Motorola Confirms That It Will Not Commit To Monthly Security Patches (arstechnica.com) 162
If you are planning to purchase the Moto Z or a Moto G4 smartphone, be prepared to not see security updates rolling out to your phone every month -- and in a timely fashion. After Ars Technica called out Motorola's security policy as "unacceptable" and "insecure," in a recent review, the company tried to handle the PR disaster, but later folded. In a statement to the publication, the company said: Motorola understands that keeping phones up to date with Android security patches is important to our customers. We strive to push security patches as quickly as possible. However, because of the amount of testing and approvals that are necessary to deploy them, it's difficult to do this on a monthly basis for all our devices. It is often most efficient for us to bundle security updates in a scheduled Maintenance Release (MR) or OS upgrade. As we previously stated, Moto Z Droid Edition will receive Android Security Bulletins. Moto G4 will also receive them.Monthy security updates -- or the lack thereof -- remains one of the concerning issues that plagues the vast majority of Android devices. Unless it's a high-end smartphone, it is often rare to see the smartphone OEM keep the device's software updated for more than a year. Even with a flagship phone, the software update -- and corresponding security patches -- are typically guaranteed for only 18 to 24 months. Reports suggest that Google has been taking this issue seriously, and at some point, it was considering publicly shaming its partners that didn't roll out security updates to their respective devices fast enough.
Easy... (Score:2, Insightful)
It's actually pretty easy to roll out regular patches, especially considering the upstream testing... ... unless you're adding a ton of vendor/carrier crapware. Testing and maintaining *that* might be an issue.
Yet Motorola's solution is (apparently) not "DONT FUCKING DO THAT" but instead "don't bother with patching". Yay. Go team dumbass.
Re: (Score:3)
If we patch our OS, people can remain on it and be happy with their existing phones. If we leave them behind with a millstone around their neck, they'll upgrade. Profit.
Fuck you Motorola/Lenovo (Score:5, Insightful)
Then you stopped providing updates for it (of ANY kind) after 219 days.
Fuck you, fuck you so hard. I've made it very clear to everybody I know that they should never, under any circumstances, buy any Motorola or Lenovo products.
Re: (Score:2)
This is why I LOVE all my Nexus devices. Guaranteed minimum 2 years of Android version updates (major OS versions) along with a minimum of 3 years or 18 months after Google stops selling it for security updates.
Re: (Score:2)
Same with my Moto X 2014, it's stuck on the November 2015 security patch level
I've had a Motorola Defy, a Moto G and a Moto X. No more Motorola's for me.
My next phone will be a Nexus.
Re: (Score:3)
Why would anyone want a Motorola/Lenovo anyways? After all, they're dropping the headphone jack too...
(Some "innovation" Apple. You got out-innovated by the competition over a rumor).
Re: (Score:2)
Only Moto Z, the thinnest phone in their lineup, is dropping the headphone jack. I am quite happy with my Moto X with a headphone jack.
Re: (Score:2)
They finally pushed out a... June? 2016 security patch to my Moto X. I think this fixed the bug where the radio would get woken up from sleep mode, but not return to sleep when done, which ate up my battery like crazy. The Moto X was my first Non-Nexus phone in years... now I'm back with a Nexus 5x, at least Google patches their shit.
Re: (Score:3)
That shiny new software smell?
No just not software that smells like year old Swiss cheese complete with all those huge holes. Android 6 rolled out to my device last week. Nothing really changed. The software isn't wonderful and new. It still works like it did before. It is however nice knowing some security issues were fixed.
This is slashdot. If you think people want updates to get that lovely new software smell then you don't belong here. If anything we want the software to change as little as possible with only security back ported. T
Re: (Score:2)
I got Android 6 about a month ago, and while most things still work, it broke Android Pay pretty badly. It used to be easy to pay for something with the phone - now it keeps hounding me for the administrative password for the phone (even though I unlock the phone with my fingerprint), and some payment terminals get confusing/conflicting information from the phone which screws up the transaction even more.
It isn't worth the hassle of using the thing for payments any more.
Re: (Score:2)
It may be buggy, but really you shouldn't be using your phone for financial transactions.
Re: (Score:2)
Tell me, can you link to any wide-spread loss disturbance caused by an Android security flaw?
You didn't just use the 1990s era Linux is secure because no one attacks Linux line did you? Oh man you totally did.
Re: (Score:2)
I bet you will get Windows 10 updates on this for a lot longer than 219 days (Not an affiliate link)....
https://www.amazon.com/dp/B01A... [amazon.com]
$119
VENSMILE iPC002+ Plus Windows 10 Mini Desktop PC Intel Compute Stick Cherry Trail Z8300 Quad Core 1.8Ghz Pocket Computer with 2GB Ram 32GB EMMC 2.4 5G Wi-Fi HDMI 1080P H.265 BT4.0 USB3.0
Re: (Score:2)
Then you stopped providing updates for it (of ANY kind) after 219 days.
What are you missing? That shiny new software smell? If you want great support and timely updates, maybe you should look at spending more than $99 for a smart phone. The E is clearly a low end device. Don't expect Apple support.
Perhaps you missed the part where Motorola advertised the phone as one that will receive updates and not get left behind.
Re: (Score:2)
Perhaps you missed the part where Motorola advertised the phone as one that will receive updates and not get left behind.
You missed the part where people shouldn't believe everything they read or are told. Lack of updates has been an android issue from day one, so I'm not going to believe any outfit that promises them on Android.
One might get the idea that part of those "overpriced" Apple phones is getting updates, and if you want a razor thin margin like the more "sensibly priced" android phones, maybe they can't afford to update you every month.
Re: (Score:2)
Perhaps you missed the part where Motorola advertised the phone as one that will receive updates and not get left behind.
You missed the part where people shouldn't believe everything they read or are told. Lack of updates has been an android issue from day one, so I'm not going to believe any outfit that promises them on Android.
One might get the idea that part of those "overpriced" Apple phones is getting updates, and if you want a razor thin margin like the more "sensibly priced" android phones, maybe they can't afford to update you every month.
So I shouldn't be mad at Lenovo, because even though they are guilty of blatantly false advertising, I shouldn't've believed it in the first place?
What kind of victim-blaming shit logic is that?
Re: (Score:2)
Also, Moto committed to providing an Anroid M update for the Moto E. http://motorola-blog.blogspot.... [blogspot.in]
Sorry, forgot to respond to this. Maybe you should check your link to see what it actually says: "2015 Moto E with 4G LTE in Latin America, Canada, Europe and Asia (2nd Gen)"
I'm an American, so no update for me. But that's alright. I switched to a Nexus and I'm loving the monthly security updates. I don't recommend anything but iPhones and Nexus phones anymore. And I ESPECIALLY recommend against everything Lenovo and Motorola.
Re: (Score:2)
How is this any different than for any other manufacturer? You're up shit's creek if you think any of the big manufacturers are sending timely OTA security updates.
iPhones and Nexus phones both get timely updates. I think the Galaxy S phones do as well since Samsung has been pushing them for government use, although I don't own one and so I can't tell you for sure.
Re: (Score:2)
Sad but unavoidable (Score:3)
Perhaps Google should rethink its strategy of how they offer software and encourage some type of buy-in on updates for support in the hardware and software dev process
Re: (Score:2)
Perhaps Google should rethink its strategy of how they offer software and encourage some type of buy-in on updates for support in the hardware and software dev process
It's not Google's choice. Vendors want the ability to make customizations to the OS, to "add value". It's one of the reason why they accepted Android in the first place: the ability to control, customize, and bundle whatever they wanted.
Moreover, while getting a vanilla AOSP up on your device isn't hard, making it stable and performant is most certainly not.
Re:Sad but unavoidable (Score:4, Insightful)
It's not Google's choice. Vendors want the ability to make customizations to the OS, to "add value".
Wrong! It IS Google's choice.
I'm sure that "Vendors" wanted the ability to make "Customizations" to the iPhone, too. It's just that Google COULDN'T CARE LESS about anything other than Datamining. Every Android install is nothing more to them than more Click-bait, more Datamining, more Privacy incursions.
Google could end this RIGHT NOW. But they won't.
Ever ask yourself why?
Re: (Score:2)
I'm sure that "Vendors" wanted the ability to make "Customizations" to the iPhone,
They sure did and Apple told them to suck it. That's why Android exists. It exists because carriers wanted control that Apple wouldn't allow them.
It's just that Google COULDN'T CARE LESS about anything other than Datamining
And, what's your point? Right, their Google Apps (which aren't part of Android) do the datamining. As long as the vendor includes those, which they are bound by contract to do, Google doesn't care ... beyond the fact that they want Android do have a good name so it can continue to be a vehicle for Google Apps.
Google could end this RIGHT NOW. But they won't. Ever ask yourself why?
I don't need to ask, I know.
For starters, the vendors w
Re: (Score:3)
My take on the whole "we can't be bothered to patch or upgrade our phones" a complete line of bullshit. The fact that CM runs on so many devices kind of makes that case laughable. These are semi-pro volunteers at best who are able to manage to get the thing running on hardware, often without access the Manufacturer has to hardware level programming, and make (often) a better product than the manufacturer. If I were any one of these companies CEO, I would call it embarrassing.
The second point is, they could
Re: (Score:2)
almost next to nothing
It's fun to think you know more than the thousands of people who's jobs it is to manufacturer and ship software for devices. I mean really, if it was a matter of hiring one guy for a few months, common sense would lead you to believe they'd just do that vs. facing the bad press. Common sense would lead you to think that it's maybe more of an ordeal than armchair software developers like to claim.
Well, I would invite you to talk with someone that actually does this sort of engineering. Getting AOSP up and ru
Re: (Score:2)
Every single change you made in the previous release needs to be ported to the new release and tested. And it's more likely than not that the files have changed and it's not simply applying a patch. If you are unlucky, the kernel changes and you need updated version of your drivers. Sometimes you don't even have the source for those so you need to go contract with chip maker or a 3rd party to rework the drivers.
This is why you upstream everything and choose hardware with open-source drivers. If you have to apply proprietary in-house patches to get the latest AOSP running on your device, you're doing it wrong.
Re: (Score:2)
Every Android dist is customized to that specific hardware. Creating a performing, stable Android dist for even one hardware config is an massive task.
That's an excuse an (I assume) you know it.
I didn't mean that Google had to roll every single OEM implementation themselves; but they could still maintain control over the "overall experience" of the "brand" through OEM Licensing Agreements.
Do you REALLY think that ANY OEM would want to Fork their own version of Android (which BTW, wouldn't be allowed to be called Android, nor use the familiar (if fugly) Logo)? No, they would cowtow to Google's new terms in a heartbeat.
Same with the Carriers: Although
Re: (Score:2)
they could still maintain control over the "overall experience" of the "brand" through OEM Licensing Agreements.
Well good, they already do that.
It's not the brand, or the experience that's the problem. It's the nitty gritty development and testing and patching of the OS against each and every unique device they develop. Someone has to pay for that to happen.
they can again use The Power Of The License to force the OEMs to strongarm the Carriers.
The Android way is to provide options. If you want timely updates, pay $800 for a Samsung device. On the other end of the spectrum is the $99 Moto E. Pray for your updates. Your choice.Personally I'd rather have options than a world where Samsung was the only Andr
Re: (Score:2)
I'd rather have options than a world where Samsung was the only Android device manufacturer.
...and I might very well be right there with you, if Android wasn't such a Clusterfuck.
It's SLOWLY getting better; but it's STILL not really serious about critical things like delivering Security Patches, and properly vetting Apps in the Play Store.
Re: (Score:2)
properly vetting Apps in the Play Store.
Apple's policies are too restrictive. Google's aren't restrictive enough. People will complain either way.
Re: (Score:2)
properly vetting Apps in the Play Store.
Apple's policies are too restrictive. Google's aren't restrictive enough. People will complain either way.
It's a phone. Set your expectations accordingly.
I've got my MacBook Pro for when I want to go Midieval on something...
Re: (Score:2)
That makes no sense. If all they wanted was to data mine they would be trying to make the best OS possible so that as many people as possible use it.
Android got where it is by being open. If it was identical in every phone manufacturers wouldn't have wanted to touch it because there would be nothing to differentiate their product.
Google's mistake was not ensuring they could patch everything from day one. They have mostly fixed that now with updates via Play. That's why we don't see vast botnets of phones wh
Re: (Score:2)
Android got where it is by being open.
Typical Slashtard. Outside of this site, almost NO ONE cares that Android is "Open" (which it is actually NOT).
Android got to where it is by being on every cheap-ass FREE handset around, PERIOD. FULL STOP.
Re: (Score:2)
Android got where it is by being open.
Typical Slashtard. Outside of this site, almost NO ONE cares that Android is "Open" (which it is actually NOT).
The phone manfacturers do, and for them it's enough that Android is more open than iOS (which it actually IS, for any reasonable definition of open).
Android got to where it is by being on every cheap-ass FREE handset around, PERIOD. FULL STOP.
So, pray tell, what made those cheap-ass handsets possible?
Re: (Score:2)
I'm sure that "Vendors" wanted the ability to make "Customizations" to the iPhone, too. .... Ever ask yourself why?
Nope. Even though it's a large organisation I wouldn't have thought Apple would be too keen to make customisations to Apple's own product.
The only thing I ever ask myself is "Did he ever look up what vendor means before posting?"
Re: (Score:2)
It's not Google's choice. Vendors want the ability to make customizations to the OS, to "add value".
Wrong! It IS Google's choice. I'm sure that "Vendors" wanted the ability to make "Customizations" to the iPhone, too. It's just that Google COULDN'T CARE LESS about anything other than Datamining. Every Android install is nothing more to them than more Click-bait, more Datamining, more Privacy incursions. Google could end this RIGHT NOW. But they won't. Ever ask yourself why?
No, it's not Google's choice. Android is FOSS which means anybody can make an Android phone. If macOS were FOSS, then anybody could sell a Hackintosh and not update it, and it would be the same thing.
As far as I'm concerned, so long as Google's own products (Nexus/Pixels) get security updates, I'm not mad at them for what other people do. But if you're going to cry that Google is bad because they don't heavily restrict their OS, well, good luck with that: the reason I prefer Android is BECAUSE of the fre
Re: (Score:2)
No, it's not Google's choice. Android is FOSS
From what I have read on this site, Android is "F/OSS" for very limited values of "F/OSS". IOW, it really ISN'T F/OSS in a PRACTICAL sense.
Re: (Score:2)
No, it's not Google's choice. Android is FOSS
From what I have read on this site, Android is "F/OSS" for very limited values of "F/OSS". IOW, it really ISN'T F/OSS in a PRACTICAL sense.
Sure it is. Anybody can package their own Android ROM and install it if they feel like it. Ask Psystar how that worked out for them and Hackintosh.
Re: Sad but unavoidable (Score:2)
Windows manufacturers have been adding crap to the default installations for over two decades but users have always been able to get security updates from MS.
Then UNLOCK OUR BOOTLOADERS! (Score:5, Insightful)
No exceptions. A phone is a critical communications device, and if the OEM won't supply critical upgrades, then they must allow others to do so.
DMCA exceptions should be established, and vendors should not be allowed to sell phones within the U.S. without providing all required unlock keys into an escrow. Upon 6 months of patch inactivity, the keys go public.
Re:Then UNLOCK OUR BOOTLOADERS! (Score:5, Insightful)
if we had ralph nader types working for us, it would be a law that any series of skipped or delayed security patches (some threshold in a row) would mandate that you unlock bootloaders and let people do the patching themselves.
man, I wish we had people working FOR THE PEOPLE as our government. the fact that they sold all of us out and stopped caring, that's going to be part of our total demise as a nation. not the main part, but a huge part.
there were short periods in time (sorry to say, usually under D control) where our congress and senate worked to make things better for regular people. I can't remember the last time this happened, though.
too bad our lawmakers have no balls to stand up to the power of money and bribes and 'election campain money'.
we surely deserve better than this.
Re: (Score:2)
While I agree with the sentiment, I reject your version of how to solve the problem.
The correct way to handle this is via Class Action Lawsuit, against carrier and manufacture for selling a product that is unfit for use, and either force a recall or updates. We don't need an ill crafted law that is watered down by industry shills in the Republicrat Party.
I can guarantee that your idea will work, but only temporarily until the legislation is watered down further or they find another way around the specifics
Re: (Score:2)
we surely deserve better than this.
No we don't. Because we keep voting for the same "D"s an "R"s. EVERY. SINGLE. TIME.
Re: (Score:2)
We need election reform. 12 year term limits and eliminating gerrymandering by requiring square-like districts and non-partisan individuals to make said districts.
As for the phone issue, I'd like to see a mandatory five year (labor and parts) warranty on all phones exceeding $200 with guaranteed security fixes for the first five years since major public availability. Example: Phone becomes publicly available (not just a limited release) on January 19th, 2017. Would be covered until January 18th, 2022 for security fixes. However, if someone buys it on January 30th, 2018, it'd be covered until January 29th, 2023 for parts and labor.
Yeah, and people in Hell want icewater.
So, you want to essentially include an extended warranty package PLUS the cost of a new battery pack (and labor) into every phone purchase, right?
Fine. Your new $200 phone now costs $550. Suck it.
Oh, and your brilliant plan doesn't seem to require OS updates throughout that period, so...
Plus, I would venture to guess that most phones become not worth repairing through abuse, not component failure.
Re: (Score:3)
hear hear!
Re: (Score:3)
Motorola let you unlock their phones.
They have instructions on their website.
No, they do not! (Score:2)
Re: (Score:2)
So blame Verizon, not Motorola.
Stop buying carrier branded phones.
Re: (Score:2)
Re: (Score:2)
I thought there were already DMCA exception. Isn't that how Cynaogenmod, etc. function?
Re: (Score:2)
No exceptions. A phone is a critical communications device, and if the OEM won't supply critical upgrades, then they must allow others to do so.
Which Motorola phones don't have unlockable bootloaders? I'd be surprised if PAYG phones from crapfone etc. did, to be fair. But aren't most moto phones unlockable?
Re: Then UNLOCK OUR BOOTLOADERS! (Score:2)
No 911 for you. (Score:2)
Re: (Score:2)
And I commit not to buying their products. (Score:3)
If it is too much work, Motorola, then you fix that problem. You don't just pass the buck to the end user. If it is taking too long, that means you're adding too much bloated cruft to the OS. Get rid of it and do your job properly, or suffer the consequences of anyone who knows a little about security avoiding your products, and recommending friends, family and colleagues to do the same.
Too bad for them. (Score:2)
Re: (Score:2)
I bought it for my son. It's a great phone. $249 for a 64GB / 4GB 1080p device with a SD card slot. Very close to stock Android. Still uses micro USB, and no NFC reader are the only downsides I can think of.
Re: (Score:2)
I don't care about it being microUSB, the question is how solid is the port. Is it the kind that breaks after a thousand cycles, or does it last and last?
Re: (Score:2)
It absolutely lasts and lasts I can guarantee it personally.
Re: (Score:2)
Re: (Score:2)
but if they can get me a 128Gig unit for a decent price, I'll be satisfied being able to store what I need until I get home and can transfer it to my file server.
WTF are you storing on your PHONE, FFS?!?
Re: (Score:2)
WTF are you storing on your PHONE, FFS?!?
Umm.. Pictures just taken? It's always with me, unlike my DLSR.
Re: (Score:2)
It's a fucking COMPUTER. So, the same kind of things you would store on a desktop PC, or a NAS.
There were consumer 120GB hard drives almost 15 years ago FFS.
Re: (Score:2)
It's a fucking COMPUTER. So, the same kind of things you would store on a desktop PC, or a NAS. There were consumer 120GB hard drives almost 15 years ago FFS.
No. It's a PHONE with certain limited COMPUTER-LIKE functionality. It is no more a "computer" than your Playstation.
Re: (Score:2)
We were arguing about a Nexus phone, which I believe is a brand for phones that can be "rooted" without hacking or cracking.
It's also about "phones" that can easily be compromised by malware, ads or attackers thus this slashdot story about a manufacturer providing insufficient security updates.
I don't do constant security updates on my dumb phone or other "limited computer-like" devices.
cheap bastards, that's all (Score:3)
However, because of the amount of testing and approvals that are necessary to deploy them, it's difficult to do this on a monthly basis for all our devices.
no one disagrees that it takes manpower to do full regression tests after patches. but the thing is, for most of the time you are NOT writing the patches, just integrating it!
now, that aside, we all know that world labor is less than dirt-cheap. YOU HAVE NO EXCUSE TO AVOID GETTING THINGS DONE in this cheap-as-chips world labor market.
fuck you. you claim you are poor? double fuck you for lying about it and we all can see that, too.
Handset maker is only half the battle (Score:2)
The vendor is only half the battle (well, one third). Now that google is putting out monthly updates, even users of handset makers that push them along monthly (Samsung) don't usually get the updates. The carrier is also involved. So unless all three, google, Samsung and, say, vodafone, all move the patches along, there is going to be a huge lag in getting these devices patched. Sooner or later, somebody isgoing to take good advantage of this hole. I can only hope it doesn't hurt too bad.
It only makes
Re: Handset maker is only half the battle (Score:2)
Again that's Google's fault. The carrier isn't involved in iOS updates. Why should the carrier be involved at all? My ISP doesn't have anything to do with when my computer receives updates. What's the difference?
Re: (Score:2)
As much as I am not a fanboi, this was where Jobs was really good. Ramming through entrenched interests to get what he wanted. Apple forced the carriers not to bundle crapware and repackage the OS, a side effect of that is that they can push their updates promptly. Google didn't and the carriers still hold the keys to the devices, to our detriment.
It's probably due to their methodology (Score:2)
Don't forget that Motorola use the Six Sigma approach:
https://en.wikipedia.org/wiki/... [wikipedia.org]
which is in opposition of the current trend of agility, where the focus is on delivering, while Six Sigma's focus is the process itself.
Unless they don't use Six Sigma on their phones...
Re: (Score:2)
That's not really relevant.
Motorola may have used Six Sigma. What does Lenovo do?
Re: (Score:2)
Don't forget that Motorola use the Six Sigma approach:
That was back when Motorola was actually Motorola.
I doubt that the Company-Formerly-Known-As-Motorola bears ANY resemblance whatsoever to the Mighty Motorola we all grew up with.
br> Very sad, actually. They USED to be a very cool company. Now, they're nothing more than a Chinese Copy of a once-respectable Brand Name.
It would take work... (Score:2)
I know next to nothing about phone development, but if they are unable to update the OS code and run their software (and patches) against it in a reasonable time, then they seriously need to take a look at their dev process. Considering Apple, MS and Google do periodic
This is an Android Problem (Score:4, Interesting)
The iPhone 3 still gets support? (Score:4, Insightful)
According to wikipedia, Apple took this phone out behind the woodshed [wikipedia.org] in 2012.
Any phone vendor who cuts support for a model should be REQUIRED to open the platform for 3rd-party maintenance. A phone is not a general purpose computer, and there should be special rules for it.
Re: (Score:2)
What are you talking about??
The link you provided says Apple stopped selling it in 2012 (there were two later generations) because they couldn't provide the latest OS on the hardware. The very next sentence says that Apple provided the last OS update in 2014.
2 years of patches is more than I expect when I buy a product that's not even last-gen anymore, and the manufacturer has announced an end to support.
Re: (Score:2)
Actually not entirely true. The 3GS runs iOS 6, which was most recently patched in April of 2014 to update FaceTime (for compatibility) and fix a security issue (GoToFail). I'm not aware of any significant security patch they've refused to port since then.
Re: (Score:2)
A phone is not a general purpose computer, and there should be special rules for it.
You're right. And there are. It's called "Support has ended. Enjoy your product while it lasts."
Your Microwave Oven doesn't get Open Sourced when it gets replaced with a newer model.
Your DVD Player doesn't get Open Sourced when it gets replaced with a newer model.
Your TV set doesn't get Open Sourced when it gets replaced with a newer model.
Your A/V Receiver doesn't get Open Sourced when it gets replace with a newer model.
Your Game Console doesn't get Open Sourced when it gets replaced with a newer
Re: The iPhone 3 still gets support? (Score:2)
Re: (Score:2)
Let me know when you get your microwave patched to dial 911. I hope that works out for you.
If you are implying that a person with ONLY an iPhone 3 couldn't use it to dial 911 because it was stuck on iOS 4 (IIRC), I don't understand what your point is. An iPhone doesn't magically stop working just because there are no more OS Updates for it.
If that sort of behavior was the case, there would be about 100 working Android handsets in the entire COUNTRY, because almost NONE of them are Supported, some not even when they are brand new...
Re: (Score:2)
Re: (Score:2)
There were over a hundred WebKit security updates last year. How many made it to the iPhone 3? https://blogs.gnome.org/mcatan... [gnome.org]
I would imagine zero, which is to be expected for a phone discontinued in June, 2010. But they all made it to iPhone 4s, iPad 2 and above.
Still an infinitely better Support record than every, or nearly every, Android device.
Re: (Score:2)
It really is Google's fault (Score:2)
Re: (Score:2)
Google should have created an OS architecture that allowed for it to push its own security updates while leaving the aesthetic aspects and third party apps of the phone vendors and carriers alone (unless they were fundamental to the security problem).
If there were a clear dividing line between "aesthetic aspects" and "things fundamental to the security problem", that might be feasible. The Android One project has actually tried to draw such a line, but none of the big OEMs are happy with where Google drew it. They want lots of control.
Re: (Score:2)
What you want is not possible in what is effectively an Open Source project.
Re: (Score:2)
Re: (Score:3)
I don't see why Google can't figure it out
(Android security team member here)
It's not that Google doesn't know how to do that. It's that Google can't do that while also having a free and open source OS. Every piece that's moved out of the OS and into Play services is another piece that is no longer open. Moreover, if Google does too much of that sort of thing and removes the ability of OEMs to customize and differentiate their devices, they'll ignore Google completely, filling in the missing bits with their own code. Removing components from the
Why can't it be handled like a PC? (Score:2)
I think even Windows Phone updates are controlled by Microsoft even through OEM phones (if they had any left I mean).
Can someone explain this to me?
Re: (Score:2)
Well, first off the subject really confused me. I thought the issue was someone not pushing out security updates even when none was required. Ie, like Microsoft's Tuesday updates make me wonder if they come out with pointless and unnecessary updates just so that they can have something every week, what do you do every month if you have no security patch to shove out?
But reading the article it is *nothing* like that, the "monthly" thing is just a red herring. Basically they're not incorporating patches th
Re: (Score:2)
This is very true for most OEM suppliers. Many products are a combination of many OEM parts and you can't have each OEM supplier insist on it's own rules, especially if all those OEM rules would conflict with each other. Apple got away with it because it's their own phone, Google doesn't own any of the phones except for Nexus. Microsoft gets away with it because you don't argue with the giant gorilla who wants your banana.
Shoot self in foot then complain it hurts (Score:2)
Cooking images on a per device basis is a crazy, unnecessary unmanageable nightmare that leads to precisely this outcome complete with vendors crying "it's too hard".
There should be a single image that can be installed on anything it has drivers for like any normal operating system. This isn't a novel concept. Everyone knows what the solution is.
No smartphone vendor has ever paid any price for their customers getting owned. There is no incentive to give a shit and every incentive to use this as leverage
Re: (Score:2)
I agree. Perhaps Google should try should offer "universal" Android distribution that supports the relevant drivers for all modern hardware to the OEMs, and then see what happens. At least, give an option to the Nexus device users to run it. I suspect there are several "pure hardware makers", like the Chinese company Oneplus, who'd love to get out of the business of creating and maintaining the ROMs, so the idea will take off at least with them.
Welcome to "Update Theatre" (Score:2)
Publicly shaming?!? LOLWUT?
How about they deny using the Android name or Logo to any company who doesn't whip their own engineering and their distribution chain (carriers) in line? That seems to work for every other "Brand" or "Standard" that has a marketable "identity".
Me is sad (Score:2)
My cousin's hubby is a phone engineer at motorola. He's busted his ass going back and forth to china, helping them create phones, helping teach them how to create phones. My cousin was pissed - he was gone so much. All he brought back was a cup from the local Starbuck's. Too much working to get a real present.
And all for naught. I've heard nothing but meh or worse about these new phones. They've taken the Moto-ness out and put the corporate-ness in. Motorola is gone. And he's likely to need to polish his re
Samsung (Score:2)
I'm on the Samsung Galaxy S5 with T-Mobile, and to my surprise, a few months ago it started receiving the monthly patches just a few days after my Nexus 7. I don't know what the hell got into Samsung or T-Mobile, but holyshit, I'm quite happy they're actively supporting a now two+ year old device with the latest security patches.
co-responsability (Score:2)
Someone that posts a link to a torrent site can become co-responsable for the copyright infrigements downstream.
By the same logic, if a mobile phone is hacked and money disapears from the bank account due to that, then the phone manufacturer and operator are co-responsables for that hacking due to leaving the phone open to known vulnerabilities?
Google could enforce this (Score:2)
Google has a list of rules that an Android OEM has to follow if said OEM wants to be able to ship the Google Play Store, the Google Play Services middleware library and the other Google apps like GMail. Google could simply add terms to that agreement that require OEMs to provide security updates for their devices for a minimum amount of time after the device is released.
OEMs might complain but (with the possible exception of Samsung who might be able to ditch Google and do its own thing) they all need the G
This is google's problem... (Score:3)
. ... or secure to use.
Unless google changes its stance on Android security, Android will not be patched regularly
Re: (Score:2)
I bought my Moto X when it was an American phone.