More than a billion hopelessly vulnerable Android gizmos in the wild that no longer receive security updates – research

Re: And in comparison...

My brother-in-law and his wife replaced their 2013 Samsung Galaxy S4 mini smartphones last summer... Given how bad security updates were back then, that means at least 6 years of being vulnerable.

Re: And in comparison...

Calling BS on your nice little rant, first, because the i3 were introduced in 2010, so you can't have one older than 10 years.

I wish I could introduce you to my nice little Sony Android phone, doing very well at 3, although there's no more OTA update for more than one year. My older Xiaomi also was fine when I sadly had to replace it, not for lack of updates, but there simply wasn't any genuine replacements for the user-replaceable battery when it died.

Re: And in comparison...

Smartphones are nothing more or less than shitty computers.

Connected to the internet, yet inherently less secure and securable than a full fledged computer/laptop.

They can run basically any application, yet we are more or less restricted to what a handful of app stores have on offer. There is no large software eco-system with plenty of opensource choice, than with regular computers.

They are pretty much general purpose hardware, yet if the manufacturer feels like it, functionality is pretty limited. How long were iPhones incapable of wireless hot-spotting compared to Android phones?

While, they are pretty much general purpose hardware, you're basically caught in an OS duopoly.

list goes on ... feel free to add

Re: And in comparison...

Yes, that is not because of any manufacture support.

And it is possible to do the same thing for your phone if there is a linageOS* version available, you can keep it up to date yourself.

*or other OS if you really want. Don't know of any, and haven't bothered to look.

Re: And in comparison...

>Admittedly it's a bit shit, but it works,

Just updated a set of identical HP desktop systems with mid-range generation 2 i3's from Win7, performance is definitely better if you do a clean install, letting the installer repartition the HDD and find relevant drivers from the web.

Google could help

By requiring anyone selling phones with Android on them to have the last OTA update be to generic Android, and set to allow generic Andriod updates thereafter (as long as the hardware can take it).

Re: And in comparison...

>>How many Android handsets are usefully operable at the age of 3, never mind 10+ years.

Still using my Samsung Galaxy S2. Still doing what I need it to do. It hasn't received any updates almost as long as my Windows 7 machines and decommissioned WSUS server.

Re: And in comparison...

And all you have to do to get the "security" of Windows 10 is sell your soul to Microsoft. Oh - and upgrade to the next Windows version as soon as you are told.

Re: This is what the vendors want ...

The problem is, most people don't even know they are vulnerable.

"Hey, its a phone."

As long as their app du jour works, they don't know or care about anything else on their phone.

My brother-in-law and wife replaced their 2013 Galaxy S4 mini smartphones last summer. I'm guessing they probably haven't had a security update since 2014.

Re: This is what the vendors want ...

This sounds like the opening of an "would-like-to-be-millennial-internet-publication"; a style which tragically seeps more and more into general media.

"I run an acient Android smart-phone, and mobe makers hate it!"

Re: This is what the vendors want ...

my 'phone runs Android 4.3 (released July 2013).

Most of mine are 4.2 (Jellybean), plus 4.4 (KitKat), and a couple of 5.1 (Lollipop). But I don't generally use them as smart phones, mostly application platforms for in-house side-loaded apps. All but a couple have expired SIMs.

They were all EOL cheapies when I bought them and have never had updates available. Probably a good thing because I imagine it would be like wading through treacle trying to run the latest version. Had to disable Google Play on most to get standby battery life back from a day to a week.

But I expect most consumers have been upgrading to be able to run latest apps and games and have access to BLE and NFC and the like, are land-filling regularly. Or that 'one million vulnerable' would be a gross under estimate.

Re: This is what the vendors want ...

They should be forced to support them for a least 5 years after the last one is sold - not from when it is first released.

Apple is actually pretty good about long-term device support. iOS 13 fully supports phones back to the 6s (released 9/2015, discontinued 9/2018). Rumor online is that the 6s/6s+/SE will be supported by iOS 14 as well. That's not quite five years from last sale, but it's longer than you get with even a Pixel.

Premium Android phones tend to have a longer support life than the landfill variety, but they also cost just as much as iPhones these days. If you prefer to keep a device for a long time but also care about security, the longer support lifespan for iOS means you get more value from the iPhone.

Isn't the problem that almost all of them are dependent on Qualcomm and it's Qualcomm that doesn't release the updates need to move to the next Android? Even the Exynos processors are dependent on some Qualcomm hardware, I think.

Perhaps it's time to buy Huawei....oo err...

+1

My Blackview BV9600Pro hasn't had an update since I bought it. Still on version 20190430 and telling me "Your device's software is currenly up to date".

Naming and shaming is the only way.

Both manufacturers and Google are to blame really. Google's design of the update process put the manufacturers in control, who then have no incentive to apply updates to older hardware. I agree that the Android One system should improve things, but how many consumers even know what that is? And why only 3 years? I get that handsets are more likely to suffer greater wear and tear, but why should there be any limit? Google don't exactly have a good track record here, remember that they are now imposing limited lifespans and expiration dates on Chromebooks.

Google has not done enough to segment the base OS from the cruft that handset vendors and operators put on them.

If it could truly segment the OS, sort out the resulting driver issue, then there'd be no reason (casting aside performance) for devices not to continually get OS updates.

I'd posit that 90% of devices get their components (camera, displays, etc) from a very small subset of OEMs, so there shouldn't be any reasons to keep drivers up to date too.

And who suggested "backing up an android?" Wash your mouth out! What an abysmal shit show that is...

Re: lineageOS

I agree lineageOS is great, but there are not that many officially supported phones. And it's not clear how to tell in advance of a purchase whether or not a given phone will be supported, or -- if it is currently supported -- whether (or how long) it might remain supported. I understand that there are good reasons for this, and the fact that any phones at all are supported is great, but lineageOS is not a panacea for all "no-update" problems.

I recently installed an unofficial lineage rom for a J1, to be used as a handy cheap/semi-disposable second phone, but the locate/download/install experience was a bit unsettling, given the not especially well established provenance of the build [1]. Almost certainly better than the old official OS, given the advanced age of *that*, but, well, hmm.

[1] I.e. Here's a link in a forum, to a mystery download site!

NB: I didn't downvote, by the way.

Re: In other news...

Yes, it's old news, and yes, it's bleeding obvious - but it's still a problem, and the problem is getting worse not better. And yes, why not Smart TV's too? It if helps the wider public actually understand there's an issue then there's an improved chance that consumer pressure might influence a change in manufacturer (or regulator) behaviour. The environmental damage of wasteful smartphone production is too much of an issue - you're stealing my future, how dare you! ;-)

Re: Android One

Legislation can easily fix this. And a combination of consumer protection and environmental law can be the excuse for doing so.

Simply give consumers the right of return, on the gounds that online goods without security updates are not fit for purpose. Then retailers will only sell phones that get updates. It's not like the manufacturers can't do it, it's just that they don't see it as in their financial interests. Make it so, and the problem should go away quite quickly.

Even a market the UK's size should be able to force this, as it's not that expensive to update models - given that Google do most of the legwork. Some vendors might pull out of the market, but there's enough profit here for the likes of Samsung to still want to sell a phone or two.

I began to have doubts about Which when they did a piece on learner motorbikes back in the 1970s and selected as the best bet a Kawasaki 250 which was notorious for its dislike of corners and the way its front brake turned into an ice skate in the wet.

When I was doing the research for the new car I eventually bought recently (I have OCD when it comes to these things) I checked the English, German, French and Italian reviews. The only bad one in the lot was...Which. As I believe they are quite litigious I won't comment further except to agree with your implication that lateness to the party is a thing here.

Re: I used to have an Android phone

If you'd spent the same amount of money on a flagship Android phone you are spending on an iPhone, you'd get updates for years, as well.

But yes, Android has many low-end options, where Apple does not. Some people absolutely HATE having choices and flexibility, and for them, there's Apple.

Re: On the other hand

You sound old.

> they'll demand better treatment

They won't, because they never heard about updates, security patches and all that boring insider stuff. They consider they bought a tool and thus are perfectly happy with a ancient, unsecure phone as long as it does whatever they want it to do (run Facebook and Candy Crush, send/receive texts and calls).

If you start telling them about missing patches and security holes and all that, they retort they definitely won't spend several hundred for a new phone given their old one still works, and I can't really blame them: Money doesn't grow on trees, most people have to earn it and rarely have too much of it...

Apple devices are supported for 5 years and in some cases longer

The current software on Apple devices supports back to the 5S, so that is more than 5 years with iOS 12.

You may not get all the bells and whistles but it at least it works and has security updates (main reason was any device with less than 1GB ram)

For iOS 13 that supports back to the iPhone 6S (currently about 4 years old) and rumours will be supported in iOS 14 (again may not support all features but will have latest security updates)

Re: "... calls for manufacturers to be open about how long they will support devices"

imagine owning a house that needed the builders to come in several times a month to fix the plumbing, the electrics, the gas pipes, the windows, the roof tiles. Would you be happy with that?

I take it that you need to imagine this scenario because it sounds like you have never bought a new-build house from a volume builder in the UK.

Probally not that many, given people upgrade Apple device quite often

They do support updates still on the older iOS 12 and iOS 13 is the fully supported version.

So unless you have an iPhone 5 or older you will not be getting updates but then this is an 8 year old device.

Pretty sure most Apple users have upgraded from iPhone 5.

And iOS 13 does run very well on all devices that support it.

Google should simply change their business it that they will not provide the software to OEM unless they provide updates.

Re: Apple

Earlier versions of Android did often bring changes that required hardware support. But this, apart from hardware encryption, was largely finished by Android 4.

Re: This is how you make money

It's definitely disheartening to see how some manufacturers focus more on creating products that have a shorter lifespan, just so they can make more money by having customers continuously upgrade and purchase new ones.

Re: This is how you make money

It's almost like a never-ending cycle, similar to how smoking cigarettes can be addictive and costly in the long run. It's true that the cycle of buying and upgrading products can be frustrating, but it's the reality of how some businesses operate.

Re: I wish I'd been aware of this when I bought my first smartphone...

I'm still using an old feature phone.

I dipped a toe in Smart phones, didn't like the frequent battery recharge requirements, among other things.

The only way to get the Manufacturers, Carriers and Google to clean up their act, is to not buy their shit.

But as the population is firmly on the teat at this point (or hopelessly addicted to Smartphone crack) there's little hope of that.