nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

back to article
What is this bullsh*t, Google? Nexus phones starved of security fixes after just three years

Anonymous Coward

Re: Why is this shocking?

Please cite, as Google NEVER said that. If you actually believe that you need to unplug from the internet, as you are clearly too thick to use it.

0
11
Silver badge

Re: Why is this shocking?

The fact that there's a link to the source doesn't necessarily mean it's good.

Voila, half-assed disk encryption.

5
0

Re: Why is this shocking?

> Please cite, as Google NEVER said that. If you actually believe that you need to unplug from the internet, as you are clearly too thick to use it.

OK, always like a challenge ...

> ... Always new ... You're always among the first to receive software and security updates ... And you'll have the freshest, fastest version ...

https://www.google.com/intl/en_uk/nexus/5x/ (as of today).

Hmm. That wasn't much of a challenge.

7
0

Re: Why is this shocking?

Thanks RegW. I just saw this and was afraid I was gonna have to unplug from the internet (even though I did originally qualify my potentially faulty memory).

There is, however, a devil in the details. There's a little footnote on that claim that reads:

"These devices will receive Android version updates for at least two years from when the device first became available on the Google Store."

How long that little detail has been around I couldn't begin to say. I will say, however, that 2 years is hardly "Always."

0
0
Silver badge
FAIL

Yes, Google sucks, but...

Look at other phone manufacturers (Sony, HTC, etc.) who bugger about with Android so you can get the updates ONLY from the OEM. You're lucky if you get any sort of updates for as long as 2 years from date of purchase. My HTC got *ONE* Android update, no additional security or OS updates.

The reality is that all these corporations have the same view of their customers - sheep to be sheared.

They ALL suck.

21
0
Anonymous Coward

Re: Yes, Google sucks, but...

Sony have been doing pretty well for me with their Z series.

Z2 got an android update 2 years after purchase, and Z5 got an android update 1 year after.

Both still seem to get roughly quarterly security bumps too.

2
0

Re: Yes, Google sucks, but...

Gotta +1 this for Sony who've done a commendable job. Extra bonus points for their Open Device program for custom ROMs.

I've had an Xperia Z (4.3 through 5.0.1), a Z3 (from 5.0.1 through 6.01; Google's OpenGL requirement scuppered the Nougat update) and a Z Ultra (4.4? through 5.1.1). They all seen at least two years' updates, some into their third year. That's three major Android "releases" per handset. Sadly, each release also came with yet more mandatory Google apps :(

The Z3 Nougat update was killed by Qualcom refusing updated OpenGL drivers. Qualcom tends to EOL their chip support packages very aggressively and that often kills updates for OEM.

1
0

Bye bye Android

When my current smart phone dies I'm seriously thinking of going back to a feature phone. Not only are they much cheaper to buy, but the battery life is far superior. And as for all the apps... I can't think of one that I'd actually miss enough to be a deal breaker. I don't trust my Android now for sensitive uses such as online banking so lack of internet on the phone would be no real loss to me. I'm also sick of all the unwanted bloatware that Google keeps pushing onto my phone. I uninstalled YouTube because Google started pushing recommended videos at me - the first one was in Chinese (with a Chinese title) and I'd no idea WTF was going off and thought my phone had been hacked, especially with the way the phone woke me up to tell me I'd received something important! Enough with the all the crap Google!

18
1
Silver badge

Re: Bye bye Android

I was disappointed that the new Nokias didn't have 4G. Would have been great as an access point for a tablet

0
1
Silver badge

Re: Bye bye Android

They've all got LTE cat 4, except the 3310...

2
0
Silver badge

Re: Bye bye Android

I'd always had Androids from Motorola and Samsung, but in December I switched to an iPhone -- primarily over the lack of Android updates. Viewed solely in terms of UX, I'd call the switch a mixed bag, as one would expect. In terms of security, though, it has exceeded my expectations.

I've gotten more iOS updates in the past five months than I received for all of my Androids combined over 5+ years, and that's not an exaggeration. Apple has even patched the Broadcom WiFi bug; I think it's safe to say that most Android devices in use today will never see a fix for that. It sucks, but that's the reality that Google has created.

5
1
Orv
Silver badge

Re: Bye bye Android

Serious question: What could you do on a feature phone that would need 4G bandwidth? It's nice and snappy for web browsing on my smartphone, but the feature phone browsers I've tried were all so crippled I can't see why it'd matter. Likewise you're not going to be streaming MP3s or video to a feature phone. Seems to me 2G ought to be plenty good enough for the limited use they see.

0
0
Silver badge

Re: Bye bye Android

For tethering other devices. This is what I have been looking for also.

1
0

Re: Bye bye Android

Then buy a low-end WinPhone and get the best of both, long battery life and most important Apps when you need them.

Most of the 'bloatware' is removable, if you regard Skype and free Office as bloatware that is.

And, as for worrying about viruses on WP - I don't think so, I have yet to read of a successful attack, they are non-existent or extremely rare.

Oh, and Metrotube manage to make YouTube elegant and usable despite Google best efforts to stop them.

5
4
Silver badge

Re: Bye bye Android

It was the 3310 I wanted. Long battery life and no Android.

0
0

Re: Bye bye Android

That's really sad that you don't even trust your phone to access your banking apps? The idea that my iPhone might be compromised on the device itself is a foreign concept, because it's never happened and would definitely change my usage of it were it happen. Given that the banks are rapidly closing branches and pushing people to use their apps, this situation needs remedying urgently.

Even using iOS,I'm as concerned as you are, Android phones are the cheap smartphones of choice in less developed markets like some African, Asian countries, or Woolwich, say. Do those even see any patches whatsoever given the bandwidth limitations, and if not is that not a colossal ticking DDOS botnet time bomb of Google's own invention which could affect us all?

The utter hilarity of an advertising firm waking you up to make you watch a (very poorly targeted) advert on your phone is comedy gold however.

1
0
JLV
Silver badge
Black Helicopters

Re: Bye bye Android

Regardless of OS-level security, a phone is much more likely to end up lost and in someone's physical possession. Or on a dodgy WiFi.

I don't do banking on mine either.

Google fail. My (broken) Nexus 5 considers itself up to date @ Oct '16. When my BlackBerry Classic dies, that just comforts me Android's not in the cards. Pbly an iPhone SE though I woulda given a highend camera Lumia a try instead if MS was more competent.

0
0
Silver badge
Black Helicopters

Re: Bye bye Android

How do you know it hasn't been compromised? Those Android phones with pre-installed malware don't announce it, they just get on with slurping.

0
0

(Currently) content Nexus 6 owner here, which was my first smartphone ... and it looks like it's also my last one as well.

Smartphones are a great convenience, but if I have to chuck out my perfectly good servicable phone every 2-3 years to boost their device sales bottom line, I'd rather spend a few tenners on a shitty feature phone with only 2-3 years life expectancy.

6
0

They should be compelled by law to give security updates for 5 years.

9
0
Anonymous Coward

You've inspired me, Doc Ock! I'm going to keep my iPhone 6s+ for 5 years and see how it goes. I have insider knowledge of the manufacture data for this device, and which Foxconn factory it came from (FXGL). So, on March 25th 2021, we'll see how it goes.

I retired my Motorola RAZR after daily use from Jul 2005 through Jan 2016, and it still works fine and carries the Cingular Wireless branding with "pride." Several, simple, battery changes. Dropped it a few times. Apps are horrific. Works like new! "Now, it's garbage." :P

"But those times don't add up" I used a Samesong S4 for the months in between. Stop it.

1
0
Silver badge

Manufacture date is irrelevant

If you look at Google's 2/3 year deadlines that's from the initial release of the device, not the manufacture date and certainly not the sales date. If you get one that was made a year after the initial release you get only one year of updates and two years of security patches. If you bought one two years after initial release (maybe because you got a nice discount) it would have just the one year of security patches.

Apple has generally supported devices for five years. Sometimes a little more, sometimes a little less. But that's from the initial release. If you bought an iPhone 4S at release in Sept. 2011 it got its last iOS update in Sept. 2016 for a five year life. But they didn't quit selling it until early Sept. 2013, so if you bought it then you only got three years of updates. Maybe 3 1/4 to 3 1/2 years if you count from manufacture date depending on how long before last sale they are still making them.

So if you want to maximize the post-sale support life, buy something immediately after release...

2
1

i have a Nexus 4 Phone and a Nexus 7 tablet, none of them get updates now. It is not a problem they still work fine, never had a problem with security either.

I do think the security updates should be longer, but they are not, i am not going to cry about it.

3
1
Silver badge

never had a problem with security either

That you know of...

11
0
Anonymous Coward

This is the thing. Lots of noise about android security, but with billions of devices, nothing real. Never heard of anyone ever having any issues whatsoever, not is the west, where people use Google play store and don't have untrusted sources and inescure rooted devices.

If anything. It's the Apple ones that actually get exploited (like to date change brick).

0
5
Silver badge

What about "Stagefright"?

A malicious MMS or a web page containing an MP4 file can execute arbitrary code on a vulnerable Android device, probably as a "system" level process. (Detected and fixed in 2015, or never, depending on which phone you have.)

Who's using it? I dunno. Ask WikiLeaks.

2
0

Errr

Would you honestly feel safe accessing banking apps, your stock trading platforms, storing identifiable personal data and reading sensitive emails on a device that received no security updates? I certainly don't feel safe as a non-android user, thinking about those billions of devices all around the world being compromised, formed into a botnet and directed at whoever. If it is known that security on Android is basically like Swiss Cheese, and is unlikely to get patched then it will be targeted, simples. How do you know they aren't being exploited exactly?

I also dispute your assertion that phones in the West aren't rooted and have untrusted sources enabled. If you side-load Apps, are a pirate or a developer, or want to customize locked down devices 100% you need to root them. Yes this is not a large proportion of users by any means, but it will certainly affect users in the West.

2
0
Silver badge

This is why I use a flip phone...

As much as I want a smart phone (wipes chin of the geeky drool), the fact that the manufacturer's refuse to support their devices for more than 3 years in the case of Google or what seems like three *months* in everyone else's, it doesn't make sense to buy a device that will become a security nightmare just as soon as that particular event horizon happens.

At least with a flip phone it doesn't run apps, so doesn't need security updates (for the apps it doesn't run), & won't get used to pillage my privates by some script kiddie with too much time on their

hands.

It makes me sad that there's a bit of smug curmudgeon crowing gleefully deep inside, getting all uppity about having resisted the smart phone craze.

*Shouts into own navel* Stop that! Go eat your frog pills!

11
2
Anonymous Coward

Re: This is why I use a flip phone...

For reasons of backup I always have to carry a phone on a separate network with my work smartphone, and for that I use the good old Motorola V3i, but a later model with a matte keyboard so it's at least usable in sunlight. It's simple, lasts *days* on a single charge and weighs little.

1
0
Devil

Re: This is why I use a flip phone...

...not to mention, most flip phone hardware has easily swappable batteries, fits in the pocket, and has near zero chances of being stolen. The downside is that flips don't work very well for no life introverts.

2
0
Orv
Silver badge

Re: This is why I use a flip phone...

There have been flip phone exploits, mostly via multimedia message payloads. The potential for mischief is lower, but it's not zero. The software on most flip phones is incredibly shoddy -- my old one would routinely crash while trying to view text messages.

2
0

Re: This is why I use a flip phone...

No different to a Microsoft 950XL then...

0
1
Silver badge

Re: This is why I use a flip phone...

I resemble that remark, but I think my feature phone works very well... it sits there in my pocket, being available in case I need it, which I have on about four occasions over the years.

0
0
404
Silver badge

Essentially....

Google, et al, can go suck a bag of dicks...

4
0
Anonymous Coward

The phone I want

Is a feature phone, but with an LTE wifi hotspot that I can connect my laptop to.

99% of my needs will be covered and I'm ok having to deal with the odd edge case where I need a smartphone and don't have one.

Does anyone make this kind of phone? and no, I don't want to have to carry around two devices (phone + hotspot)

0
0
Anonymous Coward

Re: The phone I want

You could get a laptop with built-in 4G along with the feature phone. Simplifies things even if it isn't the cheapest option and you're limited to select business laptop models only, e.g. Macs don't have them.

(those 4G modules have had vulns - will Huawei/Sierra/Ericsson still support it after two years?)

0
0
Anonymous Coward

Re: The phone I want

Is a feature phone, but with an LTE wifi hotspot that I can connect my laptop to

Isn't that just about any smartphone? My iPhone has had that for ages (WiFi, Bluetooth and I believe it even works with a cable), and I'm certain that Androids have had WiFi hotspots too. It is the reason that most laptop manufacturers (including Apple) no longer bother to add cellphone facilities.

1
4
Silver badge

Re: The phone I want

Is a feature phone, but with an LTE wifi hotspot that I can connect my laptop to"

"Isn't that just about any smartphone?"

Did you notice the bit about a "feature phone", with minimal to no security issue that plague "smart" phones?

5
0
Silver badge

Re: The phone I want

You'll be chasing moonbeams, then, because HSPA and LTE were both made with mobile data in mind, and that means smartphones (because what else would a feature phone use with high-speed data; it has no apps, and the carriers would be pressuring the phone makers not to include tethering capabilities; Apple and Google are the only two companies strong enough to push back). As others have said, mobile hotspots have themselves been targeted, so you're screwed no matter what. Basically, if you don't want to be targeted, get off the Internet. That's your only real option now.

0
0

Bah. I want to be able to recommend a smartphone to people who just want, you know, a smartphone. That will work until it doesn't or they replace it.

I really thought that Google (brand) phones were a good answer. Seems they are not.

In this context, my iPhone is a better investment than I realized.

6
0

to be fair - the longest ive ever run a device was 3 years and by that point it was so out-dated it was barely usable. this is definetly a strike against android when viewed against the iphone, but in real life - this doesnt affect me and i wonder how many others it really gets.

most smart-phones are updated beyond their hardware capability by year 3 anyway - and if you dont install the update, well your in the same boat re security anyway

0
2
Silver badge

"to be fair - the longest ive ever run a device was 3 years and by that point it was so out-dated it was barely usable."

Not sure how old my company Galaxy S5 is, but it'd still working fine and showing no signs of being "outdated" or "barely usable". Wifeys Galaxy S2 is also fine and running her required apps, although showing signs of overheating the last few weeks.

Maybe it depends on the users use-case.

2
0

Rubbish,if it was fast enough three years ago,then it will still be fast enough today,unless you realy NEED the slight increase then just reset the phone,it will be as fast as when new..

Only works for folk who don't need the latest,pricey shiney toy,which will only be slightly faster than last year's,smartphones are very nearly at the point that pc's have,tiny incremental speed increases,at the price of lots of money..

0
0

How about this for a simple solution

For every one hundred pounds (or equivalent currency in whatever location you purchase) you spend on a phone, you should get security updates for a year.

That shiny nexus you paid 500 for... 5yrs security updates... that cheap 99 pound phone... you'd see basically no difference to what you get now.

However... things like this need to be enshrined in law, we need legislation to force manufacturers to produce products with an adequate shelf life which should be displayed clearly in massive print on all packaging.

We need to get away from this disposable culture when it comes to consumer items like this. No one needs to replace their phone every 12-18 months unless it's lost/stolen/accidentally damaged.

I purchased a Wileyfox Storm and the phone is great... but they have basically wiped their hands of it already... No longer getting updates after owning it for 12 months. So not only will I not be getting another Wileyfox, I shall be reconsidering anything android... and I admit that I loathe Apple devices and their overpriced tat and smug owners.. not to mention their walled garden but at least they seem to be supporting their devices for 4yrs or more (the average time I keep a phone).

My tablet on the other hand is an nVidia Shield K1 and that's been getting regular updates every month or two. Last one was about 6 weeks ago updating to Nougat followed a week or so later with a security update.

Perhaps nVidia should consider getting into the phone market.

1
3
Silver badge
Holmes

Re: How about this for a simple solution

Well as I understand it WileFox are issuing Nougat updates for the storm - but are you talking about something else?

0
0

Re: How about this for a simple solution

What do you expect buying a phone from a company very few have ever heard of? You should petition them to conform to EU law and the Sale Of Goods Act, we might even hear the laughter emanating from Shenzhen over here. At least we know now why Apple users look so smug. Not only are their devices not hacked, and not rooted. They can use banking apps with impunity and they are supported with security updates for the reasonable lifetime of the device. I always wondered why they hold their resale value quite so much. Buying an expensive Android has always been like buying a new diesel car. Worth 50% on day 2.

In all seriousness though, the situation which Google has created with not just the Nexus line but all other Android devices and their inability to be patched easily and uniformly is borderline irresponsible.

1
0
Silver badge

Re: How about this for a simple solution

You should petition them to conform to EU law and the Sale Of Goods Act, we might even hear the laughter emanating from Shenzhen over here.

Wileyfox are a British firm (the phones are made in China, but not designed or specified there).

1
0
Silver badge

What is it with these "because of this I use a feature phone" people?

So instead of paying $750 for an iPhone 7 plus ($150/year of support life) or a Pixel ($250/year of support life) or Galaxy (~$375/year of support life) buy a cheap $100 Android and figure on either replacing it yearly / whenever there's a major Android security bug you are concerned about, or never using any smart features on it like apps/browser (i.e. treat it like a dumbphone)

1
0

Re: What is it with these "because of this I use a feature phone" people?

Sure, I could buy a cheap Android for $100 each year, or I could buy a featurephone for £20, replace it once or twice a decade. Also, with a featurephone, I don't have to wrestle with a fuckawful touchscreen, risible battery life, and I can have something water, dust and drop proof. Horses, courses, etc.

6
1

Re: What is it with these "because of this I use a feature phone" people?

That's what I'm doing. I recently bought a couple of Telstra branded ZTE phones for the missus and I running 6.01. They're fast enough, work well enough, and cheap enough to toss after a year or so. Who cares if they don't receive any updates in that time? I don't.

0
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing