Slashdot Mirror
Motorola Confirms That It Will Not Commit To Monthly Security Patches (arstechnica.com)
If you are planning to purchase the Moto Z or a Moto G4 smartphone, be prepared to not see security updates rolling out to your phone every month -- and in a timely fashion. After Ars Technica called out Motorola's security policy as "unacceptable" and "insecure," in a recent review, the company tried to handle the PR disaster, but later folded. In a statement to the publication, the company said: Motorola understands that keeping phones up to date with Android security patches is important to our customers. We strive to push security patches as quickly as possible. However, because of the amount of testing and approvals that are necessary to deploy them, it's difficult to do this on a monthly basis for all our devices. It is often most efficient for us to bundle security updates in a scheduled Maintenance Release (MR) or OS upgrade. As we previously stated, Moto Z Droid Edition will receive Android Security Bulletins. Moto G4 will also receive them.Monthy security updates -- or the lack thereof -- remains one of the concerning issues that plagues the vast majority of Android devices. Unless it's a high-end smartphone, it is often rare to see the smartphone OEM keep the device's software updated for more than a year. Even with a flagship phone, the software update -- and corresponding security patches -- are typically guaranteed for only 18 to 24 months. Reports suggest that Google has been taking this issue seriously, and at some point, it was considering publicly shaming its partners that didn't roll out security updates to their respective devices fast enough.
It's actually pretty easy to roll out regular patches, especially considering the upstream testing... ... unless you're adding a ton of vendor/carrier crapware. Testing and maintaining *that* might be an issue.
Yet Motorola's solution is (apparently) not "DONT FUCKING DO THAT" but instead "don't bother with patching". Yay. Go team dumbass.
You specifically advertised the 2015 Moto E with the following line: "And while other smartphones in this category don't always support upgrades, we won't forget about you, and we'll make sure your Moto E stays up to date after you buy it."
Then you stopped providing updates for it (of ANY kind) after 219 days.
Fuck you, fuck you so hard. I've made it very clear to everybody I know that they should never, under any circumstances, buy any Motorola or Lenovo products.
This is what the ecosystem allows. You want to be open, that means that you're stuck with this, unless you can write the updates in ways that allows patching through the app store without affecting the vendor "customizations".
Perhaps Google should rethink its strategy of how they offer software and encourage some type of buy-in on updates for support in the hardware and software dev process
No exceptions. A phone is a critical communications device, and if the OEM won't supply critical upgrades, then they must allow others to do so.
DMCA exceptions should be established, and vendors should not be allowed to sell phones within the U.S. without providing all required unlock keys into an escrow. Upon 6 months of patch inactivity, the keys go public.
It saddens me, as a one-time Motorolan myself, but when other vendors are perfectly capable of providing timely security updates, I'm not going to buy products from a company that willfully ignores its customers' security.
If it is too much work, Motorola, then you fix that problem. You don't just pass the buck to the end user. If it is taking too long, that means you're adding too much bloated cruft to the OS. Get rid of it and do your job properly, or suffer the consequences of anyone who knows a little about security avoiding your products, and recommending friends, family and colleagues to do the same.
I really liked the price and specs of the G4+, and was seriously considering the 64 GB model. This news has tainted Motorola^w Lenovo handsets for me for the next few handset generations. I guess I'll wait the announcement of the new Nexis line next month. I hate the idea of no expandable memory, but if they can get me a 128Gig unit for a decent price, I'll be satisfied being able to store what I need until I get home and can transfer it to my file server.
--- Keep the choice with the user..
continued pretense is required? cease fire stand down,, wmd on credit is killing all of us? in the moms we trust... that's the spirit... don't keep it all hidden?
However, because of the amount of testing and approvals that are necessary to deploy them, it's difficult to do this on a monthly basis for all our devices.
no one disagrees that it takes manpower to do full regression tests after patches. but the thing is, for most of the time you are NOT writing the patches, just integrating it!
now, that aside, we all know that world labor is less than dirt-cheap. YOU HAVE NO EXCUSE TO AVOID GETTING THINGS DONE in this cheap-as-chips world labor market.
fuck you. you claim you are poor? double fuck you for lying about it and we all can see that, too.
--
"It is now safe to switch off your computer."
The vendor is only half the battle (well, one third). Now that google is putting out monthly updates, even users of handset makers that push them along monthly (Samsung) don't usually get the updates. The carrier is also involved. So unless all three, google, Samsung and, say, vodafone, all move the patches along, there is going to be a huge lag in getting these devices patched. Sooner or later, somebody isgoing to take good advantage of this hole. I can only hope it doesn't hurt too bad.
It only makes sense b/c, really, we all wait with bated breath for the fantastic bloatware apps that _need_ to be installed to certify it for the provider's network.
Don't forget that Motorola use the Six Sigma approach:
https://en.wikipedia.org/wiki/...
which is in opposition of the current trend of agility, where the focus is on delivering, while Six Sigma's focus is the process itself.
Unless they don't use Six Sigma on their phones...
One of my colleagues swears up and down about developing unit tests and automated builds. If someone breaks something, then emails are sent out to the team saying "hey, this patch broke stuff, the code doesn't build right or test X fails".
I know next to nothing about phone development, but if they are unable to update the OS code and run their software (and patches) against it in a reasonable time, then they seriously need to take a look at their dev process. Considering Apple, MS and Google do periodic updates and occasional out-of-band "priority updates" that can be within a couple days... all I can say is Motorola needs to get their crap together.
In my view, this problem can only be solved by improving the Android OS itself. They need to carve out way more things out of the core OS and make them updateable through the Play Store. Microsoft manages to do this via Windows Updates, I don't see why Google can't figure it out. What makes things worse are carrier specific builds. Apple managed to do tell them to F off, Google should too.
We do as we please. If you don't like it buy American phones, European phones, African phones, Australian phones, Russian phones. Oh, wait, there are no other phones. Muhahhahahha.
If you want Android, but a Nexus phone. You'll get updates faster than anyone.
Sign up for Project Fi too so that Google really has all of your data.
According to wikipedia, Apple took this phone out behind the woodshed in 2012.
Any phone vendor who cuts support for a model should be REQUIRED to open the platform for 3rd-party maintenance. A phone is not a general purpose computer, and there should be special rules for it.
Windows PCs get updates pushed out by Microsoft. In the case of Android, shouldn't Google be in charge of pushing the updates?
I think even Windows Phone updates are controlled by Microsoft even through OEM phones (if they had any left I mean).
Can someone explain this to me?
Cooking images on a per device basis is a crazy, unnecessary unmanageable nightmare that leads to precisely this outcome complete with vendors crying "it's too hard".
There should be a single image that can be installed on anything it has drivers for like any normal operating system. This isn't a novel concept. Everyone knows what the solution is.
No smartphone vendor has ever paid any price for their customers getting owned. There is no incentive to give a shit and every incentive to use this as leverage to get customers to continually buy new hardware.
por mim essa merdinha pode cortar os pulsos dela que daí é garantido que esses crente retardada não vai mais me encomodar.
I wasn't going to buy their shit anyways.
"Reports suggest that Google has been taking this issue seriously, and at some point, it was considering publicly shaming its partners that didn't roll out security updates to their respective devices fast enough."
Publicly shaming?!? LOLWUT?
How about they deny using the Android name or Logo to any company who doesn't whip their own engineering and their distribution chain (carriers) in line? That seems to work for every other "Brand" or "Standard" that has a marketable "identity".
My cousin's hubby is a phone engineer at motorola. He's busted his ass going back and forth to china, helping them create phones, helping teach them how to create phones. My cousin was pissed - he was gone so much. All he brought back was a cup from the local Starbuck's. Too much working to get a real present.
And all for naught. I've heard nothing but meh or worse about these new phones. They've taken the Moto-ness out and put the corporate-ness in. Motorola is gone. And he's likely to need to polish his resume soon. It's sadness all around.
Motorola has ditched their previous flagship phone in less than 18 months before. They will do it again.
Do not buy Motorola. They clearly have not figured out how to create and support a product. Other companies do better--vote with your wallet.
Google Nexus devices let you update before google even pushes out the OTA--regardless of your carrier. They also let you replace it with CM or other version if you choose. Open FTW.
Google should have created an OS architecture that allowed for it to push its own security updates while leaving the aesthetic aspects and third party apps of the phone vendors and carriers alone (unless they were fundamental to the security problem). This whole circus over Android updates would be a moot point if they would at least do that.
Most people see apps that ever increase their permissions under the guise of being a "security update" and don't bother to update them. Same thing with the Android OS. How about keeping real security updates separate from feature updates?
I'm on the Samsung Galaxy S5 with T-Mobile, and to my surprise, a few months ago it started receiving the monthly patches just a few days after my Nexus 7. I don't know what the hell got into Samsung or T-Mobile, but holyshit, I'm quite happy they're actively supporting a now two+ year old device with the latest security patches.
"...Google has been taking this issue seriously..."
Just not seriously enough to, you know, do anything about it. That's the kind of serious that Google is, on this issue. Even the whole "shaming the OEMs" thing has come to nothing.
Can anyone name anything that Google has done about the Android updating problem? Anyone? Hello?
And no, Nexus isn't an answer. The problem is at the ecosystem level and a single phone, even a single line of phones, isn't an ecosystem level response. Unless Google addresses at least 80% of the market out there, their solutions are as fluffy and insubstantial as air. Address 80% of the affected phones and customers and we'll consider that Google is serious about this problem. Until then Google is just blowing smoke.
Someone that posts a link to a torrent site can become co-responsable for the copyright infrigements downstream.
By the same logic, if a mobile phone is hacked and money disapears from the bank account due to that, then the phone manufacturer and operator are co-responsables for that hacking due to leaving the phone open to known vulnerabilities?
Google has a list of rules that an Android OEM has to follow if said OEM wants to be able to ship the Google Play Store, the Google Play Services middleware library and the other Google apps like GMail. Google could simply add terms to that agreement that require OEMs to provide security updates for their devices for a minimum amount of time after the device is released.
OEMs might complain but (with the possible exception of Samsung who might be able to ditch Google and do its own thing) they all need the Google stuff in order to survive.
Who does patch their phones monthly and timely at that? does anyone and if so do they do all their devices or just their "flagship" devices?
I need a new phone and the amount of exploits in Android is concerning me.
I refuse to use apple and currently stuck on a cheap windows phone.
Hence researching which phone to purchase.
That's why I avoid Android like the plague.
The tireless refrain from Fandroids.
I have NEVER seen a Motorola phone for Verizon that is unlocked. I started using them after the Google buyout. The unlock website refuses to alter them. Yes, a class action would also be great!
Within the last year I have placed two critical 911 calls. I also have family members who have had heart bypass surgery. Phones can be critical, sycophantic beratement aside.
... is Motorola advertised it will do "timely" updates. Other manufacturers deafening silence was their way of saying "best of luck, we got your money already."
Now Motorola is just saying "so we lied. we got your money already, you can go fuck yourself."
https://www.reddit.com/r/Redox/comments/4unzzf/flawed_thinking/
Make your own mobile device based on an RPI. There are already laptop based on that around.
And https://www.reddit.com/r/Redox/comments/4unzzf/flawed_thinking/
Go against the flow - in technology and in politics.
Then your genes survive, otherwise you will be Soft Darwinized.
We the 1% and our stooge Hillary and Jeb need a way to control you silly sheeple !!!
We have created such nicely blinking Necklaces and you do not want to wear it.
Now your formerly friendly unionized coworkers will exert a bit of pressure so that you will again turn on the Necklace.
We should all shut up and be the Slaves of The 1%. Dutifully vote Hillary, because NYT already announced Trump Is Not Kosher.
FUCK THAT !
And if you manage to stuff the ballot box for Hillary AGAIN, then pray what happens after the day the USMC corporal takes over. Your wickedness is documented.
. ... or secure to use.
Unless google changes its stance on Android security, Android will not be patched regularly