base hardware issues should be addressed, right? So as long as Fairphone still supports the device (update latency notwithstanding), the device should be patched, right?

tcecyk · July 21, 2025, 7:11pm

“assessing”: SPL dates aren’t inherently wrong though intransparent. There was a CVE checker that did analysis on-device (SnoopSnitch), but I don’t think its kept updated.

“the device should be patched”: someone at /e/ has to bundle the firmware, do kernel vendor fixes, it’s not automatic

fietje · July 21, 2025, 7:16pm

Yes, alright.

Assuming Fairphone pushes out a new FP OS version, and /e/OS gets the relevant bits from there, we’re ok?

tcecyk · July 21, 2025, 9:09pm

if you want to dig into it, look at the device kernel repo, firmware version strings and framework base. But it is another thread. This here is just about some help in knowing the SPL of the image offered to prevent rollback bricks.

fietje · July 21, 2025, 9:39pm

How very right you are.