Google Now Requires Partner OEMs To Offer Two Years of Security Updates To Popular Phones (theverge.com) 74
Confidential contracts obtained by news outlet The Verge show many Android smartphone vendors now have explicit obligations to keep their phones updated. From the report: A contract obtained by The Verge requires Android device makers to regularly install updates for any popular phone or tablet for at least two years. Google's contract with Android partners stipulates that they must provide "at least four security updates" within one year of the phone's launch. Security updates are mandated within the second year as well, though without a specified minimum number of releases.
David Kleidermacher, Google's head of Android security, referred to these terms earlier this year during a talk at Google I/O. Kleidermacher said that Google had added a provision into its agreements with partners to roll out "regular" security updates. But it wasn't clear which devices those would apply to, how often those updates would come, or for how long. The terms cover any device launched after January 31st, 2018 that's been activated by more than 100,000 users. Starting July 31st, the patching requirements were applied to 75 percent of a manufacturer's "security mandatory models." Starting on January 31st, 2019, Google will require that all security mandatory devices receive these updates.
David Kleidermacher, Google's head of Android security, referred to these terms earlier this year during a talk at Google I/O. Kleidermacher said that Google had added a provision into its agreements with partners to roll out "regular" security updates. But it wasn't clear which devices those would apply to, how often those updates would come, or for how long. The terms cover any device launched after January 31st, 2018 that's been activated by more than 100,000 users. Starting July 31st, the patching requirements were applied to 75 percent of a manufacturer's "security mandatory models." Starting on January 31st, 2019, Google will require that all security mandatory devices receive these updates.
Re: (Score:3)
Re: (Score:2)
Those issues were resolved through study of the Ballmer Peak
https://xkcd.com/323/ [xkcd.com]
Not long enough (Score:4, Insightful)
It's a step in the right direction, but not long enough. Many people use the same phone for more than two years. Buying a new phone is expensive. It's wasteful to throw out older devices that are still more than capable of meeting the needs of their users. This should be more like five years rather than two.
Re: (Score:2)
Five years? You want phone VPs to start flying coach? Fuck you!!!!
Works for the richest mobile phone OEM in the world...
Re: (Score:2)
True, that. But maybe, just maybe, this can be the camel's nose.
Re: (Score:1)
Is that better than the camels' toe ?
Re:Not long enough (Score:5, Interesting)
It's a step in the right direction, but not long enough. Many people use the same phone for more than two years. Buying a new phone is expensive. It's wasteful to throw out older devices that are still more than capable of meeting the needs of their users. This should be more like five years rather than two.
I fully agree, plus they need to make vendors support user's right to repair by providing commonly used replacement parts such as screens, buttons, batteries and instructions to replace these things. I suppose an open boot loader is a bit much, but that would be a nice option too.
If Google wants to help device users, let's help them.
Personally, I'd shell out quite a bit of extra dough on a phone if I knew I could count of having repair options for longer than the warranty gives me.
Re: (Score:3)
Re: (Score:2)
Get a FairPhone. They sell replacement parts right on their website: https://www.fairphone.com/en/ [fairphone.com]
Re: (Score:2)
You have to be kidding, an SD801 and they're still trying to get it running Nougat in Q4 2018, yeah, no thanks.
Re: (Score:2)
If you always want the latest and greatest, then why are you complaining about the support not being long enough? You'll be buying a new phone every other year any way.
DEFINITELY Not long enough (Score:2)
The "2 years" Google is now giving is what has been already established. Everyone is expected to spend $700 to $1100 every 2 years on a new cell phone.
There is NO REASON for Google to be abusive. A mid-level Google manager told me years ago that Google is making more money than it knows how to spend.
Google has moved from "Do no evil" to "Let's be destructive to others if that will make money". One article: Google Removes 'Don't Be Evil' Clause From Its Code of Conduct [gizmodo.com] (May 18,
Re: (Score:1)
Re: (Score:2)
That'll only work in countries with pathetic consumer protection laws, like USA.
Re:They should simply threaten to quit Google Play (Score:5, Insightful)
I cannot believe a sane person would actually be against this. Is there something wrong with you? Do you like not getting security updates? Do you want your phone hijacked?
Google Play is the one thing keeping malware from being worse than it already is. Unless there's an alternative app store that certifies that it thoroughly tests submitted apps, then I will grant them about as much trust as I would for free candy from Bill Cosby.
IMO Google hasn't gone nearly far enough. The rule should be simple. Security updates for at least 3 years for any android device you release to the public. Period. Don't like it? You are forbidden from using the Android trademark. Very simple.
Heaven forbid Google used their power for the public good.
Re: (Score:2)
I cannot believe a sane person would actually be against this. Is there something wrong with you? Do you like not getting security updates? Do you want your phone hijacked?
Google Play is the one thing keeping malware from being worse than it already is. Unless there's an alternative app store that certifies that it thoroughly tests submitted apps, then I will grant them about as much trust as I would for free candy from Bill Cosby.
IMO Google hasn't gone nearly far enough. The rule should be simple. Security updates for at least 3 years for any android device you release to the public. Period. Don't like it? You are forbidden from using the Android trademark. Very simple.
Heaven forbid Google used their power for the public good.
Every time I have argued this, I was told that Android is Open Source, and thus Google couldn't FORCE the OEMs to do ANYTHING.
Guess I was right after all...
Stupid Slashtards.
Re: (Score:2)
inb4 F-droid [f-droid.org].
Re: (Score:2)
IMO Google hasn't gone nearly far enough. The rule should be simple. Security updates for at least 3 years for any android device you release to the public. Period. Don't like it? You are forbidden from using the Android trademark. Very simple.
Agreed, which is why I stick to phones from the Android One program, which has this exact requirement.
Re: (Score:2)
Thanks for the tip! Looks like only one phone on the Android One program is targeted for the US marked (Nokia 7.1 available at the end of this month).
Re: (Score:2)
Empty threats are fun. Or did you miss the anti-trust rulling against Google recently which identified that the App Store itself formed a significant amount of market power for Google in the Android eco-system?
Wiggle words (Score:4, Funny)
Re: (Score:2)
The summary specifically states that popular = 100,000 activations. So regardless of what the OEM says, that 100,001th phone triggers this clause.
Re: (Score:2)
The cheap cell phone model depends on the ability to use whatever parts fall off the truck. This is similar to the cheap PC model from 25 years ago,
Wow (Score:2)
Two whole years!
Re: (Score:2)
The same Nexus 7 that got an upgrade to Android 6.0.1 in December 2015, over 2 years after it was release in July 2013? The one they guaranteed security updates until August 2016?
Their policy was/is 3 years since first release or 18 months since last sale, whichever is longer.
Re: (Score:2)
Two whole years!
That's kinda how I thought, too.
Meanwhile, iOS 12 supports phones back to the 5s, which was released almost exactly 5 years ago.
Oh, and iOS 12 actually IMPROVES performance on that old hardware, too, as well as provides the latest security updates...
Google should be ashamed of itself.
Re: (Score:2)
Meanwhile Apple just got fined $10 million for degrading the performance of old devices with software updates. Along with $5 million for Samsung.
Re: (Score:2)
Meanwhile Apple just got fined $10 million for degrading the performance of old devices with software updates. Along with $5 million for Samsung.
Yeah, by the same courts that fined Seismologists for an earthquake. And convicted a second person for a murder after they had already convicted a different one.
Re: (Score:2)
Italy are just the first ones to finish their case.
There's similar cases ongoing in France and USA.
Re: (Score:2)
Italy are just the first ones to finish their case.
There's similar cases ongoing in France and USA.
Doesn't mean they'll have the same result.
Half-assed (Score:5, Insightful)
2 years for popular phones? What defines a "popular" phone?
How about 3 years for ALL phones? You want to use android? Then provide f__king updates. Don't want to provide updates? Then GTFO.
Oh who am I joking? The consumer is the product. They care more about looking like they're doing something useful than actually doing something useful.
Got that right (Score:2, Insightful)
And it sounds like 2 years from LAUNCH? That's seriously weak. How about 2 years from end of sales!? That would at least be a start, unless we're really OK with becoming a society that throws multi-hundred-dollar devices i the trash EVERY FRICKING YEAR!
Re:Half-assed - 5 years for Apple (Score:2)
Re: (Score:3)
If you get a flagship phone (e.g. latest Galaxy, LG G series, Pixel, etc) there's plenty of updates for well over 2 years anyway. This is addressing the cheaper, less flashy phones that might still get a lot of sales yet never see an update.
Re: (Score:1)
I'd be good with three years of security updates from the manufacturer and then open source the firmware/bootloader and let the crowd take over. Then if an older device is popular, it can stay updated by those that use it and have the coding bug. Sure, there would probably be some painful transitions here or there, but it'd be better than however many years the supplier says and then fuck you.
European antitrust? (Score:2)
Meaningless (Score:2, Insightful)
It should be two years starting from the date that the last phone is sold. Otherwise this is meaningless.
Two Years? (Score:3)
So, a several-hundred dollar piece of consumer technology now has a lifespan cap of two years. Ridiculous.
Sounds like planned obsolescence to me.
what about the phone carriers? ban there rom's (Score:2)
what about the phone carriers? ban there rom's or force some like samsung to give out an knox safe base rom file.
Re: (Score:2)
Perhaps you should have read TFS instead of just the title, where it states "phones and tablets"
It's all devices that OEM's want to use the Play Store on.
Re: (Score:2)
I don't think you addressed the core of AC's complaint.
The summary uses the term "popular phones and tablets." What does "popular" mean?
Even in TFA it says:
What does "popular" mean?
To answer my own question on what's "popular," TFA goes on to say:
Re: (Score:2)
In terms of global sales, 100,000 isn't that much.
Let's pretend someone wants to sell a $500 phone and not provide support.
That's $50M in revenue to cover all the tooling, manufacturing, design, components, marketing, shipping, retail margin, taxes, etc.
The manufacturing and components alone are going to cost $100, that's $10M gone already.
The non-recurring costs for tooling so you can start manufacture will be in the millions.
You need to pay people to develop the original software build.
It'll cost you up t
Re: (Score:2)
Your crap second hand car had zero free vendor support.
Although, I just had the airbags replaced for free in my 2005 car. That's a safety thing though.
It's never had a software update, ever.
Cars don't get recalled when the keyless entry systems get hacked, even when it's still under warranty they generally don't fix it.
That wasn't so hard... (Score:2)
Just bring it all in-house. (Score:2)
If Google really wants Android to stop sucking, it's simpler than trying herd that particular batch of feral cats. They need to learn the lesson Apple learned when they made the mistake of partnering with Motorola on the ROKR... the same lesson Google themselves should have taken to heart years ago... and kick all these crap composite like Samsung, HTC, Xiaomi, and the aforementioned Motorola, revoke all their licenses, bring the hardware in-house along with the software, and do it all themselves. They al
stop this nonsense! (Score:2)
Stop this nonsense and just make Android One the only valid certified Android.
Updates come directly from google, how it should be.
Google should give a good example with the Nexus 6 (Score:1)
The Nexus 6 (Motorola XT1103 Shamu) has better performance and features compared to many current phones but the last security update was October 2017 (7.1.1). It is just obsolete because of the lack of updates.