Buy a cheap never-heard-of Chinese brand phone and be surprised about glaring security issues. That not happening would be as surprising as NSA never spying on random people just for the heck of it.

Buy a cheap never-heard-of Chinese brand phone and be surprised about glaring security issues.

I have an LG (P760). Does that count as "never-heard-of?" It runs Android 4.1.2, and there were no software updates for it since 2012. From looking at other manufacturers, it's a common thing. They don't ship any updates. Virtually all of them let their phones run on ancient Android versions full of known security holes. Or look at the Samsung Galaxy S2. It also still runs Android 4.1.2, doesn't it. No updates available. All holes of 4.1.2 are exploitable on that phone. So you have to explain to me how this problem is specific to never-heard-of Chinese brand phones, because I'm not getting your point here :-/ I would rather say that virtually no manufacturer cares even the slightest bit about patching security holes on their phones. They simply don't care. How well known a brand it is doesn't matter.

I find it criminal that even brand new phones that cost an arm and a leg, only get updates for a couple of years, three if you're lucky. A perfectly good working phone, but isn't secure due to the manufacturer having deemed it obsolete. Manufacturers should be obliged to recuperate, and offer monetary compensation for any phone that they have sold, which works perfectly, but cannot be used due to them not providing the updates. Less phones sold/made every year (who the F**k needs a new phone every year anyway....?). More recyclyed by the manufacturer, rather than ending in landfill/Africa. The race to upgrade every year (and even every 6 months) is what killed the Car Industry. Its not economically feasible in the long run, you just end up with a few large manufacturers making stuff you mostly don't want, but have no other choices...

I have an LG (P760). Does that count as "never-heard-of?" It runs Android 4.1.2, and there were no software updates for it since 2012. From looking at other manufacturers, it's a common thing. They don't ship any updates. Virtually all of them let their phones run on ancient Android versions full of known security holes. Or look at the Samsung Galaxy S2. It also still runs Android 4.1.2, doesn't it. No updates available. All holes of 4.1.2 are exploitable on that phone. So you have to explain to me how this problem is specific to never-heard-of Chinese brand phones, because I'm not getting your point here :-/ I would rather say that virtually no manufacturer cares even the slightest bit about patching security holes on their phones. They simply don't care. How well known a brand it is doesn't matter.

The Optimus you have was never updated because of TI not providing any sort of support for Android, heck even Jelly Bean hardly had any support because of low source from TI. The S2 has been out of commission for a long time, which is why that has not received any updates but still receives KNOX updates.

Buy a cheap never-heard-of Chinese brand phone and be surprised about glaring security issues. That not happening would be as surprising as NSA never spying on random people just for the heck of it.

But this isn't saying what manufacturer of Android device either, pretty sure there are not 3 million off brand or as you would say "never-heard-of Chinese brand phone" in circulation in the US. I would advise that you watch posts like this, one could deem this as a hate post.

I find it criminal that even brand new phones that cost an arm and a leg, only get updates for a couple of years, three if you're lucky. A perfectly good working phone, but isn't secure due to the manufacturer having deemed it obsolete. Manufacturers should be obliged to recuperate, and offer monetary compensation for any phone that they have sold, which works perfectly, but cannot be used due to them not providing the updates.

I agree, but keep in mind that the nature of Android makes upgrading a serious PITA. It's a virtual machine, and it's difficult to safely and reliably change the OS at the guest level without causing a lot of problems. It becomes easier to just buy a new phone. Besides, most people do a terrible job at maintaining their things. After a couple years, the average phone ends up getting pretty tattered, the phone is filled with junk data, and the battery life isn't as good as it used to be.

The race to upgrade every year (and even every 6 months) is what killed the Car Industry. Its not economically feasible in the long run, you just end up with a few large manufacturers making stuff you mostly don't want, but have no other choices...

Phones are much cheaper and usually less risky to make than cars. In most cases (*cough*Galaxy Note 7*cough*) the phone doesn't put people's lives at risk and nobody expects to resell their phones. Phone technology has also vastly improved in the past 5 or so years, and will continue to do so. So though I understand your point, I can't say they're all that comparable. I think what bothers me is how phone manufacturers have totally lost touch in what customers really want. I don't care about having a phone that looks good while it's off. I don't want to spend so much money because of a camera that uses interpolation to get some suspiciously high pixel count. I don't want the bezels to be so small that I can't even hold the phone without accidentally touching the screen, let alone have my fingers in my view. I couldn't care less about a phone that is less than a cm thick if it means I need to recharge the battery every day. My current phone cost me $40, the battery lasts an entire week (but the phone isn't very thick), it has a quad core and keeps up with my workload just fine, and it has a modest camera with a flash. It has a cheap plastic screen that won't crack. I'd gladly buy this phone again over any $400 model.

I left Android years ago when my phone got stuck on version 2.3 and my tablet got stuck on 3.X. A fragmented nightmare and nothing has changed since. Android these days is fine so long as you buy a phone with pure Android on it.

Almost three million Android phones, many of them used by people in the US, are vulnerable to code-execution attacks that remotely seize full control of the devices, researchers said Thursday.... Nearly 3 Million Android Phones Vulnerable To OTA Update Hijacking

just long line of things that cant goverment can do this with out people know as it, not really suprising though.

You think that's bad. UK just released a study on the UK's cyber security on things like NHS and GP surgeries and many other entities and found they all still running on unsupported OSes and basically have ZERO protection. In fact a hacker on live BBC news(covering his face and voice) showed how easy it was to get peoples private information and bank details from Dentists and other health care practices and he said they are all running out of date software like Win95 and XP(without any patches). He also mentioned old SSL versions. Britain is screwed if we ever get a major cyber threat because we've left our nations systems get super out dated and are failing to keep up with cyber crime and attacks.

Going out on a limb, manufacturers have zero interest in pushing patches because it is not their OS. They all signed a third party agreement with Google for the ability to use that OS. If they did not honor that agreement to the "t", Google would have ended their ability to license it from them. So it all boils down to Google holds all the strings. Yes and it is realized that once the agreement is signed, Google washes their hands. It's a brilliant piece of marketing. How else but through actual real world experience can drive home that one needs to purchase Google's own branded phones, if that is what is cared about. No amount of advertising will change anyone's minds and they know that. So if one is truly tired of all that non-support and security risks, they can always by a Nexus or now Pixel. Expecting a company to do the honorable thing costs. That cost would then be added to those low prices and would no longer be the cheap buys they are.

I have an LG (P760). Does that count as "never-heard-of?"

My bad, then. I glanced at news on this same incident elsewhere, and that article was mentioning brand names like "Blu" or something like that, which I'd never heard of. I had no idea LG was installing dubious third party firmware on its own phones, but it's good to know so that I can drop LG from the list of manufacturers I'd consider. Thanks for the heads up!

Makes me even happier that my phone runs Windows 10 Mobile and only cost me $60. It gets all the updates.

Don't blame Google because ****ty manufacturers like Samsung, HTC, LG, etc don't update devices quick enough. Nexus 4 has 7.1 nougat, meanwhile Scamsung is still on its silly beta programme.

Don't blame Google because ****ty manufacturers like Samsung, HTC, LG, etc don't update devices quick enough. Nexus 4 has 7.1 nougat, meanwhile Scamsung is still on its silly beta programme.

Though you're not wrong, Google is still partially to blame. As stated before, Android is difficult to upgrade completely problem-free, which is why many manufacturers don't bother.

And people keep defending cloud, and "what are you hiding" mesages is literally everywhere.. We just want items to work and not create problems for us.. Why cant they create unhackable phones, I mean like unhackable cars.. I mean well cars are hackable now but.. you get the point.. like unhackable monitors, tvs and dishwashers maybe? 🙂

Though you're not wrong, Google is still partially to blame. As stated before, Android is difficult to upgrade completely problem-free, which is why many manufacturers don't bother.

Not really, Google gives out sources, and has a small guideline on how to be certified with Android and Play. Manufacturers do not tend to update a lot of devices for a few different reasons. A. Budget device, that at the time of release they never had any plans to update the device or keep support rolling for it. B. Sales, many devices from all the big names have had promised updates in the past but when sale figures come in and they show a little low, well on to the next campaign. C. Motorola was a big one in this, but some of their own tech brought into the picture such as Webtop that they could not support fully because well they really did not know how to use it. D. This one I can only speak for the US, but carriers have a big say in this as well.

Not really, Google gives out sources, and has a small guideline on how to be certified with Android and Play. Manufacturers do not tend to update a lot of devices for a few different reasons. ...

What you said may be true in some cases, but there's a big factor that disagrees: non-phone Android devices. If you have a tablet, development board, or any other mini PC, very often you'll find the Android upgrade path stops short. These are devices people expect to keep longer than a year or two. These devices don't have to deal with proprietary issues like phone plans, they're easier to back-up, they're allowed to have significant downtime, and they have a larger modding community. Yet, you'll still find many of them only support a couple versions of Android. It doesn't matter what Google provides because there are complications well beyond them. Keep in mind I said "very often", not "always". I'm aware there are plenty of exceptions. And again, you're not wrong, but there's more to it than what you said.

The biggest issue is the HW manufacturers. The companies that actually design all the cpus, memories and wifi chips. They have to provide a driver for each of the OS version for their products and they simply don't. It's expensive for them, since they produce many models. Google can't really fix that and simply pushes the single OS and expects everyone to adapt to it, which is quite reasonable. The only ones who can do something are phone manufacturers, who can demand driver support for x years. I just don't think they really want to, as they can then simply abandon the phone and have you buy the new one.

I have a $80 Lumia 640 that gets updates at the same time as my desktop. It's on Google's hands. Nothing should stop them from delivering security related system updates.

Google does release updates every single month.

Google does release updates every single month.

They are not mandatory, and they depend on the goodwill of the carriers and the manufacturers. They are useless because they have the exact same gotchas as their "normal" updates. Apple and more impressively, Microsoft, deliver updates to all devices in a constant fashion.