Re: A general problem
You could make the phone suppliers responsible for any reasonable loses due to known but unpatched bugs for, say, 5 years after the product was last sold.
Hell, why not the same thing for ALL products with built-in firmware/software? At least then manufacturers have to factor in the support costs for the
shit product development cycle and that might lead to better software by design, and certainly a patching system. You know, like the ones that Linux has been using for 10+ years that for some reason Android phones did not have.