Mine is running /e/ and reporting Android 13, which appears to be the last one Fairphone support. /e/ said it was too difficult to support 14 with the kernel involved. It's had continual security updates apart from the Android version.
Edit: Murena make it clear which phones are officially supported and which have "community" support.
This is not the manufacturer updates. I was talking about the manufacturer updates. I just checked and someone complained a few months ago and they updated them. Before that, they had not been updated in years on /e/OS, but they were up-to-date on Stock Android.
> Edit: Murena make it clear which phones are officially supported and which have "community" support.
I bought a phone to Murena, advertised by Murena, through Murena. It really felt like it would be officially supported, otherwise they should have made it clear that they advertise and sell something that they won't support, wouldn't you say? My feeling is that they just stopped supporting it after a while.
Also I would assume that "supported" means that it receives both the LineageOS updates and the manufacturer updates. Apparently they have a different definition of "supported" (which is fine, maybe it's just "we will continue sending you our own updates"). It's just that in my book, if I get more security updates with the Stock Android than with /e/OS, then Stock Android is more secure.
Nope, it doesn't receive most privacy and security patches. Users are being heavily misled about what's provided. First of all, the kernel is nearly entirely not being updated which is a massive portion of the privacy and security patches. Murena's devices have poor privacy and atrocious security including due to the failure to properly provide basic privacy/security patches. Their claims about what they provide need to be distinguished from what is actually provided. /e/ updates the patch level regularly to claim they provide the security patch backports but that doesn't mean they actually provided all of them. It's an arbitrary value and they don't set it accurately.
Fairphone 3 uses the end-of-life Linux 4.9 branch, Fairphone 4 use the end-of-life Linux 4.19 branch and Fairphone 5 uses the end-of-life 5.4 branch. Each was largely not receiving the upstream LTS updates while they were still provided but now they're not provided. An OS that's not receiving basic kernel updates is definitely not receiving security patches anymore, but they were largely never providing these updates in the first place long before the kernel branch or devices were considered end-of-life.
Similar to iOS and other operating systems, Android only backports a subset of privacy and security patches to older Android branches. Only Android 16 QPR2 has the full set of Android privacy and security patches. You aren't receiving all of the standard Android privacy and security patches if you're not on Android 16 QPR2. Many of the patches are also treated as optional and deferred as being mandatory far into the future. It's also worth noting the dates are misleading. Android's March 2026 security backported have been finalized for a while and up to August 2026 are available to ship by OEMs already but a lot more will be added to June 2026. February 2026 Android security patches are the latest with a public bulletin but not the latest available to ship.
Fairphone and especially /e/ also have very incomplete patches for firmware and drivers. /e/ also has major issues patching other components including the browser engine used by the OS for the WebView.
If you have an iPhone that's still supported, you have strong privacy and security. If you have a phone that's not an iPhone and not supported by GrapheneOS then you likely have a phone with atrocious privacy and security regardless of OS choice. If people can afford to get a secure device with years of proper support remaining then they should do that rather than using an insecure device with a sidegrade for privacy and security using a problematic AOSP fork. LineageOS is far less problematic than /e/. If people want to switch the OS to something else due to the OEM abandoning it or to avoid Google Mobile Services they should use at least use LineageOS which is less of a privacy and security downgrade from OS. LineageOS does not fully maintain the privacy and security of AOSP or fully keep up with updates but it's a lot less bad than /e/. Most alternate OSes are forks of LineageOS to reuse their work on hardware support and nearly entirely make privacy and security worse, not better, so why not use the upstream project instead?
> I had a Fairphone 3, and after 5 years, /e/OS was outdated by 4 years w.r.t. the manufacturer updates. In other words, Stock Android coming from Fairphone was more secure than /e/OS on that Fairphone.
It's important to note that an alternate OS depends on the OEM for firmware and in practice much more than that including kernel and driver updates. It's theoretically possible to replace the kernel and drivers with much different ones but it's not done in practice by alternate AOSP-based operating systems. If the device is abandoned by the OEM then you aren't going to have a secure device.
/e/ lags far behind on standard privacy and security updates everywhere but misleads users with an inaccurate Android security patch level along with many inaccurate privacy and security claims. LineageOS is much better than the fork of it by /e/ and does much less to mislead users, although it still has the inaccurate Android security patch level and many people still wrongly believe they're getting patches they aren't after the OEM dropped support.
I can confirm that I did, and was not very happy when I realised it.