While the iPhone gets 5 years of support, my Galaxy S9+ still can’t get timely Security Patches
Apple’s WWDC took place this week, not long after Google’s I/O conference. Each company spent time announcing their planned new features as well as new APIs, new apps, and new ideas. It isn’t a stretch to say that both Android and iOS have become advanced operating systems with complete and competitive feature sets. I’ve been running Android P on my Google Pixel 2 XL, and love it or hate it, a lot has changed in small but key areas of the user experience. On the contrary, iOS 12 looks nearly identical to the previous release but it comes with some “under the hood” changes and some quality-of-life improvements. Apple has mostly promised faster performance, AR improvements, grouped notifications like Android (FINALLY), and built-in Tasker-like Siri functionality that seems quite practical.
Both mobile operating systems are moving forward with “self-awareness” hubs and screen-time monitoring features. Google has dubbed their feature set “Digital Wellbeing,” and it promises habit monitoring and soft limit control features. One can set application screen time limits and silence notifications to minimize distractions, for instance, and throughout the day the OS will build a dashboard of features.
Apple takes a largely similar approach, but with a bit more integration. Like Google’s solution, the OS will build a graph of screen time and one can set limits. Unlike Google, this can be managed by a parent with hard stop limits on app usage throughout the day. Apple’s Do Not Disturb functionality is also more thorough than its Android counterpart, adjusting the UI in places like the lock screen to actually make notifications less intrusive.
As always, this time of year is full of exciting features and truly useful upgrades. Android P, in general, seems to have a lot of user-facing changes. The problem with the Android side of the equation remains the same as always: Updates take forever to roll out to most of us, and buying a new smartphone often remains the best (or for some, the only) way to stay up to date.
The Treble With Updates
Even post-Project Treble, the Android update situation is bad. Granted, it might be the case that it just hasn’t been enough time for Treble to offer tangible results, especially since it hadn’t even been completed when it launched. But my Samsung Galaxy S9 was purchased directly from Samsung, is eligible for monthly Android security updates, and is currently four months behind on security patches. Samsung’s own support page says:
“At Samsung, we take security and privacy issues very seriously and we are doing our best to respond as quickly as possible. Securing your device and maintaining the trust you place in us is our top priority.”
Well, it certainly doesn’t feel like that’s true in the slightest. This is just completely unacceptable from an unlocked device bought directly from the OEM — the biggest OEM with the most resources in the Android world in particular.
Last month at I/O, we reported that Google had modified their OEM agreements to include regular Android security patches. There are few details about this program, but the implication is clearly there — this is important as the collective efforts of Google and OEMs haven’t offered respectable results thus far. What this means going forward with regard to Samsung’s update frequency, in particular, remains to be seen.
I know that here on XDA we enjoy flashing custom ROMs to our devices, but even somewhat “developer friendly” device manufacturers like Huawei and Xiaomi are ending or restricting support for bootloader unlocks. The future of one of the better update providers (which also offers bootloader unlocking), Essential, remains uncertain as well even as they continue to show outstanding device support. Thankfully, OnePlus seems to still serve the tinkering subsection of the Android market.
Every year at WWDC, Apple shows a single slide summing up the Android update situation. This year they showed the following stats:
|Operating System||iOS 11||Android (presumably O)|
|Installed Base||81 %||6 %|
Of course, we can nitpick about how older iPhones don’t get all the new features from iOS 11. We can point to the Play Store and Google Play services as band-aids for the wound that is the Android update situation, with Google having become quite crafty at making sure newer platform improvements in apps are at least partly supported in older Android versions. However, the fact remains that flagship Android devices lag behind on even Android Security updates far too often, and it’s markedly worse for feature updates. Google’s own stats show almost 64% of Android devices are on 6.0 or lower.
For reference, Android Marshmallow launched on October 5th, 2015, almost 3 years ago. September 25th, 2015 was the release date of the iPhone 6S. The iPhone 6S, by the way, will receive iOS 12 along with improved performance. Even the iPhone 5S (a phone released in September 2013) will be receiving iOS 12, the very same day as the flagship iPhone X. In September that will be 5 years of support for the iPhone 5S.
Consumers Deserve More From Android OEMs
Obviously, there is a lot going on behind the scenes and plenty of reasons why the update situation is different between the two operating systems. It’s not reasonable to expect complete parity when an Android release involves an extra company’s involvement, sometimes two with carriers. It’s also very likely that Project Treble will help this situation going forward and that we haven’t realized anywhere near its full benefit. But what’s not unreasonable is expecting more timely Android security updates for very expensive hardware. Especially after so many gigantic vulnerabilities have been unmasked in the past two years.
Not only are Android devices not getting Android security patches, but sometimes they aren’t even accurately reporting what patches are received. Recently, 1,200 devices were tested by SRL labs and the results were disappointing. Some companies were four or more patches behind what they reported, misleading customers about the level of safety they should expect out of “up-to-date” (in most cases, that means several months behind) software.
These devices contain extremely personal information. Credit card accounts, photos, banking information, and frankly just all of our stuff. If Samsung, and others, want to be considered in the same breath as Apple with regards to support, they have to do far better. The pressure should only accumulate as we move forward in time, not ease with each new promise of some or another solution.
Project Treble has already been extremely fruitful for the XDA community in particular, but it has not begun making a dent into the larger problem it was designed to address. Apple has many advantages when it comes to this particular area of improving and maintaining their operating system, and there’s only so much Google can do. As shown in this article, it’s clear that the company does care and is moving forward with measures to rectify the issue. But since it’s a multivariate problem, we should be pressuring not just Google and carriers, but OEMs directly. In this particular case, it’s Samsung that offers inconsistent software updates for its various device variants. Given Samsung is positioned as the largest Android OEM and Apple’s biggest rival, they are also the ones that should be the shining example for Android in the one area where Apple is undeniably overshadowing Android.