Some Android phones “lied” about the security patch they are on

[D13H4RD]

2 minutes ago, DrMacintosh said:

I'd love to, but I'm just not going to sit and be lambasted. 

Like I said, just stop

 

You either stop and take it to a private message or let this continue, have this thread derail badly and possibly get penalized.

 

Like, come on. There's no need to begin or engage in petty arguments that aren't even related to the OP.

 

The OP was about Android OEMs sucking (again) in the update game, and now we're suddenly talking about iPhone batteries (yet again)????

[DrMacintosh]

Whatever

[Master Disaster]

4 hours ago, DrMacintosh said:

That is Googles largest problem. They allowed anyone to start up and put their OS on a phone. Now you would think that that would not be that big of a deal, but because of the nature of Android these OEMs get some level of control over aspects of Android and how it exists on a device. 

 

Imo I think Google should take a more authoritative stance on the conditions of being able to use Android on devices to ensure that at the very least security patches are only an option to the end user. (that way you avoid annoying forced updates)

You do understand how open source software works, right?

 

Anybody can use, fork and/or alter any part of the software they choose and under GPL Google cannot mandate anything to anybody who decides to fork Android and use it on their device.

 

That's just the nature of open source.

[DrMacintosh]

Just now, Master Disaster said:

Anybody can use, fork and/or alter any part of the software they choose and under GPL Google cannot mandate anything to anybody who decides to fork Android and use it on their device.

They can, by not making it open source and instead start licensing the whole OS (which they should have done in the first place if you ask me)

[Sauron]

And this is why you should look for devices with stock roms... I hope they don't get away with sweeping this under the rug. In the meanwhile anyone using those devices should be looking at installing a custom rom, those get updated pretty regularly.

[D13H4RD]

2 minutes ago, Sauron said:

And this is why you should look for devices with stock roms... I hope they don't get away with sweeping this under the rug. In the meanwhile anyone using those devices should be looking at installing a custom rom, those get updated pretty regularly.

Not even devices with stock firmware get updated so often. 

 

Perfect example being Motorola. They've fallen so far from grace since the Lenovo takeover 

 

Only Google, Essential and HMD have done good when it comes to patches. If you want updates, those are the only ones you should buy from if you're looking at the Android side 

[Sauron]

7 minutes ago, D13H4RD2L1V3 said:

Not even devices with stock firmware get updated so often. 

It depends on the manufacturer I suppose, but at least there's a better chance of being able to update it manually in the future.

[asus killer]

Android is a complete mess, in all aspects, not just this case. I hoped for a long time someone could come up with a real alternative. Apple does a much better job with their phones OS. And this is a android user speaking that really dislikes Apple in general.

 

 

[D13H4RD]

12 minutes ago, Sauron said:

It depends on the manufacturer I suppose, but at least there's a better chance of being able to update it manually in the future.

Well, if your phone supports Treble (such as all certified Android phones launching with Oreo and some Huaweis that are updated to Oreo alongside some like the Essential), flashing a custom firmware should be easy, especially since it makes it much easier to develop for.

 

You still need an unlockable bootloader though 

[Carclis]

If phones were not so disposable with their yearly updates to hardware, or if there weren't so many models with stripped features for the sake of hitting difference price brackets even though the cost to manufacture them is close, then this would not be an issue. The industry has brought this problem upon themselves.

1 hour ago, TechGod said:

But Apple bashing is A OK according to everyone here.

Irony? Aside from a couple of people who wish to make it a fan war this thread has been about the shortcomings of Android.

[AlTech]

6 hours ago, The Viking said:

google's problem. Android itself is crap, i refuse to use stock due to how bad it looks.

 

google just seems to rush out stuff. Android Wear? piece of crap of software, 2 years to make it look like something and still bad.

 

Android? ohh let's allow anybody, even the carriers, to play around. Let's not bother having to update stuff like microsoft does, no no no, let's allow carriers & manufacturers to push the update... or not.

 

though until now the way it worked would be by breaking the skin the phone used so...no wonder most manufacturers don't bother, they have to design and optimize the skin once for launch, and again every time they want to update the phone. With huawei it takes months of testing per device, so they'll announce that "p10 gets oreo 8.0" then you need to wait half a year to get it, due to the amount of markets & versions that have to be tested.

 

now they've put the treble... i'm not confident it'll solve the issues.

 

Besides, do we really need a new version of android every 6 months????

There's a new version every Year and I would say we do need better Android Updates. Because right now Android Updates are quite lacking in what they bring to the table.

[suicidalfranco]

2 hours ago, DrMacintosh said:

They can, by not making it open source and instead start licensing the whole OS (which they should have done in the first place if you ask me)

OH HELL NO!

[Castdeath97]

Why I'm I am not surprised this turned into "what about xxx thing Apple does thread"? Are we supposed to discuss Android security patches and how OEMs currently implement them and how they should, or just keep throwing what abouts like its 1960s USSR? I fucking hate LTT sometimes ...

 

2 hours ago, Sauron said:

And this is why you should look for devices with stock roms... I hope they don't get away with sweeping this under the rug. In the meanwhile anyone using those devices should be looking at installing a custom rom, those get updated pretty regularly.

Also - and I can't stress this enough - even when you slightly considering getting a custom ROM in the future make sure you get a device whose bootloader is easy to unlock (looking at you 2012 Sony ... ). 

[Dabombinable]

6 minutes ago, Castdeath97 said:

Why I'm I am not surprised this turned into "what about xxx thing Apple does thread"? Are we supposed to discuss Android security patches and how OEMs currently implement them and how they should, or just keep throwing what abouts like its 1960s USSR? I fucking hate LTT sometimes ...

 

Also - and I can't stress this enough - even when you slightly considering getting a custom ROM in the future make sure you get a device whose bootloader is easy to unlock (looking at you 2012 Sony ... ). 

Gotta love at least Asus's Tegra 3 based tablets (excluding the Nexus).  They released a boot loader unlocking tool and so far I've used it successfully to get a TF201 and TF700T to Android 7.1.1 (though only the TF700T has last months security patch update installed).  I can run any new Android app on them now, and they are far more stable+faster than with the last version of the stock ROM (Android 4.1.2).

[Sauron]

48 minutes ago, Castdeath97 said:

Why I'm I am not surprised this turned into "what about xxx thing Apple does thread"?

One can only dream of a world where problems are addressed because they're bad and not based on whether the competitor is bad in other ways...

[Trixanity]

Oh this shit again.

 

Android is fragmented because there are so many links in the chain of the update process. Some of those even being revealed in the OP; that SoC vendors are slow to update or even refuse to update their shit meaning it's difficult or impossible to update a device which means you either skip the update entirely or cheat. Pre-Treble Android needed to be built and rebuilt for the device each and every time. You could never be sure a minor update broke something in the hardware implementation. Treble (along with Linux kernel support going from 2 to 6 years) will extend the possible update window for devices. If takes at least a year to validate a new branch of Linux for Android so that gives 5 potential years of support. So we're already fragmented but with things looking up.

 

Now let's fragment it further: OEM skins are not just skins. They're modified versions of Android. They modify system files, add their own APIs and other functionality on top of and intertwining with existing system files. So every OEM that doesn't run Android One will have to update and validate their code for each update (including security updates). Even if you do run Android One it isn't necessarily trivial to update the device, it's just simpler. Also, I'm sure Android One would make any novel hardware or software innovation impossible (Google needs to implement it) such as what Samsung has done with various biometrics, cameras, nifty software features - some which have later been implemented in Android or will be.

To combat some of the security issues Google has apparently decided to split security updates like they did feature updates between vendor updates and framework updates. That means Google can avoid waiting for vendors to update their stuff and issue updates to Android itself independently. That means if Qualcomm hasn't updated their SoC software stack, Google can still update the Android framework and the rest is allowed to fall behind. It's both a good and bad idea. It allows Android itself to be updated more frequently and therefore more secure but if your wifi chip has a giant security hole that isn't gonna help you much and there's now a little less pressure from OEMs to pressure their vendor partners to issue new code because they can now still issue security patches to users albeit with hardware/kernel issues that will persist. I suspect Google will establish separate dates (similar to now with 1st and 5th but instead vendor patch level and android patch level) so vendors may still be hung out to dry which is a good thing.

 

We still have carriers blocking updates because they want to validate updates for their network and they often run proprietary stuff on their network eg. VoLTE, RCS etc. - each update to every device on every network need to comply with that and it differs between every network. It's god damn stupid. They don't just make one standard (cue XKCD comic) so it needlessly burdens themselves and OEMs and hardware vendors. Apple has the (lol) courage and power to pressure everyone in their chain to do whatever they want. That includes hardware vendors and carriers - not to mention their own vertical software and hardware integration. Google should pressure theirs more but given the environment Android is in I doubt it'll help much at all. Android isn't one flavor with a ecosystem-wide single implementation.

 

TL;DR: Android is reasonably open to do with as you want which fragments everything. It's a double-edged sword. With recent changes, any device shipping with Android P should be easier to maintain for everyone involved but that doesn't translate to things necessarily getting better. It's a problem that is virtually impossible to solve in today's ecosystem and any major changes to this will essentially break what made Android popular in the first place. Is it solvable? I'd say it is but it wouldn't be either without compromises, without issues or without pissing someone off. There is no way to solve it that satisfies everyone. And even if they went about solving it, it takes a lot of time, effort and money. And if they do, it won't be Android anymore and it would break backwards compatibility so you'd either need to convince everyone to break away or have to add an Android layer on top of your shiny new OS (Fuschia anyone?) and how would that work out? Probably awful. It didn't work at all for Microsoft.

[mr moose]

10 minutes ago, Sauron said:

One can only dream of a world where problems are addressed because they're bad and not based on whether the competitor is bad in other ways...

And the opposite, When we can't discuss problematic issues because every second post wants to promote the competitor as being some glorious unquestionable god like entity that wouldn't make the same mistake.