Security Updates

Hi everyone!

I am interested to know what the security is like with this phone. With it being based off of android 12 it seems like there could be serious vulnerabilities since we are on 15 now. Just wanted to hear your thoughts.

The latest security patch for version 12 comes from the end of 2024 as far as I remember. AI (the new Wikipedia lol) claims it was January this year. I’m also curious though, why exactly version 12 was chosen?

@buiosu I’ll ask our team, for specifics, but I think it has something to do with what was out when we began working on Mudita Kompakt. I’m not sure how familiar you are with Mudita, but Kompakt has been on our radar for a while now, so perhaps our team was not able to change the version of AOSP midway through the game.

It’s not about chasing the latest OS version, it’s about staying ahead of potential threats. Mudita Kompakt runs on our own custom-built MuditaOS K. This gives us full control over privacy and security features. We’ve chosen a proven, stable base (AOSP 12) for its solid security foundation, and we closely monitor for any emerging vulnerabilities. When needed, we deliver targeted patches quickly, no bloat, no unnecessary updates. It’s a proactive, intentional approach to privacy and security with the goal to safeguard your information.

I agree that the newest Android version doesn’t need to be the goal. However, Google has been clumsy in past Android versions and has tons of security issues, which need fixes. Google calls this “patch level”. Just in January, many of those were fixed in System Components, affecting especially Android 12.
I hope the development team can incorporate these Patch Levels. Will there be a way for us users to verify this (in Stock Android there is an option under version info for this…)?

@pang840 I would also like to know this! It’s not about features but about security.

I love this. Thankyou Mudita team for thinking this through so thoroughly. There are so many unnecessary ‘updates’ to different things in our lives, minimalism of updates creates greater peace in my world

If you did not read the links I provided, I will briefly explain to you that these security vulnerabilities can be exploited by Bluetooth, Wifi, and even simple things like receiving mails or visiting a website with a compromised ad by using coding flaws in the core system of Android. Android 12 is not a secure base, if not properly patched.
Or if you travel, border guards utilize these vulnerabilities to gain access to your device, even if you do not give them your passcode, by law enforcement tools like Cellebrite.
Please do not say that there is no secure smartphone. It’s not a valid argument, and would be like saying, there is no safe airplane or care, so why bother. Efforts must be made…

How about getting a list of CVEs patched, it was mentioned they’re looking after it. Latest security pack for AOSP 12 is from January this year btw.

If a developer can say something on this I think many people would appreciate it

“Please do not say that there is no secure smartphone. It’s not a valid argument, and would be like saying, there is no safe airplane or care, so why bother. Efforts must be made…”
THIS ^

yes it would be nice to get a response from the Mudita team on this. This is a phone that I am sure many people who purchased it, plan on using for years and it is already using a much older version of Android

@pang840
Thank you for taking the time to raise these important concerns. It’s clear you care deeply about security and privacy, which is exactly the kind of thoughtful discussion we appreciate in this community.

To clarify, Mudita Kompakt does have Bluetooth and Wi-Fi, but these features are optional and can be completely disabled—both individually and through the device’s Offline+ mode. Offline+ is not just a typical “airplane mode”—it’s a true hardware and software-level kill switch that shuts down all forms of wireless communication, along with background services, for complete peace of mind when it’s needed most.

As for the OS: while the phone is based on AOSP 12, it’s not a standard Android smartphone. It doesn’t have a web browser, an email app, or access to app stores, unless you start sideloading there’s really no internet-facing software at all, other than the weather. This dramatically reduces the attack surface and makes common exploits via compromised ads, rogue emails, or browser-based vulnerabilities impossible, simply because those functionalities don’t exist on the device.

You’re absolutely right that efforts must be made to protect users, especially from increasingly sophisticated surveillance tools and digital threats. Mudita’s approach is to rethink the paradigm entirely, offering a device that prioritizes essential communication, digital well-being, and privacy by design, rather than trying to patch a fundamentally overconnected system.

We appreciate you being here and raising these thoughtful points. It’s through conversations like this that we can push for better, more intentional technology together.

@seasidetrumpet I’ve reached out to our team about this for feedback.

Android 12 reached end of life Still have an old device running Android 12? It's finally time to upgrade - Android Authority

well that’s not good!

agreed

but im wondering if they update the android base version if the cpu will be able to handle it, also ram and storage

Why do you guys need security updates? With the phones basic functions you don’t even have internet access (only to weather updates and maps). I think it’s only a concern if you would like to sideload.

We’ve taken a thoughtful approach to the security of Mudita Kompakt. Our operating system is based on AOSP 12, it’s a stable and widely tested foundation. From there, we’ve created our custom OS tailored to our mindful design philosophy.

Because our system is streamlined and intentionally minimal, not all vulnerabilities listed in general Android security bulletins apply to Kompakt. That said, we remain attentive. We closely monitor for any potential issues that do relate to our specific code base and respond with targeted updates when needed.

Our goal is to provide a secure experience—without unnecessary complexity—so you can stay focused on what truly matters.

Thanks for your honest response. I am a bit disappointed that you ship insecure software on your devices and even claim that this is supposed to be mindful.

Sideloaded apps will very soon no longer work on this device. Google requires API Level 34/Android 14 since August 2024 for distribution in Play Store, which would be the primary source for user’s side loaded apps.

This means: if I want to have my train tickets on my Kompakt, this won’t be possible very soon, rendering the device impractical for me. Unfortunately, in many counties digital devices are required for daily life, and this requires proprietary apps. Even more so, if I want to use the Kompakt for a long time. If you choose to ignore this, you might not appeal to the market share that would love to buy the Kompakt.

Unfortunately, for me, having the ability to sideload apps is a requirement for using and purchasing your Mudita Kompakt at its price point. If I would subtract the sideloading feature, I would fare much better just using a dumb phone. So I have to say, that this is not the right device for me.