Google Steps Up Pressure on Partners Tardy in Updating Android

Google is actively tracking the time its partner OEMs take to release a new version of Android onto their devices. According to a Bloomberg report, the company is drawing up rankings that could shame some phone makers into better behavior. From the report: Google shared this list with Android partners earlier this year. It has discussed making it public to highlight proactive manufacturers and shame tardy vendors through omission from the list, two of the people said. [...] Google is making progress persuading phone makers and carriers to install security updates quicker "for the good of users," Android chief Hiroshi Lockheimer said. The same expedited process may then be used to send operating system updates to phones, he explained. The most challenging discussions are with carriers, which can be slow to approve updates because they test them thoroughly to avoid network disruption. The report adds that several OEMs are also stepping up their game to better comply with Google's new wishes. Motorola, for instance, is working on offering quarterly updates to its three years old devices.

For users with non-Nexus devices, it's really frustrating to wait for months, and in some cases, years, before their devices from Samsung, Xiaomi, Huawei, HTC and other manufacturers get upgraded to a newer version of Android. Another challenge for Google is to push its partners to actively release updates to affordable and mid-range smartphones. Many OEMs mostly worry about serving those users who have the flagship and high-end models.

Stop locking the fscking devices then

Lock the device? Go and write your own OS, eco-system and create your own store. Google have this control, fscking use it. Apple have done so since day one, wisely so.

Re:Stop locking the fscking devices then

[The+New+Guy+2.0]

Apple only releases 1-2 SKUs a year of iPhone... while Google has no control of its operating system it hands to vendors who make the Android devices. Big difference there.

BTW... GOOG lost voting rights at Alphabet, Inc. recently... those moved to the new GOOGL stock.

Re: Stop locking the fscking devices then

[Karlt1]

Microsoft also has no control over other manufacturers but I don't have to wait on my computer manufacturer to get security updates from MS.

Re: Stop locking the fscking devices then

Microsoft also has no control over other manufacturers but I don't have to wait on my computer manufacturer to get security updates from MS.

Well, in many cases you DO have to wait on them.
Example- video cards. I have a buddy who has a fancy new GPU that is partially 'broken' because he's waiting for driver updates to fix some bugs. Guess who is making those drivers? Not Microsoft, they're made by the hardware manufacturer.
Another example I ran into recently... a bluetooth headset. Works find on multiple Android and iPhone devices, pairs immediately and works without any custom drivers, etc. But on Windows, it doesn't work... it pairs but there's no MS-supplied driver. I have to go get a driver from the manufacturer to make it work... and they don't supply one for my model any more.

Re: Stop locking the fscking devices then

[The+New+Guy+2.0]

Microsoft enforces their rules at the BIOS level... that's the reason why you can't build your own BIOS chip for Windows anymore.

Re: Stop locking the fscking devices then

[Karlt1]

I doubt that Microsoft is enforcing rules on Macs. I was able to install Windows 7 on an old Mac Mini without using Boot Camp.

Re: Stop locking the fscking devices then

[The+New+Guy+2.0]

Macs have only one source for BIOS: Apple... and Apple is part owned by Microsoft.

How'd you get that to work without Boot Camp?

Re: Stop locking the fscking devices then

[Karlt1]

Microsoft sold their 2% stake in Apple years ago. Apple uses the standard EFI that everyone else uses.

https://en.m.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface

As far as Boot Camp, Boot Camp only does a few things.

- For Macs that came out before It shipped, it upgrades the Mac EFI firmware to emulate BIOS, my old 2006 Core Duo Mini already had the updated firmware.

- repartitions the hard drive to share between Mac OS and Windows. Apple dropped support for 32 but Macs with 10.6 so I didn't care about the Mac partition. I reformatted to work with Windows.

- includes Windows drivers for Mac hardware. The Mac Mini used standard off the shelf PC hardware, it was all recognized by Windows 7.

The only issue I had was that 32 bit Windows 7 won't install or reformat a hard drive using GPT partitions. My first try, I gave up and installed Linux which reformatted hard drive using MBR and then Windows 7 recognized it.

Unlocked bootloaders

[bill_mcgonigle]

The carriers need to be careful - the FTC/FCC will probably order them to unlock bootloaders for any devices they refuse to update. They really won't want to do that. The FCC is regulatory-captured by the telcos, but the FTC isn't as much.

(of course *I* want that to be an option - I paid for the damn phone)

Re:Unlocked bootloaders

[gmack]

(of course *I* want that to be an option - I paid for the damn phone)

So vote with your wallet and only buy phones with unlocked bootloaders.. On the upside, they are usually cheaper and come with nice options like dual sim.

Re:Unlocked bootloaders

[piojo]

So vote with your wallet and only buy phones with unlocked bootloaders.. On the upside, they are usually cheaper and come with nice options like dual sim.

It's a rotten choice. There's no phone with great hardware AND an unlocked bootloader. (Great hardware means pluggable SD card and battery, and camera and other hardware that doesn't randomly screw up or stop working.)

Re:Unlocked bootloaders

[TechyImmigrant]

So vote with your wallet and only buy phones with unlocked bootloaders.. On the upside, they are usually cheaper and come with nice options like dual sim.

It's a rotten choice. There's no phone with great hardware AND an unlocked bootloader. (Great hardware means pluggable SD card and battery, and camera and other hardware that doesn't randomly screw up or stop working.)

The Nexuses are the closest you will get. The hardware seems to be good these days and they are certainly not bootloader locked. I have a Lenovo for travel that's got all the ports and dual SIM. That was unlockable in the sense that all it took was a google search.

Re:Unlocked bootloaders

[piojo]

The Nexuses are the closest you will get. The hardware seems to be good these days and they are certainly not bootloader locked. I have a Lenovo for travel that's got all the ports and dual SIM. That was unlockable in the sense that all it took was a google search.

It's a bit immature, but I have a grudge against Google for the Nexus 4. On top of all its design shortcomings, mine had a slightly defective motherboard. I think it must have been "binned" bad but they sold it anyway.

You mean the Lenovo has a SSD slot? I think you've just helped me choose my next phone. Is there any reason one might not want to choose Lenovo? Any way it fails to impress?

Re:Unlocked bootloaders

[TechyImmigrant]

It's Android was full of bloatware that took some eradication. The back is hard moulded plastic, that's probably a good thing functionally. It's not as fast as the Nexus 5 for instance. So not a premium phone by any means, but dual SIM, a robust case, burner price and the right frequencies for China & Malaysia works for me when traveling.

Re:Unlocked bootloaders

[TechyImmigrant]

The money shot is here

Re:Unlocked bootloaders

This is the wisest choice - unfortunately as far as myself, I only found out about all this once I bought my Samsung Galaxy S5 and found out how actively they block any rooting. I suppose I could get really down and dirty and hook it up to my computer, download the Android SDK and get it done, but I only have so much free time.

Re:Unlocked bootloaders

[piojo]

Thanks! I'll check out what Lenovo's flagship phones are next time I want to upgrade. (They seem to occupy the right spot, as a company that's big enough to do things right, but small enough that it can't just ignore what its customers want.)

Unlike Google, who couldn't seem to afford a QA department for their phones.

so where is the list

naming and shaming guys and girls, we need juice details

Stopz lockingz thez fuckingz devicez thenz

FIFYz!
Lockz themz motherfuckerz!

Re:Stopz lockingz thez fuckingz devicez thenz

[macs4all]

FIFYz! Lockz themz motherfuckerz!

Why, aren't you l33t?

Grow up.

Nexus 7

Google abandoned their own device.

Re: Nexus 7

And Nexus 4

Re: Nexus 7

[dumfrac]

And the Galaxy Nexus.

Re:Nexus 7

Why should they care for Nexus'? They already have the Google applications and "telemetry solution for improving experience". What they truly want from other manufacturers phones is a opportunity to replace the competitors applications with their own and also to remove some key public API's that competitors can still use.

Re:Nexus 7

[darkain]

Not sure what you considered "Abandoned"? The Nexus 7 is currently sitting at Android 6.0.1, Security patch level May 1st, 2016.

Re: Nexus 7

[thundercattt]

I'm on the latest too with Nexus 5 & 7

Re:Nexus 7

Galaxy Nexus also.

Re: Nexus 7

[Rhys]

This. Not only did they abandon it, they did so when all that was on the market was phablets and phatblet-wannabes. Pot, kettle much Google?

Signed,
Unhappy former Galaxy Nexus owner.

Re:Nexus 7

[jaklode]

Nexus 7 2012

My phone

I have an HTC One X that received 1 OTC update. And that was to do 1 thing... lock the bootloader after HTC shipped them with unlocked ones. I have had the phone for over 3 years and it has not gotten one security update. Not only that, since they have an encrypted boot loader, I can't update to a newer OS that has had security updates installed.

Google should retain control of the OS

Allowing all the vendors to roll out their own OS obviously has the problems of limited or no updates. Google should have had the responsibility for rolling out updates themselves directly. While you maybe can't go backwards, can they move forward and tell vendors that they can't muck with their own hacked up version of the OS?

Re:Google should retain control of the OS

[allquixotic]

No, they can't tell them that.

First, it's already a done deal. Samsung Knox, TouchWiz, and on and on -- and different, incompatible versions from each IHV -- are considered by these companies' executives to be their "crown jewels". They're "distinguishing" factors that set them apart from other handset makers. You would actually break a fair number of Android apps by going back and retroactively removing these incompatible subsystems, since a number of apps actually use them.

Second, the partners have the source code. Almost all of it save for perhaps the Google-branded applications suite. The code is also liberally licensed. If Google tried to put their foot down, the manufacturers would just ignore them and fork Android. See: CyanogenMod, Amazon FireOS.

Third, Google has no direct relationship with carriers. Carriers interface with the IHVs, not with Google (except, perhaps, for Nexus devices). As long as the IHVs are okay with slow security updates and love to make money by dumping their own crapware on the phones (and letting the carriers do the same), they have no motivation to change their ways.

Naming and shaming won't do much to change this momentum. It's a very poorly engineered, overly bureaucratic process created by tight competition and a tendency (by both IHVs and Google) to want to continually tighten up the ecosystem and make things more proprietary and less open.

Apple has really cornered the market on rapid OTAs and addressing security issues quickly. Google has a chance of matching them with first-party phones and Nexus devices, but that's it. Outside Nexus, Android is the wild wild west, kinda like the old Windows 3.1 / 95 days, but even worse in some respects.

There is no happy medium that's both open and secure because the market doesn't demand it. People keep buying Android's mostly-closed, buggy, insecure crap and Apple's completely-closed, less buggy, probably-more-secure-but-we-don't-really-know walled garden crap.

Re:Google should retain control of the OS

[macs4all]

First, it's already a done deal. Samsung Knox, TouchWiz, and on and on -- and different, incompatible versions from each IHV -- are considered by these companies' executives to be their "crown jewels". They're "distinguishing" factors that set them apart from other handset makers. You would actually break a fair number of Android apps by going back and retroactively removing these incompatible subsystems, since a number of apps actually use them.

So, what you are saying is that, as we all suspected all along, Android is nothing more than a hopelessly fragmented, hopelessly buggy, hopelessly LOST piece of unmitigated dogshit.

The best thing that Google could do for Android is SCRAP IT AND START OVER. Anything else will only prolong the cruel joke on its victims, er users...

Say what you will about Apple and its "Walled Garden" approach; but they figured out how to manage this a long time ago. They kept the Carriers out of their OS from the get-go, and they struck a pretty good balance overall between freedom and safety.

And now that you can, for free, no Dev. license required, upload anything you want to compile yourself onto your own iOS device, using their Free Dev. Toolchain and your choice of several Languages, there essentially aren't many restrictions left for the code-savvy iOS user. You can even use your own APIs if you aren't distributing through the App Store.

Re:Google should retain control of the OS

[darkain]

Part of the reason for allowing device manufacturer to highly customize the OS is for the purpose of innovation. Android as a whole has a shitton of "extras" it can do now, thanks to it. These may not be features that YOU are personally using, but others are!

Some examples include: NFC support. Triple cameras (each with a different viewing angle). Infrared transceiver. Heart rate monitor. Fingerprint reader. Multiple SIMs. The ability to access multiple different types of networks beyond just a single carrier's support (better international roaming)

Re:Google should retain control of the OS

[Bing+Tsher+E]

as we all suspected all along,

Who is this 'we'? Do you have a hamster in your pocket or is that your iPhone buzzing?

My phone has an ARM processor, and until I can install iOS on it, that's an irrelevant spam topic to bring into this discussion.

So when is Apple going to start selling an iOS I can install? Or is their code so fragile it only runs on a precious few devices?

Re:Google should retain control of the OS

[macs4all]

as we all suspected all along,

Who is this 'we'? Do you have a hamster in your pocket or is that your iPhone buzzing?

My phone has an ARM processor, and until I can install iOS on it, that's an irrelevant spam topic to bring into this discussion.

So when is Apple going to start selling an iOS I can install? Or is their code so fragile it only runs on a precious few devices?

Not that your snarky ass deserves a reply; but as almost everyone knows, Apple considers themselves a HARDWARE company. They make their money on HARDWARE sales.

So, if you want iOS, as you obviously do, you'll just have to purchase the HARDWARE WRAPPER for it.

Re: Google should retain control of the OS

[Karlt1]

You can't install Google's Android on any phone you want either. You can install AOSP Android but most apps depend on Google's closed sourced services. Google is also moving more of Android from AOSP.

Re:Google should retain control of the OS

[Bing+Tsher+E]

Wall Street and the News Media consider Apple a Gadget Company.

That has to hurt for any long term tech employees at Apple. Probably doesn't bug Tim.

Re:Google should retain control of the OS

[macs4all]

Wall Street and the News Media consider Apple a Gadget Company.

That has to hurt for any long term tech employees at Apple. Probably doesn't bug Tim.

I hope you're wrong. Time will tell...

Passive-Agressive much, Google?

[93+Escort+Wagon]

The idea that such a list will somehow "shame tardy vendors" is laughable.

VP #1: Chairman! Terrible news! We're not on Google's list!
Chairman: Oh, no! I am ashamed! I must atone for this stain on my character by committing Seppuku!
VP #2: No, Chairman! That will leave your family dishonored!
Chairman: There is no other recourse - I must atone!

Networks

[Ashe+Tyrael]

To be honest, I've never had a problem with the device manufacturers, it's always been my network (carrier) that's been a pain up the ass with spending time adding their extra branding, crap apps, and the like. Even worse, mine has a blanket policy of "We'll tell you when there's new firmware, we aren;t going to give you any ETA's, status reports or anything. You have to wait until it appears (or not)

Re:Networks

[b0bby]

That's why I make sure that any Android phones I get are from a manufacturer with a history of actually supporting them. And they're unlocked, so I'm not tied to a carrier.

Re:Networks

[DiSKiLLeR]

Hence why you tell other brands and carriers to fuck off.

You either use an iPhone (I personally don't) or use a Nexus.

I've been a Samsung fanboy for 5+ years now (had multiple Galaxy Note's and S devices) but now use a Nexus 6P and I love it.

Fuck samsung. Fuck carriers.

I don't know why Google doesn't just force updates like Apple does.

Re:Networks

[Merk42]

I don't know why Google doesn't just force updates like Apple does.

Google already forces updates on just as many 3rd party manufacturers as Apple does on their 3rd party manufacturers.

Re:Networks

[shawn2772]

I don't know why Google doesn't just force updates like Apple does.

Google doesn't have the source code that was used to build the binaries on non-Nexus devices, and doesn't have the keys needed to sign those binaries so that the device will run them.

Re:Networks

[Bing+Tsher+E]

Google actually allows 3rd party manufacturers. They're not 100% proprietary and closed source.

Re:Networks

[Trogre]

Because sometimes those updates break things.

Provide option to upgrade = good
Force upgrade = bad

Re:Networks

[TechyImmigrant]

I don't know why Google doesn't just force updates like Apple does.

Google doesn't have the source code that was used to build the binaries on non-Nexus devices, and doesn't have the keys needed to sign those binaries so that the device will run them.

There's this new technology that was developed some time in the 1970s, whereby software is built in independent linkable blocks that can be independently compiled and updated. They certainly could drop a signing system into AOSP that enabled such updates and put up adverts accusing any vendor who disabled it of performing dick moves of the highest order. All these things are possible.

Re: Networks

[Karlt1]

Microsoft also allows 3rd parties - I can upgrade Windows anytime I please.

Re:Networks

[ArsonSmith]

more often than not these days, not upgrading breaks things.

Re:Networks

[shawn2772]

I don't know why Google doesn't just force updates like Apple does.

Google doesn't have the source code that was used to build the binaries on non-Nexus devices, and doesn't have the keys needed to sign those binaries so that the device will run them.

There's this new technology that was developed some time in the 1970s, whereby software is built in independent linkable blocks that can be independently compiled and updated. They certainly could drop a signing system into AOSP that enabled such updates and put up adverts accusing any vendor who disabled it of performing dick moves of the highest order. All these things are possible.

Sure, if the only obstacles were technical. I'll grant that I only mentioned the technical obstacles in the interest of brevity, but the deeper issues underlying the technical ones are ones of relationships. Android is an ecosystem, not a product, and device manufacturers insist on a high degree of control over what they deliver to their customers. They are willing to accede to the compatibility requirements enforced by the compatibility test suite in order to get permission to install Google's apps and give their devices access to the Play store, but Google's control has very definite limits.

Re:Networks

[TechyImmigrant]

I don't know why Google doesn't just force updates like Apple does.

Google doesn't have the source code that was used to build the binaries on non-Nexus devices, and doesn't have the keys needed to sign those binaries so that the device will run them.

There's this new technology that was developed some time in the 1970s, whereby software is built in independent linkable blocks that can be independently compiled and updated. They certainly could drop a signing system into AOSP that enabled such updates and put up adverts accusing any vendor who disabled it of performing dick moves of the highest order. All these things are possible.

Sure, if the only obstacles were technical. I'll grant that I only mentioned the technical obstacles in the interest of brevity, but the deeper issues underlying the technical ones are ones of relationships. Android is an ecosystem, not a product, and device manufacturers insist on a high degree of control over what they deliver to their customers. They are willing to accede to the compatibility requirements enforced by the compatibility test suite in order to get permission to install Google's apps and give their devices access to the Play store, but Google's control has very definite limits.

Yes. Openness doesn't prevent crap. On the plus side, I was able to fix the thermal sensor problem in the N4 by changing a few lines of code and recompiling Android (to filter out short term thermal sensor outliers) and then later with a sliver of cardboard once it was found to be the crappy connector between the body and the case back with the GPS antenna and the battery thermal sensor. The N5 was much better.
 

Re:Networks

[shawn2772]

Yes. Openness doesn't prevent crap.

Openness allows people and organization to do what they like, rather than what you like. This is why the slightly-less-open GPL is in many cases superior to fully-open licenses like Apache. Android chose not to go the GPL route, I suspect because of concerns that manufacturers wouldn't use it if they were forced to publish their "special sauce" (which isn't all that special, IMO, but they think so). Were those concerns misplaced? I doubt it, but no one knows.

Given that Android is what it is, the only option Google has is to try to apply pressure to align the manufacturers' interests more closely with the users'. This is not easy, particularly since most users don't think about updates, much less source code access, when buying a phone. By adding the "security patch level" and making it visible to users and app developers, and by taking public position that OEMs should release monthly updates and should provide defined periods of support, Google hopes to help users to think about that and factor it into their buying decisions. Assuming the rumor is true, tracking update statistics by OEM and device -- and possibly publicly shaming those who are particularly bad -- is another way to hopefully make users care about updates when making purchase decisions.

Of course, Google's big hammer is the Play store, but that hammer is too big, so it has to be used carefully.

On the plus side, I was able to fix the thermal sensor problem in the N4 by changing a few lines of code and recompiling Android (to filter out short term thermal sensor outliers) and then later with a sliver of cardboard once it was found to be the crappy connector between the body and the case back with the GPS antenna and the battery thermal sensor. The N5 was much better.

Yes, having the source and being able to modify, build and run it on your device is great. Not something that will move the broader market, though.

Some suggestions for Google.

[caitriona81]

- Stop certifying new devices unless they are on the most recent two releases as of the day the hardware first ships to customers. So, that would many any hardware that releases today would have to be running Lolipop or Marshmellow to ship with the Play Store.
- Require unlocked bootloaders and full AOSP releases with all necessary driver sources for the hardware to get certification and Play Store for manufactures with poor update performance, so that third parties get a crack at updating devices when manufactures and carriers lag behind.
- Restructure royalty payments so that app purchases on the play store pay carriers and handset manufactuers significantly more if they are on a current release, and significantly less the older the release is.
- Give strong financial incentives to manufactures to partner with google to offer the option of direct-from-google "pure" firmware that customers can elect to install AFTER purchasing the device. with all the manufacturer and carrier customization offered to said users as apps in a special section of the play store.

Re:Some suggestions for Google.

[QuietLagoon]

Worth repeating: "Give strong financial incentives to manufactures to partner with google to offer the option of direct-from-google 'pure' firmware that customers can elect to install AFTER purchasing the device. with all the manufacturer and carrier customization offered to said users as apps in a special section of the play store."

Re:Some suggestions for Google.

[swan5566]

Many MFA token apps don't like rooted/ASOP devices. Have to address this as well. If google tries to advocate hiding unrooted status from apps, then you might get friction between google and security app providers.

Re:Some suggestions for Google.

[caitriona81]

True, though, that's kindof a separate problem - with that said, I believe the difficulty in unlocking bootloaders and getting root *legitimately* causes more security problems in the long run, because it encourages hoarding of exploits. This effect is more evident with iOS, where you frequently see exploits hoarded until shortly after a major Apple product release, but it's actually more dangerous with Android because of how slow security updates roll out. We'd be better off if all devices had a straightforward path to root via a device wipe and toggling of bootloader flags.

This brings up an bigger consideration - Google might want to put out a security "decertification list" via the Google Play Services framework so that those sort of applications recognize the device as unsafe. A known exploitable device puts credentials and enterprise data at far more risk than a rooted one, because the user doesn't necessarily know its unsafe and will take no special precautions.

It's about time

[QuietLagoon]

Google takes a bunch of data from my phone, why not also take the data about the OS version and security updates?

.
I've got an Android tablet that is running an ancient version of Android, and the vendor appears to have no intent to update it.

Google has been far too lax with this very significant problem for far too long.

Google could help their case

[JohnFen]

Google could help their case if they were more careful about software quality. Marshmallow simply blows, and I'm doing my best to avoid letting it install on any other devices.

I don't buy the "carrier testing" bullshit.

[richy+freeway]

When has a Android update ever caused an issue with a carriers network?

Re:I don't buy the "carrier testing" bullshit.

It's more than the network, but let's start with the network:

Let's say a customized firmware has a preloaded app. That app has an API call. The app had to be ready 6-12 weeks before the carrier update (for testing and deployment). In the mean time, the app had a bug. Oops. The API repeatedly calls and fails until the app is force-quite and disabled in settings - usually not until after the customer calls support because their battery life sucks. An OTA update goes out. Within 72 hours, 50%+ of customers on this flagship device are upgraded and the network is saturated. Firewalls only partially eliminate the issue. An emergency maintenance release and firewall rule fixes it but some handsets linger on the previous version and continue to send packets trying to connect to the API. THIS HAS ACTUALLY HAPPENED at a major U.S. carrier.

Other historical issues errant calls to an API used for things like billing, hampering the carrier's ability to service their customers or process payments until the client can be blocked and updated. Battery life issues and device bricking are also common with maintenance releases.

Ultimately, testing schedules are designed to protect the premium branding of the network, the post-sale device experience, and prevent customers from leaving for a competitor.

I've been through these test cycles, and hate it too, but I recognize that one bag egg spoils the network.

Re:I don't buy the "carrier testing" bullshit.

[richy+freeway]

OK Interesting.

But what about the many sim free phones that aren't tied to a carrier at all so may never be tested on that carriers network and certified as OK. I'm thinking along the lines of the Google Nexus range. I get new updates for my Nexus 5x all the time, the carriers don't get to test it before it goes live. I just crack on and use it.

I'm in the UK btw, so things may be different over here. I have no idea.

Re:I don't buy the "carrier testing" bullshit.

The carrier doesn't support the device in most cases if it's not sold by them or certified for their network. In this case the carrier cares less about your device satisfaction. Luckily, non-carrier devices also don't have preloaded apps sucking "zero rated" (free to the customer) bandwidth from the carrier's network at start-up or upon update.

Re:I don't buy the "carrier testing" bullshit.

Let's say a customized firmware ..

That's the problem. Right there in your fourth word. The carriers shouldn't be doing that. The carriers should be forced to have their app installed in the normal fashion via whatever store your phone uses; upshot is that a bugfix to the app is pushed out exactly the same way as a bugfix to any app.

Perhaps, a small custom table should be done by Google that allows an android device with $CARRIER_SIM to suggest to install apps automatically.

And the problem you describe isn't unique to preloaded carrier apps, it's any app for any device could do all that.

protect the premium branding of the network
Oh dear, you're one of them. In many countries, there's no such thing - networks are a commodity. I want data, text and phone calls - and want to minimise the pain in getting data, text and phone calls. That's all. The sooner the average person wakes up and realises this across the USA, the better everyone will be. Once THAT happens, hopefully the network execs will realise it too - and people will stop wasting time with pointless crap like pre-loaded apps.

This is what Apple understands - nobody cares about the carrier, they care about the phone experience, and the carrier is basically irrelevant to that.

(At one point, HTC tried releasing unlocked phones to the USA. They weren't ready for them. Here? The phone company stores don't even bother and sell unlocked phones at full price. You can arrange a finance deal where you pay them off as part of your phone contract, if you like.)

Re:I don't buy the "carrier testing" bullshit.

[richy+freeway]

If they gave two shits about device satisfaction they'd just ship them out in their factory fresh state and relinquish any control over the update process.

I've not owned a phone on a contract in about 6 or 7 years, I'll never make that mistake again.

Re: I don't buy the "carrier testing" bullshit.

[Karlt1]

That's an interesting scenerio. But if that were a real problem, then why isn't it a problem for IOS devices? Apple devices make up 40-50% of smart phone users of the major carriers in the US.

WHAT is being ranked?

[tlhIngan]

So Google has a list of vendors who provide timely OS releases and security updates. Question is, what is the ranking? I mean, a company like Samsung releases hundreds of new phones a year (in 2014, it's 3 phones a week), yet you only really expect updates on one of them (the flagship). So does Samsung get a poor ranking because of the 150 phones they released last year, only one gets security updates? Or out of those 150, only 50 shipped with the latest OS?

I pick Samsung because they're the ones making tons of money on Android, and who not only can ignore the listings, but can probably influence things so they don't have to maintain the hundreds of models they released...

There's updates?

[thundercattt]

Hell my Samsung Rugby is still sitting at 4.4.2. Samsung has 0 interest in updating anything. It's like tech companies forgot that still have to maintain previous models and not just shake/jingle the shiny new keys at customers

Re:There's updates?

They didn't forget, its just from the CFO's perspective maintenance is a large cost with little to no return. It is there fiduciary responsibility to eliminate it or at the least cut its funding. Same could be said about modern security in small companies, almost non-existent or the bare minimum for the same reason.

Re:There's updates?

This is how regulatory bodies and their regulatory powers and laws are born. FTC, FCC, HIPAA, SOX and PCI are all examples that exist specifically as a counter to the requirement for business to put fiduciary responsibility first.

Don't blame the Life Boy for tasting like shit, Ralphie, when its in your mouth because you said 'fudge', the F--- word.

Nonsense! And you bought it.

If they are going to do it then just do it. This is buying free publicity that "we care" when in fact they don't care. Within a month 90% of those who read this will have forgotten the details and actually believe that Google cares and Google is actually doing this? Don't believe me? Ask that question 30 days from today Slashdot.

This needs to be fundamentally fixed soon

[AbRASiON]

Disclaimer: I'm not a coder, I'm a user and a fixer at best.

I switched from Apple to Android in 2010 for many reasons. In that time Android quickly improved to a point and then seemed, in my eyes to stagnate. Apple very very slowly improved and continued to improve and hasn't stopped...

I am pretty frustrated that some of the older hardware I support, such as an iPad 3, iPhone 5s and 4s (!) are still being routinely updated by Apple, but Android based phones are being left in the dust.

What can be done to fundamentally fix this? It didn't bother me 2 years ago when I was in an overpaid job, valued my money differently and I simply /knew/ I would be getting a new phone within 24 months at most, likely as short as 12.

Re:This needs to be fundamentally fixed soon

The fix is to only buy Nexus phones and tablets.

Re:This needs to be fundamentally fixed soon

[ZeroNullVoid]

What's stopping you from using third party Android builds. Many older phones have some advocate who has an alpha 6.x release. Sure it's probably not stable, but it is an option you have on many Android devices that you don't have with Apple devices.

Re:This needs to be fundamentally fixed soon

[AbRASiON]

Because as much as Apple bugs me (still) for the most part "it just works"
Android, stock builds from Google or CM are ghastly. Camera issues, GPS issues, Bluetooth issues - it's a never ending nightmare. I guess there's not enough hobbyists, perhaps if there were 1/5th the choices of Android phones it might be better? As it stands, there's possibly several hundred current gen devices right now, in 12 months from now, those several hundred will be replaced by another several hundred. There's probably (literally) 2 or 3,000 different phones to support in the past 5 or 6 years.

I am one of the few quite comfortable with the Samsung skins and layouts, I'm just frustrated a 3.5 year old iphone is still right up to date but many Android devices are dropped hard. (Sorry but I can't stand Nexus stuff)

AOSP + Google Services

Here's a thought...instead of allowing carriers and manufactures to add their retarded modifications to Android which is normally what takes them so long to do, force a consistent Android AOSP + Google services. Won't comply? Well Google doesn't allow you to use Google Applications. Good luck selling an Android device minus the Android app eco system. Samsung is the worst in this space, by far.

Can't they just copyright Nextdroid?

Make some new name for the next version of Android and only allow companies to use it if they agree to provide updates themselves forever or directly from Google. Then engage their marketing team to educate the public that anything not labeled Nextdroid is old, potentially buggy, insecure crap.

Please post "% days safe to use the phone"

[dwheeler]

I think a great measure would be the percent (or number) of days in the year where there were no publicly-known unfixed vulnerabilities. Many phones still have Stagefright vulnerabilities - there were changes that fixed some Stagefright vulnerabilities, but NOT all of them, and thus the phones are still vulnerable.

Re:Please post "% days safe to use the phone"

I think a great measure would be the percent (or number) of days in the year where there were no publicly-known unfixed vulnerabilities. Many phones still have Stagefright vulnerabilities - there were changes that fixed some Stagefright vulnerabilities, but NOT all of them, and thus the phones are still vulnerable.

This.

Verizon took 6 months to fix the vulnerability that let users get root on the Droid Turbo, and it's still vulnerable to Stagefright. If you accept the OTA upgrade, you get a phone that can't be made secure. If you pay the hackers who developed the bootloader unlock, you can unlock the bootloader, obtain root, and install a current, secure version of Android.

How fucking retarded is that?

P.S. FUCK VERIZON.

Come on Motorola

[viperidaenz]

My security patch level is November 2015 on my 2 year old Moto X.

Samsung/AT&T

[Necron69]

Despite a long history of sucking, I'm forced to admit that Samsung & AT&T have gotten a lot better about updates. I've been a Samsung customer since the pre-Android BlackJack Windows ME phone, and started cell carriers with Cingular.

My Samsung GS6 is currently on Android 5.1.1 ("security patch Feb 2016") and look, downloading a new update now.

- Necron69

Re:Samsung/AT&T

[Necron69]

And now it is on Marshmellow 6.0.1. Hard to complain right now.

- Necron69

Hypocrites

[fard69]

Sure, Google. Why isn't my old Samsung i9520 updated? Hmmm? It's a Google store product...and only about five years old.

Fixing bugs

Google should be shamed for their utter lack of interest in fixing the thousands of existing bugs!

Good experience with Sony Z3C

[BaronM]

I've had a Sony Z3C for just over a year now, and in that time they have released upgrades from 4.4 all the way to 6.01, and I just received another security update two days ago. I've only had one 'bad' update in that time -- the original 5.0 release cut the battery life way down, and they fixed that reasonable quickly.

They don't get anywhere near the press of Samsung/HTC/LG, but I'd buy another one and have recommended them to others.

My phone is direct from B&H, not from a carrier, which certainly helps, but Sony has done the work to make the updates avaialble.