Re: I hate to say it
But isn't it time for Google to step up and be responsible for it's OS and provide timely security updates ala Microsoft/Apple?
Which is what it does with AOSP. However, it's recently gone beyond that and starting adding stuff in via PlayServices. I recently got a stagefright patch like this on my S5.
Clearly, what is missing is the issue of liability which it will be for the courts to decide. EU warranty law is pretty clear on this but it's just not being tested at the moment. Project Zero seems to me a serious attempt to raise the profile of the flaws and the fact that Google has often already provided fixes for them.
Security is an afterthought for too many in the industry. But it will continue to be this way until it becomes too expensive to ignore it.