|More than 1 billion Android devices run outdated software|
|By Thom Holwerda on 2017-11-14 13:13:13|
But even with the data we have, we can take a guess at how many outdated devices are in use. In May 2017, Google announced that there are over two billion active Android devices. If we look at the latest stats (the far right edge), we can see that nearly half of these devices are two years out of date. At this point, we should expect that there are more than one billion devices that are two years out of date! Given Android's update model, we should expect approximately 0% of those devices to ever get updated to a modern version of Android.
Whenever I bring up just how humongous of an issue this is, and just how dangerously irresponsible it is to let average consumers use this platform, apologists come out of the woodwork with two arguments as to why I'm an Apple shill or anti-Google: Google Play Services and Project Treble.
Google Play Services indeed ensures that a number of parts of your entire Android operating system and stack are updated through Google Play. This is a good move, and in fact, Android is ahead of iOS in this respect, where things like Safari and the browser engine are updated through operating system updates instead of through the App Store - and operating systems updates present a far bigger barrier to updating than mere app updates do. However, vast parts of Android are not updated through the Play Store at all, and pose a serious security threat to users of the platform. Google Play Services are anything but a silver bullet for Android's appalling update situation.
Project Treble is the second term people throw around whenever we talk about Android's lack of updates, but I don't think people really understand what Project Treble is, and what problems it does and does not solve. As Ron Amadeo explains in his excellent Android 8.0 review:
Project Treble introduces a "Vendor Interface" - a standardized interface that sits between the OS and the hardware. As long as the SoC vendor plugs into the Vendor Interface and the OS plugs into the Vendor Interface, an upgrade to a new version of Android should "just work." OEMs and carriers will still need to be involved in customizing the OS and rolling it out to users, but now the parties involved in an update can "parallelize" the work needed to get an update running. SoC code is no longer the "first" step that everyone else needs to wait on.
Treble addresses an important technical aspect of the Android update process by ensuring OEMs have to spend less time tailoring each Android update to every specific SoC and every specific smartphone. However, it doesn't mean OEMs can now just push a button and have the next Google Android code drop ready to go for all of their phones; they still have to port their modifications and other parts of Android, test everything, have it approved by carriers, and push them out to devices worldwide.
Project Treble addresses part of the technical aspect of Android updates, but not nearly all of it. While Treble is a huge improvement and clearly repays a huge technical debt of the Android platform, it doesn't actually address the real reason why OEMs are so lax at updating their phones: the political reason. Even in the entirely unrealistic, unlikely, and honestly impossible event Treble solves all technical barriers to updating Android phones, OEMs still have to, you know, actually choose to do so.
Even the most expensive and brand-defining Android flagships - the Note, Galaxy S, LG V, and so on - are updated at best only six months after the release of a new version of Android, and even then, the rollout usually takes months, with some countries, regions, carriers, or phones not getting the update until much, much later.
This isn't because it really is that hard to update Android phones - it's because OEMs don't care. Samsung doesn't care. LG doesn't care. HTC doesn't care. They'd much rather spend time and resources on selling you the next flagship than updating the one you already paid for.
Treble will do nothing to address that.
But let's assume that not only will Treble address all technical barriers, but also all political barriers. Entirely unlikely and impossible, I know, but for the sake of argument, let's assume that it does. Even then, it will be at best four to five years before we experience these benefits from Treble, because while Treble is a requirement for new devices shipping with Android 8.0 out of the box, it's entirely optional for existing devices being updated to 8.0. With the current pace of Android updates, that means it will be no earlier than four to five years from now before we truly start enjoying the fruits of the Treble team's labour.
At that point, it will have been twelve to thirteen years of accumulating unupdateable, insecure Android devices.
The cold and harsh truth is that as a platform, Android is a mess. It was quickly cobbled together in a rushed response to the original iPhone, and ever since, Google has been trying to repay the technical debt resulting from that rushed response, sucking time and resources away from advancing the state of the art in mobile operating systems.
As an aside, I have the suspicion Google has already set an internal timeline to move away from Android as we know it today, and move towards a new operating system altogether. I have the suspicion that Treble isn't so much about Android updates as it is about further containerising the Android runtime to make it as easy as possible to run Android applications as-is on a new platform that avoids and learns from the mistakes made by Android.
Each and every one of you knows I'm an Android user. I prefer Android over the competition because it allows me to use my phone the way I want to better than the competition. Up until recently, I would choose Android on Apple hardware over iOS on Android hardware - to use that macOS-vs-Windows meme - any day of the week.
These days - I'm not so sure I would. Your options as an Android user today? A Pixel phone you probably can't buy anyway because it's only available in three countries, and even if you can buy it, it falls apart at the seams. You can buy a Samsung or HTC or whatever and perpetually run outdated, insecure software. Or you can buy something from a smaller OEM, and suffer through shady nonsense.
You have to be deeply enveloped in the Android bubble to not see the dire situation this platform is in.
|Or you could...|
|By Dryhte on 2017-11-14 13:36:42|
... buy a phone from a company that makes good software support its USP. |
In fact I'm nearly totally happy with my Wileyfox Swift 2+.
- good software updates (I got it with Marshmallow, but by now it runs Nougat 7.1.2 with September 2017 patches, November 2017 patches and an Oreo update are on the way)
- good enough hardware (SD 430, 32GB, 3GB RAM, fingerprint reader, NFC - ticks a lot of boxes and the SOC is 'okay')
In fact, in my eyes, it has only one drawback, and that is that it comes with Truecaller dialer which I don't want (but there are sufficient decent alternatives available).
Okay I'd be happy with a SD 625 or 630 but really that's just my numbers fetish, the 430 is quite capable.
Did I mention the software updates? I did, didn't I ;)
Edited 2017-11-14 13:49 UTC
|- Score: 2|
|Android is a mess|
|By martini on 2017-11-14 14:04:17|
"Android is a mess" and that is why it had been so successful. |
Remember that when Android was released we already have Blackberry and iOS on the market. I thought it was too late and that the market had been already taken.
What it happens from there is what people called "the mess". Since Android was open source anybody building cheap phones in China can bundle it on phones and cheap tablets. Loosing control of Android was what it helped to the worlwide adoption.
When we talk about fragmentation (different Android devices with older OS version without the possibility to update), who we have to blame about that?
The first to blame is the Manufacturer. The manufacturers just want to sell hardware and don't want to spend money on supporting the hardware with periodically software updates forever. It is as simple as their business case. On the other hand Microsoft owns Window on the PCs, so when manufacturers sell hardware, MS make money with the OS and have the business to maintain it, and it also (used) to make money with the updates.
But I think we also need to blame Linux. I think that part of the fragmentation problem is also in part of Linux monolithic kernel design. The Linux kernel is so customizable (which should be good) that allowed it to be compiled on every processor architecture, but it also mean that on each update needs to be recompiled with all the required drivers for each phone. That means you can not generate a standard binary to update the kernel of all phones. We are used to think of an OS like Windows, when you get the standard CD of the new version and you install it over the old one. But that is not the way how a monolithic kernel works with different process architecture, and for sure, you don't get an Android CD each year to update to the new release.
So, Android is different. If you want an update model like Windows, maybe the phone processor architecture needs to be standardized and the kernel should be Microkernel.
|- Score: 8|
|RE: Android is a mess|
|By martini on 2017-11-14 14:06:34|
...and the kernel should be Microkernel |
Project Zircon (magenta): https://fuchsia.googlesource.com/
|- Score: 3|
|Microkernels will not solve this|
|By jonsmirl on 2017-11-14 14:25:38|
Microkernels will simply move the problem from one place in the code to another. Down in the hardware these SOCs are all different unlike the monolithic x86 world. I suspect a microkernel will even make things worse by introducing a new kernel and ruining the skill set of the people the HW manufacturers currently employ. |
The correct answer is money. It is in the hardware manufacturer's own interest to do this. It is a way of forcing you to buy a new phone every 2-3 years whether you want to or not. Forcing consumers on this endless treadmill results in billions in profits for the HW manufacturers.
This is only marginally Google's fault. Google could certainly make life easier for the HW OEM but it is not clear if that would make any difference. HW OEMs purposely practice "port and forget". Of course they don't issue any updates, the software team has been moved to the new phone design and there is no one left working on the old phones.
How to solve it? We could force everyone to use Qualcomm processors and create a monoculture like Apple. But do we want that?
I think it may be self-correcting in the future dues to a change in how phone plans are priced. Previously your phone payments were bundled into the phone bill and now they aren't. I used to hate it when after two years my phone bill would not decrease any. Instead they told me to come and get a new phone for "free" and if I didn't get that new phone they'd still charge me for it.
We have not been on this new system long enough to see the full effect. I suspect that it will result in a significant slowing of the upgrade treadmill. If the treadmill slows it will increase pressure on the OEMs to keep things updated.
|- Score: 4|
|By jonsmirl on 2017-11-14 14:47:36|
There are two big trends to watch, this might be a good basis for an article. |
1) Android anti-trust in the EU. The EU is going to find then guilty no matter what simply because they want the money from a gigantic fine. The EU justifies these excessive fines as payback for Google's HQ in Ireland.
The net of this may be that non-Apple phones in the EU are sold with just the lowest OEM SW layer on them and then a 'ballot box' for which higher layer to install. One choice will be Google's project Treble install. And who knows what the other choices will be. I pity anyone who picks the other choice.
Google is never going to agree to install all of Android and then let you swap out high-level components. It is utterly obvious that entities will create packages that swap out the ad manager and play store and nothing else. That will capture all of the revenue from the phone while leaving Google will all of the expense of providing the services.
2) Will Google go the route of Apple? Will Google make Google phones and then simply abandon AOSP? That is another solution to the EU messing with Android. Google simply converts to the Apple model and totally screws Samsung.
This will certainly stop the problem of Android fragmentation by simply cutting off all of the fragments.
It will also satisfy the EU's desire to stop Android domination by telling Samsung/et al to go get a new OS. Of course I don't think it is so simple to come up with a new OS that people want (Tizen?).
I suspect the EU's actions are going to trigger #2. I don't think Google wanted this, but I don't see that they have much choice in the matter.
The end result of the EU's meddling is likely to be less competition, not more. If the EU forces choice #2 then they may ultimately end up in the perverse situation of having to do another anti-trust suit against this new Apple/Google world telling them to switch back to the old model.
|- Score: -1|
|Comment by Sidux|
|By Sidux on 2017-11-14 14:53:16|
I don't usually go through graphs because data is not that easy to analyse from a global perspective. |
For example there are people that never log in to Android and obtain apps from other sources (when it's needed).
Others simply won't update because they fear compatibility problems (eg: usually admins that just want the corporate apps to work as they received them from the company without having to explain to anyone that they couldn't connect because X update came and broke something).
From graphs this will show as outdated apps, even if the OEM may very well provide regular security updates.
It's pretty much the same thing with Windows before Microsoft came and forced the update process fo rthe home user.
Apple does this too..
Is this the only way though to keep the ecosystem safe enough? Hard to say but it's good for everybody to have choice.
|- Score: 3|
|RE: a little over-dramatic...|
|By lucke on 2017-11-14 15:02:19|
It seems that if you're on a patch level older than 2017-09-01, you're susceptible to Blueborne. If you're not running 2017-11-06, you're susceptible to KRACK. |
I recently got my first Android phone, LG K10, from a bank. The model was released less than two years ago. It's nice, has everything I would want from a phone. The patch level is at 2017-08-01. If I don't want to share my data, I had better not use WiFi nor Bluetooth.
Edited 2017-11-14 15:02 UTC
|- Score: 1|
|RE: a little over-dramatic...|
|By cranfordio on 2017-11-14 15:21:07|
> Now, lets look at the iPhone tragedies: |
- numerous reports of swollen batteries breaking the phone casing. (LITERALLY falling apart at the seams!)
- most breakable iPhone ever!
- FaceID owned in its first week by a Halloween mask.
- Screen tinting - even if not as noticeable, its there.
- Autocorrect bug
- "The iPhones are susceptible to screen burn in." - Tim Cook
- **touch screen unusable in cold temperatures**
- Haven't heard about the swollen batteries problem, so no comment on this.
- All smartphones have had problems with breaking if mishandled. I have had an iPhone since they first came out in 2007 and I haven't even had as much as a scratch on the screen. I have seen roughly the same percentage of Samsung and HTC phones with cracked screens as I see iPhones
- Horrible demonstration of hacking FaceID and they only answer questions about how their process went with, "We are experts in the field." Which makes their process very questionable.
- All OLED screens have this issue, Apple never denied this, they just found way to get Samsung to make it less obvious.
- Already fixed
- Again, all OLED screens have this issue. But I wonder, who keeps their phone screen on with any one part of their screen never changing for a long enough period to cause burn-in? Personally, I jump from app to app, which changes the whole screen except maybe the very top, frequently, and then the screen is off when I am not using it.
- Unusable for a short period of time. It has to do more with sudden temperature changes as opposed to just being cold. Apple says they are going to address this, we will just have to wait and see.
|- Score: 3|
|RE: Android is a mess|
|By The123king on 2017-11-14 15:21:13|
|The NT kernel is hybrid monolithic. NT never has been a microkernel. Same goes for the MacOS and iOS kernels. And anyway, like the poster below me, moving to a microkernel is not going to help|
|- Score: 3|
|Alarm! The bad guys haz youR lives!!|
|By CaptainN- on 2017-11-14 16:18:58|
Show me stats on exploitable android versions, and active exploits when we talk about security problems, or I'm not interested. |
Second - this talks about API versions - that's fine as a way to collect stats, but it says nothing about whether all those hopelessly outdated Android installs can run the latest software, built with the latest APIs for the latest API versions. hint: old Android versions can still run new software. The SDK doesn't work like it does on other platforms.
So if we don't have any real data on security (which would be a concern) and the problem of not being able to run current software isn't a problem - well what is the problem?
|- Score: 3|