Plenty of questions concerning my new Fairphone with /e/OS

Hi,

recently I have become an owner of the fairphone 3+ with /e/OS. As I am going to put a lot of emphasis on my privacy with this new smart-phone, the following questions und problems came up for me:

  1. I have a problem with the app Shelter (I have downloaded it via F-Droid). When I open Shelter it continously informs me that I have received a notifaction to finish installation process of this app; but I couldn’t have found such a notification. I have also tried to uninstall this app, but unfortunately this is not possible (It is a bit worrying). What can I do in this case?

  2. For which of the following apps should I use Shelter or any other sandbox app? For Whatsapp, Spotify, Urbansports, my banking account app, tinder, RAguide, Fish Deeper - Fishing App?

  3. What’s the best way to transfer my personal data from my old Samsung with Android 8.0.0 to my new Fairphone?

  4. Will there be any risks concerning my privacy if add my hotmail-account to the mail-app of the new smartphone?

  5. When I switch on the Advanced Privacy button, this means that I am surfing with the tor-browser?

  6. What else can I do to increase the privacy of my new smartphone? On this homepage /e/OS says the following:
    “If you are looking for an OS with hardened security, use Graphene, if you are searching for an OS that helps you keep your data safe from Google, use /e/OS . The choice depends on your needs.”

To what extent does Graphene even more harden the security of you smartphone? Are measures to catch with my /e/OS?

Thanks in advance for you help!

Regain your privacy! Adopt /e/ the unGoogled mobile OS and online servicesphone

1 Like

1 Like

1 Like

/e/OS is actively insecure, the default web browser and system WebView is from March with 209 known security issues.

The included PDF viewer has another 55 known security issues.

/e/OS is not just “not hardened”, it is actively insecure and failing to provide basic security patching of the system and included apps.

Not to mention the system is always one ASB behind (1.4 is August, it is October!), and cannot provide the full ASB to many of its supported devices as they are end-of-life by their vendors.

The /e/ team has repeatedly and consistently failed to adequately address this in any manner.

I document this here:

(disclosure: DivestOS is my project)

To actually answer the question, every feature listed on this page is a feature GrapheneOS adds on-top of AOSP: https://grapheneos.org/features

GrapheneOS is the absolute gold standard of aftermarket operating systems, use it if you can.

2 Likes

Are you on the latest version (1.8)? there was a fix for this recently.

Also to reinstall it, you must first delete the profile it created in from the Settings app.

The primary benefit of work profiles for isolation:

  • the ability to freeze the app, preventing it from running
  • the ability to grant it file access without it having access to your files (although this is less necessary in Android 13 or GrapheneOS)
  • the ability to use a separate VPN connection for apps in it

It does not and cannot provide protection against security issues.

If you do, be sure to not route the email app through Tor/Advanced Privacy: Advanced Privacy - #39 by Brad

It routes though Tor (a very old one from 2020 too!), but it is not Tor Browser.
You must be cognizant of such and I recommend avoiding non-encrypted connections (HTTP).

3 Likes

You are saying here the lack of browser update is a deliberate and malicious attempt by /e/ to cause their users harm, rather than a result of a lack of resources or poor management.

2 Likes

@anon88181694 Thank you for your answers.
Concerning security issues - how serious are they? Is there danger that my Fairphone can be easily hacked by criminals?
Did I do a bad purchase with my Murena-Fairphone or can I still use it as an average non-hardened smartphone?

Yeah GrapheneOS sounds reallly good. I have read and heard about it before. But you can get it only on the Google Pixle Smartphone and I am not ready to buy a new non-repairable Google-Phone.
And an installation of GrapheneOS on the Fairphone 3+ is not possible according to my knowledge. And it won’t be?

Concering Shelter, yes I have the Version 1.8. Thanks to your hints I managed to uninstall the app. Does it still make sense to use it?

1 Like

@Baggypants
No where did I say malicious.

@DerweissePanther

non-hardened smartphone

Again it isn’t just not-hardened, it is months behind basic security patching.

how serious are they

4 of those 209 Chromium security issues were known to be exploited in the wild when they were announced, as time goes on a handful of the rest will likely become exploited by others in broader ways.

And it won’t be?

No because the FP3 doesn’t meet the requirements for GrapheneOS. It doesn’t even handle verified boot properly because Fairphone used insecure test-keys for AVB.

bad purchase

You and everyone else who purchased one of these devices or services needs to start demanding that security be taken seriously.
Otherwise you’ll all end up suffering.

1 Like

I trust both the /e/OS team to eventually address the security issues with browser, webview and PDF viewer, and users to use alternative browsers and viewers in the meantime. Issues have been raised and will be taken care of.

4 Likes

@MaMaTT88

eventually

The PDF viewer security issues stem from the library being from January of 2016!
Advanced Privacy, which released in May 2022, chose to ship a version of Tor from November of 2020.
Browser issues are 7 months old.

How long is too long?

And again to reiterate, using a different web browser does not fix this issue, the system WebView is loaded into any apps using WebView widgets. You cannot change the WebView without root, as the only currently allowed WebView providers are Google WebView and the built-in system WebView.

3 Likes
  1. What’s the best way to transfer my personal data from my old Samsung with Android 8.0.0 to my new Fairphone?

Regarding the migration of your data, you may follow this very good guide written in the support section of /e/ os website. https://doc.e.foundation/support-topics/migrate-to-e

  1. “If you are looking for an OS with hardened security, use Graphene, if you are searching for an OS that helps you keep your data safe from Google, use /e/OS . The choice depends on your needs.”

Regarding security and privacy, what they mean is that a very secure os like up to date android or graphene does not entail privacy at all. Security means protection against hacking or data leakage.

Though security will also come with lessen exposure according to your usage practices. Like not downloading any app (free to play games, apps that are not necessary because a normal website has the same function and can be accessed with the browser, the will to enlarge you penis, etc).

Don’t let SkewedZeppelin fool you. He is unfortunately mainly boasting about his knowledge of security. Even though what he says is true, /e/ os is usually a bit late on updates and on some security patches, it seems that if you bought a fair phone with /e/ os, then you value your privacy much more that having a security patch one month too old. Obviously /e/ os team has limited resources and they chose where to focus their means in priority. Security will be enhanced in time but it is already not bad. The bootloader is probably locked on your phone, Se linux is enforced, your phone’s data is encrypted and you prabably use a pin to unlock your phone. Then you also need to type a password to access your bank account.
By you awareness to privacy, your way of using your phone is probably already very careful which results in a very minimized exposure to easy hacking, like email phishing.
Privacy is utmost important, more than having a slightly increased risk of being hacked remotely. Today, /e/ is the only choice available for using a smartphone without giving away all your data to google. Not only the fact that it exists is great but /e/ os is also a great system, with very pleasant user friendly features. I struggled for 6 years using different phones and versions of Lineage OS, I always had worse security but more importantly, I still had privacy leakage from DNS, gps, and no /e/ os cloud, no consistency in the updates, no forum with listening developers.
Faire phone and murena one phones are the best choices with /e/ os as their firmwares are updated along with the OS updates, which guarantees better hardware performance (lack of issues) and some improved security. So with your choice, you are not so far from the the user experience offered by smartphones sold by gigantic companies but with unparalleled privacy offered by a very small foundation.

5 Likes

@GabrielT

graphene does not entail privacy at all

GrapheneOS is quite private right out of the box, and goes to great lengths to empower users control over their device: see nearly every section on this page: https://grapheneos.org/features

And to reiterate: you cannot have privacy without security.

one month too old

And a browser/WebView from 7 months ago…

privacy

Rubbish! That phrase is just about meaningless: both privacy and security - in computing and mobile phone terms - are relative, as are ‘user-friendliness’ and ‘usability’.

You certainly can have a better level of privacy than ‘standard’ Android, and /e/OS provides this. From what I have read, DivestOS and Graphene certainly provide a better level of security than standard Android or /e/OS, or LineageOS (with or without microG).

/e/OS and LineageOS for microG both provide (in my opinion) a good balance between security, better privacy, and usability and user-friendliness. And they have the advantage of being available for a very wide range of phones, both old and new(-ish). (I have not used GrapheneOS or DivestOS, so I cannot comment on how usable or user-friendly they are “out of the box”. )

At the moment, LineageOS for microG is probably ahead of /e/OS in terms of security, but /e/ are working towards improving security. But they are under-resourced at the moment, and have many issues - including security - that need to be addressed.

Another phrase that is just about meaningless. “Gold standard” for what? Security? Maybe. Privacy? Maybe. Usability “out of the box”? Not from what I have read. Availability on different devices? Definitely not: some devices apparently don’t “meet the requirements for GrapheneOS”, so if you have one of those devices, it’s not “gold standard” for you :slight_smile:

Really? Maybe you need to take a look at your own sense of perspective. Please feel free to come on these /e/ forums and rant on about what a POS /e/OS is compared to the “gold standard”, but be prepared for people to start ignoring your posts. Some of your earlier posts were interesting, informative and helpful. Now - in my opinion - they are becoming much less so, and I may start reaching out for the ‘ignore’ button soon :slight_smile: (not that that will worry the author of the “the absolute gold standard of aftermarket operating systems” :wink: )

2 Likes

The purpose of Shelter is to provide a runtime environment in which to run apps that may seek to compromise your privacy by accessing your personal data. I this environment those apps do not have access to that personal data. So, it is definitely worth using it for WhatsApp, which, if run outside Shelter, will attempt (after asking your permission) to access your Contacts and upload them to the Meta / Whatsapp / Facebook servers.

It’s certainly not necessary for running a banking app, which is very unlikely to want to access any of your personal data (except what you provide within the app).

I don’t know about any of the other apps you mention. The questions to ask for each app are “What data external to the app does this app want to access? Contacts, Calendars, Call logs, Messages, anything else?”, " What will they do with that data?", and “Am I happy for them to do that?”.

Whether or not you should run them in Shelter will depend on the answers to those questions.

1 Like

You said they are being malicious when you said they are being actively insecure. That’s how English works. I doubt I can make it any plainer.

Let’s keep in mind here that /e/ is still in the beginning stages. If I look at the progress over the last year for example, it leaves me very optimistic with regards to the direction it is headed.

The security update situation is definitely not optimal at this point, but hopefully this can improve as the project gains popularity and thus funding. I also hope that with regards to privacy, some efforts will be shared with some other custom ROM projects in the future, such as when it comes to a proper firewall solution.

3 Likes

@nanabanaman
Hasn’t /e/ been around since 2017?

They must have been very lazy indeed, building only an entire ecosystem with Mail, Drive etc in addition to a privacy-focused OS.

More seriously, version 1.0 was out end of May this year. Not so long ago.

2 Likes

What they are doing here is a monumental task. They have been hiring people and significan progress has been made, especially recently.