Flipper Devices, maker of the widely used Flipper Zero pentesting and hardware-hacking tool, has publicly responded to sustained community criticism that it had effectively abandoned active firmware development, announcing a restructured contribution process and dedicated maintenance resources.
Background on the Backlash
The Flipper Zero project launched via Kickstarter in 2020, raising more than $5 million against a backdrop of public skepticism about whether the device could be delivered at all. The team subsequently navigated post-pandemic component shortages and supply chain disruption while working through its backer commitments. Flipper Devices maintains it ultimately delivered every promised Kickstarter feature and built out a full hardware platform complete with supporting APIs and an SDK.
Even so, a persistent segment of the user base — the project now counts more than one million users — has argued that firmware updates slowed to a crawl once the initial hardware promises were fulfilled, fueling accusations that the company had shifted its attention elsewhere.
A Hard Technical Constraint
Part of the slowdown traces back to a genuine engineering limitation: Flipper Zero ships with only 700 KB of flash memory available for firmware, which sharply limits how many features can be baked directly into the core build. To work around this, the team implemented dynamic app loading from the device’s microSD card, moving most functionality out of firmware and into modular apps instead.
That architecture underpins the device’s firmware 1.0 release in 2024, which shipped alongside an official Apps Catalog. Following that milestone, Flipper Devices narrowed its firmware work to maintenance and critical bug fixes, redirecting broader development effort toward new hardware products — a shift that community members increasingly noticed and resented.
Four Operational Changes
In response to the criticism, Flipper Devices outlined four changes to how it will manage firmware contributions going forward:
- Async-only communication: development requests now route exclusively through GitHub Discussions rather than real-time chat or calls, with general support remaining on Discord, Reddit, and social media.
- Weighted feature requests: community members can vote on proposed features, and the team has committed to reviewing top-voted, concretely formatted requests on a weekly basis.
- Stricter pull request review: an updated contribution guide imposes tighter scrutiny on incoming PRs, with particular attention paid to AI-generated code touching low-level libraries, as well as changes to UI or documentation.
- Mandatory integration testing: the team is publishing its internal QA integration test suite and will require these tests to pass for all firmware changes, inviting community involvement in regression testing.
Flipper Devices attributed the earlier bottleneck primarily to scale: with requests arriving across every available communication channel from over a million users, the company said it had become effectively impossible to separate genuine, widely shared needs from isolated individual preferences, creating unmanageable noise. The new GitHub Discussions voting mechanism is intended to surface realistic, broadly supported requests while filtering out niche or technically unworkable asks. Notably, the existing Apps Catalog submission pathway for third-party apps is unchanged by any of this.
To address lingering community questions directly, Flipper Devices’ core developers and managers held an AMA session on the r/flipperzero subreddit.
Why Security Teams Should Care
Flipper Zero has become a fixture in physical security testing, RFID/NFC research, and IoT penetration testing workflows. Firmware stability and the pace of community-vetted contributions directly affect the reliability of tools built on top of it, and organizations that rely on Flipper Zero for authorized red-team or research work should watch how the new review process affects the cadence and quality of firmware releases, particularly around AI-assisted code contributions touching low-level radio and protocol libraries.