It would be good if Andoid did have an updater and vendors operated under an SLA such as that.
Unfortunately I don't see how Google can put the genie back in the lamp now that Android is out there and becoming pervasive. If they were going to try and place an updater on the device they would suddenly run in to the problem of Google having to be totally familiar with the hardware of each and every handset. I don't think that's going to happen. And I don't see how anyone could ever force the vendors (i.e. the networks, not the manufacturers) to stick to an SLA when they're not ultimately in control of the update cycle either.
It is clear Google did little or no thinking at all about the adoption and evolution of Android. They did think about it's usage - they want us to give all our data to them and their cloud so that they can make money charging for the service and apps, and showing us adverts. Unfortunately for them the full commercial potential of that is not going to be realised if Android gains a reputation as being a dodgy place to put all your really valuable data. For example, internet banking is great, but it's a scary enough thing to do even with OS updates, virus checkers, https, firewalls, etc. in place. Now imagine doing internet banking knowing that whatever protection measures are in place are probably buggy and aren't getting fixed? Who would do that?
Reputation is everything. Google will be keen for Android to have a good security reputation. Security researchers are keen to have a reputation for being able to find security problems. If Android starts looking easy to find problems with then expect security researchers to bundle in for the feast. The bug list will grow, and Android starts looking crap. The firey gaze of security researchers and hackers is a truly powerful force. They've put MS through the mill, and maybe MS are emerging stronger for it. There's no reason why Android won't be similary grilled, especially as anyone can see the source code (though in a way I suspect that the hacking tools developed to probe closed source systems like Windows are a more efficient way of attacking open systems like Linux than reading the Linux source code...)
Google also has to get serious about fixing bugs in older versions so that old handsets can be fixed. People are buying these expensive things on 2 year contracts; how pleased are they when six months in they're told that their roms are at the end of the line and that their expensive device is now dangerous to use in the intended way because all their data will get stolen? These things are not PCs, they can't have a bit more memory and a new disk thrown in like a desktop or laptop can. Bug fixing in only the latest version simply cuts off the millions of users who can't upgrade to shiny new hardware yet. How can Google fix that? Assuming the hardware remains too expensive to be disposable, they can't. Not at present, not without taking overall control of the firmware that actually ends up in the roms of peoples' handsets.
Which is exactly what Apple have done, and Microsoft too. MS might benefit significantly - Android has shown that there can be an Apple alternative, and MS might (might?) start looking like a safer alternative to Android. In a way it almost doesn't matter how buggy iOS and WP7 are at the moment; they have the potential to become less buggy (iOS less so than WP7 because Apple are also a hardware vendor and want you to upgrade). Android doesn't.
MS's ARM move could prove a smart thing. No matter what anyone thinks about MS they have come on leaps and bounds in addressing security problems, and are definitely better at it than Apple, Adobe, etc. They can leverage all those years of bug fixes with their Windows port to ARM, slap on the WP7 GUI on top instead of Windows desktop, and if they're lucky get instant step up in the mobile market place.