Linked by Thom Holwerda on Wed 5th Sep 2018 22:21 UTC
Android

Samsung has now confirmed that the Galaxy Note 5 and the Galaxy S6 edge+ will no longer receive monthly security updates. It's not surprising as the Galaxy S6 has already dropped off the list of devices receiving monthly security updates earlier this year. The aforementioned devices will not be receiving security patches regularly every month going forward.

Those are €800-1000 computers released only 3 years ago, probably available in stores for years, maybe even now - and just like that, no more security updates. Why do we and our lawmakers just allow these companies to get away with this? It's high, high time we mandate a minimum lifespan for these expensive devices.

Order by: Score:
No unintended consequences?
by Berend de Boer on Wed 5th Sep 2018 23:07 UTC
Berend de Boer
Member since:
2005-10-19

I have a simpler solution: consumers refusing to buy devices that don't get updates.

I know, I know, it's a reflexive statement from a European citizen to call for more government, but a law like this could make such devices more expensive. Meaning less European citizens could afford them, giving an edge to countries without such laws.

Also, this law could be another example of protecting big companies. A small startup, offering services to upgrade such devices, will have to cease operations.

Reply Score: 1

RE: No unintended consequences?
by ssokolow on Wed 5th Sep 2018 23:29 UTC in reply to "No unintended consequences?"
ssokolow Member since:
2010-01-21

I have a simpler solution: consumers refusing to buy devices that don't get updates.

I know, I know, it's a reflexive statement from a European citizen to call for more government, but a law like this could make such devices more expensive. Meaning less European citizens could afford them, giving an edge to countries without such laws.

Also, this law could be another example of protecting big companies. A small startup, offering services to upgrade such devices, will have to cease operations.


He said "mandate a minimum lifespan", not "mandate OEM-provided updates". There are various ways to accomplish that goal.

Heck, by some definitions, that constraint would be satisfied if smartphones were as open, driver-wise, as Linux on x86, regardless of how long the OEMs actually took responsibility for producing software updates themselves.

Edited 2018-09-05 23:40 UTC

Reply Score: 5

RE[2]: No unintended consequences?
by Alfman on Thu 6th Sep 2018 02:32 UTC in reply to "RE: No unintended consequences?"
Alfman Member since:
2011-01-28

ssokolow,

He said "mandate a minimum lifespan", not "mandate OEM-provided updates". There are various ways to accomplish that goal.

Heck, by some definitions, that constraint would be satisfied if smartphones were as open, driver-wise, as Linux on x86, regardless of how long the OEMs actually took responsibility for producing software updates themselves.


Exactly! This would be a non-issue if the open source community could support the phones themselves. That's always been a problem especially with mobile tech, not necessarily that the manufacturer dropped support, but that the manufacturer has a monopoly on support in the first place.

It would actually be less work for manufactures to allow the community to support their customer's phones, the reason they don't like this is because of their conflict of interest. We must understand that from a business perspective, killing off older devices is actually one of their goals. They don't want to risk anyone extending the life of consumer goods, even if the hardware still works, and even if someone else did it for free.

Consider the math, for example a $600 phone with 3 years of support with 200k units sold for $120M. To increase support to 5 years, manufacturers would have to pay a couple of developers to backport bug fixes. Having done this work myself, it's certainly doable for one developer on a part time bases, but even if they are very inefficient it should cost less than $1M for those two years. This works out to about $5 per phone, which is quite reasonable.

Revenue lost to decreases in sales caused by extended product life-cycles, every additional year of support has a $200 new sale opportunity cost. So increasing support to 5 years would potentially cost $80M in lost sales. In order to make up for lost sales with 5 years of support, they'd have to tack on an extra $400 per phone!


We can run the numbers different ways, but it's not even close. However we look at it, it's clear that support costs are a drop in the bucket compared to to lost profits associated with the longer product life-cycle. This is fundamentally why manufacturers aren't solving this problem voluntarily. It has very little to do with the cost of support (even if it were free) and everything to do with wanting customers to buy new phones.

I worry about all the environmental damage these companies are needlessly causing our planet; we should be more careful. Unfortunately corporations only respect profits, and that's pointing in the direction of shorter product life cycles with planned obsolesce.

Edited 2018-09-06 02:42 UTC

Reply Score: 6

RE: No unintended consequences?
by crystall on Thu 6th Sep 2018 07:52 UTC in reply to "No unintended consequences?"
crystall Member since:
2007-02-06

Also, this law could be another example of protecting big companies. A small startup, offering services to upgrade such devices, will have to cease operations.


Not true: Fairphone has been putting out security updates regularly for the Fairphone 2 and even shipped a major upgrade (5.1 -> 6.0) with 7.0 coming soon. If they can pull it off with a staff of only a few dozen people then I don't see why others can't.

Reply Score: 3

Vistaus Member since:
2018-03-21

7.0 coming soon while we are already at 9.0?

Reply Score: 3

RE: No unintended consequences?
by moondevil on Thu 6th Sep 2018 08:30 UTC in reply to "No unintended consequences?"
moondevil Member since:
2005-07-08

Google has had so few OEM upgrading to Oreo that they are finally requiring updates as part of the device certification processes.

https://android-developers.googleblog.com/2018/08/evolution-of-andro...

In particular, we recently delivered a new testing infrastructure that enables manufacturers to develop and deploy automated tests across lower levels of the firmware stack that were previously relegated to manual testing. In addition, the Android build approval process now includes scanning of device images for specific patterns, reducing the risk of omission.


....

In addition, we are also working to drive increased and more expedient partner adoption of our security update and compliance requirements.

Reply Score: 4

RE: No unintended consequences?
by Lobotomik on Thu 6th Sep 2018 08:35 UTC in reply to "No unintended consequences?"
Lobotomik Member since:
2006-01-03

I have voted you up, though I do not agree at all.

Leaving the government out of the equation is not a good approach. It is like saying there should be no compulsory testing and no regulations to ensure that appliances are safe, and let the public decide if they buy one that can burn their house down. Because oterwise, consumers and local dishwasher makers will be in a disadvantage to those in countries where electrocution, fire and flooding are no issue.

With a complex issue like this, it is much more so, with 99% of the population completely unaware that such an issue exists, much less such a remedy as frequent patches.

At the very least there should be a wide campaign to teach the consumers the dangers of shitty software, and promote a compulsory, prominently visible seal in the packaging that lets you know what the update policies are: something like "OS upgrades until 2020; Bimonthly security patches until 2022", and so on. Then, upon some concrete information, people could decide.

Anyhow, the government is there to ensure citizens are safe when buying anything that is allowed to be sold, and citizens expect merchantability by default. There are technical regulations for just about everything, be it in Europe, USA, Japan or Korea: I fail to see why dangerous shitware should be the exception.

Reply Score: 8

RE: No unintended consequences?
by No it isnt on Thu 6th Sep 2018 14:49 UTC in reply to "No unintended consequences?"
No it isnt Member since:
2005-11-14

I have a simpler solution: consumers refusing to buy devices that don't get updates.


An excellent, testable hypothesis. Since it didn't happen, we can expect that it won't.

Why do you still believe in that nonsense?

Reply Score: 4

No it isnt Member since:
2005-11-14

A lack of awareness doesn't eliminate a problem. Why are you free-market ideologists always so fucking retarded?

Reply Score: 4

Locked bootloader
by devloop on Thu 6th Sep 2018 00:20 UTC
devloop
Member since:
2007-11-12

Don't buy devices from vendors that refuse to unlock your bootloader. You don't own your device if you are at their mercy for any sort of updates.

Edited 2018-09-06 00:20 UTC

Reply Score: 5

RE: Locked bootloader
by kurkosdr on Thu 6th Sep 2018 22:02 UTC in reply to "Locked bootloader"
kurkosdr Member since:
2011-04-11

Don't buy devices from vendors that refuse to unlock your bootloader. You don't own your device if you are at their mercy for any sort of updates.


Yeah I am going to rip out the stock ROM for an unintegrated ROM like LineageOS - not. Manufacturers should provide updates, but they aren't legally obligated too and nobody except us nerds care enough about it

Reply Score: 1

RE[2]: Locked bootloader
by Alfman on Thu 6th Sep 2018 23:34 UTC in reply to "RE: Locked bootloader"
Alfman Member since:
2011-01-28

kurkosdr,

Yeah I am going to rip out the stock ROM for an unintegrated ROM like LineageOS - not. Manufacturers should provide updates, but they aren't legally obligated too and nobody except us nerds care enough about it



Your point is well taken, however I think if the specs and bootloaders were more accessible to developers that we could actually end up with open source that rivals the original experience, akin to dd-wrt. It's the fragmentation combined with roadblocks to obtaining development information needed for every device that kills 3rd party innovations to the point that many would be devs/fans just give up.

Reply Score: 3

ssokolow Member since:
2010-01-21

If it weren't for software changes, these devices would continue to do everything they did the day they were purchased.

I don't see what's wrong here.

You seem to think the company that sold the device should continue to offer you free service on that device instead of you purchasing a newer device. Am I restating that correctly?


More like planned obsolescence via locked bootloaders and the use of short-lived closed-source drivers written against a purposefully unstable kernel ABI intended to deter them.

Desktop and laptop PCs don't have that problem. Heck, there are perfectly good examples of doing it in a less obsolescent way. For example, the GPU in the TI OMAP3 chip used by the OpenPandora handheld has all the closed-source bits in userland and both AMD and nVidia do a good job of providing nice long support windows for their GPU drivers, Windows or Linux.

It should be illegal to apply planned obsolescence tactics to an $800 device.

Edited 2018-09-06 01:29 UTC

Reply Score: 4

moondevil Member since:
2005-07-08

Desktops don't have yet that problem.

Laptops are becoming what computers used to be, before Compaq made it possible for PC Compatibles to go wild.

All thanks to thin razor margins and computers reaching appliance status.

Reply Score: 4

Lobotomik Member since:
2006-01-03

I think an 800€ device produces more than razor thin profits.

Reply Score: 4

moondevil Member since:
2005-07-08

My first laptop was around 1 500 euros and it was pretty cheap compared with the alternatives.

Reply Score: 2

WorknMan Member since:
2005-11-13

I don't see what's wrong here.


I mean, I don't need constant OS updates for 5-10 years, but not getting security updates on $500+ devices after 2-3 years is ridiculous.

Reply Score: 7

wdouglass Member since:
2016-04-12

If it weren't for software changes, these devices would continue to do everything they did the day they were purchased.


Exactly, including any security flaws they may have that leak credit card information, location, and other personal info.

Reply Score: 2

Comment by b00gie
by b00gie on Thu 6th Sep 2018 04:49 UTC
b00gie
Member since:
2006-06-09

Why do we and our lawmakers just allow these companies to get away with this?

and the court of law.
https://www.zdnet.com/article/no-samsung-doesnt-have-to-keep-patchin...

Each manufacturer has to be blamed per se but above all Google is responsible for still keeping up with all this BS.

Edited 2018-09-06 04:56 UTC

Reply Score: 2

v Comment by grub
by grub on Thu 6th Sep 2018 07:37 UTC
Vote with your wallet
by avgalen on Thu 6th Sep 2018 08:46 UTC
avgalen
Member since:
2010-09-23

https://www.blog.google/products/android-enterprise/android-enterpri...

Some of the Android Enterprise Recommended requirements and best practices for rugged devices include:
* Delivery of Android security updates within 90 days of release from Google, for a minimum of five years
* Support for at least one additional major OS release

Of course I personally think that a device should receive all major OS releases 3 years after the OEM stops selling it and this worked quite well for my Nokia Lumia 1520 and will hopefully work well for my Nokia 7 Plus with Android One

Reply Score: 3

RE: Vote with your wallet
by zima on Sat 8th Sep 2018 01:29 UTC in reply to "Vote with your wallet"
zima Member since:
2005-07-06

Of course I personally think that a device should receive all major OS releases 3 years after the OEM stops selling it

Probably why Apple supports its phones for so "long" - since old models are pushed on consumers much longer than by other manufacturers, they aren't supported that long since the end of mainstream sales at all...

Reply Score: 3

RE[2]: Vote with your wallet
by avgalen on Mon 10th Sep 2018 07:29 UTC in reply to "RE: Vote with your wallet"
avgalen Member since:
2010-09-23

"Of course I personally think that a device should receive all major OS releases 3 years after the OEM stops selling it

Probably why Apple supports its phones for so "long" - since old models are pushed on consumers much longer than by other manufacturers, they aren't supported that long since the end of mainstream sales at all...
"

TLDR: Limited choice in hardware results in the best upgrade policy.

There are a whole bunch of Android manufacturers selling all kind of devices, but only Apple makes iOS devices. That means that if you want an iOS device but don't want to pay flagship prices you are going to have to buy an older model iPhone and Apple will have to keep making and selling these older models to maintain a relevant marketshare. Of course Apple cannot sell unsupported devices so they have to support their low-tier devices with support. Apple has chosen to support only their latest OS-version so everyone, also the low-tier devices get the latest OS-version. In the past the result was that my iPad 2 became slower and eventually unusable because of these upgrade policies, but nowadays the hardware in even low-tier devices doesn't struggle with just running the OS anymore so this works out very well for iOS.

Reply Score: 2

RE[3]: Vote with your wallet
by zima on Tue 11th Sep 2018 11:37 UTC in reply to "RE[2]: Vote with your wallet"
zima Member since:
2005-07-06

Agreed; my point simply beeing that extended support period of those older models isn't that long as most commonly seen comparisons (from the start of sales) would suggest...

Reply Score: 2

don't complain
by unclefester on Thu 6th Sep 2018 08:59 UTC
unclefester
Member since:
2007-01-13

Back in the 1960s Mercedes offered a SIX month warranty on their cars in Australia. These were up to 100x the price of a Galaxy S6 adjusted for inflation.

Edited 2018-09-06 09:01 UTC

Reply Score: 1

RE: don't complain
by zima on Sat 8th Sep 2018 01:30 UTC in reply to "don't complain"
zima Member since:
2005-07-06

Curious, since Mercedes cars have a reputation of being among more long-lasting ones.

Reply Score: 2

RE[2]: don't complain
by kurkosdr on Sat 8th Sep 2018 18:54 UTC in reply to "RE: don't complain"
kurkosdr Member since:
2011-04-11

Curious, since Mercedes cars have a reputation of being among more long-lasting ones.

Had. Now they are at the bottom of the list along with with Volkswagen and FCA. At least FCA doesn't change the moon, do they are actually the most honest of the bunch...

Reply Score: 2

RE[3]: don't complain
by zima on Tue 11th Sep 2018 11:33 UTC in reply to "RE[2]: don't complain"
zima Member since:
2005-07-06

Well, since the old ones are long-lasting, and the new ones expensive, there's a lot of the former so still sort of "have" ;)
(also, VW/Skoda are rather nice (helps that VW tech is introduced in them later, so ~debugged) and inexpensive)

Reply Score: 2

Fed up with that
by lc_lol on Thu 6th Sep 2018 11:02 UTC
lc_lol
Member since:
2017-09-16

Precisely why my Galaxy Note 3 was my last Samsung phone. And my last "flagship" too. I'm feeling better having bought a $200 Asus phone, looks like updates last a bit longer, and I won't have to regret my money if I have to abandon it in 3 or 4 years.

Also the reason why I would buy any windows 10 phone if one was released. When you see how any simplest win10 barebone PC gets updated every month and how long this lasts, it would really be a deal.

Reply Score: 3

v RE: Fed up with that
by darknexus on Thu 6th Sep 2018 15:33 UTC in reply to "Fed up with that"
RE[2]: Fed up with that
by subsider34 on Thu 6th Sep 2018 19:53 UTC in reply to "RE: Fed up with that"
subsider34 Member since:
2010-11-08

Microsoft still supports their discontinued Windows 10 Mobile line actually. In fact, they'll continue support a few phones (like my Lumia 950) until December of 2019. Also unlike some companies where 'support' means "we'll help troubleshoot but won't issue any updates", Microsoft still sends out security updates for Windows 10 Mobile. I've gotten several since they announced the discontinuation of the product line.

https://support.microsoft.com/en-us/lifecycle/search?sort=PN&alpha=W...

As an aside, it struck me while looking at that chart that Microsoft is one of the only mobile phone companies in recent memory that actually committed to a defined support period. Most everyone else supports their phones for however long they feel like doing so.

Edited 2018-09-06 19:54 UTC

Reply Score: 3

RE[2]: Fed up with that
by lc_lol on Fri 7th Sep 2018 10:15 UTC in reply to "RE: Fed up with that"
lc_lol Member since:
2017-09-16


Rofl. Guess you missed the whole Windows Phone fiasco, where people who bought into one version had no upgrade path whatsoever and were basically told to go fsck themselves or buy a brand new phone?


Matter of fact, I didn't, as I didn't miss the WebOs fiasco, either (and I regret the latter much more than the first one...). But my option is not for a windows phone but a real, classic x86 modded to a phone.

To be clear : I own a Pipo X8 barebone, I paid it about $150. Runs Windows 10 night and day, I never booted the android partition (and I even wonder why I never deleted it).

Just add a (even big) battery, change the format and add phone features, it would have everything I would ask from a smartphone. I'd buy this blindly, because I'd be pretty sure the support would be long...

Edited 2018-09-07 10:18 UTC

Reply Score: 1

Still being sold
by rafaelmet on Thu 6th Sep 2018 12:04 UTC
rafaelmet
Member since:
2010-12-21

They are still being sold.
e.g. here: https://www.amazon.com/Samsung-Galaxy-Note-Black-32GB/dp/B013X8XQY2

That's one of the reasons, why the corporation where I'm working at has a "No-Android" policy.

Reply Score: 1

LineageOS
by Caraibes on Thu 6th Sep 2018 12:55 UTC
Caraibes
Member since:
2007-08-06

I am using LineageOS on my Moto G4 (it's perfect) and on my Samsung Galaxy S5 (it's almost perfect). Now I ordered a "new" Nexus ^for 150 US$ on Ebay, planning to install LineageOS too, so I can get Oreo. My other older phones are for my kids. My rule is that a phone should not cost more than 200US$.

Reply Score: 2

v RE: LineageOS
by dark2 on Thu 6th Sep 2018 16:29 UTC in reply to "LineageOS"