Slacker vendors' one-fix-a-year effort leaves 88% of Androids vulnerable Android vendors are hopeless at distributing patches and users of new handsets can expect just one update a year, leaving most exposed to critical vulnerabilities according to a new study. Cambridge University trio Daniel R Thomas, Alastair R Beresford, and Andrew Rice probed 20,400 devices and found 87.7 per cent contained at …
Yeeeep. This is why I've only bought Nexus for a couple years now. Already have Marshmallow on everything.
Of course that's terrible for Android in general, so since Google partly funded this I'm really hoping they're going to use this as a sledgehammer to force at least Samsung and Sony to not be so terrible. The new patch level shaming in Marshmallow is a start.
True I bought one eighteen months ago it's no longer supported and susceptible to various nasties. You can go the route of expensive iPads or go cheap and throw them away every year or two. However nexus is no longer cheap enough to qualify!
I realise that you can go cyanogenmod however most people we know won't/don't know how to go down that route
Actually, at least sime of the vulnerabilities (Killing in the Name Of comes to mind) are also used for rooting phones. So if you want to tinker and try something different from the vendor bugware you should be thankful to the Android vendors not fixing them in time (or at all).
Over the time of your contract, it is actually alot cheaper to get a sim-only deal for £12 and buy your phone outright, than it is to get a phone bundled with an expensive monthly payment from a mobile operator.
That way your phone also isnt knobbled by a mobile operator with bloatware etc.
And you can choose your mobile contract length, and move easily to another mobile plan.
That way your updates (when they do filter down to us) come direct from the handset manufacturer too.
I had Lollipop on my G2 waaaay before my friends.
Over the time of your contract, it is actually alot cheaper to get a sim-only deal for £12 and buy your phone outright,
Sometimes, yes, but there are exceptions. Search around the reseller and price comparison web sites, and you'll find last year's models on contract at prices that you will often struggle to match SIM free. Of course, that lumps you back in the "what updates?" world, but the cheapest way of getting a half way decent phone for my daughter was to buy a full fat Sammy S5 on contract.
My sim only 1st. gen Moto G got an update two days ago. The updater mentioned a fix for stagefright. It's now on Android 5.1. (It was vers. 5.0 before the update) According to the Motorola UK site it will remain on Lolipop. For £99 I do not even bother to insure this phone, next year something better at the same price will come along.
of course, I have the Moto-E 2nd Gen and has been pointed out at only 219 days old, Motorola (now owned by Lenovo) decided it was not getting Android-M. Still nothing on stagefright, but I am using Textsecure and disabled MMS anyway...
Time this BS update lottery was stopped and some hefty liability introduced.
Anyone know of there's a way of installing the "nexus" build and faking it? I mean, so updates then come from google?
P.
Fuck you, Moto! NEVER AGAIN!
bought my Moto E 2015 (XT1524 - surnia_reteu.reteuall.en.EU retfr) contract-free (retail unlocked) in mid-September.... Motorola's promise of updates played a BIG part in choosing it... October comes around and just as the 14 day return window closes and i can no longer return the phone to the store.... Motorola announces that even though it barely launched it in February 2015 and they promised to update it, we're screwed as they decided to abandon it. :(
i'm STILL stuck on Android 5.0 (5.0.2), they upgraded the USA-edition models of E 2015 to Android 5.1 but not EU models.. seems our phones are to become landfill... planned obsolescence at its best. :(
http://motorola-blog.blogspot.com/2015/10/marshmallow-and-smore.html
so again, Fuck You, Moto!... that was the last Motorola i'll ever buy.
8-years later update: Moto / Lenovo is still doing the same things: bait-and-switch promises of updates and then dumping users and devices under the proverbial bus.
https://www.youtube.com/watch?v=bbFJytgC5e8
Lenovo lied to users of Motorola One about getting Android 12 for a year
(courtesy of Louis Rossmann)
Phone makers are actively disincentivized for producing updates, as they lose money in all the work. What they want (and try to force) is replacement, not repair, since they only make money on the cell phone sales. At some point, if they're forced to continue patches for old phones, they'll slip into the red, declare Sod This, and drop out.
How do you fix an ecosystem like that?
Surely fixed by choosing the easy route and just putting Vanilla Android onto the phone.
These days that would even been seen as an advantage. A viable alternative to Google's own Nexus. Many woudl buy a phone with the promise of vanilla on it, with updates comign as soon as Google publishes them.
Except that means you're essentially "white-boxing," which means no brand recognition. It's way too easy for other phone makers to provide vanilla builds and the end result is that the one who wins is Google (the brand behind Android), not the phone makers as they churn in a war of attrition.
Brand recognition is pretty much essential in the phone market. The big leaders happen to be the most-recognized brand names: Apple, Samsung, Sony, etc. They're the ones who can keep going, but they're also determined to differentiate themselves out of necessity.
"Brand recognition is pretty much essential in the phone market."
This paper (and other recent stories) have persuaded me that "branded" == "insecure". If *that* message gets out to the marketplace then you might see vendors less keen to demonstrate their branding.
In any case, I'm a little puzzled because the average Joe surely just calls it all Android and either doesn't realise or care that the branding goes deeper than the shiny case, or actively dislikes it because it makes it harder to pick their way through a friend's phone which has branded the UI differently. It seems to me that the handset vendors are a little too "up themselves".
"It seems to me that the handset vendors are a little too "up themselves"."
Because they're hard-pressed to make money. It's hard to make money selling a "white box" Android phone because there are so many bit players out there who can copycat a vanilla Android phone with some shady specs. You should see how things are in Southeast Asia where there are oodles of Android phones with assorted brand names. Thing is, because one could switch between vendors on a whim due to lack of brand recognition, these same brand names come and go because the market is too volatile.
Samsung seem to be keeping to the new Google patch cycle, at least on my Open firmware S6 Edge; I get an update at least once a month from them now.
As to SIM Free vs Network provided phones. Yes, in general buying a SIM free phone is normally cheaper in the long run; however, if your current operator offers you a stupid upgrade deal (in my case, an S6 Edge 128GB for free, with 4GB data/Unlimited Text+Minutes for £35 a month) you really can't lose...
ASAP patching is the only reasonable response to an onslaught of security flaws, exploits and malware. Once a month is obviously convenient for certain situations, but it's not realistic regarding actual security of anything.
Specific to Android devices, the 'FragmAndroid' fragmentation nightmare has got to go. It must end. ALL Android devices must be able to be updated immediately at the same time across all vendors. Otherwise, Android is going to do nothing but grow its already notorious reputation for security nightmares. In this day and age, the results of fragmented Android installations is entirely unacceptable. I can't imagine why anyone with techno-savvy puts up with it.
Then you run into the evil at the other end of the patching conundrum. If you push makers to get out critical patches ASAP, you end up with patches that lack of time has prevented proper testing. End result is patches which cause glitches (or worse, brick devices). You end up with a case of the cure being potentially worse than the disease...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
