Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Now Requires Partner OEMs To Offer Two Years of Security Updates To Popular Phones (theverge.com)

Posted by msmash on from the marching-forward dept.

Confidential contracts obtained by news outlet The Verge show many Android smartphone vendors now have explicit obligations to keep their phones updated. From the report: A contract obtained by The Verge requires Android device makers to regularly install updates for any popular phone or tablet for at least two years. Google's contract with Android partners stipulates that they must provide "at least four security updates" within one year of the phone's launch. Security updates are mandated within the second year as well, though without a specified minimum number of releases.

David Kleidermacher, Google's head of Android security, referred to these terms earlier this year during a talk at Google I/O. Kleidermacher said that Google had added a provision into its agreements with partners to roll out "regular" security updates. But it wasn't clear which devices those would apply to, how often those updates would come, or for how long. The terms cover any device launched after January 31st, 2018 that's been activated by more than 100,000 users. Starting July 31st, the patching requirements were applied to 75 percent of a manufacturer's "security mandatory models." Starting on January 31st, 2019, Google will require that all security mandatory devices receive these updates.

12 of 74 comments (clear)

  1. Not long enough by Anonymous Coward · · Score: 4, Insightful

    It's a step in the right direction, but not long enough. Many people use the same phone for more than two years. Buying a new phone is expensive. It's wasteful to throw out older devices that are still more than capable of meeting the needs of their users. This should be more like five years rather than two.

    1. Re:Not long enough by bobbied · · Score: 4, Interesting

      It's a step in the right direction, but not long enough. Many people use the same phone for more than two years. Buying a new phone is expensive. It's wasteful to throw out older devices that are still more than capable of meeting the needs of their users. This should be more like five years rather than two.

      I fully agree, plus they need to make vendors support user's right to repair by providing commonly used replacement parts such as screens, buttons, batteries and instructions to replace these things. I suppose an open boot loader is a bit much, but that would be a nice option too.

      If Google wants to help device users, let's help them.

      Personally, I'd shell out quite a bit of extra dough on a phone if I knew I could count of having repair options for longer than the warranty gives me.

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    2. Re:Not long enough by aitikin · · Score: 2

      Go buy some Motorolas. That's probably the manufacturer of my next phone: https://www.engadget.com/2018/...

      --
      "Don't meddle in the affairs of a patent dragon, for thou art tasty and good with ketchup." ~ohcrapitssteve
  2. Re:Why Start Now? by jfdavis668 · · Score: 2

    Does Android use the "fail to boot up" or the "crash before it can be hacked" security model?

  3. Wiggle words by ArhcAngel · · Score: 3, Funny

    So the OEM will just say "Sorry, that phone is not popular."

    --
    "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
  4. Half-assed by ilsaloving · · Score: 4, Insightful

    2 years for popular phones? What defines a "popular" phone?

    How about 3 years for ALL phones? You want to use android? Then provide f__king updates. Don't want to provide updates? Then GTFO.

    Oh who am I joking? The consumer is the product. They care more about looking like they're doing something useful than actually doing something useful.

    1. Re:Half-assed by PrimaryConsult · · Score: 2

      If you get a flagship phone (e.g. latest Galaxy, LG G series, Pixel, etc) there's plenty of updates for well over 2 years anyway. This is addressing the cheaper, less flashy phones that might still get a lot of sales yet never see an update.

  5. Re:They should simply threaten to quit Google Play by ilsaloving · · Score: 4, Insightful

    I cannot believe a sane person would actually be against this. Is there something wrong with you? Do you like not getting security updates? Do you want your phone hijacked?

    Google Play is the one thing keeping malware from being worse than it already is. Unless there's an alternative app store that certifies that it thoroughly tests submitted apps, then I will grant them about as much trust as I would for free candy from Bill Cosby.

    IMO Google hasn't gone nearly far enough. The rule should be simple. Security updates for at least 3 years for any android device you release to the public. Period. Don't like it? You are forbidden from using the Android trademark. Very simple.

    Heaven forbid Google used their power for the public good.

  6. Meaningless by Anonymous Coward · · Score: 2, Insightful

    It should be two years starting from the date that the last phone is sold. Otherwise this is meaningless.

  7. Got that right by Anonymous Coward · · Score: 2, Insightful

    And it sounds like 2 years from LAUNCH? That's seriously weak. How about 2 years from end of sales!? That would at least be a start, unless we're really OK with becoming a society that throws multi-hundred-dollar devices i the trash EVERY FRICKING YEAR!

  8. Two Years? by Blue+Stone · · Score: 2

    So, a several-hundred dollar piece of consumer technology now has a lifespan cap of two years. Ridiculous.

    Sounds like planned obsolescence to me.

    --
    Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce
  9. That wasn't so hard... by found404 · · Score: 2

    All this nonsense about fragmentation, etc... Google could have done this at anytime. They have finally taken responsibility for the wares they create. Quite happy to hear this. Two years is better than nothing. Would have been happier with three years. By the time people purchase these phones, a good 9 months could have passed. Means that end-users might only be receiving actual OTA updates for about a year.