cross-posted from: https://lemdro.id/post/2136203 (!samsung@lemdro.id)
Samsung is an industry leader when it comes to Android OS and security updates. There are only a few Android manufacturers that can match the four years of Android OS and five years of security updates that it provides. Never one to rest on its laurels, the company is now actively considering to expand the […]
They would also need to take responsibility for any security issues related to the chipset. It is also not possible to upgrade proprietary firmware (e. g. for the modem) at all without support from the chipset manufacturer.
Fairphone doesn’t seem to care much about security (they use public keys for signing their OS afterall!), so they may be fine with those compromises.
Qualcomm is interested in selling new SoCs, so even if they actually offer support extensions, their fees are most likely very high to make it unprofitable for manufacturers to go this route.
Any source for that claim? Digital signing works with key pairs - a private one for signing and a public one for verifying that something was signed by the corresponding private key. So I take it you’re saying they publish the private keys used for signing somewhere?
At least the Fairphone 3 and 4 use public test keys in production:
Seems like at least the Fairphone 5 finally uses production keys: https://forum.fairphone.com/t/avb-keys-used-in-roms-for-fairphone-5/100314