71 Percent of Android Phones On Major US Carriers Have Out of Date Security Patches

Ian Barker, writing for BetaNews: Slow patching of security flaws is leaving many US mobile users at risk of falling victim to data breaches according to the findings of a new report. The study from mobile defense specialist Skycure analyzed patch updates among the five leading wireless carriers in the US and finds that 71 percent of mobile devices still run on security patches more than two months old. This is despite Google releasing Android patches every month, indeed six percent of devices are running patches that are six or more months old. Without the most updated patches, these devices are susceptible to attacks, including rapidly rising network attacks and new malware, also detailed in the report.

Only 71%???

I find it hard to believe that 29% of android devices have ALL the available security patches installed and are running a current version.

Re:Only 71%???

[__aaclcg7560]

Those are probably owned by iPhone users.

Re:Only 71%???

I find it hard to believe that 29% of android devices have ALL the available security patches installed and are running a current version.

21% are new with in a month of the survey, as most Cellphone companies don't want to send patches because it cuts down on the sales of new handsets.

Re:Only 71%???

[SeaFox]

Those are probably owned by iPhone users.

The 29% of Android devices with all security patches are iPhone users? Okay...

Re:Only 71%???

[__aaclcg7560]

The 29% of Android devices with all security patches are iPhone users? Okay...

How else would you explain this discrepancy?

Some of my patches are years old

[fustakrakich]

What, am I supposed to buy a new phone every year to keep up?

Re:Some of my patches are years old

Yes! Good boy!

Re:Some of my patches are years old

[jon3k]

If your phone only gets patches for a year, maybe you picked the wrong platform?

Re:Some of my patches are years old

[mcswell]

If I were cynical, I would say that's exactly why the phone manufacturers hardly ever release updates.

Am I cynical?

I'm in the 29%

[bobbied]

My 3 year old android phone is fully up to date, software wise anyway.... I don't care if the other 71% want to go unprotected....

Re:I'm in the 29%

I've never had bad guys or bad software infect my phone but I'm pretty sure that each "update" from google grabs more and more of my personal data and sells it to the highest bidder. Exactly who/what are these updates protecting us from?

Re:I'm in the 29%

[whoever57]

By "up to date", do you mean that you have the latest firmware installed, or that the firmware that is installed has all the security fixes to Android that Google has issued?

IOW, are you sure your phone hasn't been orphaned?

Re: I'm in the 29%

[thundercattt]

My work phone is still running 4.4.1. it has NEVER been offered an update ever. Samsung took the money and ran with this one. Personal phone being Nexus, updated monthly.

Re: I'm in the 29%

[whoever57]

A while ago, both my son and I had the same model of Samsung phone. When the phones were about 4 years old, my phone got an OTA update, but my son's phone did not.

The difference? I had downloaded and installed an update that was only available via Kies. It was never pushed as an OTA update.

Re: I'm in the 29%

[InvalidsYnc]

This is one of the main issues that I see with the fragmentation related to android in general. Everyone has their own flavor, their own support schedule (or lack thereof), their own batch of supported patches, etc. Nobody seems to really want you to be able to just "hit a button" and update your kit.

Like it or not, it's one of the better aspects of iPhones, so long as it's still supported/supportable apple will try to get you hooked up with an update. Now, that being said, not all updates fix more problems than they cause, apple has had some bad ones, but at least they have a pretty level playing field as to being able to get the update.

I always wait a while to pull down updates from them, been burned before, but not too badly.

I am very skeptical.

[Just+Some+Guy]

I highly doubt that 29% of Androids are up to date.

Re:I am very skeptical.

[XxtraLarGe]

I highly doubt that 29% of Androids are up to date.

This is just major carriers. Imagine how many unpatched Androids are out there on Boost, Cricket, Tracfone, etc. My wife has an Android on Tracfone and never had a security update notification.

Re:I am very skeptical.

[swillden]

I highly doubt that 29% of Androids are up to date.

Keep in mind that the security patch level field was added in Android Marshmallow (IIRC), and I expect that's what they're using to determine patch date. If so, KitKat and Lollipop devices aren't counted, and this really says that 29% of Android devices that are new enough to have Marshmallow or Nougat are up to date. That's not surprising, though it's obviously still far too low.

Unless, of course, the report assumes that anything running Lollipop or older is not recently patched, which seems like a reasonable assumption.

Re: I am very skeptical.

Just the fact that you use those silly google names to indicate android version shows how far up the posterior of google you are. So sad. Just refer to android versions by number so we can understand.

Re:I am very skeptical.

[Just+Some+Guy]

Unless, of course, the report assumes that anything running Lollipop or older is not recently patched, which seems like a reasonable assumption.

According to Google, 65.9% of users are on Lollipop or older. That means 29% of up-to-date Androids would have to come from 34.1% of users, or that 85% of Marshmallow and Nougat users are fully patched. I'm skeptical.

Also, nearly half of Android users are using an OS at least 2.5 years old. :-/ Compare with 79% of iOS users on a 6 month old OS, and 95% of iOS users on an OS less than 1.5 years old.

Re:I am very skeptical.

My service is with Kroger i-Wireless, a Sprint MVNO. I pay $10/mo for 100 minutes, which I never use up. And many months I pay nothing, due to points accumulated for buying groceries.
I bought my phone new for $30 in 2013. It has a hardware keyboard and runs 2.3.6 Gingerbread. There never was any update for that.
I've never had a Google account. All of my apps come from F-Droid.
I can't think of a single reason to update software or hardware. This is all the cell phone I want.

Re: I am very skeptical.

You probably also don't care about the meth makers who use the glassware shed to cook while you are out.

Re: I am very skeptical.

Are you implying that my phone is pwned? Are there known exploits for 2.3.6 that would allow that without MMS and without my installing a rogue app?

Re: I am very skeptical.

I hate to agree with such a retarded post, by the whole candy name thing really does make smart people sound really stupid when referring to their phone running "Android lollipop" or whatever.

Re:I am very skeptical.

>the security patch level field was added in Android Marshmallow (IIRC)
My Motorola E 2nd Edition running Android Lollipop 5.1 (on ATT prepaid) has a field for Android Security Patch Level. It is currently at 2016-10-01 which was received in mid November. There was a prior security update for 2016-04-01.
This was my first smartphone and the hardware seems very nice. Excellent build quality and great battery life (1-2 full days easily with light to moderate use.)
But the security update situation form Motorola is totally unacceptable.

Re:I am very skeptical.

[choovanski]

My experience with "iPhone people" is that they are very mildly concerned with their phone being able to run the latest OS and _very_ concerned with their phone being able to run the latest incarnation of Messages. Keeping iMessage up to date literally drags the rest of the OS along for the ride.

Re:I am very skeptical.

[swillden]

Some OEMs backported the patch level field.

Re:I am very skeptical.

[swillden]

That means 29% of up-to-date Androids would have to come from 34.1% of users, or that 85% of Marshmallow and Nougat users are fully patched. I'm skeptical.

You're assuming that the statistics don't simply exclude phones without the field.

Re: I am very skeptical.

[swillden]

Just the fact that you use those silly google names to indicate android version shows how far up the posterior of google you are. So sad. Just refer to android versions by number so we can understand.

You're crazy, basically no one knows the numbers. Look at all the discussions in the press, ask around to people (among people who even know that there are different versions of Android). Everyone who knows anything about Android releases knows the dessert names. The numbers are enthusiast-only trivia.

Android security, iPhone security, whatever...

[DontBeAMoran]

A strange game. The only winning move is not to play. How about a nice game of chess?

Flawed Security by Design?

In light of all the recent surveillance revelations, maybe it's actually in the interests of these companies to drag their feet on security patches.

After all, they wouldn't want to jeopardize any of those big money contracts with some 3 letter agency.

I get no updates from my carrier

[imidan]

I have a Galaxy S4 on AT&T. I just checked, and it's at Lollipop 5.01 and says its "Android security patch level" is 2015-11-01. Nevertheless, when I push the software update button, AT&T assures me that my current software is up to date. Apparently, 5.01 is the latest version available for an S4, but what about security patches? Are they just done making them? Was AT&T planning on telling me that?

I guess I'm a bad consumer, using a four year old phone.

Re:I get no updates from my carrier

So you are asking a telecommunication company to update your phone? lol  That's like asking your electric company to fix your microwave. You do realize they aren't in the hardware/software business right?  They don't even make their own backbone hardware, why would they bother to update your phone?

Re:I get no updates from my carrier

Have you had to swap out your battery? My brother in law has a Galaxy S6 and it will barely hold a charge anymore.

Re:I get no updates from my carrier

[bobbied]

S4's have removable batteries... Personally, I carry multiple batteries for my Android Note 4, not because I have to, but it's nice to have a fresh battery in the time it takes to boot the phone.

Re:I get no updates from my carrier

If you were on T-Mobile you would still be running S4 on v.4.x. (personal experience).

Re:I get no updates from my carrier

[imidan]

I'm still using my original battery for this one. It will last about 2.5 days of low usage, or 1 day of heavy usage. This is my paradox for buying a new phone... I like having a battery I can swap, but in practice I haven't actually swapped it (at least on this one). Also, you have to figure out where you can buy a battery that isn't a counterfeit that craps out almost immediately. My girlfriend's battery got old and we swapped that one, and then her whole phone failed six months later, so that was pointless.

Despite my security patch level, I plan to stick with this phone for the foreseeable future. Next time, I think I'd like to get a phone that isn't carrier locked so I can avoid the bloatware and possibly get more timely updates.

Re:I get no updates from my carrier

[Grishnakh]

Did your brother-in-law run the phone down to 0% a lot?

Li-ion batteries can only fully discharge and recharge a limited number of times, and their lifetimes are hugely affected by how much you run them down before charging. So they might only advertise 1000 charge cycles, but that's for a full (or mostly full) discharge. But if you recharge every time it hits 50%, you could get an order of magnitude more cycles out of it.

Bottom line: don't run your phone's battery down.

Also, it's good to get a phone with a removable battery. I can get new batteries for my S5 for $10.

Re: I get no updates from my carrier

Who the fuck should supply the updates then? Apple did it right, you either let us update the phones or fuck off. Too bad google and all the other android creators don't have a god damn spine.

Re:I get no updates from my carrier

[InvalidsYnc]

I think what they are getting at is that when they buy a piece of hardware, and it has a button to update, that some entity somewhere has got their shit together and is going to send them an update instead of hanging them out to dry.

Regardless of who is responsible for making that functionality work, in the end it DOES go back to the carrier who is selling the POS, because the OS is tweaked to their specifications to be on their network, often times including how it is patched/updated.

Re:I get no updates from my carrier

[chihowa]

It would be just like that if the electric company edited the microwave manual so that the Microwave Repair Hotline rang up the electric company. The telecommunication companies inserted themselves in the middle of the update process, so they need to either issue/approve updates or remove themselves from that role.

Re: I get no updates from my carrier

The Apple model is not something to emulate. I, for one, would rather not have my phone sabotaged into running like a slug through unified forced patching. In fact, it shouldn't be forced at all; updates are not the panacea they are purported to be by those who mindlessly parrot for people to update ad nauseum, and can sometimes be as bad as the malware it's supposed to protect you against.

Re: I get no updates from my carrier

[mcswell]

The phone companies obviously have no reason to do this, since if you're truly concerned about having a newer version, your only recourse is to buy a new phone. And Company X may hope that you buy it from Company X again.

In the PC world, it's Microsoft who releases the updates, and those updates by and large work on everyone's PC regardless of who made its components. (Yes, there are occasional driver issues, although in my decades of owning a PC, I personally don't think I've ever had a Microsoft update brick my PC because of driver issues.) So it seems to me that in the Android world, it ought to be Google who issues the updates. That may not be possible now, since from what I've heard individual phone companies have modified the software, but it could be done in the future by forbidding the phone companies from modifying the core Android o/s (if indeed that's what's happened).

BTW, my phone runs Windows.

Re:I get no updates from my carrier

[mcswell]

Which of course is the opposite of what people used to be told to do with NiCd batteries. I wonder how many people are still in that mindset (it was a revelation to me when I first heard this about Li batteries).

No Shit

Given the hands-off approach to making carriers push out updates it's no wonder. I still get some security updates on my Galaxy S5, but god knows most of them were probably outdated before 2016.

There's no profitability in pushing out recent updates to old devices that aren't being consistently paid for on installment plans, especially when you can just force people to upgrade for new OSes.

Re: No Shit

[MachineShedFred]

Why is it the carrier's responsibility to patch someone else's handset? The device manufacturers should be making the patches and distributing them via the fucking internet. Let the carrier's be a dumb pipe - it's what they are best at. And if the device manufacturers don't patch their shit, don't buy their shit and go with someone who does.

I've never understood why people think that AT&T or Verizon should be writing and distributing patches for the thousands of shitty phones they sell - Best Buy doesn't make patches for all the shitty laptops and tablets they sell, and neither do the ISPs that connect them to the internet - it comes from the OEM or the OS publisher. In fact, the only retail relationship I can think of where the retailer is responsible for updates to something manufactured by someone else is with cars. And that works sooooo well that we should absolutely replicate that model with phones and tablets....

Re: No Shit

[InvalidsYnc]

And there's the rub. The carrier doesn't want someone else to patch their phones, they want, they NEED control of the devices on their network, but like others have said, they don't really give two hoots after the sale. They will do as little as is needed to keep you a customer. What you don't know doesn't hurt them.

Ha! My current cell phone is 7yrs old

It's running android version 2.2.1! I feel as though I wont be the only one

Flaw of the Android Ecosystem

[CrashNBrn]

That the end-user can't get basic android updates directly is Android's major flaw. OEM's should of been required to support the AOSP and any changes should of been done via extensions to the AOSP. Thus any device could easily stay updated for at least their current major version of Android.

Re: Flaw of the Android Ecosystem

It's a big flaw that the hardware vendor can't push out that one last nerfing update that essentially bricks your two year old smartphone? You must be an Apple fan.

Yeah. It's for security. The security of the stockholders.

Re:Flaw of the Android Ecosystem

There is a lot of blame to go around.

For Google's part, they need to put more pressure on the carriers. Same with the handset manufacturers.

Apple has managed to exert enough pressure on the carriers to be allowed to issue updates directly without the carrier as middleman.

Obviously there are some political issues at play - carriers would rather have more control, but I think a company like Samsung or Google has enough leverage at this point. It seems they don't want to make waves.

Re:Flaw of the Android Ecosystem

[CrashNBrn]

Hardly. Even if an OEM allows you to unlock the bootloader on a non-carrier-specific phone, and you apply a non-OEM blessed ROM - you will be lucky if the phone still boots without issue. Let alone having WIFI, Cell Radios or the Camera still work normally.

Which would not be the case if the AOSP part of the Android OS was separate from OEM hack-job customizations, as you could then apply most any Android security update which would primarily only need to revise existing AOSP files within major Android revisions.

Re:Flaw of the Android Ecosystem

[Anubis+IV]

I suppose you would blame the road you were on for your car falling apart around you?

Lousy carriers are as common as lousy roads, which is why products should take them into account and deal with the problems they cause. If they fail to do so, then sure, the bad road/carrier shares some of the blame, but the product's design owns the lion's share of the blame.

P.S. This is NOT a backhanded way of saying iOS has it right. This is about tradeoffs. Google suffers in this area of their design to gain in other areas. Apple benefits in this area of their design at the cost of other areas. Neither approach is necessarily right, each approach will cater to different users, and each approach falls apart and excels in different ways.

Re: Flaw of the Android Ecosystem

"Neither approach is right"

LOL wow you really have drunk the koolaid. If you can't see that Apple has a superior update model then I don't know what else to tell you. Apple phones get updates regardless of carrier. Android phones are iffy. If you happen to buy the right one then you may get updates for a year then it's c ya later alligator.

Atleast with Apple, customers KNOW their phone will receive updates for ATLEAST two years. If you can't admit that apple has a better policy in place then you are 100% an android fagboy.

Re: Flaw of the Android Ecosystem

LOL you must have a 1 year old android phone that's never received updates. Meanwhile my 4s which is atleast 3 years old just stopped receiving updates.

But keeping lying to yourself so you sleep better at night. Meanwhile I'll carry on knowing my phones are up to date because I chose a superior model.

Re:Flaw of the Android Ecosystem

[tepples]

If it were entirely a carrier issue, than unbranded GSM/UMTS/LTE phones would have been patched more often and longer, as would have Wi-Fi-only tablets.

Re:Flaw of the Android Ecosystem

[Solandri]

The problem is what you're asking for is mutually exclusive.

• If it's open source, the carriers (the "users" of the open source code) can (and do) do whatever the hell they want - that is the whole point of open source. Extensions won't work because the carriers will simply modify the AOSP release to remove the extensions which allow Google to update Android without their consent.
• If you want Google to be able to force carriers to update Android with the latest security patches, then it by definition is no longer "open" source.

What probably needs to happen is for the carriers to be sued for problems caused by them not passing on Google-released security updates in a timely manner.

Re: Flaw of the Android Ecosystem

[Anubis+IV]

If you can't see that Apple has a superior update model [...]

You must've stopped reading my post, because I said they were ahead in this area. The reason I said neither was necessarily right was because they both comes with tradeoffs. There's no doubt that Apple's updates are far better, but what about their prices? Variety of hardware? Features that cater to niches? By maintaining such tight control, they sacrifice benefits in those other areas.

And, just so you know, if I've drunk any Kool-Aid, it's Apple's. I own zero Android devices. I own dozens of Apple devices, simply because they have been better for me and my uses. That doesn't make them right. Just better in the areas I care about.

Re:Flaw of the Android Ecosystem

[sad_]

Only because the ARM platform sucks and most of them are not officially supported in the kernel.
Google could simply say to them: If you want to have your ARM SOC used in an android phone? Well work with the linux kernel devs for get it in there.

Re:Flaw of the Android Ecosystem

No, it's not a carrier issue, that is like asking your local gas station to fix your cars engine just because you fill your tank there regularly. Yes, I know it's common to buy phones from carriers in the US for some reason but in the rest of the world we're not tied in like that. We pay for our phones and switch carries like shoes depending on prices. If I buy a HTC phone then I expect HTC to provide the updates, if I buy a Lenovo phone then Lenovo should provide them. Oddly the only ones who do provide updates regularly are the Chinese phone manufacturers like Blackview and Doogee.

Re:Flaw of the Android Ecosystem

No, its an Android ecosystem problem, you fucking moron. How many iPhones you know waiting on an iOS update from the carrier? How many Nexus devices are waiting on an update from the carrier?

No Incentive

Or rather, every incentive NOT to push security updates to phones. Just as they had every incentive to allow the act called Slamming, where you would get charged for a service you never agreed to, and the phone company got their cut of the transaction. In this case, their answer to securing your phone is that you should buy a new phone, up to date, with all the bells and whistles, a flagship model even! And they get their profit off adding on services to take full advantage of that new shiny plus profit from the sale of it! And if its out of date in 6 months because of security patches you aren't getting, well, they can let you pay a super extra special fee to upgrade your phone again early!

And your congressmen won't do shit about it, because this is data and privacy information and that pesky stuff doesn't need any kind of silly protecting!

end user's dillema

I regularly check the patch status of the computers I use and install updates when available. I know how to do that. I read the messages from the Google Play Store alerting me to available patches for the apps on my phone and apply those patches and updates to the apps as appropriate. But every time I check the system updates status on my phone, the status is always the same - "Your device's software is up to date." What's an end user to do? The phone says it's OS is up to date. How am I to know if that's true or not? FWIW, the last time my phone gave me a message that there was any sort of system update available was several months ago. Every week there are new updates for my PC, and for the apps on my phone. But the OS patch level remains months behind and the phone doesn't know any better. And so neither does the end-user.

Re:end user's dillema

I read the messages from the Google Play Store alerting me to available patches for the apps on my phone ....

Patches, right. You mean like changing the color of the top bar or adding more slurp to the flaslight?
Oh, you mean those security patches that stop 3rd parties to slurp your info but tightens the integration with Google play services?

Blackberry

This is why I love Blackberry. While its Android phones have their quirks, Blackberry is ACTUALLY delivering routine security updates, almost as fast as Google itself does.

I still mourn the death of BB OS10 which was a great phone operating system. They lost the "app store" wars, but it was a great OS.

I chose to continue with Blackberry when I made the switch to Android for exactly this reason.

Re:Blackberry

[CrashNBrn]

Interesting, if TCL (Blackberry) and HMD (Nokia) continue with that promise, that would put them among a select few Android OEM's. As even the best OEM's have a spotty track record at best with updates across their various hardware offerings.

Because Manufacturers Suck

[organgtool]

We're running old software because the manufacturers don't care about us after they've gotten our money. My experience with the Motorola G4 is a prime example of this. The phone came out in May 2016 with Android 6. Android 7 was released in August 2016, just three months after my phone was released, and I still don't have any update available for my phone despite the fact that Android 7 has been out for seven months! The worst part is that the OS on the G4 is practically stock Android, so it should take relatively little effort to customize the image and push it out. It seems the only way to guarantee access to new versions of Android is to buy a Google phone but the Pixel has one of the worst performance to price ratios of any Android phone. At this point, I have no idea what my next phone will be, but I have a lot of ideas about what it won't be.

Re:Because Manufacturers Suck

[Blymie]

Blackberry cares... at least as a business model.

My PRIV has had *monthly* updates. That's the best I've heard of.

My phone is basically ASOP, with some added security and Blackberry calender, etc.

Overall.. not bad. Lots will badmouth BB, but they've come far now that they're pure android.

Re:Because Manufacturers Suck

Microsoft, Apple and Linux distros, that is, the majority of the the OS vendors, manage to provide a mechanism to keep your system up to date independently of the hardware vendors and other "third parties". This support even extends to multiple architectures in some cases: x86 is the most common, but ARM is also becoming common (on Linux, you have even more: POWER, MIPS, etc).

Can you imagine having to wait for, say, Dell to OK to every package for your next "apt-get update"? Or for Toshiba to give Microsoft the OK for them to make an OS update available to you?

No, you can't. But this is the situation we have with Google. And people accept this for some reason. They even excuse it in Google's behalf, because they are so great (despite not being able to do what a bunch of "freeloading" "amateurs" can do on a shoe-string budget).

There is no reason why operating system and user space upgrades need to be tied to the manufacturer. None.

This situation is Google's fault and no one else's.

Re:Because Manufacturers Suck

I have a Lumia 950XL. It has a T-Mobile SIM in it.

Microsoft is the manufacturer. Microsoft maintains the OS. Microsoft provides the updates. T-Mobile provides cellular service, nothing more.

My last phone was a Samsung Galaxy S3 from T-Mobile. It stopped getting updates at 4.3, despite the fact that Samsung released 4.4 for it.

Don't buy a carrier-locked phone. Also, don't buy an Android phone, as they tend to have the shortest support lifetimes. (For comparison, I have an old HTC Touch Pro 2 running WinMo 6.5.3, which has full support and updates until some time in 2020, even though they discontinued that OS in 2009.)

Re:Because Manufacturers Suck

[James+Carnley]

There is no reason why operating system and user space upgrades need to be tied to the manufacturer. None.

This situation is Google's fault and no one else's.

You have no idea how Android, the Linux kernel, or open source software works. I guess that's why you're hiding behind AC.

Each manufacturer is akin to a different distro of Linux. You in fact do have to wait for Fedora or Ubuntu to update their packages before you can apt-get them. You don't get them immediately. Nobody can force them to hurry up. Not Google, not you. They control the keys to apt-get.

This is because Fedora/Ubuntu/etc can modify the kernel source and the source of any package that goes into their system. They also have to make sure they all work together. Nobody else can do it for them because they don't know what changes they've made or how a change will impact the system as a whole.

Samsung maintains their own distro of Android. They control the kernel source. They control the packages included. They make a LOT of changes to the system. Only Samsung can update the packages they use and only Samsung can push out an update. Nobody can do it for them even if they wanted to.

Re:Because Manufacturers Suck

[swb]

Can you imagine having to wait for, say, Dell to OK to every package for your next "apt-get update"?

Except Dell will do just this if the update has anything to do with hardware, and in most server environments a lot of it does. I've done the dosey doe with Dell on their server platforms with drivers, debating whether my problems are due to the vendor-supplied drivers sucking or whether the Dell-provided drivers six months behind the OEM vendor are at fault.

I think the problem carriers worry about is unapproved software that effects their networks. My guess is this is pretty remote in reality. but shikata ga nai.

Re:Because Manufacturers Suck

[CrashNBrn]

It's unfortunate that HMD Global hasn't announced any plans for the North American market, as the Nokia 6 at only 229 euros would really put the pressure on Lenovo (Motorola) and LG, among a few other manufacturers that release compatible phones in the $250 - $400 mid-range.

Re:Because Manufacturers Suck

Android 7 is rolling out to G4s.
I've got it on my G4+ (OTA, no side loading needed) in the UK.
It's been soak testing for 4 months.

That said, it's still only at December 2016's patch level.

Re:Because Manufacturers Suck

Then it shouldn't be allowed to be called Android. It should be Moto Mobile Linux or Samsung Lazerbeam Linux some shit. If google allows them to call their distro Android, it's googles fault.

Re:Because Manufacturers Suck

[FrankHaynes]

I think the problem carriers worry about is unapproved software that effects their networks.

WE HAVE A WINNER!!

Re:Because Manufacturers Suck

It should be added, that some of the carriers even change the "vendor distro" and disable the manufacturer's upgrade path for those phones, leaving the phones with even less support.

Re:Because Manufacturers Suck

[No+Longer+an+AC]

I've got a Motorola Droid Turbo (came out October, 2014).
Android 6 released in October, 2015.
Update available: January 5, 2016.

Thanks, Verizon. Never again.

Re:Because Manufacturers Suck

[No+Longer+an+AC]

Correction. Update available Jauary 5th, 2017.

Dammit!

Re:Because Manufacturers Suck

[sad_]

That is not the same at all, Google make Android they can set their demands.
I can use Fedora or Ubuntu and will have to wait when the distro makes an update available, BUT i will get it when it has been made available NOT depending if it runs on a pc from HP, DELL, ASUS, ACER, ...

Wait till people have brain implants

To access VR and shit.

It'll be full of backdoors and the entire world population can be totally controlled by a single entity.

Too much hassle

I used to own an Android phone and when i had it my carrier did provide updates. The problem was, there weren't just security updates, I had to upgrade to new versions of Android. There was no 4.4.1, it was jump from 4.4 to 5.0 or nothing. Since each version of Android moves things around, some new versions break old apps and there were battery/performance regressions when I tested 5.0 on another phone, I just decided to keep my main phone running the older version of Android. Getting hacked was less of a concern than dealing with a new version of Android. Rather than I upgrade I eventually switched operating systems.

So it's of little surprise most people are running out of date systems. Android phones often don't get updates and, when they do, it's worse than dealing with an unsecured device.

Not the only problem unfortunately

[Artem+S.+Tashkinov]

Android has a lot more problems than you think and Google does nothing to solve it.

We need a standard ARM platform, just like we've had the x86 platform since roughly 1981. And Google has all the resources to create and enforce it. And since they don't I wonder if they are malicious or negligent or it's just part of their business plan which is called "planned obsolesce". Too bad, in Google's case this obsolesce involves even original Google devices like Nexus 5 (stopped receiving any updates since October 2016) and it will soon be joined by Nexus 6.

That's just horrible.

My 2010-2011 Android experience

Canadian, purchased a Nexus from Koodo/Telus so that the phone was unlocked. It was, but the service provided never pushed OS revisions out. I saw that they were being done in the US and on later Nexus models but never for what we had... At least the Apple products are upgraded 18 +/- months before code bloat kills their performance.

iPhone

My iPhone is always up to date.

Re: iPhone

Until it is nerfed to death with a major system update approximatelyâ two years after you bought it.

Re: iPhone

and its an iphone. Yuck.

Re: iPhone

Tell that to my 4s which is still running strong with no issues.

It's like a computer, newer code sometimes requires newer hardware. this isn't new. Stop making excuses. And stop trying to bash Apple because your phone manufacturer is shit.

Re: iPhone

Yeah. 4 years is approx. 2 years. right.

Android apps will soon be supported on Chrome OS

[SlashGodet]

(says Google.) Now, just how do you integrate insecure privacy nightmares into a sanitary OS? Oh wait, you don't...

Android is the real problem.

Android devices are the worse, as much as I like them... Carriers lock them down, refuse to work/pay for the upgrades with the manufacturer (Sony/T-Mobile Z3+ was the prime example).

Don't blame the users

[rnturn]

It's the vendors. Now we might be outliers, but everybody in my family installs patches whenever they come in. Maybe not immediately but at least later that day, i.e., when we're home and can be sure the phone is fully charged and maybe using WiFi if it looks like there's a lot of patches. When we were using Verizon, our phones were always getting version N when all the news and buzz was all about the newly released version N+1. When we switched carriers, Verizon still had our phones running the previous version of Android.

Re: Don't blame the users

Just allow custom operating systems to be installed. My oldish lg l90 is on 7.1.1! :O

I mostly blame carriers

[p51d007]

It doesn't fit the business model of carriers & manufactures in the android world. Why update it, when you can just sell gullible people a new one? Most people (I'm in the USA) still think you have to purchase one from a carrier, so when they walk in after hearing their phone is "out of date" given most consumers are well...not very intelligent...will be pushed into a new phone that has the updates already installed. Then, a year from now they will do it all over again.

Too many crap apps

[Jimbo+God+of+Unix]

If I could remove all the crap apps they make me have (yes you too Google, not just V*******), I'd have an up to date phone.

Mine is one of them

[JustAnotherOldGuy]

Mine is one of them, but it sure as shit isn't my fault.

If my carrier would provide updates I'd install them. If I could get patches I'd install them.

Don't blame me for not buying a new phone every 3 months.

Which android phone do you have that gets updates?

I can't get mine updated unless I hack it. Manufacturer won't put out updates.

Please tell us who your vendor is, or how you otherwise manage to keep your phone up to date.

Conflict of Interest

[bsdhacker]

The real problem is a conflict of interest. If all manufacturers provided updates to their phones for 5 years, you could be sure that far fewer phones would be sold each year. So instead they cut off updates to encourage/force consumers to buy new phones more frequently - creating a larger market than it otherwise would be. What we need is a separation of hardware and software so that the hardware can be used until it dies without sacrificing the software security updates.

Kids Panic for the Next New Phone Each Year

[corezz]

I would expect it to be higher than 71%. However, considering how every millenial and gen-z (the biggest consumer of phones) find they can't live unless they have the next (trivial) incremental update to a phone then from a carrier perspective there is no urgency. Especially since the next phone should have the latest android release that includes the latest security patches -- the one they would use prior to filling it with their bloatware. Also, lets not forget that these largest consumers don't care much about their stolen privacy since they share it regularly on FB and other social media. There was a story where a bot could identify people with 80%+ accuracy solely by their publicly available social media posts.

Obligatory: Windows Movile

[blackpaw]

Sure the app situation sucks - if you want them. But the Tiled UI is far superior to the mess that is Android and it is actively updated. If you just want a secure phone with a great camera and text/mail/web and some basic apps, Windows Mobile is the way to go.

Developing for it is pretty easy to.

Maybe if I could still root my phone...

[gmiller123456]

Since Google and the carriers record everything I do and are willing to sell it to anyone with a big enough pocketbook, it's hard to say I'm "protected" by having an up to date phone. My only real hope is to never patch and hope to root it some day so that I can actually protect it myself.