Bart and I have talked a lot in his Security Bits segment on the NosillaCast about the problems with security on Android. It’s not that Google hasn’t produced a good operating system, and it’s not that they don’t patch security holes when they find them. The biggest problem with Android is the stronghold that the phone manufacturers and the cell carriers have over the operating system.
If you buy an Android phone from a cell carrier, It will usually have the latest and greatest version of Android. But once a new version comes out, it might be greatly delayed in delivery to you, or the carrier may never let you have it at all. That’s a problem, but a worse problem is that the cell carriers may or may not push security updates to you.
From the data, it would be logical to surmise that the cell carriers want you to upgrade to a new phone and this is a way of nudging you along. But the important thing is not their motivations but rather the affect of these actions.
Without assigning root cause, we can simply look at the data. In the show notes, I’ve put two pie charts that I created using data from independent sources. First, let’s look at iOS. iOS 10 came out in September of 2016. As of this month, May of 2017, 89.8% of iOS devices are running iOS 10. That means that just around 10% are not (Source: data.apteligent.com/…).Now let’s look at Android. Nougat is the new hotness for Android, and it came out a month earlier than iOS. As of April of 2017, 95% of Android phones are not running Nougat (Source: fossbytes.com/…).
Let me state that one more time, in the exact length of time from release, 90% of iOS phones have the latest OS, and 95% of Android phones do not have the latest OS.
So if you do want an Android phone and you do want the latest and greatest OS and more importantly you want the latest security updates, the only way to ensure that is to buy a Google-branded phone. Or at least that’s the advice that Bart and now I have been giving. That’s why when I wanted to get Project Fi from Google, I wasn’t worried about security when I bought the Google Nexus 5X.
Imagine my dismay this week when Google put up a chart explaining that they’re not going to guarantee OS updates for the Nexus 5X past September of this year, and security updates past September of next year!
Now I’m sure some of you tuned out at that because you’re thinking, “oh, she bought an old phone, these things happen.” But get this. Google is still selling the Nexus 5X! They also put the same expiration date on the Nexus 6P that they’re still selling on their site! They’re actually selling phones with less than 5 months of guaranteed OS updates. And like I said, they’re still selling them – we don’t know when they’re going to stop! With this total lack of logic, they could keep selling them after they stop guaranteeing updates for these phone.
The Nexus 5X is the bottom of the line, starting at $250 with activation of Project Fi, but the 5P starts at $400 with Fi activation, so this is no throw-away phone! Granted the Google Pixel is the new hotness (at $650 with activation) but until they have lower-end Google phones for their own cell service, it seems ludicrous to stop supporting what they’re still selling.
Google execs announced a few years back that they were going to focus the company, that they had too many projects going. But rather than do that, they seem to keep starting as many projects as before, they’re just killing them off more quickly than before.
When Allo came out from Google, my first thought wasn’t, “I should check this out because it might be cool.” Instead it was, “I wonder how long they’ll keep this going” and “Maybe I’ll wait to see if they stick with it instead of investing any time.
It makes me sad but I’d come to peace with it. Even so, I never would have guessed that this would apply to their own hardware. I think this is unconscionable behavior on Google’s part.
After I wrote this up, I chatted with Tom Merritt and he pointed me to an article on arstechnica.com/… that explains the story a bit more. Evidently Qualcomm isn’t guaranteeing driver support for these phones past the dates given by Google, but says it’s because the handset manufacturers haven’t been asking for it. As the title of the article explains, there’s enough blame to go around. But I still think it’s unconscionable for Google to not provide security updates after a year and five months when Apple can do it five years back!
Very valid, and important, posting. If Google cannot or will not guarantee OS updates beyond 5 months into the future, how can any other Android vendor be expected to do anything else.
OR
Google are making an example of their hardware vendors, by perversely treating their own customers in the same way – even if they have gone one better and declared the point beyond which OS and Security updates shall no long be guaranteed.
Either way, it is a sad testament to the Replace-Rather-Than-Repair(/Update) mentality that we all live in these days.
I paid so close to $1,000 for an iPad 1 64 GB with ATT cellular connectivity the change might have bought a latte.
Apple sold the iPad 1 until March 2, 2011. It was orphaned, without further software / security updates, September 19, 2012.
Whether it’s Google or Apple, consigning perfectly good hardware to dumpster, which it might best be without security updates, is wasteful and just wrong. “Stuff” shouldn’t be killed by software. “Stuff” should be designed with replaceable batteries . . .
For what it is worth (less than the cost of that latte), Google has extended the EOL life of devices by continuing to update them. May not happen for the Nexus 5x if the Qualcomm chipset is the point of vulnerability and Qualcomm won’t help. No Google security update will protect a device with a wireless radio/modem that’s itself insecure.
Good comment, George. Luckily I think Apple learned a lesson from that. iOS 10 runs on iOS devices back to the iPhone 5, and the iPad 4th gen. The iPhone 5 came out in 2012, discontinued in 2016. The iPad 4 came out in 2012 and discontinued in 2016. So they’re still supporting devices 5 years old and they haven’t said that the next OS won’t be released for them.
Since my “luck with links” here is abysmal, there’s a reasonably fresh iOS 11 prediction on Maworld UK.
Quote below: We therefore predict that the following devices will be able to run iOS 11:
iPad Air 1, iPad Air 2, iPad Pro 9.7-inch, iPad Pro 12.9-inch
iPad mini 3, iPad mini 4
iPhone 5s, iPhone 6, iPhone 6 Plus, iPhone 6s, iPhone 6s Plus, iPhone SE, iPhone 7, iPhone 7 Plus
iPod touch (sixth generation)
Plus any new iOS devices that are released between now and then: the iPad Pro 2, for instance, and the iPhone 8.
Saw today that Sammy is going to start selling “refurb” Note 7s with different (smaller) batteries.
Imagine how much less that disaster might have cost Sammy had the Note 7 batteries been user replaceable?
Five years is the depreciation period for most computer devices used in business –
Sorry, Allison, Anonymous above is George.
George – There’s no way with an exploding phone that it would have been a good idea to have people replace the batteries themselves!!! Did you see the hazmat suits they sent people to ship their devices back?
Allison – if the batteries had been “click in,” like they used to be, users could have “clicked out.” I’m not sure how Sammy would have arranged non-explosive returns of the bad ones, but Samsung would have (possibly) been able to recall only batteries, not the entire device.
Conclusion of an interesting piece in Wired about the problem:
(Samsung) is designing a new compartment to give batteries more space inside the phone and combat damage from physical drops. Koh finished the event by saying that Samsung will share its lessons with the entire industry to improve overall lithium-ion battery safety.
This quote from Wired is also interesting:
“Lithium-ion’s efficiency comes at a price. It’s the only mainstream battery chemistry that uses a flammable substance as an electrolyte, so while it’s more efficient than battery technologies with water-based electrolytes, such as nickel-cadmium and nickel-metal hydride, it also presents a greater fire risk.”
Again, since I don’t have Luck with Links, look up “Samsung Finally Reveals Why the Note 7 Kept Exploding” in Wired. Dated 1/22/2017.
Another article on battery design/chemistry just today (May 9, 2017) in Electrek:
Electrek Headline:
“Tesla battery researcher says they doubled lifetime of batteries in Tesla’s products 4 years ahead of time”
My great-grandmother had a Baker Electric in the early 1900s in Colorado. Wish there were pics! Family story is it was much easier to cope with than her Stanley Steamer – again, sadly no pics.