What you said may be true in some cases, but there's a big factor that disagrees: non-phone Android devices. If you have a tablet, development board, or any other mini PC, very often you'll find the Android upgrade path stops short. These are devices people expect to keep longer than a year or two. These devices don't have to deal with proprietary issues like phone plans, they're easier to back-up, they're allowed to have significant downtime, and they have a larger modding community. Yet, you'll still find many of them only support a couple versions of Android. It doesn't matter what Google provides because there are complications well beyond them. Keep in mind I said "very often", not "always". I'm aware there are plenty of exceptions. And again, you're not wrong, but there's more to it than what you said.

Google isn't going to start updating devices that are infested with junk like Touchwiz, they release the code and manufacturers like Samsung are just too dam lazy. Google support Nexus devices for three years, yet older devices still are on the latest and greatest, because of ROM developers and the fact Google releases code. You can get Nougat on a Samsung Nexus, thanks to Google, not Samsung.

They are both at fault. Samsung, in this example, for not updating their customer's software, and Google for not having a security update mechanism that can be enforced by them. Although the open source nature of the Android system would mean that the manufacturer can disable it, Google's services are not open source, and they could check and install security updates or else cut access to the store. Even giving warnings there would be enough to shame manufacturers that at least don't provide the security patches that Google releases monthly. Don't cop out Google out of this.

Google's updates can break things, November's update already broke Xposed and Suhide. If phone manufacturers just made a phone with stock Android, I'm sure updates could be easier and more rapid. It's not down to Google to test any other software.

Let them break then. They have to adhere to some standards like everybody else. This is looking worse than pre-Vista Windows at this point.

They could also go the "security patches only" route. Like still updating Android 4, for example, but only for applying security fixes. No functionality changes and no new features. Just closing holes, nothing else. A complete drop-in replacement for the previous version without compatibility issues. But they're not doing that.

Why would they?

Android 4 is obsolete

So that phones get patched very easily and people's devices are not full of security holes? Eh... duh? Google chose to make it obsolete. There's no inherent "obsoleteness" in Android 4. Also, it was released in 2012. That's just over four years ago. That's not "obsolete" by any stretch of the imagination.

Google does not make money from Android in itself. Anyone can take the Android source code and use it on any device.

You mean by issuing bug fixes and security fixes? They release the code so manufacturers can update their own handsets. An easier solution would be to have manufacturers banned from touching the software, so all devices come with stock Android and then maybe give an option via the store to install Touchwiz. That way Google could indeed provide updates easier. Why would they? Android 4 is obsolete, ICS was released 5 years ago. Care about updates, fixes, without bloat then get a Nexus/Pixel. Don't care about the above then get an overpriced Samsung/HTC/etc device.

It is obsolete, they aren't going to update multiple operating systems each month.