upvote

points

by croes4 hours ago |
comments
upvoteby a963 hours ago|
next
[-]
You can take many computers from 1999 and update them to the best software available today. Most phones won't even do that for a few years. And that is security in the real sense of the word, as in "this won't just pull the rug from under me".

(Of course the problem isn't Android, it's the chipset vendors that the SW depends on. They drop support fast and never give enough info for anyone else to keep things up to date. Also Google.)

reply
upvoteby mike_hearn3 hours ago|
prev|
next
[-]
So what? Most devices running Linux don't get security patched, it was ever thus. Think about all the kernels running in wifi routers and other embedded devices.
reply
upvoteby akimbostrawman3 hours ago|
prev|
[-]
>if 40% of all Android devices don‘t get a security patch

No system will stay secure once it does not receive updates. That does not exclude it from being more secure than another system based on security feature merits as long as it does get updated.

>Hardening is one part of security, patchability another. Android lacks in the latter.

That is not an inherent flaw with android but OEM devices shipping modified android they don't bother keeping up to date. Some OEMs are trying to mitigate this by increasing security update support up to 7 years which still is not long enough but also doesn't make them less secure than a desktop that gets updated longer.

What people forget is that not only desktop and mobile phone software is different but also the hardware. If your desktop pc hardware is out of date / EOL nobody cares usually. Meanwhile on a phone this can be a lot more relevant because security expectations and threat models are a lot higher, for example see all the zero/one click compromise headlines.

reply
upvoteby croes1 hours ago|
parent|
[-]
It is an inherent flaw of android. Imagine no Windows update because Lenovo stopped support for 4 year old notebooks
reply
upvoteby akimbostrawman53 minutes ago|
parent|
[-]
It's 7 years because there limiting factor is hardware firmware support. A lot of desktop hardware does not receive firmware updates above 4 years either but that just gets shrugged off like you do because "OS still gets updates so it means it's secure".
reply