Why I'm so obsessed with phone updates...

-

Time after time I hear myself on-air complaining about a late or missing update to a smartphone. In the grand scheme it doesn't matter that much, surely? Why should it matter to a phone user whether their device is on 'March 2023 Android security' or err... 'April'? Or indeed 'February'?

Well, it normally doesn't. Certainly most phone users have no awareness of the security status of their devices. 

The security-smart answer is that users need protecting from themselves. All operating systems have some bugs, some vulnerabilities, due to their complexity, and exploiting (and fixing) these is a perpetual game of 'whack a mole' played between hackers and software developers. 

But if a serious vulnerability is found in Android OS then simply going to a booby-trapped web page or being tricked into downloading and installing something dodgy, let alone knowingly downloading 'cracked' commercial apps and games from the dark web, then the phone can be massively compromised, data and passwords stolen, and so on.

So users need protecting from themselves, security people (like me) say. And this is absolutely true, though I do wonder in practice how many regular users actually deliberately surf dodgy waters, as it were, and get infected by something.

Unless they're very unlucky in terms of timing, it probably doesn't matter too much whether their phone's security status is bang up to date or just 'within three months of the cutting edge', which is why many companies (Motorola and Fairphone spring to mind, plus Samsung in the last year of a phone's support) are content to issue updates quarterly.

Plus, as Ted Salmon has pointed out, malicious applications are protected against to a decent degree by Google's Play System Updates (in the Store) and these carry on regardless, as they're pushed directly. So this helps too, even when OS security runs out for whatever reason.

However. 

I think there's another reason why it's important for a phone manufacturer to stay bang up to date with Android security. It shows that the company CARES. It shows that they still have their finger on the pulse, that they still have a team dedicated to making that phone better, and so on.

The moment updates stop for a phone (often before the originally stated - at launch - support end-of-life) or are delayed significantly, I think 'Uh oh' and fear the worst. For example, the Microsoft Surface Duo is supposed to have support - and thus monthly security updates - until Autumn 2023, but April's is missing in action, it's now mid-May, and there's a serious fear that Microsoft has simply abandoned its (originally £1300 flagship) folding phone.

[Update: 10 May 2023. Sod's law being what it is, Microsoft pushed the delayed April 2023 update for its Duos an hour after I published this article. But it was still weeks late, the future's just as uncertain, and my sentiments still apply!]

There are similar 'lack of care' worries over Motorola phones in our possession too. So broken promises on updates are definitely a 'thing', even if the actual day to day security implications aren't perhaps as drastic as you might think, for a day to day user doing regular day to day things.

And an absence of care from the manufacturer immediately starts to turn me away from using or recommending a certain phone. That's just how it is... 

PS. Apple and the iPhone are largely outside this discussion because of the different way updates are rolled out. While manufacturers have to jump through hoops in the Android world, testing and then publishing updates for each device in each region, Apple simply pushes all security updates out to all iPhones when needed, with no schedule and with no other approvals needed. This is possible because only Apple makes the iPhone, of course, the same company behind software and hardware, and refusing to allow networks (carriers) to get too involved or to hold things up. It's a direct company-to-user relationship.

PS. If you like this feature and want to support my work then please do so here via PayPal. Thanks.

Comments

Robin Ottawa said…
This confuses me to no end. I have a Huawei P30 Pro that has a security update (on Android 11) from June 2021. But i don't think I'm at much risk that updates protect against. Or am i wrong? My sense is that fishy links and downloads are the worst offenders - do updates protect from that? An expert on your Phones Show explaining risk (beyond your and Ted's excellent knowledge) would be appreciated. There must be a list of worst offenders for the billions of people who don't have the latest updates.
6:41 AM
Steve Litchfield said…
Updates protect from those, yes. Stay away from suchlike and you'll be fine. But I still think you should be eyeing up a current phone this year!
10:22 AM
Post a Comment

Popular posts from this blog

Wavelet - and better sounding speakers (and headphones) on Android...

-
Image
You may well be fairly happy with the audio output (speakers and headphones) on your existing Android phone. Or, like me, you may welcome an extra step up. Perhaps more bass/punch, clearer treble, or perhaps just a volume boost overall. Now, there have been various 'boost' utilities for Android in the past and they've been a bit patchy in how well they work. But Wavelet, discovered by Ted Salmon back in 2021, is a whole different kettle of fish, in that it works supremely well, with extra bass, clarity, and volume,   BUT has a very confusing interface. Which is why a brief tutorial is in order. The steps come from Ted in bullet point form, but expanded by me here and with screenshots, which will hopefully help. By the way, ignore the 'headphone specific' text in the app's title - it works perfectly well for speakers too. In fact, by definition, I'd say that it's really ONLY for speakers, since with headphones you've usually got plenty of natural i
Read more

Bluetooth keyboard incorrect PIN or password - SOLVED

-
Image
Just in case this helps anyone else, I had a nightmare today with my Bluetooth keyboard and my Android phone - but I used some common sense and found a geeky solution. In my case it was a ZTE Axon 7 running Lineage OS and a Microsoft Universal Folding Keyboard (UFK), but I suspect this cure will work for more general issues. The symptom was that when I tried to connect a previously paired keyboard I first of all got just the raw Bluetooth address shown and not the keyboard name. And then, when I tried connecting, I got an "incorrect PIN or password" error message. No chance to reenter a PIN and no amount of restarting keyboard or phone would fix it. The cure seemed to be to reset something in the phone's Bluetooth system, but what? The keyboard wasn't showing up as paired, so I couldn't 'forget' it. I tracked it down in the end. Settings, Apps, then 'Show system' on the '...' menu. Find and tap on 'Bluetooth extensions'.
Read more

How to fix Blink XT2 Camera 'Thumbnail failed' error!

-
Image
Update - Jan 2023: Amazon/Blink just changed the interface in their app - so things may have moved slightly in the UI! The Blink XT2 cameras are great - a trivial way to keep an eye on a loved one (in my case an aged parent) without wires or complex DIY hassle. Just set a camera or two up on your Wifi and you can keep an eye on them from across the world.  And all is fine, generally, I tap to take a photo or video if my dad isn't answering the phone, to check where he is and whether he's OK. Yes, there's motion detection available, but I usually have this off as when he's well he'll move around and keep triggering images and videos, which then drain the batteries too quickly. (I do have motion detection on my own house's security cameras, outdoors) But recently I had the strangest error: 'Thumbnail failed' on one of the cameras and it persisted for days.  Now, I live 150 miles away and so Blink's suggestion of 'take the batteries out and put them
Read more