Let's talk about safety of Pinephone
My gf read me some articles about exploding phones today. :) I think there
needs to be some serious conversation about Pinephone safety. Safety needs to
become an important concern now, when more and more people are getting their
Pinephones every month. It's just a matter of time before the first major
safety incident hits this community, and it may be more than just a hacked
store. It's just a numbers game.
Pinephone is an interesting device in one way. You can run whatever software
you like on it (and you do!), and this software comes almost universally with
zero guarantees. Read the license to any of the program you run
on your Pinephone and it will almost certainly tell you:
THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
THIS SOFTWARE IS PROVIDED BY <COPYRIGHT HOLDER> AS IS AND ANY EXPRESS
OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
This program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
In case of Pinephone you have to take these warnings very
seriously, because this software is not provided by the manufacturer
(Pine64), and as far as I know, there's no software related safety testing
going on at all.
Some skeletons, hiding at
the lower levels…
I'll give you a few reasons why things may not be so rosy, when it comes to
There's no unchangeable well tested guardian angel management engine that
safely manages battery, power supplies, thermal behavior, that is provided by
the manufacturer, and that is independent of the operating system.
Pinephone's SoC is quite bare when it comes to software/firmware
(that's why FOSS enthusiasts like it, no blobs, you know!). This has a dark
side, too. All the safety critical parts are written (or rather were
not written, yet) by some random people on The Internet.
You can already choose among more than 10 Linux distributions to run on your
Pinephone. How do you know any one of these is safe to run on your
How well safety critical parts of Pinephone function (or if at all), depends
on how well Linux distribution vendors understand the platform, and how well
they test its safety features. Pinephone safety depends on the software they do
put together, afterall.
Is device safety even a thing distribution vendors test for or plan for at
the moment? I don't know, but I doubt it.
For many months pretty much all distributions used misconfigured
„official“ kernel (it's a meaningless moniker, btw, pine64 doesn't do
software), that didn't regulate CPU temperature at all. It could go up as high
as the thermals of the surrounding environment allowed. There were indications
something is wrong. People reporting their phones felt too hot, displays showing
burn artifacts, temperature indicator in sysfs returning error. Regardless, it
persisted for many months, until I discovered the root cause while helping one
user with thermal issues on her Pinephone.
Maybe I'm a bit biased, because I was one of the people working on the sunxi
thermal driver over the years, and thus understand this element of the SoC quite
well, but I was surprised nobody figured out such a serious issue, or realized
what it meant. So let's go through some other issues that I'm aware of, of
which other people may not be:
1. Pinephone battery uses a 3 kOhm NTC to monitor the temperature. Power
management chip in Pinephone expects 10 kOhm variant by default. So early on,
when the times were adventurous, someone decided to patch the kernel to disable
battery thermal monitoring completely. Quick and dirty fix for Pinephone not
charging due to false under-temperature alarm.
Now guess what… up to now, all distributions run with battery temperature
sensing and regulation disabled. If you're unlucky and use a dud battery that
will heat up more easilly during fast charging, you can burn down
There will be nothing to stop it going past 50, 60, 70, 600°C. Phone will
happilly provide current to the battery until it explodes and burns. Unlikely
scenario for any single user, but this safety mechanism that's present on
regular customer phones is missing here, just because nobody cared to configure
2. And you know what, I also suspect that all distros fast charge all the
way through the constant-current phase of charging, by default. Other than
contributing to making the above mentioned house burning scenario more likely to
happen, this also contributes to overheating issues on Pinephone.
3. Another thing. PMIC has an emergency thermal shutdown feature, for a
situation when the chip itself overheats. It's disabled by default. It's also
not well documented. ¯\_(ツ)_/¯
4. And, another one! Battery is rated for some sustained continuous
discharge current (0.5C, 1500mA, ~6W). I guess it overheats if it is dicharged
at a significanlty faster rate for prolonged periods of time, and potentially
becomes a safety hazard again. Maybe again only if it's a suboptimal piece that
Now, Pine64 sells convergence edition Pinephone meant for use with a dock and
a monitor. When you connect the phone to the dock with monitor connected over
HDMI, power consumption jumps by 4W. That alone is close to this specified limit
of the battery. Baseline power consumption is 2.8W (with phone display on). Now
if you actually use the phone the CPU alone can add further 2.5W during full
load (likely, when trying to use the pinephone as a desktop machine). That is
>9W total. That is well over the specified safe limit. Of course, the rest of
the phone heating up a lot from this huge power draw don't help the at all,
So it's quite possible for the user to load the battery well out of spec,
with just normal use. This needs to be managed somehow.
And those are just things that I'm aware of.
I'm trying to be a bit inflamatory here, to start the conversation.
Nevertheless, the above issues are real. It's really just a numbers game. When
the distros will not take safety seriously, by planing for it, testing for it,
and verifying the mechanisms they are supposed to ensure are in place for the
safety of their users, the odds somehting will happen will stay
Also, don't be a person whose house burns down for FOSS. Ask your favorite
distribution's authors what they're doing to make their OS safe. Pine64 itself
can only go so far to ensure safety of Pinephone, software you put on your
Pinephone matters a lot, too!