Slashdot Mirror
Google Now Requires Partner OEMs To Offer Two Years of Security Updates To Popular Phones (theverge.com)
Confidential contracts obtained by news outlet The Verge show many Android smartphone vendors now have explicit obligations to keep their phones updated. From the report: A contract obtained by The Verge requires Android device makers to regularly install updates for any popular phone or tablet for at least two years. Google's contract with Android partners stipulates that they must provide "at least four security updates" within one year of the phone's launch. Security updates are mandated within the second year as well, though without a specified minimum number of releases.
David Kleidermacher, Google's head of Android security, referred to these terms earlier this year during a talk at Google I/O. Kleidermacher said that Google had added a provision into its agreements with partners to roll out "regular" security updates. But it wasn't clear which devices those would apply to, how often those updates would come, or for how long. The terms cover any device launched after January 31st, 2018 that's been activated by more than 100,000 users. Starting July 31st, the patching requirements were applied to 75 percent of a manufacturer's "security mandatory models." Starting on January 31st, 2019, Google will require that all security mandatory devices receive these updates.
David Kleidermacher, Google's head of Android security, referred to these terms earlier this year during a talk at Google I/O. Kleidermacher said that Google had added a provision into its agreements with partners to roll out "regular" security updates. But it wasn't clear which devices those would apply to, how often those updates would come, or for how long. The terms cover any device launched after January 31st, 2018 that's been activated by more than 100,000 users. Starting July 31st, the patching requirements were applied to 75 percent of a manufacturer's "security mandatory models." Starting on January 31st, 2019, Google will require that all security mandatory devices receive these updates.
It's a step in the right direction, but not long enough. Many people use the same phone for more than two years. Buying a new phone is expensive. It's wasteful to throw out older devices that are still more than capable of meeting the needs of their users. This should be more like five years rather than two.
2 years for popular phones? What defines a "popular" phone?
How about 3 years for ALL phones? You want to use android? Then provide f__king updates. Don't want to provide updates? Then GTFO.
Oh who am I joking? The consumer is the product. They care more about looking like they're doing something useful than actually doing something useful.
I cannot believe a sane person would actually be against this. Is there something wrong with you? Do you like not getting security updates? Do you want your phone hijacked?
Google Play is the one thing keeping malware from being worse than it already is. Unless there's an alternative app store that certifies that it thoroughly tests submitted apps, then I will grant them about as much trust as I would for free candy from Bill Cosby.
IMO Google hasn't gone nearly far enough. The rule should be simple. Security updates for at least 3 years for any android device you release to the public. Period. Don't like it? You are forbidden from using the Android trademark. Very simple.
Heaven forbid Google used their power for the public good.
It should be two years starting from the date that the last phone is sold. Otherwise this is meaningless.
And it sounds like 2 years from LAUNCH? That's seriously weak. How about 2 years from end of sales!? That would at least be a start, unless we're really OK with becoming a society that throws multi-hundred-dollar devices i the trash EVERY FRICKING YEAR!