Fairphone Privacy Review: How Private Is It Really?

Fairphone has a beautiful origin story. A Dutch social enterprise set out to prove that smartphones don’t have to be disposable, exploitative machines. Conflict-free minerals. Factory workers paid living wages. Modular design you can repair with a screwdriver. iFixit gave the Fairphone 5 a perfect 10/10 repairability score — a feat no other modern smartphone has achieved.

None of that has anything to do with privacy.

And yet Fairphone keeps showing up in privacy conversations. The company partnered with Murena to sell a deGoogled version running /e/OS. CalyxOS officially supports the Fairphone 5. The unlockable bootloader makes it one of the few non-Pixel phones where you actually have a choice about what software runs on your device.

So here’s the question this review answers: if you care about both sustainability and privacy, can the Fairphone actually deliver on both?

The short answer is yes — with significant caveats. The longer answer requires understanding what Fairphone does well, what it doesn’t, and why the privacy community has legitimate concerns about its hardware security model.

Which Fairphone Are We Talking About?

As of early 2026, there are two Fairphone models worth considering:

Fairphone 5 (launched August 2023) — The established option. Qualcomm QCM6490 processor, 8GB RAM, 256GB storage, 6.46” OLED display at 90Hz, removable 4,200 mAh battery, IP55 dust and water resistance. Originally priced at €699, now reduced to around €499 as the Gen 6 takes over. Fairphone promises at least 8 years of security updates (targeting 2031), with monthly patches for the first three years and bi-monthly after that. It shipped with Android 13, received Android 14 in late 2024, and got Android 15 in July 2025 — roughly 10 months after Google’s public release.

Fairphone 6 (launched June 2025) — The newer model. Qualcomm Snapdragon 7s Gen 3, 8GB LPDDR5 RAM, 256GB storage with microSD expansion, 6.31” 120Hz LTPO OLED display, 4,415 mAh removable battery, 12 swappable modules, Gorilla Glass 7i. Priced at €549 in Europe (recently reduced from €599), £499 in the UK, or $899 in the US through Murena with /e/OS. Ships with Android 15, promises 7 years of OS updates, 8 years of security patches, and a 5-year warranty.

Both phones are primarily sold in Europe. The Gen 6 is the first Fairphone officially available in the US, but only through Murena with /e/OS preinstalled — not with stock FairphoneOS.

This review focuses primarily on the Fairphone 5, which has the most established privacy ROM ecosystem, but we cover the Gen 6 where relevant.

Stock FairphoneOS Through a Privacy Lens

Out of the box, FairphoneOS is a lightly customised version of Android with full Google Mobile Services. It’s about as private as any stock Android phone — which is to say: not very.

The good news? It’s clean. Unlike devices from Samsung, Xiaomi, or Motorola, there’s zero third-party bloatware. No pre-installed Facebook apps you can’t delete. No aggressive manufacturer overlays phoning home to servers in China or South Korea. Fairphone has no interest in monetising your data, which is a genuine philosophical shift from other Android OEMs.

FairphoneOS also leverages Android’s baseline privacy features — granular per-app permission controls, encrypted storage, the green dot indicator when an app accesses your camera or microphone.

The bad news? It’s still a Google-certified Android device. Google Play Services runs with system-level privileges, meaning Google can see your installed apps, access your location continuously, read your notifications, and essentially do whatever it wants. If you sign in with a Google account, your location data, app usage, and search habits flow straight to Mountain View. Even if you don’t sign in, the underlying framework still pings Google’s servers.

There are two meaningful privacy-adjacent benefits to stock FairphoneOS:

The unlockable bootloader. Unlike Samsung or most other manufacturers who make bootloader unlocking difficult or impossible (and often void warranties), Fairphone actively supports it. This is the gateway to installing privacy-focused operating systems. They even sell the /e/OS version directly.

Long update commitment. Fairphone pledges 8+ years of security updates for the FP5, which matters for long-term security. However, Fairphone’s track record on timely updates is mixed. The FP5’s most recent security patch (as of late February 2026) is at the February 2026 level, which shows improvement — but historically, patches have lagged Google’s monthly releases by one to two months. For comparison, GrapheneOS on a Pixel typically receives security patches within hours or days.

Bottom line on stock FairphoneOS: If you’re buying a Fairphone and leaving it on stock with Google services, you’re buying it for sustainability, not privacy. That’s a perfectly valid choice — just don’t kid yourself about the privacy angle.

The Murena Path: Fairphone + /e/OS

This is where things get interesting. Murena — the company behind /e/OS — has partnered with Fairphone to sell deGoogled versions directly. You can buy a Murena Fairphone that ships with /e/OS preinstalled. No bootloader unlocking, no command-line tools, no voided warranties. Turn it on and you’re free from Google.

What /e/OS Actually Does

/e/OS is a fork of Android built on LineageOS, meticulously stripped of Google code. It doesn’t ping Google’s servers for connectivity checks. It doesn’t use Google’s DNS. It replaces Google’s default apps with open-source alternatives. The key components:

microG — An open-source framework that mimics Google Play Services without the full tracking infrastructure. Apps that depend on Google services (push notifications, maps APIs, in-app purchases) still work through this compatibility layer, but your personal telemetry doesn’t flow to Google. You can opt in or out of specific microG connections.
Advanced Privacy — /e/OS’s standout feature. A system-wide tool that blocks app trackers in real-time, can spoof your GPS location, and hides your real IP address via Tor or a built-in proxy. It provides a dashboard showing exactly how many trackers each app tried to contact — useful visibility into what your apps are actually doing behind the scenes.
App Lounge — A unified app store that pulls from F-Droid (open-source) and provides anonymous access to Play Store apps without requiring a Google account. Crucially, it displays a privacy score for every app, listing known trackers before you download.
Murena Cloud — An optional privacy-respecting cloud service (email, storage, calendar sync) hosted in Europe. Paid service, not a requirement.

What Does a Murena Fairphone Cost?

As of early 2026:

Murena Fairphone 5 — Permanently reduced in April 2025. Now significantly cheaper than its original €769 launch price. Check murena.com for the latest — pricing varies by region.
Murena Fairphone Gen 6 — €599 in Europe, $899 in the US (reduced from $899 launch; pricing may have come down further by the time you read this).

The Murena versions carry a premium over the stock Fairphone, covering /e/OS integration, microG setup, and ongoing OS maintenance.

Is /e/OS Good for Privacy?

It’s decent — genuinely better than stock Android for most people. But let’s be precise about what it does and doesn’t do.

Where /e/OS does well:

Removes Google’s pervasive tracking from the OS level
Makes the deGoogled experience accessible to non-technical users
Provides real-time tracker blocking that actually shows you what’s happening
Maintains solid app compatibility through microG (most apps work, including many banking apps)
Offers a practical, usable alternative to the Google ecosystem

Where /e/OS has real limitations:

Security patch delays. The GrapheneOS team publicly criticised /e/OS in July 2025 for lagging behind AOSP security patches. Murena acknowledged that their workflow integrates patches from the previous month, meaning a worst-case delay of up to nine weeks. They’ve committed to reducing this, but as of early 2026, patches still trail GrapheneOS on Pixel by a meaningful margin.
microG is a trade-off, not a solution. While microG removes Google’s proprietary code, it can still communicate with Google servers for push notifications and location services. The GrapheneOS team has argued /e/OS isn’t “truly deGoogled” because of these residual connections. Murena counters that users can opt out and switch to alternatives like UnifiedPush. Both sides have a point — microG gives you far less Google exposure than full GMS, but it’s not zero.
Browser and WebView updates. Keeping the system WebView current is critical because many apps use it to render web content. /e/OS has historically lagged here, though improvements came with /e/OS 3.0+.
No verified boot with custom keys. When you install /e/OS on a Fairphone, the bootloader stays unlocked. The device can’t verify OS integrity at boot. More on this below.

For a deeper comparison, see our /e/OS vs GrapheneOS breakdown.

Is the Murena Fairphone Worth Buying?

For many people — particularly those in Europe who want a privacy-respecting phone without becoming a system administrator — yes. You open the box and it works. The Advanced Privacy features provide real, visible tracker blocking. Most apps function normally through microG. It’s one of the most practical deGoogled options available.

But if your threat model involves targeted adversaries — state actors, sophisticated corporate espionage, law enforcement with forensic tools — /e/OS on a Fairphone is not the right choice. That’s what GrapheneOS on a Pixel is for.

CalyxOS on Fairphone 5 — A Cautionary Tale

CalyxOS officially supported the Fairphone 5 (and the Fairphone 4), making it one of the only non-Pixel phones to run a respected privacy OS. It sat between /e/OS and GrapheneOS on the privacy spectrum — built directly on AOSP (not LineageOS), with a stronger security focus and microG for app compatibility.

However, as of August 2025, CalyxOS has paused all releases. We cannot recommend it for new installations.

Here’s what happened: The Calyx Institute’s founder and president, Nicholas Merrill, left the organisation. During the leadership transition, the project decided to pause development to conduct a full security audit, update signing keys, and implement new security protocols. In their own words, they “stop[ped] providing options to install CalyxOS” and recommended existing users uninstall the OS — a remarkable admission from a project that takes security seriously enough to tell its own users to leave rather than run unpatched software.

As of February 2026, CalyxOS remains paused. Their December 2025 progress report mentioned ceremony preparation for new signing keys and porting work, but no timeline for resumed releases. The project’s website still displays the pause banner.

What this means for Fairphone users:

If you’re already running CalyxOS on a Fairphone 5, you haven’t received security patches since August 2025 — roughly six months of unpatched vulnerabilities. The project’s own advice is to migrate to another OS.
If you’re considering a new Fairphone, CalyxOS is not a viable option right now.
If and when CalyxOS resumes, existing installations will need a full reinstall — you can’t just pick up where you left off.

This situation underscores a broader risk with smaller privacy OS projects: sustainability. GrapheneOS has a larger team and foundation backing. /e/OS has Murena’s commercial revenue. CalyxOS depended heavily on a small team, and a single leadership departure created a months-long gap in security updates. When choosing a privacy OS, the project’s long-term viability matters as much as its technical merits.

For Fairphone 5 owners who were on CalyxOS, /e/OS is the most practical alternative right now. It’s actively maintained, officially supported by Fairphone through the Murena partnership, and straightforward to install.

Why You Can’t Run GrapheneOS on a Fairphone

No. And this matters, because it gets to the heart of why Fairphone’s privacy ceiling is lower than a Pixel’s.

GrapheneOS supports exclusively Google Pixel phones. This isn’t arbitrary gatekeeping — it’s a technical decision based on hardware security requirements that no other Android manufacturer currently meets:

Verified boot with custom signing keys. Pixels allow you to unlock the bootloader, flash a custom OS, and then relock the bootloader with the custom OS’s own signing keys. Every boot cryptographically verifies OS integrity — the same guarantee stock Android provides, but for a third-party OS. When you install /e/OS or CalyxOS on a Fairphone, the bootloader stays unlocked. There’s no verified boot. An attacker with physical access could theoretically flash malicious firmware without detection.

Titan M2 secure element. Pixels include Google’s dedicated security chip for hardware-backed encryption key storage, brute-force throttling for PINs, and tamper-resistant secure boot attestation. The GrapheneOS team highlighted the Fairphone Gen 6’s lack of a comparable secure element as a critical weakness: without it, a six-digit PIN can potentially be brute-forced by an attacker with physical access and forensic tools. Qualcomm’s built-in Secure Processing Unit provides some protection, but it’s not equivalent.

Timely firmware updates. Google controls both hardware and firmware for Pixels, so security patches for the entire stack arrive simultaneously. For Fairphone, OS patches depend on Qualcomm releasing firmware updates, which introduces delays at every layer.

Hardware memory tagging (MTE). Newer Pixels support ARM Memory Tagging Extension — a hardware feature that catches entire categories of memory safety bugs at runtime. GrapheneOS enables this by default. Fairphone’s chipsets don’t support MTE.

This isn’t a criticism of Fairphone’s intentions. It’s a structural reality: Google built the Pixel line with security infrastructure that no other manufacturer has matched. If maximum security and privacy is your top priority, a Pixel running GrapheneOS remains the recommendation.

The Security Controversy

In July 2025, the GrapheneOS team published a detailed critique of the Fairphone Gen 6, specifically targeting the Murena /e/OS version heading to the US market. The key claims:

The Gen 6 lacks a dedicated secure element for disk encryption throttling, making PIN brute-forcing significantly easier than on Pixels or iPhones
Both FairphoneOS and /e/OS lag behind AOSP security patches, leaving devices exposed to known vulnerabilities for weeks
/e/OS allegedly “disables or cripples” certain Android security protections and displays inaccurate patch levels

Murena published a rebuttal arguing their patch timeline is comparable to many major OEMs, that they don’t hide patch levels, and that Qualcomm’s built-in Secure Processing Unit provides meaningful encryption protection. They also pointed out that microG’s connections to Google are opt-out, and that calling /e/OS “not deGoogled” is misleading.

Our read: Both sides make valid points. The GrapheneOS team is technically correct that Fairphone hardware lacks security features Pixels have — that’s not disputable. Murena is also correct that their security posture is comparable to many mainstream phones, and that most users’ threat models don’t include adversaries with physical access and forensic tools.

The tension comes from marketing. When you sell a phone as a “privacy phone” at a premium price, the bar is higher than “comparable to Samsung.” Privacy-conscious buyers deserve to know where this hardware genuinely stands.

The Sustainability Angle (And Why It Matters for Privacy)

We don’t typically cover sustainability in privacy reviews, but for Fairphone it’s genuinely relevant:

Longevity enables security. A phone you can keep running for 8+ years means you stay on a device receiving security updates instead of being forced onto new hardware — or worse, continuing to use an unsupported device with known vulnerabilities. The FP5’s removable battery means the most common smartphone failure point is a €35 replacement, not a reason to buy a whole new phone. The modular design means a cracked screen or broken USB port is a 10-minute repair.

The removable battery is a privacy feature. In an era of sealed glass slabs, physically pulling the battery is the ultimate kill switch against remote activation. It takes about five seconds on a Fairphone. No software compromise can survive a battery pull.

European roots matter. Fairphone is headquartered in the Netherlands, subject to GDPR, and primarily serves the European market. The FP5 is widely available across the EU with local support and EU consumer protection. For European readers, this is one of the few privacy-adjacent phones from a local company. The Gen 6 expanded to the US through Murena, but at a significant price premium ($899 vs €549 in Europe).

Fewer device migrations = less data exposure. Every time you switch phones, you re-enrol biometrics, reconfigure accounts, transfer data, and create backup copies. A phone designed to last a decade reduces that attack surface.

The Unlocked Bootloader Problem

We need to be direct about something that applies to every non-stock OS on a Fairphone: the bootloader stays unlocked.

When you flash /e/OS, CalyxOS, or LineageOS onto a Fairphone, you cannot reliably relock the bootloader with the new OS’s signing keys. This means:

The device cannot perform verified boot (confirming the OS hasn’t been tampered with)
An attacker with physical access could theoretically flash malicious firmware without detection
Hardware-backed attestation doesn’t work properly
Some banking apps and contactless payments may not function

On a Pixel running GrapheneOS, the bootloader relocks after installation, providing the same chain-of-trust security as a stock device. This is the single biggest security gap between a privacy-configured Fairphone and a Pixel with GrapheneOS.

For most users — people concerned about app tracking, data harvesting, and corporate surveillance — this doesn’t matter much. The unlocked bootloader is only exploitable by someone with sustained physical access to your device.

For users facing targeted threats, it’s a deal-breaker.

If you already own a Fairphone 5

Install /e/OS. With CalyxOS paused indefinitely, /e/OS is the best actively maintained privacy option for this hardware. Its Advanced Privacy features provide real tracker blocking, microG handles app compatibility, and the Murena partnership means ongoing support. Installation is straightforward — Murena provides documentation, or you can buy a preinstalled version.

If you’re buying new and privacy is the primary concern

Buy a Google Pixel and install GrapheneOS. A Pixel 8a (around €500 in Europe) with GrapheneOS gives you meaningfully better security than any Fairphone configuration — verified boot, Titan M2, timely patches, hardware MTE support. Yes, you’re buying Google hardware. The irony is real. But the security foundation is objectively superior.

See our most secure phones guide for current rankings.

If you want both sustainability and privacy

Buy a Murena Fairphone with /e/OS. Accept that you’re making a deliberate trade-off: somewhat weaker hardware security in exchange for an ethical supply chain, exceptional repairability, and a phone built to last nearly a decade.

The Murena Fairphone + /e/OS stack gives you:

No Google Services by default (microG for compatibility where needed)
Built-in tracker blocking with Advanced Privacy
A removable battery (hardware-level power kill switch)
A phone you can repair yourself with a screwdriver
A company subject to GDPR, headquartered in the EU
8+ years of committed software support
App compatibility through microG (most apps, including banking, work fine)

That’s a genuinely compelling package for privacy-aware consumers who don’t face targeted, sophisticated threats.

If you’re in the US

Your options are more limited. The Murena Fairphone Gen 6 is available for $899 — and for that money, a Pixel 9 with GrapheneOS offers better hardware, better security, and faster updates. The Fairphone only makes sense at that US price if the sustainability angle is a genuine priority for you.

Who Should Buy a Fairphone for Privacy?

It’s a good fit if:

You live in Europe and want a locally supported, GDPR-governed device
Sustainability, fair trade, and repairability matter alongside privacy
You want a deGoogled phone that works out of the box (Murena version)
Your threat model is corporate surveillance and data harvesting, not nation-state attacks
You plan to keep your phone for 5+ years and want to actually repair it when something breaks

It’s not the right fit if:

Maximum security against sophisticated adversaries is your priority
You need verified boot and hardware-backed attestation
Timely security patches (within days, not weeks) are critical
You’re in the US looking for the best privacy-per-dollar value
You rely on Google Wallet tap-to-pay or Android Auto daily

The Bottom Line

Fairphone wasn’t designed as a privacy device. It was designed as an ethical device. But its open approach to software, unlockable bootloader, and partnerships with privacy-focused OS projects make it a surprisingly viable option for people who want to reduce their digital footprint.

The honest comparison: a Pixel 8a with GrapheneOS costs about the same as a Fairphone 5 and offers meaningfully stronger security. A Murena Fairphone Gen 6 costs more than a Pixel 9 and offers weaker security but better sustainability credentials.

Neither choice is wrong. They reflect different values and different threat models. The privacy community’s instinct to rank everything on a single security axis misses something important: most people’s actual risk isn’t a nation-state adversary with a Cellebrite. It’s Google and Meta hoovering up their location data, browsing habits, and contact graphs for ad targeting.

For that threat model, a Fairphone running /e/OS or CalyxOS genuinely does the job. It’s the privacy phone for people who also want to feel good about what they’re holding in their hand.