back to article Google to snatch control of Android updates from mobe makers – analyst

Google is on the verge of a takeover that will change the way Android development and updates are handled. This according to Richard Windsor, an analyst with Edison Investment Research, who believes the Mountain View ad giant is tiring of slow updates and will soon take control of firmware updates away from hardware vendors. …

  1. Brewster's Angle Grinder Silver badge

    About bloody time.

    But they have been moving in this direction for a while.

    1. MyffyW Silver badge

      It's probably good news, in so far as we get the updates sooner. But let us not pretend they're doing this for any reason other than wanting to flog their newer services and wrest control from other players.

      1. BillG

        This is the only way that Google can end the endemic fragmentation that continues to plague its devices as well as take back control of software distribution

        To put it another way: "This is the only way that Google can end this destructive conflict, and bring order to the galax... uh, software distribution"

      2. goldcd

        But on the converse

        Surely the 'delays' in releasing new versions of Android onto a vendor's older handsets, and then the eventual twilighting at 2 years (the length of your average contract), is a pretty transparent ploy to flog you newer handsets.

        The original Nexus devices google put out, were to demonstrate that you could get a good device at a great price. This segment is now nicely filled by premium Chinese brands.

        The current Nexus devices aren't cheap - 128Gig Nexus 6P is £579 partly due to the annoyance of not having a separate SD card, previously a deal-breaker for me (I've given up on expecting a removal battery). The main reason I was looking at it though, was because I can expect to get quick OS updates on it until the time the hardware is ready to die. Nexus is now a quite ironic name.

    2. Anonymous Coward
      Anonymous Coward


      Re; about time... For people who want to keep up and have the latest version(s) this is good news.

      But I can't help wonder if the updates will also become mandatory if Google handles everything. A bit like: "If you don't update then we reserve the right not to provide you with our services", which could create some pretty weird situations.

    3. Anonymous Coward
      Anonymous Coward

      Don't get your hopes up

      This is just the speculation of an analyst, worth almost nothing.

      There are several problems with this. One, how is Google going to verify that the update won't brick phones? Apple gets it wrong occasionally and they have only a handful of different models - all of which they designed themselves. There are literally thousands (at least) hardware variations in the Android world. Google is going to release updates on consumers without testing on all the hardware variants? Good luck with that. Or expect OEMs to test it for them, when OEMs can't be bothered to do anything connected with updates now and Google won't compensate them for their trouble and would likely blame any incompatibilities on the OEM instead of their OS? Good luck with that, too.

      Two, OEMs aren't going to stand still and let Google take away their remaining differentiation, or the ways in which they can install their own services to try to make a little something after the sale instead of letting Google grab every single penny of post-sale revenue. I could easily see Samsung, Xiaomi and others forking the last version of Android before that one and sticking with it. Or switching to another phone OS entirely that remains compatible with Android apps.

      What is in it for the OEMs to go along with Google making every single OEM's UI look exactly identical to the rest? Yeah, it is great having regular updates but the lack of them doesn't seem to be hurting Android's market share at all. Customers (outside the Reg readers and others of similar technical level) aren't clamoring for that.

      This is the place where Reg readers will downvote me and tell me that they'd kill for a good phone that came with a generic Android install with no OEM skins or bloatware. But you lot aren't the average consumers. The average person isn't asking for that, or else Nexus phones would have sold one heck of a lot better than they did.

      Google may wish they could do this, but if they tried they'd have a revolt on their hands from consumers, and if Samsung forked Android 6.x or switched to some Linux variant that was compatible with 99% of Android apps customers wouldn't care. They'd still buy Galaxys and would wonder what the fuss is about when their Reg reading friends told them "that's not real Android, you are buying the wrong phone!"

      1. fuzzie

        Re: Don't get your hopes up

        Is this the teetering/tipping point at which Samsung starts to feel very chuffed at the efforts spent on Tizen? Their customers are already used to all the S-alternatives to the G-* apps. They could fairly quietly switch out the below-the-waterline parts of the stack with many of their customers not noticing/caring.

        1. Alan Brown Silver badge

          Re: Don't get your hopes up

          "Their customers are already used to all the S-alternatives to the G-* apps."

          In my experience the S-alternatives get removed from the main menu pages as soon as the user starts personalising and removed if possible.


      2. joeldillon

        Re: Don't get your hopes up

        Quite. Google is going to write device drivers for all the OEMs' handsets now? Apple can own OS updates for iOS devices because it makes the hardware. Google does not. The speculation of a non-technical journalist is worth nothing.

        1. Brewster's Angle Grinder Silver badge

          Re: Don't get your hopes up

          "The speculation of a non-technical journalist is worth nothing."

          But worth as much as the speculation of any of us not directly involved with the development of Android.

          I'm really shocked by the reactionary "it will be impossible" attitude of so many people. The mobile phone market is pretty commoditized and shaking down to a handful of chipsets. Yes, there will be problems. But none of them strike me as a deal breaker for a company with Google's pockets, particularly as Microsoft seem to have solved them for Windows phone. Mobile is harder than desktop, I grant. But we've coped on the desktop for decades.

      3. BenR

        Re: Don't get your hopes up

        Surely it can't be difficult to update the OS kernel and the programs that run atop it without changing the HAL model and invalidating the existing drivers?

        1. Anonymous Coward
          Anonymous Coward

          Re: Don't get your hopes up

          If you say both sides are uninformed speculation, then you should rely on the source. Until Google says they are going to do this, you shouldn't assume it is coming. If they say they are, then we can assume they have found a way around the objections raised, and speculate on the reaction of OEMs to giving up all ability for software customization.

      4. SteveCarr

        Re: Don't get your hopes up

        One way to get around this problem is to have an "early adopter" program, akin to the Windows X fast ring, where those, like me, who love to test the new and shiny releases of everything get notified of update code a week or three before general release. That way, the bad updates will only affect those who expect such things. Also, early adopters tend to be the ones who use for functionality, so even a smallish number of these makes for a great sniff test of a new release.

        1. Anonymous Coward
          Anonymous Coward


          You mean a beta program?

          Apple has run every iOS update through beta testing. That doesn't stop them occasionally having problems with the release version. And that's with a tiny amount of hardware variation compared to Android, and hardware designed by Apple.

          No matter how much beta testing / early adopter stuff you do, you will find problems in release software. With the nearly infinite number of combinations of hardware in the Android world, those problems will be worse for Google than they are for Apple.

      5. Seth Johnson

        Re: Don't get your hopes up

        Hmm, interestingly enough I've switched from touchwiz to stock android to cyanogen and now onto a sony xperia z3 that I haven't even bothered to root because... well it's just lovely exactly how it is. Not sure that many agree but the sony line of phones have been nice, I'm planning to get a z5 just because the hardware feels solid, it's waterproof and feels very well put together and it's reassuringly quick. I try loads of phones, including the blackberry priv but i really like the sony xperia range precisely because of the customisation they've added over stock.

    4. TonyJ Silver badge

      "...About bloody time..."

      Couldn't agree more.

      Pain in arse when manufacturers (I'm looking at you here, Samsung) don't update with even security patches so soon after they release a handset.

      1. VeNT

        Bloody Samsung.

        Tab pro.

        No updates at all since release.

        Nothing! This thing can run marshmallow is you are happy to root it but if you want security updates? Go fish!

  2. Ken Hagan Gold badge


    "already been reduced to virtual commodities"

    I don't think that word means what they think it means. A commodity is intrinsically interchangeable from the same product offered by another supplier. Phone hardware vendors may have so little imagination that this applies to them, but phones need be no more interchangeable than cars, cameras or sex toys.

    If phones today *were* commodities, Google would be able to push out a single set of updates that ran on every device.

    1. Anonymous Coward
      Anonymous Coward

      Re: Commodity?

      Maybe they mean commodity in the Marxist sense.

    2. Richard Plinston

      Re: Commodity?

      > If phones today *were* commodities, Google would be able to push out a single set of updates that ran on every device.

      Phones *are* commodities. They are interchangeable. I can take any phone and ring you and get the same result.

      Updates are not interchangeable, they are not commodities. That doesn't affect the status of 'phones'.

      1. Ken Hagan Gold badge

        Re: Commodity?

        Richard, by your logic, the "phone" function of a phone is a commodity but the ability to run arbitrary software (like, er, updates) is not and so the "smart" part of the "smartphone" is not a commodity.

        1. Richard Plinston

          Re: Commodity?

          > Richard, by your logic, the "phone" function of a phone is a commodity but ...

          Your claim was about "phones".

          > the ability to run arbitrary software (like, er, updates) is not

          I would hope that updates are not 'arbitrary'.

          > and so the "smart" part of the "smartphone" is not a commodity.

          They have cameras, the results of which are interchangeable: I can take a photo, send it to you and you will see the same result. I can create a document, text or spreadsheet on one and it will work on another. Messaging is the same. Media is the same. While there may be some differences, the functionality of most smartphones is the same and they are interchangeable*.

          Whether they have the same operating system, accessory list, or screen size is irrelevant to whether they can have basic functional interchangeability.

          * possibly with the exception of 'bragging rights'.

    3. a_yank_lurker Silver badge

      Re: Commodity?

      Commodity products are mature products with very similar core functionality that are differentiated by minor features, styling, etc. One key is users can readily swap from on device to the other with limit issues. Smartphones are commodities as are tablets, PCs, and laptops.

  3. Huns n Hoses

    Ooh.. ooh! Cant have that!

    Keeping the software on old mobiles up to date restricts sales of new models. Duh!

    A partial excuse for the carriers is it takes time to infuse a new OS version with the requisite logos and 'cant be deleted' crapware they insist on value-adding.

    Hey ho, Cyanogen ahoy.

    1. Charles 9 Silver badge

      Re: Ooh.. ooh! Cant have that!

      That excuse went out the door with Stagefright. Now Google's under legal pressure to take control of updates in order to cover its kiester. With more coverage of exploits and increased risk of such a device divulging State secrets, Google will want to prevent a repeat performance lest something slip and put them legally on the hook for allowing it.

  4. ratfox

    Another analyst living in cloud-cuckoo land

    So Google is going to push updates to all Android phones? Who's going to check for compatibility issues? Because Google's sure as hell not going to do that.

    This analyst knows less about phones than most reg readers.

    1. Dan 55 Silver badge

      Re: Another analyst living in cloud-cuckoo land

      I don't know, look at some of the comments. It seems Google are about to take on supporting tens of thousands of different devices.

    2. Brewster's Angle Grinder Silver badge

      Re: Another analyst living in cloud-cuckoo land

      "Who's going to check for compatibility issues?"

      It doesn't seem a huge hurdle for Google to abstract the hardware and force the manufacturers' drivers to pass a test suite before they're allowed to licence Google's services.

    3. fuzzie

      Re: Another analyst living in cloud-cuckoo land

      Does that also mean Google takes on certification of all those releases? Those base band stacks can't just be willy nilly deployed without passing certification. I always thought that was one of the big reasons Nexus devices were only available in very few markets: it was only certified for one or two territories.

      1. Brewster's Angle Grinder Silver badge

        Re: Another analyst living in cloud-cuckoo land

        "Those base band stacks can't just be willy nilly deployed without passing certification."

        But how often do bugs turn up in the baseband stack? How often are features added to it? A situation where the baseband stack is frozen and everything else can be upgraded would be much better than where we are today.

    4. 1Rafayal

      Re: Another analyst living in cloud-cuckoo land

      Maybe they will just test across a range of devices, in just the same way anyone making software for mobile devices does...

    5. dervheid

      Re: Another analyst living in cloud-cuckoo land

      Google will simply draw a line on the calendar, and mandate hardware compliance of all handsets beyond that. No reason that they can't stratify those hardware requirements to create budget, mid-range & premium baseline specs.

      The big bunfight will be getting your components on the 'approved' list.

    6. Ken Hagan Gold badge

      Re: Another analyst living in cloud-cuckoo land

      Why should Google have to check for compatibility issues? Most of the updates people want are addressing security cock-ups in user-land software (and *that*, running in the Dalvik VM). It isn't any harder for Google to issues patches for those than it is for Microsoft or your favourite Linux distro to issue a new version of some application.

  5. Kbanwait

    They'll still do something wrong here

    Surely they risk pi55ing off a few carriers here; it's not like they're going to make more money doing this. I can see something similar to this happening but not exactly like iOS / windows ... they need their carriers to stay happy.

    1. theOtherJT Silver badge

      Re: They'll still do something wrong here

      I'm not sure they do. Apple successfully bullied the carriers into doing what was best for Apple, and Google certainly has enough money to do the same, all it needs is a compelling product. Perhaps they think that now Android is mature enough to be that product.

      The landscape is changing. People are far less prepared to put up with carrier lock-in than they were even 5 years ago and it looks like Google thinks that they can start pushing both the carriers and the handset manufacturers on the playing field a little.

      1. Anonymous Coward
        Anonymous Coward

        Re: They'll still do something wrong here

        They aught to remove the ability to lock a handset to a specific network while they are at it.

        1. 1Rafayal

          Re: They'll still do something wrong here

          Why should Google be able to do that? If a network wants to lock it's handsets, it should be allowed to as long as there is a pain free way of unlocking it

          1. Anonymous Coward
            Anonymous Coward

            Re: They'll still do something wrong here

            Locking a phone to a network servers no real purpose, other than to devalue the phone in comparison to an unlocked version.

            When you by a phone, even a subsidised one, the phone is still yours to do with as you please. It doesn't belong to the network once you have it, so why should they be allowed to restrict your usage of your phone?

            The network make their money from the contracts, and the contract is still in place irrespective of what you do with the phone.

            i.e. if you decided to sell the phone that came with an 18 month contract as soon as you got it, you should be free to do that to anyone who is on any network, as the phone is yours. But you still have to pay for the contract, as that's what you signed up to. So the network still makes their money back. they shouldn't care if your using the phone they provided, using an alternate phone, or not use one at all, the contract still needs to be paid irrespective.

            1. 1Rafayal

              Re: They'll still do something wrong here

              If you choose to leave your contract early, you have to buy it out. When you do, you get your unlock code.

              Locking a phone into a network increases the value of that handset, as most networks understand that people tend to stay with the network they are on. This means you are more likely to carry on getting those 18 month contracts with them.

              If people are truly wound up by locked handsets, then just buy them sim free and get a sim only deal.

  6. SirWired 1


    Forget the latest Android gew-gaws; it'll be nice for your Average Non-Nexus owner to FINALLY receive security updates in a timely fashion. (vs. the current state of affairs, when the phones get updated anywhere from months later to never.)

    That said, I wonder how Google is going to handle a new patch breaking some sort of unique thing on a handset's hardware?

    I also wonder if they are simply going to start blocking mapping obsolete phones to Google Accounts? You can STILL get brand-new, never-activated phones that are running Gingerbread. (These are not expensive phones, to be sure; they are giveaways for new pre-paid users, but they still do exist.)

  7. Cynical Observer

    Careful Balance Required

    Sitting here getting ready to root and uplift a Samsung s3 Mini which is stuck on an old version on Android.

    Can understand the desire to minimise security exploit vectors but I'm rooting it just to be able to remove the 14 layers of shite that get installed by Google and Samsung and which simply just do not get used - Newstand, Movies, Music, Samsung Chat etc. Make it possible to remove those without root and there isn't the same impetus to root in the first place. Yes I could disable them - but I want more that that - I want the storage space back.

    Uplifting because Samsung as per so many others have lost this one in time. Sorry - but on a handset bought 15 months ago, I just don't accept that it should be abandoned after such a short period.

    It would seem fair that there should be reasonably frequent updates for at least a couple of years after the model has ceased to be sold on the high street - and security updates for at least another 2 years beyond that.

    Right - off to pick between some robust KitKat releases and some Lollipop releases that might be more fluid

    1. adnim

      Re: Careful Balance Required

      Lollipop (Cyanogen) works sweet on my 1st gen Moto G.... Makes Kitkat look broke.

      1. Cynical Observer

        Re: Careful Balance Required


        Aware of the differences - it's just about finding a stable port as there's no official CM port for the s3 mini

  8. Anonymous Coward
    Anonymous Coward

    This is good

    Because major handset makers will have to bring in new OS options as they will have little to differentiate themselves.

    Android will be just a standardised OS that is built to push Googles services, not phone makers products.

    Why are you surprised you don't get Android updates, when you're used to (until recently) new Windows versions on new PCs. Phone manufacturers use new Android versions to push new handsets, why would they update old/obsolete models with newer software when it takes away sales of new phones?

    Looking forward to more choice.

  9. fnusnu


    So now we have the choice of handing over all of our data to Apple, Google, or Microsoft.

    Where's linux on the fondleslab when you need it?

    1. Duncan Macdonald Silver badge

      Re: Great

      Android IS a linux based system.

      1. edge_e

        Re: Great


    2. Martin Summers

      Re: Great

      Vanilla Linux Duncan *Vanilla*

    3. WonkoTheSane

      Re: Great

      "Where's linux on the fondleslab when you need it?"

      Wait a month:-

      Unless you meant phones, in which case right here, right now!

      Note the phones at each end are running Ubuntu

  10. Anonymous Coward
    Anonymous Coward

    ...absolutely no options for handset makers to make any changes..

    Does this means that a Samsung sold by Foober Telecom will not have loads of uninstallable equivalent applications by Samsung *AND* Foober? I will decide what to install and remove?


    1. Charles 9 Silver badge

      Re: ...absolutely no options for handset makers to make any changes..

      No, I think the handset makers will still be able to customize the UI to some degree. Isn't that what Overlays will be all about?

  11. yoganmahew

    Erm, glass houses?

    It'd be nice if Google would start with the laggards who refuse to upgrade the Nexus 7 2012...

  12. Fruit and Nutcase Silver badge

    Nail in the coffin for AOSP?

    There'll be nothing left of the "base", and what will happen to the small manufacturers who currently do not fork out for certification. Whilst the GMS licence itself may be free, the cost is in the independent certification testing. With more of the "Android" functionality moved to GMS, it will force the small guys to get a GMS licence.

    Probably best to wait for a proper announcement from Google

    1. fuzzie

      Re: Nail in the coffin for AOSP?

      AOSP has been a (pale) shadow of Android proper for a while already. Google has all but abandoned mos of the stock apps and replaced them with proprietary ones bundled with Google Play Services. In many practical ways that ship's sailed long ago.

  13. Charles 9 Silver badge

    Moving core OS to Google's control is, on the balance of things, for the better given they can push updates out faster without the red tape. I'm pretty sure the handset makers will still find ways to customize the UI through Overlays (introduced in Lollipop, I think). If they use overlays, I would prefer if Google allowed us the option to disable them, though I understand this is going to be something of a give and take with the handset makers.

    Frankly, this would take care of most of the reasons I root my phone these days. Now if they can just mandate the last one (allow for local Nandroid backups from stock in case of Murphy)...

    PS. Any bets Android N will be slow in coming so as to push this new idea?

  14. David Austin

    Needed, but not easy.

    Well, SOMETHING needs to happen on the Android front, not just from a new features perspective (Which makes sense for Google to be keen on pushing), but from a security perspective too: There are so many manufacturer abandoned handsets out there, we've probably reached the tipping point where Android has lost it's "Heard Immunity" from having a high enough proportion of handsets up to date and secure, that the whole ecosystem benefits, even the phones that aren't up to date.

    But if this is Google's end game, I can't see a quick and easy way of getting there: Yes, the carriers and manufactures have a vested interest in making handsets legacy as soon as the next year's model is out, but another big problem with getting updates out is the chipset makers not testing and releasing drivers that work with Android next. Google has the clout to make them, but that doesn't help the clusterfuck of Firmware and low level device issues.

    Only reasonable way I can see this being fixed is for Google to Hypervisor and Abstract their way out of it: I can see Android Peppermint or Quesito ending up with a small bare metal host system that virtualises all the hardware and is the manufactures responsibility, with everything above that level in the guest system updatable by Google.

    Heck, throw in a Microsoft OOBE style system so carriers can push their (needless) customisations onto people, and they may be able to fix the security mess without an open revolt from their hardware partners.

    1. fuzzie

      Re: Needed, but not easy.

      How does this play with OEMs that actually want to innovate on the hardware side? Today they build the new hardware, add their own drivers, APIs and applications on top. And then, if Google deems it shiny enough, Google announces their own version of it, often with different APIs and the OEM gets to abandon their efforts for "the standard". Would Google taking full control of the stack even allow such innovation? Sounds more like Google Silver program back in disguise.

  15. mpinco

    Thinking this is going to impact Blackberry Priv product line direction. Handing over all OS/security updates to Google minimizes the value proposition.

  16. ben kendim

    And the FCC will say ... exactly what to this?

    Yeah right, it will happen, sure...

    And the carriers will let Google have full control over the device. I can just see Verizon going with this...

    1. Brewster's Angle Grinder Silver badge

      Re: And the FCC will say ... exactly what to this?

      "And the carriers will let Google have full control over the device."

      What options do they have? The only games in town are Apple (not available), Microsoft's vanity project (not popular), or Android. We've reached the point where Google can do this.

      And, as others have pointed out, there are still mechanisms that allow carriers to ruin the experience add value.

      1. Kanhef

        Re: And the FCC will say ... exactly what to this?

        If Nokia hadn't sold out to Microsoft and killed Symbian, there might still be a viable alternative for manufacturers to switch to. Ironically, it probably would be easier for Win10 to get a foothold in the market if it was more fragmented between iOS, Android, and Symbian.

        1. Richard Plinston

          Re: And the FCC will say ... exactly what to this?

          > If Nokia hadn't sold out to Microsoft and killed Symbian,

          Maemo, Meego, Asha, Meltemi, and Nokia X, ...


          (and WebOS)

  17. Anonymous Coward
    Anonymous Coward

    Take a step back and calm down

    "Richard Windsor, an analyst with Edison Investment Research"

    Well Mr Dick Windsor, where is your evidence that Google is going to execute this move, how and in what time frame or is this just sheer conjecture ? One day the Earth will be enveloped by an expanding Sun but that's a long way off.

    Move along folks and nothing to see here apart from Gartneresque bullshit.

  18. MondoMan

    " a release of Google Pay designed to work only on locked handsets."

    Quibble about a common error -- "locked" does not mean "not rooted" -- it just means the handset will only work with a given Telco's cell network (it's locked to that network). Google itself sells zillions of "unlocked" handsets (its Nexus phones) that work fine with Google Pay on whatever cell network the hardware will support.

  19. Alpha-Fox333

    Mixed feelings

    This could be very good for everyone or absolutely dreadful.

    On one hand: faster updates which are welcome , possibly stock android across most new phones ?.

    On the other: the faster updates may not get enough testing and not be compatible on some phones but still come through as an update for them.

    In the article they say google made a version of the play store that will only run on android thats not been rooted. This PI55ES me off. You buy a pc or laptop you get administrative controls and permissions. But you buy a fecking smartphone thats basically a computer you can make calls and texts with as well other computer functions that can fit into your hand or pockets and yet google takes away our right to have full controls over our smartphones. The smartphones should come with root enabled and still be allowed all the latest updates to apps and firmware and other features.

    The fact that google practically steal our rights to have administrative and root controls on OUR android devices to me is nothing short of a crime

    1. Montreal Sean

      Re: Mixed feelings

      They haven't blocked Google PLAY on rooted phones.

      They blocked Google PAY, which I can understand. You want to be sure security is controlled when it comes to pay services.

      1. gerdesj Silver badge

        Re: Mixed feelings

        "They blocked Google PAY, which I can understand. You want to be sure security is controlled when it comes to pay services."

        I've rooted my laptop and several hundred servers I look after, I've also admistratored many Windows systems. I've even mechaniced my cars and even *shock* *horror* chippied, plumbered and sparkied my house.

        You think your phone is secure if you can't administer it?

      2. Adam 52 Silver badge

        Re: Mixed feelings

        "They blocked Google PAY, which I can understand. You want to be sure security is controlled when it comes to pay services"

        I don't see how preventing rooting helps. We seem happy with banking on PCs.

        Unless there's something insecure server side which would be compromised by a rooted phone then they gain nothing, and if there is something insecure then it'll get found out eventually. Client side a malicious app can be installed without rooting.

        So the only possible protection is against something client side stealing a secret from the root-only accessible part of the client. I suppose they could be worried about someone tampering with cert trust or similar but that's about it.

        1. Anonymous Coward
          Anonymous Coward

          Re: Mixed feelings

          root compromises the security of the OS, and therefore the security of the apps running on that OS. Just like running under an admin enabled account, with UAC turned off, can compromises the Windows OS.

          Google, like most existing banks and other financial institutions, have decided that a rooted device is too risky to trust with financial apps, so they won't work. That's their choice, as it's their service and their app, not yours.

          If you want to use Google Pay, or other banking apps, then remove root, simple.

          1. Adrian 4 Silver badge

            Re: Mixed feelings

            While rooting may increase the vulnerability of the phone, it's by no means the only vulnerability. If the security of their service relies on the integrity of the customer's device, they ultimately have no useful security at all.

            1. Charles 9 Silver badge

              Re: Mixed feelings

              "If the security of their service relies on the integrity of the customer's device, they ultimately have no useful security at all."

              Then by your logic no device on earth has any useful security because, in the final analysis, you MUST use an endpoint of some sort to do business.

              Meanwhile, Android is taking greater pains to verify its work environment. dm-verity, for example, is now enforced (from bootup) in Marshmallow and uses a Merkle Tree based on Google's signing key, meaning all official ROMs have to go through Google for verification going forward. Expect the standard to tighten for Android N, which I suspect will be some time coming if Google plans to incorporate this new update scheme into it.

        2. Boothy Silver badge

          Re: Mixed feelings

          Out of curiosity, what do people use root for these days? i.e. Why do people feel the need to root your phones?

          Genuine question, not trolling.

          I've been a user of Android since the original HTC Hero, which I rooted at the time, and did the same to several phones after that point.

          But I haven't bothered rooting for a while now, as all the things I'd used root for previously, are possible now in a non rooted device.

          For example, firewalls and granular app permissions, work without root these days.

          So what other things do people feel they need to do on their phones, that requires root access?

          For reference, I use Nexus devices these days, so don't have to deal with the cruft installed by the various manufacturers. So this likely also plays into the no root needed for me.

          1. Charles 9 Silver badge

            Re: Mixed feelings

            There are several key reasons:

            - Removing crapware, especially crapware system apps that are baked into the ROM and therefore can't be uninstalled unless you're root. At the nuclear end, some remove crapware by installing slimmer ROMs in their place. This is being countered with more integrity checking, particularly with Marshmallow with dm-verity. Expect more functionality to be cut off (Android Pay is this already) if Android cannot verify a pristine system.

            - Filtering the network at a baseline level, meaning not even the bundled apps can bomb you. That usually calls for hosts file editing (such as with AdAway), a system-level job that again violates system integrity.

            - Backing up in case Murphy strikes. And not just apps, things like contacts and system settings for which there's no easy backup solution unless you're doing a Nandroid or using a root-class backup like Titanium Backup. Both require system-level access to do (the former because you need a custom recovery), and that breaks system integrity again, going to the first problem. If Google could provide a stock means to do this, that would remove a reason.

            PS. Much as I would take a Nexus, lack of SD and lack of removable battery are both deal-breakers (especially the latter due to working life issues with batteries). I'm currently looking for a decent phone to use on a trip, but as of now the best bet seems to be a used Samsung S5 or perhaps an LG G3 (I'll tolerate their cruft for SD, a removeable battery, wireless charging, and NFC, unless someone else can point to one that's at least 720p and can do Marshmallow).

  20. NanoMeter

    I'm sure Google will let manufacturers be able to set a "no update" setting internally on old hardware. Perhaps older than four years or something.

    1. Charles 9 Silver badge

      Not likely, given the odds of another Stagefright that can pwn phones across the board: including old ones.

  21. BeachBum68
    Thumb Up

    Definitely a good idea

    After getting burned by carriers and android handset makers far too many times, I was THIS close to moving to Apple. Carrier bloat in particular is a disgrace to the Android ecosystem and handsets, other than Nexus, are still loaded to the rim with uninstallable bloat, my Note 5 is my latest example.

    I use android pay, so rooting isn't desirable so I'm stuck with apps that I simply can't remove that waste my storage space and run when I don't want them to (unless they can be disabled, which some of them are, admittedly) but more than a few are considered "required" and cannot even be disabled.

    The criminal level of arrogance these companies display (carriers and handset makers) to dictate what my phone MUST have turns my stomach. So, in this case, I completely support Google setting the standard, so if I WANT a Samsung launcher/theme/etc, they can prove their worth and sell me on it's features/functionality. Same goes with Sony, LG, etc...

    1. fuzzie

      Re: Definitely a good idea

      I'd also love to uninstall the Google bloatware that gets pushed to my phone. All those services they keep dreaming up, many not available in my region, but I must have the app. Or bits like Google+ and Hangouts (which always seems to hover in the background, doing who knows what even if I've never used it).

      1. Boothy Silver badge

        Re: Definitely a good idea

        I always thought Hangouts was a bit odd, not one friend ever used it, and I thought it was horrible as an SMS client.

        So on my Nexus 5, it's disable.

        But that still doesn't stop it from using over 23MB of space, and crashing in the background occasionally. (How can a disabled app still crash!!).

  22. This post has been deleted by its author

  23. Anonymous Coward

    What ever happened to the android fragmentation issue?

    "The net result is that a Google device will become much like an iOS or a Windows 10 device with absolutely no options for handset makers to make any changes."

    Ah, nice sideways shuffle, now it's Google dictates to handset makers.

    1. Ken Hagan Gold badge

      Re: What ever happened to the android fragmentation issue?

      "or a Windows 10 device with absolutely no options for handset makers to make any changes."

      Ho ho! Because no OEM has /ever/ bundled crapware with a new Windows box.

  24. Medixstiff

    About time.

    I cannot get over how many new phones still come out with KitKat, FFS it's 2016 manufacturers, I'm sick of looking at new phones for staff and having 11GB or less free on a brand new 16GB phone because of useless crap you lot install that cannot be removed unless the phone is rooted.

  25. Anonymous Coward
    Anonymous Coward

    Google Owns the World

    I was intending to get an Android phone, having decided I could do everything I needed without a Google account and if necessary eventually install Cyanogenmod. This changes everything. Will Cyanogenmod have a way around this now Google virtually owns them, or will they be sacrificed?

    Now what? Carry on waiting for Jolla or Tizen or become an Apple fanboi?

  26. RyokuMas

    See, this is how you do it, Microsoft...

    Make the hardware providers responsible for handing out the updates, wait until they all get so out of sync that it causes huge issues and growing unrest among the end users, then sweep in with a cry of "we'll take over updates! Everything will be in sync!" and presto! You're seen as the heroes who sorted everything out, as opposed to the evil, scheming megalomaniacs who will not rest until they have total control over everyone's devices and data...

    ... I'll get me coat.

  27. Anonymous Coward
    Anonymous Coward

    absolutely no options for handset makers to make any changes

    f... handset makers, I'm worried about modded version for us, wild sheep...

  28. shaunhw

    The Marshmallow is a bit off...

    Marshmallow stinks, at least on a HTC 1m8 where the thing now defaults to brilliant white on the phone and keyboards. Try using that in the middle of the night when someone calls you, when you are on call. A phone call to HTC was met with "Not us gov'ner!" So I asked: "Can I roll it back then please ?" "Not possible!" came the curt reply. A custom keyboard solved some of it but it wasn't as friendly as the default one, now blindingly bright. A custom third party skin solved the brilliant white phone screen. But HTC didn't advise me of these possibilities. Don't the designers of these new OS versions, think things through nowadays, or are they really that obtuse ? They didn't use to be that's for sure.

    Updates ? Judging by this Android "one way street" and the problems with Windows 10 I had on my Microsoft SP3, such as the vanishing "store" apps when run on a local account for too long, updates seem to be now something best avoided I think. If it ain't broke and all that!

    Windows 8.1 always worked fine on the SP3, but I couldn't roll that back from W10 either after a hardware exchange. Back in the day when they had to pay to duplicate millions of OS discs they certainly took a lot more care.

  29. Andrew Jones 2

    This is a whole load of complete rubbish. First they can't "move" the entire OS onto the services layer, that is definitely something that shows that the guy who is essentially guessing the future, doesn't actually know how Android works. Second - the Nexus devices exist so that Google does have complete control over the updates situation. Third - leaving handset makers with no ability to modify Android in any way - will just significantly remove the number of manufacturers making Android hardware, which with the launch of Brillo is the very last thing Google can afford to do if they want more people to pick Android. Fourth - and this is the big one - the jump from Google wants more control and that's why they are preventing rooted devices from running Android Pay - really demonstrates the sort of lack of knowledge this guy has. Clearly - BANKS are behind the requirement that rooted devices cannot run Android Pay - because rooted devices somehow apparently threaten the integrity of the banking system.

  30. oneeye

    This move by Google is an absolute necessity these days because so much of the newest malware is rooting phones and even able to persist thru factory resets. And it's not just the speed of security updates or adoption of the next Operating systems, but the fact that the OEM and carriers add more crapware each and every time. I think that the OEM and Carriers have gone too far in competing with Google in wanting ALL our usage information and more. Take Verizon super cookies for instance. And Sprints trying to skin the default browser,Chrome, to scoop up info "to better serve you ads" and apps and more crapware. It's gotten rediculus. HTC and blink directly competing with Google Now etc. etc. etc. With all the crapware comes more vulnerabilities because of weak security by the OEM and Carrier developers. So, I hope that Google plans to give us the ability to uninstall the crapware without having to root, otherwise, Google will lose out too.

  31. tiggity Silver badge


    I'm sure there's a huge gap in the market for vendors who can supply vanilla android (a la Nexus range), with no extra junk software added, that gets updates as soon as they are available for people who like bug fixes, but sell phone range with features that the Nexus range lacks e.g. SD card support (insert other choices here e.g. dual SIM, decent removeable battery etc).

    1. Anonymous Coward
      Anonymous Coward

      Re: vanilla

      You seem to be describing GPE, Google Play Edition devices.

      This was basically standard OEM hardware, (e.g. Galaxy S4), but running stock Android with no tweaking by the manufacturers other than adding the required hardware drivers.

      Samsung, HTC, Sony and Motorola all produced GPE devices.

      Unfortunately it was badly run (as far as I know you could only buy them in the US) and not widely advertised. They stopped selling them in late 2014/early 2015.

      The Android Silver program was supposedly going to replace these Play Editions, (and ultimately the Nexus devices themselves), but the guy running it in Google left, and there were rumours about an internal power struggle within Google, between the Silver and the Nexus programs, and resistance from the OEMs themselves.

      So GPE vanished, Android Silver never appeared, and the Nexus devices carried on.

  32. pitso'earth

    Hmmm, Google haven't updated my Nexus 10 yet. If they can't be bothered to update their own hardware.............

  33. Sleep deprived

    Google doesn't even do it on its own devices...

    Just last night I updated a Nexus S for the GF, going from ICS to Jelly Beans (4.0.4->4.1.2) with the Nexus Root Toolkit. Yet, the phone update feature in the settings would tell me I was already up-to-date...

  34. JPL

    Make sure you keep your computer fully patched

    A smartphone is a computer. I wouldn't dream of buying a computer that could not get software updates (security patches and new features). The sooner Google takes control of Android updates for all Android devices from all manufacturers the better - it would be nice to be able to choose any phone rather than being restricted to the Nexus range as at present.

  35. Gordon861

    Nexus 7

    Whilst I see the sense behind this idea, I am very concerned that based on Googles past updating experience this is going to make a lot of devices unusable.

    The Nexus 7 is a good example of this, it worked fine up to Android 4.4.4 but when Android 5 was added to it the tablets became pretty much useless as they were so slow.

    1. Mooninaut

      Re: Nexus 7

      This is my worry as well. I have a Nexus 7 2012 which I "upgraded" to 5.0, spent months trying to get it to work, then "downgraded" back to 4.4.4. KitKat still doesn't run all that well, but it's nowhere near as bad.

      I now believe that there needs to be a regulatory mandate that proprietary software and hardware manufacturers and cell phone carriers must provide security updates to their OSes and core apps for the useful life of their devices. Five years from first public release at a minimum. Security updates that don't require users to "update" to newer, more bloated versions that won't run. Google should still be issuing security patches for any version of Android that has a significant number of users, and manufacturers and carriers should be legally required to assist them in getting the patches QAed and installed.

      I think nearly everyone is in denial about the fact that end-user security is a significant component of national security. Software and hardware insecurity should be treated as just as important as physical security. Unpatched Android phones are becoming the new Windows XP, the weakest link in an already terribly weak security infrastructure.

      Of course, we also need to get rid of the "security theater" aspect of physical security and ensure that it doesn't become the norm for information security as well.

      1. Charles 9 Silver badge

        Re: Nexus 7

        But it's the people that WANT the security theater: the visual appearance that things are getting done. Otherwise, they'll never feel comfortable.

        As for "working life," who gets to make the determination? A human who can be prone to corruption?

  36. nilfs2

    Not impossible, it is being done already

    Google will do the same as the Linux Foundation is doing for the Linux kernel, testing and including new firmware into the kernel.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like