back to article Exposed: Lazy Android mobe makers couldn't care less about security

Let's nail this once and for all: Too many Android smartphone makers simply aren't rolling out Google's security bug fixes for the mobile operating system. Germany-based Security Research Labs (SRL) today said that even top vendors – such as HTC, Huawei, and Motorola – leave punters vulnerable by not patching devices for known …

Bronze badge

Re: Locked boot loaders

Examples please? I would assume any app that requires a "pristine environment" is spyware you should avoid at all costs.

2
0
Silver badge

Re: Locked boot loaders

Android Pay/Google Pay was the trailblazer. Many banking apps feel the same way, as does Netflix IIRC (it'll be hidden from the Play Store even in a tainted environment). And I doubt the bulk of these are spyware unless you don't trust B&M banks anymore (in which case, you're already in DTA mode and should've left the Internet already).

6
1
Anonymous Coward

Re: Locked boot loaders

> Examples please? I would assume any app that requires a "pristine environment" is spyware you should avoid at all costs.

Apparently some banking apps do this. Not an Android user myself though, so that's just from what others have said and not personal experience.

5
0
Bronze badge
Black Helicopters

Re: Locked boot loaders

Thanks. So we're talking about banking apps and DRM-protected streaming apps.

Using banking apps on a phone is just asking for theft, regardless of whether the phone is rooted/tainted or running a typically insecure stock environment. That includes cryptocurrency.

Why would I trust banks? They're leeches. Predatory lending, anyone? And if they manage to woo everyone with the convenience of mobile payments, they'll have total transactional surveillance, and every little "public service" will cost money, which will be sucked out of your account automatically the instant you use it.

1
0
Mushroom

Moto E second generation

Update level: October 2016 "your system is up to date"

quote from Lenovo website (Didn't know Lenovo had slurped Motorola?)

Security updates

This device will remain on Android 5.1 Lollipop.

This product will no longer receive security updates.

https://mobilesupport.lenovo.com/us/en/softwareupgrade

@alain williams<br>yup, no ROI on keeping us simple fellows happy.

8
0
Silver badge

Re: Moto E second generation

@alain williams<br>yup, no ROI on keeping us simple fellows happy.

Apart from the customer saying to themselves when it is time for a replacement, "ok, moto provided lots of updates and ***** didn't.. Ok, I'll buy another Moto."

This situation is nothing new. Basically Android phones after 1 or 2 or sometimes 3 years are 'landfill' despite working perfectly. (by landfill, I mean that they are rubbish and should be disposed of correctly).

What it the alternative?

Who sells mobiles and gives not only security updates but OS ones for more than 3 years?

Answers on a rotten fruit core please...

In essence it shows the rather pitiful state of affairs in the devices that most of us use today.

14
0
Anonymous Coward

Re: I'll buy another.

You must not hang around the same people I do. Some may never shop at a certain store again... but 99% of them could have had their dirty laundry stolen, posted on the front of the Daily Mail, and still go back to that firm for a replacement handset.

It's all to do with the invested money and muscle memory/invested knowledge. Why go to MS/Android when iOS is all you know? Even if you got a bricked phone, or the screen shatters every 5 mins?

6
2
Z80

Re: Moto E second generation

My 2nd gen. Moto E 4G (XT1524) received Android 6.0 and shows the Android security patch level as 1st Dec 2016. It was purchased in the UK SIM-free if that makes a difference.

3
0
Bronze badge

Re: Moto E second generation

The Moto gen1-2 range (2013-15) was only updated to Android 5.1 (April 2015) in the US. Not that 6.0.1 (December 2015) is much of an update.

Most of those phones will run LineageOS 14.1 (Android 7.1.2, April 2017). It's well worth the effort to install (easier than installing Linux on a PC). If you're brave, you can find some test builds for 8.1.

4
0

Re: Moto E second generation

I just updated my Moto Z to Oreo a half hour ago, for what it is worth.

2
0
Qew

Re: Moto E second generation

Yeah, I have the same phone and from the UK, and can confirm your observation. Still, it's now well over a year out of date with security patches.

Not sure what my next phone will be. It won't be from the fruit company, so I suppose it's going to be another phone that'll be insecure shortly after I buy it. Then again, maybe I'll just have to take the effort with LineageOS.

1
0
Go

Checkup app here

https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch

Select Menu: Android patch level analysis

3
0

Re: Checkup app here

I must click on this random link in a tech forum from my android fone...

2
1

My iPhone regularly receives updates...

...but given that iOS is now buggier than a termite mound and flakier than a leper in a tornado (and getting worse), this is something of a mixed blessing.

14
3

Google gave the Mobe OEMs what they wanted, a fully customisable OS they could use free of charge and left them to support the OS and apply any patches. Google's only aim was to sell as many apps and stuff it could through the Play store, steal as much user info as possible and if possible destroy MS along the way. The manufactures only interest was/is selling as many Phones as possible.

Android was never designed to be patched, it is basically similar in design to Windows 95 in this respect and here in lies the problem and the difference to the way Windows 10 works now, which is supported for patching on a much larger range of hardware than Android runs on.

The big thing that is ignored here is that drivers are provided by the component manufactures not the seller of the kit, this is the main blocker for OS upgrades (always has been for Windows as well, go on the Dell website and try and find some Windows 10 drivers for kit that was sold with XP ro even 7, some of their specialist hardware be missing).

With XP, to a certain extent, and Windows 8 and 10, to quite a large extent, MS wrote drivers for a lot of kit that the component and peripheral manufactures could not be bothered with, to ease the migration of users. No one wants to upgrade an OS only to find they need to buy a new printer (remember Windows 2000?).

MS spent most of the 90s and 00s being battered into putting effort in to supporting end users and looking after them, they are not perfect, and let down by the big OEMs, but are a damn sight better than Google who no one seems to care about how bad they really are towards their customers and how they abuse their dominant position in the market.

GDPR will could have an interesting effect on this relationship as Google could find its core business badly hampered and subject to much litgation.

13
2
Silver badge

And no, you can't force component manufacturers to keep making drivers because their competitive environment is cutthroat. They black-box everything because they don't want to Give Information To The Enemy. Basically, if push comes to shove, they'll bail out instead and leave everyone hanging because there's no more profit in it.

10
1
Silver badge
Go

Any chance?

Any chance of a name and shame of the worst culprits?

My just under 2 year old Sony still gets regular updates (current state says its up to date to 1/3/18). But wether its getting all of the updates it should, I have no idea. It would be interesting to see which are the worst offenders and which are the best.

Naming and shaming might be a good way to actually change the manufacturers behaviour. But probably not... ;)

9
0
Silver badge

Re: Any chance?

As noted, it's not always the manufacturers' faults. If the component manufacturers refuse to play ball, there's little you can do because they can always just walk away.

8
2
Gold badge

Re: Any chance?

They could refuse to use components from vendors who will prevent them from meeting their legal obligations (regarding the period of support required by consumer laws). If a few big phone vendors got stung in court then the laggard component vendors would soon have no route to market.

7
0
Silver badge

Re: Any chance?

Sure they do: the embedded and IoT market. ALL the component manufacturers work the same way because it's the only way to survive, meaning they can ALL abandon phones and concentrate on IoT and embeddeds and still turn a profit. IOW, the phone manufacturers need them more than they need the phone manufacturers.

6
2

Re: Any chance?

Mu just-over 2 year old Galaxy S7 has received two updates in the past two weeks (I'm on O2).

I agree with the naming and shaming comment...

4
0

Re: Any chance?

Suggesting ALL the manufacturers would leave the Android component marketplace is nonsense. Let me explain the economics:

Suppose additional costs were imposed due to a change in the law (or a change in the way the law is interpreted). If ALL the component manufacturers were to abandon the Android phone market, then it would be impossible to make any new Android phones. However, there would still be a demand for Android phones, to replace broken and worn-out phones, and as first phones as kids grow up. So there would be a shortage, which would greatly increase the value of Android phones, both new and second-hand. Because the price of a new Android phone would go up, the Android phone manufacturers would be able to pay more for components. At some point, the price rise becomes more than the cost of following the new law. At that point, the component manufacturers would come back to the market and sell their products again.

Sane component manufacturers would realise this in advance, and would just raise their prices to cover the costs of the new law, rather than leave the market and risk having their business stolen by saner competitors.

I.e. requiring security fixes might increase the price of phones, which may mean people buy less, which might be good/bad for some companies, but won't lead to everyone suddenly quitting the market.

4
0
Silver badge

Re: Any chance?

My just-over 2 year old Galaxy S7 has received two updates in the past two weeks (I'm on O2).

Mine (On Vodaphone) hasn't had an update since late Jan or early Feb this year.

Wouldn't be annoyed too much about that, but now some process keeps crashing, which causes other apps (browser, gmail, camera etc etc) to hang up. Rather frustrating.

1
0
Silver badge

My year old phone is stuck on Android 6 and not had an update to that since July last year. I have now rooted and installed AFwall firewall to try and make it a little more secure.

Looked at alternative ROMS for it which there are quite a few Android 7 updates available but there are usually some aspects that aren't working on the custom ROMs that do work on the stock manufacturer firmware, So i have been reluctant to switch them until they are fully working. But it seems that since the manufacturer has stopped selling this phone, now the number of people working on updated ROMs has began to dry up. So i might never see a fully working Android 7 version never mind 8 so might have to buy a new phone if i want an updated OS

4
0
Bronze badge

If you're ready to buy a new phone "any day now" it can't hurt to try those alternative ROMs. Just backup your data and be ready to buy a new one if things go pear-shaped. You should be able to backup and restore your old OS if you're careful though.

If all goes well, you'll get a few more years out of your old phone. The time you save wrestling with crap apps will make it all worthwhile.

7
0

Google fault

Manufacturer, once device was sold gets 0 profit from continued use. Google on the other hand profits handsomely from every one Android in operation. It is logical, that Google should pay, but they don’t care, until it will endanger their business model.

2
2
JLV
Silver badge

I like how it's implied that all would be good, if only the bad manufacturers took nice Mr. Jekyll Google's security updates.

Sadly, bad Mr. Hyde Google did not get called out for their sloppy updates on their own Nexus/Pixel line - 3 yrs after initial release you can go fly a kite for any further updates.

5
0

Well, most Nexus kit doesn't survive that long anyway.

Currently on my third 5X, replaced under warranty.

First one just bricked itself, second one the infamous bootloop.

Nexus 5, microphone stopped working.

Galaxy Nexus, USB port broke, not charging.

Both Nexus One's broken power button.

Only my Nexus 10 is still working, however that has been having WiFi connection problems since day one.

And don't think you can use a Bluetooth keyboard with it while on 2,4GHz WiFi.

I like the Nexus philosophy of running plain Android and having regular updates, but the build quality

of all my Nexi has been less than stellar.

5
0

Looks like my Samsung Galaxy S5 has joined the long list of "Abandondroid" products.

No security updates for over a year now. Too bad - I will continue to use it until it dies (Hardly ever use it online anyway since it has a Vodafone prepaid SIM card in it).

I also still have (and use) a Samsung Tab 3 10.1 inch tablet that hasn't seen a security update for 4 years now. I don't keep anything important on it and I usually do a factory restore about once a month to keep any security issues at bay.

2
0

You're complaining about a 4 year old phone and a 4+ year old tablet. How long do you continue to do work for a customer after they paid you once? I'm guessing much shorter than 4 years.

1
17

Longer if they were buying my product

Do you use windows? Windows 7? That's getting support and security patches for 11 years. Windows 10? Although you may hate it, it has been getting security patches for four years now and they're still doing it. MacOS? All OS updates are free. True, they may break your device, but that wasn't intentional. Your mac from 2010 onward runs the latest MacOS update, albeit slowly. How about Linux? They don't even sell you the OS and yet Ubuntu LTS versions have support for five years. IOS? I have an iPhone 5S that runs IOS11, even though it shipped with IOS7. People update products when they take ownership of them. It is perfectly reasonable, especially when devices cost as much as phones do, to use them for a while. You shouldn't have to give up on a device that is still capable of the processing required for your use case, and for those who use their phones for phone calls, SMS, email, light browsing, and multimedia consumption, the processors from four years ago are fine. If the phones were properly secured, many people would use them like that.

25
0

My current phone I bought 3 years ago did cost more than twice my first laptop (a 1.6GHz Celeron with 256MB of RAM, easily over 10 years old). I can run current Linux on that laptop (just need patience when browsing the web), can't run current Android on my phone (not even alternative ROMs).

Yet the phone still lasts 4 days on charge, Firefox is snappy on it and in general has better specification than current entry level phones

The situation with phones is a total disaster, plain and simple.

7
0
Silver badge

Just shorten that to "Abandroid."

3
0

Not always the manufacturer

"El Reg can vouch for this first-hand. One of our offices has an Android 7 Samsung Galaxy S8 handset that, despite being "up to date," can't fetch any security patches since August last year."

Well that is not down to Samsung. My S8+ was updated to 8.0 recently and has the March 2018 security updates. Perhaps something to do with operator branding?

4
0
Silver badge

Re: Not always the manufacturer

The updates are indeed reliant on the phone brand manufacturer.

0
0
Anonymous Coward

This is one area where Apple iPhones excel over Android phones.

Part of the problem is that various Android phone makers are too clever by half, and attempting to be 'innovative' by modifying the Android OS into a bloated mess to 'differentiate' and to 'give customers an innovative experience'. Telcos are also given free license to install crapware into these phones.

The time taken to bug test and validate the patches massively increases. For the small time cheap Android phone makers, they usually do not bother, because it makes no economic sense.

7
2
FAIL

Telco handsets on installment deals

This has been a problem since smartphones came into existence. Manufacturers sell phones via networks and they in turn re-tweak the OS to a ‘branded experience’ which removes updates as well. They bugger up a phone and lock out swaths of settings/security options and really want the phone to last the contract term if you’re lucky but on their terms.

Mind you if they lock it from using certain app stores then maybe they are saving the users from more grief (from what I’ve seen the ‘droid stores are a mine field of uncertainty)

1
1

Brave New World

troland: If you buy last year's Landfill Android for under $100, about a year later you'll wake up one morning to discover your phone's been auto-updated, and that's the only update you'll ever receive. [...] If you buy this year's flagship for $500+, about a year later you'll wake up one morning to discover your phone's been auto-updated, and that's the only update you'll ever receive.

mark l 2: But it seems that since the manufacturer has stopped selling this phone, now the number of people working on updated ROMs has began to dry up. So i might never see a fully working Android 7 version never mind 8 so might have to buy a new phone if i want an updated OS

This is the problem in a nutshell.

If we're lucky, some alternative OS will become available that can run on a wide range of hardware and, like linux, be updated and kept secure. Unfortunately, like linux in its early days, the chances are that it'll be many years before it can run on a wide range of hardware - and that's only assuming that it ever arises in the first place.

The closest I see to anything like that happening are Sailfish and LineageOS, but, as mark l 2 points out, most ROMs become abandonware almost as fast as Android itself because there's not enough manpower to maintain old versions and keep up with new models and ranges - and the devs like to keep up with exciting, wizzy new phones rather than focus on boring incremental updates maintaining old ones.

Which is why troland's point is so significant.

There's no point buying anything with the expectation of it being worth the money in more than the short term. If you just want a phone, get a 'landfill phone'. The Moto G range is perfectly adequate for most people's needs, most of the time (far, in fact, from 'landfill' really) and, if you get the 'Plus' models, you're reasonably assured of a version of LineageOS becoming available reasonably quickly.

If, for whatever reason, your need for performance exceeds that then, by all means, get yourself a flagship hone but don't expect it to last any longer in terms of what we're discussing here (security), because it won't. So, you're paying for right here, right now performance, no more.

If you want to try keeping a phone going longer then, frankly, even LineageOS probably isn't going to get you there and you're probably better off looking into simply rooting it, maybe using Magisk (with or without systemless Xposed), locking it down as tight as you can and being sensible in your usage. And, in such a case, you want something like the Moto G range or anything else that offers you vanilla Android because it means there will only be the flaws inherent in your version of Android itself and not the extras introduced by the OEM as well, so whatever security you apply to it won't be rendered useless because it can't account for them, only vanilla Android.

Other than that, maybe a 'community' move to get Sailfish in place as a viable alternative could achieve something but, really, I don't see it getting much further than LineageOS in terms of install footprint - there are just too many devices. It would take some major leage adoption by a serious player to turn it into more than that, I think.

Fundamentally, as alain williams pointed out, there's no money for the OEMS in maintaining either the OS or the hardware, so, until they are obliged to do so by legislation (because we are destroying the only planet in the entire universe known to support life and we can't keep up the 'consume today, use it up and throw it away' approach any more), we are just going to have to accept that every three to five years (tops), we will have to buy a new phone of some kind or else run the risk of being pwned.

That's the long and the short of it as far as I can see.

7
0
Silver badge

Re: Brave New World

But almost NONE of the decent smartphones out there today feature user-replaceable batteries: a make-or-break for me as that's the thing I replace most often. Nothing to date compares to my Note 4 which is why I stick with them through thick and thin. Yet because of Verified Boot, Knox, and root-aware apps, I have to stick to stock firmware.

"...and we can't keep up the 'consume today, use it up and throw it away' approach any more..."

Sure you can. It's called "Eat, drink, and be merry, for tomorrow we die."

5
2

Re: Brave New World

But almost NONE of the decent smartphones out there today feature user-replaceable batteries: a make-or-break for me as that's the thing I replace most often.

That a whole 'nother issue that I also take issue with but for privacy reasons more than anything else - if the phone isn't going to be secure for as long as the battery lasts and I'm going to replace it for that very reason then a replaceable battery is a nicety as far as I'm concerned.

There's also the fact that, when something does go wrong and the phone hangs, I can't fix things by popping the battery, but that's only ever happened to me twice and it simply meant having to wait for it to die.

Nothing to date compares to my Note 4 which is why I stick with them through thick and thin.

Performance-wise, I couldn't comment, but security-wise, I'd suggest upgrading. The Moto G5 came/comes with a removable battery, however, and not only supports Nougat but is officially slated to receive an update to Oreo as well. So, unless you've got some reason to hang on to your Note 4 for the camera, some other hardware feature that you absolutely must have or because it will still outperform the G5, I'd suggest having a look at that latter as a possible upgrade sooner rater than later - before you can't get it any more (which will be the case RSN).

Yet because of Verified Boot, Knox, and root-aware apps, I have to stick to stock firmware.

The Moto G range phones all have unlockable bootloaders so far.

So far, it seems to me that, based upon your need case, the Moto G5 is something you might want to have a look at - I can't tell you anything about its performance (never had one myself) but the specs aren't bad for a phone in that price range (albeit the 5.0" display is a bit small) .

But you're still gonna be fighting a losing battle, as I said. You'll get the update to Oreo, eighteen months to two years of security updates, you might squeeze another couple of years out of it by rooting it and/or flashing a ROM but after that it's a security breach in your pocket.

What people forget to factor in is that, by and large, apart from the serious security flaws in things like the SSL libraries, kernel, etc., for the most part the biggest attack surface isn't the OS but the apps. Once the devs upgrade to supporting the latest version of android, unless they're corporate, it's unlikely that they'll dedicate much time to ensuring that previous versions get fixes for more than the most serious security flaws (the kind of thing that could see them getting sued), and then probably only one or two previous versions at the outside.

You're more likely to be compromised by a flawed app that hasn't been updated than you are by your Android version having a serious exploit in it because you don't access things with Android but with Apps. You're more likely to find your identity stolen thanks to the breach of the customer database on a smalltime dev's home server or their self-managed AWS security. And that's why the OS version is significant more than due to any real shortcomings of the OS itself - it won't support the latest (secure) version of the apps.

After Oreo, I'm sure there'll be improvements made to it over time but the principle of being able to upgrade the security separate from the rest will at least give you a fighting chance of keeping a device running a bit longer because the community might release security patches after Google/the OEMS stop doing so.

Underlying flaws in drivers are a separate issue - if the OEM doesn't release a closed source update and nobody can/does reverse engineer the device/chipset then a security flaw in your networking is going to be worth upgrading your phone for and a more serious consideration than "can I get a removable battery?"

Seriously, I know what you mean - If I could, I'd still be using my Sony P910! But your Note 4 is not gonna get Oreo and you're not gonna get that separation of concerns, so, any security flaws in the OS/apps are there to stay and, furthermore, won't be fixable with a community driven Oreo patch. Although I can't vouch for the performance myself, the G5 looks like a worthwhile consideration for you. It'll get you Oreo and a bit more lifespan security-wise, give you the option of rooting/flashing afterwards and squeezing a bit more lifespan out of it than that.

Ultimately though, the model is based upon the 2-to-4 year upgrade cycle. There's even the 'free upgrade' option on phone contracts - which are, oh, so coincidentally, one or two years normally. Until that changes, don't expect my description of the state of play to change unless, as I said, some miracle OS appears that can handle all the different hardware platforms. And even Ubuntu gave up trying with that one!

Sure you can. It's called "Eat, drink, and be merry, for tomorrow we die."

Yep, nail on head.

4
0
Silver badge

Re: Brave New World

"You're more likely to be compromised by a flawed app that hasn't been updated than you are by your Android version having a serious exploit in it because you don't access things with Android but with Apps."

I find that a little hard to believe. Apps aren't as dependent on the OS version as you think. Heck, the latest Facebook (and I DO use it, albeit minimally and only out of necessity) still runs on an old Galaxy Tab 3, and that's stranded on KitKat. Most of the updates to the Android OS are more to support itself than the apps. The biggest app-related upgrade was in Marshmallow when app permissions switched to on-demand instead of on-install, but that's something of a six-of-one-half-a-dozen-of-the-other thing.

PS. I specifically like the Note 4 because I have big hands, and it's 51/2 inches. That G5's no bigger than the S5 I keep as a backup unit (and I was forced to use it when my previous Note 4 suffered an internal hardware failure--unlike the S4 before it, the US S5 supports LTE Band III).

2
1

Re: Brave New World

I find that a little hard to believe. Apps aren't as dependent on the OS version as you think. Heck, the latest Facebook (and I DO use it, albeit minimally and only out of necessity) still runs on an old Galaxy Tab 3, and that's stranded on KitKat.

As I said, the corporates are more likely to ensure backwards compatibility and I wouldn't draw any conclusions about the security landscape from them. Look at the Shellshock vulnerability in the BASH shell. Twenty years it was there! So much for the 'many eyes' theory. So much for a single dev having the time/resources or even the interest in checking that old issues are ironed out before upgrading their offering with whizzy new features or compatibility with new devices.

Once I've sold you my app, unless I charge for upgrades I'm making no more money from you. My interest, therefore, is on ensuring that any new features offered by new hardware or OS updates are accommodated so as to attract new customers with their new hardware and/or OS platforms.

There's only me (and possibly two other guys) working on it and my stable of apps includes four others so my (our) time is divided and at most you can expect a fraction (say 20%) of 20% of my attention for your OS and even less for your device unless it's widely used (say 20% for a Note). So, in total you're getting 20% of 20% of 20% of my attention. That's not even 1%. And only if you have a popular device. If it wasn't/isn't popular forget it; count yourself lucky if any changes I make to the app don't stop it running altogether.

The latest version of my app might run on your vintage OS on your oldtimer phone but I'm not patching it to accommodate newly discovered flaws on either; I'm selling to the new customers with devices that don't have those flaws any more and my attention is focused elsewhere. If the latest version runs, great. If your OS has has unpatched flaws, sorry, I'm not wasting time patching them in my app, upgrade your OS or hardware.

Remember, what's in question here isn't whether the app will run, but whether it's secure - and those are two entirely different issues.

Most of the updates to the Android OS are more to support itself than the apps. The biggest app-related upgrade was in Marshmallow when app permissions switched to on-demand instead of on-install, but that's something of a six-of-one-half-a-dozen-of-the-other thing.

Yeah, that's a whole different matter again. As a developer the only concern I have about the permissions model is accommodating it to the extent that I am obliged to and no more. If the OS upgrade doesn't update that then neither will I. If it does then I will. Neither way around, however, does that make any difference to what I said before: if your OS has has unpatched flaws, you're on your own; I'm not wasting time patching them in my app - upgrade your OS/hardware or live with any consequences.

Moreover, how many apps designed for older versions will run on the newer release and accommodate any changes? Only those that made blanket request for features they never used anyway. I've got apps that run on Nougat but only if I grant them the same permissions they demanded on Marshmallow or KitKat. The change in permissions model didn't stop them running. It also didn't fix the security/privacy concerns inherent in running those apps in the first place and the devs aren't going to resolve them either - I can pay for an updated version (if there is one) or, more likely if it's a smalltime dev/team and they've let the app lapse in the meantime, search for a new app by someone else (if I can find one).

PS. I specifically like the Note 4 because I have big hands, and it's 51/2 inches. That G5's no bigger than the S5 I keep as a backup unit (and I was forced to use it when my previous Note 4 suffered an internal hardware failure--unlike the S4 before it, the US S5 supports LTE Band III).

Then you are either stuck running the risk of an outdated OS version or will have to bite the bullet and accept a phone with no removable battery, I'm afraid.

There are basically three phones with removable batteries that are worth your consideration in 2018 (the first three on the list here. After that though, removable batteries are gone for good.

The only way that situation could change would be legislation mandating removable batteries - and I don't see even the EU going that far ; )

4
0
Bronze badge

Re: Brave New World

I would take it with a grain of salt when some writer for Mashable declares removable batteries dead. Writers are Apple users as a general rule; this one seems to be no exception; and they would see inevitability in this trend because Apple started it. Most consumers, on the other hand, would gladly accept a rugged plastic phone that's 1mm thicker if it has a removable battery, headphone jack, and one-fifth the pricetag. That's the future of smartphones after the novelty wears off.

Sealed batteries are fine if you've disabled all the battery-draining location-tracking spyware and get 4 days on a charge. But I think they're largely a concession to metal & glass phones, because you can't simply pop the cover off. In other words, this is just foolishness.

3
0

Re: Brave New World

I would take it with a grain of salt when some writer for Mashable declares removable batteries dead.

Indeed. And I've been around the block more than enough times to be aware of that. But I wasn't about to list twelve other articles - one is enough for people to springboard off and research further, unless they just want to kneejerk to one single article (in which case it wouldn't matter how many links i posted).

Writers are Apple users as a general rule;

Erm, no, there's no basis for that statement whatsoever; writers are a mixed bunch - some use Apple, some Android, some Blackberry (believe it or not), some more than one. You can't say "writers use <brand> as a rule" - that's not even bollocks in the same way that Deepak Chopra is not even wrong.

this one seems to be no exception; and they would see inevitability in this trend because Apple started it.

It has nothing to do with who started it and everything to do with what the trend actually is across the board. Seriously, give this one up; you won't find many phones with removable batteries, period - and it doesn't matter who the OEM is, that's just the way of things and the way they will continue.

Most consumers, on the other hand, would gladly accept a rugged plastic phone that's 1mm thicker if it has a removable battery, headphone jack, and one-fifth the pricetag. That's the future of smartphones after the novelty wears off.

Most consumers want whatever will impress their friends, family, co-workers and randoms at the bar/pub that is within their budget; they don't know or care whether its good so long as everyone else thinks its good. I think you are possibly spending too much time in the company of the cognoscenti and not enough in the company of Joe Public - the average smartphone user doesn't care what the specs are or what features it has, all that matters is that it's an iPhone or a flagship Android, trust me. They don't even care that it's a smartphone; all that matters is that it's expensive and, therefore, by definition, good.

Sealed batteries are fine if you've disabled all the battery-draining location-tracking spyware and get 4 days on a charge. But I think they're largely a concession to metal & glass phones, because you can't simply pop the cover off. In other words, this is just foolishness.

Joe Public doesn't know about spyware or tracking, doesn't care about it when you tell him and will get pissed off with you if you persist in explaining it - he doesn't want to know (he has nothing to hide and no-one is interested in him or you, you paranoid schizophrenic, you).

You and I are concerned; he isn't, believe me - I've been explaining it to people for the last forty years and even post Snowden they still don't want to believe.

Trust me on this, people don't know, don't care, don't want this or that or the other, they'll take what they can get as long as everyone else thinks it's good (because people wouldn't think it good, if it weren't, right?).

2
2
Silver badge

Re: Brave New World

"The only way that situation could change would be legislation mandating removable batteries - and I don't see even the EU going that far ; )"

And I think they will. Two words: Note 7. Many airlines already ban them specifically, and it wouldn't take too many more spontaneous battery combustion to get internalized batteries classed an unacceptable fire risk. At least removable batteries can be replaced when danger signs such as bulging emerge.

2
0
Silver badge

Re: Brave New World

OK, I'll keep it brief. I'll take the security risk over the fire risk. Push comes to shove I can be pwned by the radio chips, and those are in feature phones so I'm already screwed. Plus, at least a security risk can't KILL me.

0
1

Re: Brave New World

The Note 7 is a good point. But how many other phones are famous for that flaw?

Let me see now. Erm, none.

How many other phones are banned on airlines? Uh, None.

How many are going to be banned on airlines in the future? Well, until there's another 'Galaxy Event', as it were, exactly none.

In fact, airlines have recently moved from 'airplane mode' to 'sure, use your phone' mode.

Personally, I prefer removable batteries myself but, in the even of my phone catching fire in my pocket, that's gonna be the last of my concerns. If I can, I'll get it out of my pocket and hurl it away from me. If I can't, I'll remove whatever item of clothing contains it and hurl that away from me. The last thing am going to be doing in the instant in which I am potentially about to get a hand/limb/face full of plastic, metal and poisonous chemicals is faffing around, trying to get the battery out, believe me - anyone who does is due some sort of Darwin Award (or at least a runner's up consolation award for effort).

I like a jack socket for my headphones, even though I never use it - it serves as a useful physical standby in case my Bluetooth ever stops functioning for some reason.

I like having a microSD (or whatever) slot so that I can expand my storage.

I like having physical buttons for power and volume.

But all that is going the way of the dodo. When wireless charging is in everything (and it will be), you just watch the uptake on all-glass phones. No ports, no buttons., everything soft.

Retail phone? What's that? You won't need to worry about buying a SIMless phone, you'll buy one locked to a service provider and either stick with them or get it changed over to another within 28 working days - as long as you can switch carrier, legislation requiring flexibility from the OEMs/suppliers/vendors/networks will have been met and there will be no obligation to provide you with a physical SIM separately to the phone.

Need more storage? You won't need to buy a card, you'll just get the more expensive model.

Headphone socket? Nobody uses them any more - just carry a second pair of Bluetooth earbuds/headphones and/or a charger.

What's that, you say? You don't like that vision of the future. That's a shame, but, hey, you know, it's a free market and you're not obliged to have a phone if you don't like any that are on offer. You can always wait and see if enough other people want what you do to encourage some OEM to tool up for it alongside their standard all-'glass' injection-moulded models.

In the event of another 'Galaxy Event', the EU (or anyone else for that matter) will not legislate in favour of removable batteries - that could end up with them being sued by someone foolish enough to try to remove an overheating/exploding battery. The airlines/whoever will simply impose a "You're not bringing that on here" rule and it'll be up to you to take it up with your phone's OEM if that results in a significant inconvenience in any way.

Sorry, but that's just the way the world works right now and I really don't see it changing for the better in any way. Over the years, I've just seen it get steadily worse until we barely have any say in our lives any more. From autolimiting recording devices where I can't set the levels any more, to autodetection of recording format so that I can't overload it to achieve a particular sound, to autofocus on cameras, to all-digital and no way to overexpose, to BIOS featuresets that prevent me from changing harddrive parameters, to locked phone bootloaders, to Facebook pre-installed and permanent on my phone, to autonomous vehicles, there is less and less control and less and less choice. Get used to it.

1
1
Anonymous Coward

Re: Brave New World

"Get used to it."

And what happens when more and more people reply with, "Stop the world, I wanna get off!"?

1
0

Re: Brave New World

And what happens when more and more people reply with, "Stop the world, I wanna get off!"?

Do let me know when you've given up owning a mobile tracking device phone yourself, won't you?

I love the idea myself but I can't because (thanks to all the people who constitute more than you, me and our friends) if I want to accept an offer of work, I have to be available for people to contact me on the phone whenever is convenient for them, not me.

Because, unfortunately, there are more of them than there is of me and, however much I might lament the fact, I have to live in a world in which people send texts rather than call, use WhatsApp to do government/business, don't even send a text but put something on social media that I might miss but, hey, that's my problem not theirs (they put it on Facebook, didn't I see it? Oh, well), use Facebook Messenger to discuss how awful it is that Facebook gathers all this data on them, the list of evidence for the fact that 99% of the world's population has an IQ below 70 is almost endless.

You, me and four other people might hold out for something better - but just like hunger strikers in prisons, we aren't going to change anything of any significance except our health and, just maybe, how many days in the week we get mashed potato for lunch instead of boiled potatoes.

The world and their dogs aren't going to say "Stop. I want to get off." If they were, they'd have done something about it already. They'll keep upgrading their phone every two years. They'll keep voting to have their right testicle electrocuted instead of their left. They'll keep giving away more and more control of their lives until they own nothing and have no rights any more, not even to themselves - having the right to say who gets to use your data is not the same as having the right to generate no data at all in the first place.

As I've said on another thread: one day, you won’t log in to this site or that email account at all, let alone with different credentials. You’ll have a single ID. Like OpenID, but it won’t be optional — in fact, very soon now, opening a Facebook account will be mandatory and if you don’t do it voluntarily, you will have to make do with your court appointed account. You’ll log in to that ID and every service you are subscribed to in any way (FaceBook, Twitter, What’sApp, email, Amazon, PayPal, the restaurant you booked a table at, the pizza delivery firm you ordered from, the taxi firm you booked a cab from, the airline you booked a flight with, etc., etc., etc.) will be simultaneously active and sharing information between them. You won’t be able to separate them out nor will you be able to log in to them in any other way.

It’s already here in the form of fingerprint scanning and facial recognition ‘security’ systems on smartphones. The next step will be the smartwatch (the real thing, not the silly toys currently on offer that require you to have a smartphone they link to.) or even ‘GoogleLens’ contacts that you wear instead of ‘glasses’.

Eventually, of course, there’ll be the 'option' of implants—so that you can’t mislay, lose or have your device stolen. Then you’ll never be offline again … even when you sleep.

You won’t come home to a home. You’ll live in a coffin hotel, with shared amenities—you’ll pop down to the food hall for your meals and use the communal showers to wash, collect your clothes for the day from the cleaning service and give them the dirty ones, etc. What do you need space for anyway? All your possessions are digital and stored in the ‘cloud’—all you need is room to sleep in, with a couple of speakers either side of your head and a screen above your face. If you want sex, you'll book into a ‘Love Hotel’—just enough room for the woman to go on top, provided she doesn’t want to sit fully upright. I suspect that addresses will have elaborately appealing names and you’ll live somewhere like 3515 (Floor 35, Room 15) ‘Paradise Gardens’— you don’t want people knowing they live in a cage.

What you want, what I want, what a handful of iconoclasts like us want is immaterial. What the vast majority wants is to not have to think, not be obliged to take responsibility for thinking, not be confronted with awkward facts or discomforting information that would require them to take any action that would be more effortful than their current lifestyles. And what they want more than anything else is to not be told that they're stupid for buying the phone they have by someone like you or me who think we're so clever but, if we're so clever, why aren't we Steve Jobs/Bill Gates/Elon Musk/running Sony or Samsung or Facebook or or or? Yes, we did tell them they were stupid; they distinctly felt we did when we explained why their choice in phone was less of a cause for celebration than they had been led to believe by the advertising and their friends and colleagues . Well, if we're so smart that we're smarter than everyone they know, the advertisers, the marketers, the OEMs, why aren't we running the show, eh? Answer them that!

Isn't it terrible the way Foxconn had to put in nets to stop people from killing themselves rather than work just one minute more? How's your phone by the way? Produced by a Bangladeshi workers co-operative from naturally and locally sourced biodegradable materials and bought by a Fair Trade distributor? No? Why not? I thought you wanted to get off.

Yeah, maybe a movement will get up in arms about something or other. Maybe Apple or someone will pay lip service to the idea of 'listening to the customer'. No doubt, one day, Occupy will be found to have got Starbucks to use one layer of cardboard less in the heatshields around their polystyrene coffee cups.

People want their shiny phones. They want to be able to wave them around and for their friends, family and colleagues to "ooh" and "aah" over them. That isn't gonna change and neither you, I nor our friends are going to make even the least dent in that - we have as much hope of changing human nature as a gnat has of flying to the heart of the sun and back.

Get off, if you can and good luck to you. if you make a success of it, please stop by and let me know how you did it so that I can try too. Nobody else is gonna follow our lead though. Not enough to make any difference. Because we can't change other people, just drop off their radar when they stop texting us because we never reply and they forget we ever existed.

If you can design a new phone with a removable battery that you can also market so well that it becomes the iPhone killer then removable batteries in phones might become a thing - I won't be holding my breath though.

0
0
Silver badge

Re: Brave New World

"we will have to buy a new phone of some kind or else run the risk of being pwned"

There's your mistake right there, assuming that buying a new phone you're somehow magically free of the risk of being pwned. Actually, ANY statement extolling the security benefits of new phones beyond a simple "older = more pwnable" is highly arguable regarding the exact amount of "additional protection" they are supposed to be offering. No amount of money in the world can buy you "security". You cannot achieve it. You cannot get anywhere near it. You can only get very, very, very, very, very, very slightly closer...

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018