
There are over a billion outdated Android devices in use - josephscott
https://danluu.com/android-updates/
======
userbinator
With current and older devices working perfectly well, and new devices being
even less serviceable and more user-hostile with greater efforts towards
planned obolescence, is it any wonder that people just aren't "upgrading" any
more? I don't consider this a problem, but a sign of an ecosystem that is
gaining stability. In fact I'd say it's even better, from an e-waste
perspective, that the amount of churn has decreased.

Even in the low-end/unbranded devices, I'm seeing a gradual removal of
hardware features and general lack of parts (screens, cases, etc.)
availability, while replacement parts for models several years old are still
plentiful.

~~~
shp0ngle
Security, basically. If you care about your privacy, you should care about
security (can't have one with the other). You need updated phone for that.

~~~
jsight
Security isn't as big of an issue with many of these devices as you might
think. Unless it is years out of date, Play Services still gets updates, the
system web view still gets updated, Chrome still gets updates, and in many
cases the vendor will still roll out an emergency patch if there is something
serious.

~~~
acdha
That's a huge guessing game, though - remember StageFright? You could have a
phone with an up to date Chrome, up to date Play Services, and still be
trivially exploited simply by viewing a standard video file. (Not to mention
wondering which of your apps uses an out of date embedded web view)

I would submit that the number of people qualified to safely make (and update)
that risk assessment is extremely small, and all of them would recommend
updating to a version which patches problems rather than hoping you can dance
around them.

~~~
jsight
StageFright was patched on a LOT of devices that "no longer received updates".
The concern with embedded web views is overrated, as Android actually updates
those via Play Services now.

For all of the talk of how awful this is, actual exploits are almost unheard
of.

------
gumballhead
I often get sympathetic comments for being an Android developer because of
this. It's honestly not that bad. Android provides backwards compatible
support libraries for whatever SDK you're supporting, and was designed from
the beginning to handle diverse screen sizes and hardware.

By far a bigger problem is manufacturers shipping their own version of Android
that is sometimes incompatible with the SDK. I've had to implement some ugly
hacks for Samsung before, which is unfortunate because of how popular their
hardware is. It's becoming less of a problem over time though.

~~~
enzanki_ars
The problem with outdated versions is not app compatibility, but security
updates. If a zero-day were released, most of these devices would never
receive an update fix the issue.

Worst case scenario: An Android zero day that can be spread via WiFi or
Bluetooth that infects devices in a cryptolocker style. The more versions it
can affect, the better.

Shoot. Probably shouldn’t give people ideas, especially when I have an Android
device. At least it runs LineageOS and can be updated easily...

Edit: To clarify my idea, imagine the Windows XP crypolocker viruses, but for
Android instead, spreading not through cell towers or WiFi routers, but
instead spreading via the cellular/WiFi/Bluetooth chips in the devices.

I’m starting to wonder if I should buy a portable Faraday cage for my
devices...

~~~
IshKebab
It's _also_ a problem with compatibility. Just because they've found a
reasonable way to mostly work around it (by basically bundling an up-to-date
version of the framework into each app) doesn't mean it isn't an issue. Not
everything is in the support library.

But I agree, at this point the security issues are a bigger concern.

------
opportune
The flipside of this is that developers are forced to support versions of
their apps that are compatible with previous operating systems. That's bad for
developers, but good for consumers.

iPhones shove updates down your throat as a user. They're so persistent that
inevitably most people will accept the new update - and even if you're
stubborn like me, eventually your apps will no longer be supported under the
newer OS's, and you are forced to update to keep using them. The problem is
that the OS upgrades invariably slow down older phones, so even if you're
perfectly happy with your iPhone to begin with, it starts to act slow as it
gets the newer OS's. It's good that Android users can at least avoid this
particular kind of planned obsolescence

~~~
userbinator
_That 's bad for developers, but good for consumers._

Is it? I'm a developer --- _and_ a consumer, as are most --- and have always
kept to the principle of as much compatibility as possible, mostly by not
gorging on new features for the sake of new features, and a "do what you can
with what you have" approach. To me, spending a little extra effort to get
much more compatibility is well worth it, since I've been on "the other side"
and know the horrible experience of not being able to use something just
because the developer didn't bother to think about anything but the "new and
shiny"; that seems to be something a lot of developers completely ignore or
even oppose.

~~~
vlozko
The QA effort to support 3-4 of the most recent OS’s isn’t “a little extra
effort.” It can get pretty expensive, too, since you may have to have devices
for all supported OS versions and possibly idioms (e.g. iPhone, iPad).

~~~
BoorishBears
If only Android devs only had to think about 3-4 of the most recent OSes...

There are outliers in either direction, but these days the minimum supported
version tends to be either API Level 19 if you're conservative, with a stead
shift towards ... API Level 21. For reference, Oreo is API Level 26.

------
ajnin
Hey, they used the data that I made available on my website here :
[https://www.bidouille.org/misc/androidcharts](https://www.bidouille.org/misc/androidcharts)

Gathering the old data from archive.org snapshots was a pain, I'm glad I saved
someone else the trouble :)

One thing that's missing from this data is the actual number of devices in
circulation, as said in the article it's only the market share among Android
devices, and only those which access the Play Store. Having access to that
data would make the graphs much more interesting, but unfortunately I have no
idea where to get it.

~~~
Bartweiss
> _only those which access the Play Store_

I'll bet this means an enormous number of outdated devices outside the first
world are missing. In particular, any area without cheap and reliable data
access is probably eschewing the Play Store for some kind of local-area app
sharing like Zapya.

Not your fault obviously, these are fascinating stats as is. But I'm also
really curious how many smartphones have gone "off the grid" without being
retired. Generalizing from Myanmar [1], I suppose Facebook's internal device
data would be the best source.

[1]
[https://craigmod.com/sputnik/smartphones_in_myanmar/](https://craigmod.com/sputnik/smartphones_in_myanmar/)

------
Falkon1313
The real problem with mobile devices is that it costs $600-$1000 for a
security patch. And when you get it, you'll also be stuck with inferior
hardware as a side effect of that very expensive security patch. A device that
used to be multifunctional but now is no longer useful for phone calls, music,
or videos because it doesn't have a headphone port. One that used to be mobile
but now requires you to stay tethered to an outlet because you can no longer
switch out to a spare battery. One that's even thinner and more likely to
break.

People would like to be secure, but they shouldn't have to pay that much for a
security patch and they don't want to downgrade their systems.

------
matt_wulfeck
> _If we look at the newest Android release (8.0, 8 /2017), it looks like
> you’re quite lucky if you have a two year old device that will get the
> latest update. The oldest “Google” phone supported is the Nexus 6P (9/2015),
> giving it just under two years of support._

And 2 years is the best-case scenario. Compare to nearly 5 years for iOS
devices (which, as far as I can tell was prompted only by a move to 64-bit
SoC). It's beyond me that Google hasn't taken a more extreme approach to
keeping their devices up-to-date.

~~~
stevenwoo
My Nexus 6P is eligible for 8.0 under the beta program, the last time I
checked, 8.0 was still not available for it in the official channel so I had
to switch to the beta program to try out 8.0 on a device.

~~~
tssva
8.0 has officially been available for the Nexus 6P since August.

~~~
stevenwoo
Thanks, exiting the beta program to see what happens now.

------
sizzzzlerz
I've got a 7 or 8 year old Google Nexus phone. Google stopped updating the OS
5 years ago. The only impact I've noticed is that newer apps won't run on and
older OS. For me, however, that really isn't a problem since I use it for
making and receiving calls and texts, and checking my email. Right now, I'm in
no hurry to lay out hundreds for a new phone, Apple or Android, that will be
obsoleted in just a couple years when the vendor abandons it.

~~~
thomastjeffery
The problem that you _don 't_ notice is the lack of _security_ updates.

~~~
LandoCalrissian
Right? It may still largely be functional, but I would never trust that device
in the open, it's just ripe for a bevy of attacks.

I really wish Google would expand their service lifetime on their own devices,
because I feel 2 years is really too short.

~~~
The_DaveG
Two years is completely too short, even three years if you purchase mid-cycle
is not enough.

I own Nexus 5X's on Project Fi, one bootlooped and was replaced, the other
still going strong after ~20months. I also have a Pixel XL acquired like 7
months ago, both of those should outlive the updates and giving Google the
money directly, they should take care of their customers.

Far from an Apple fan boy, the 2016 MBP and 2017 iPad do not worry me about
getting forgotten in the ever ongoing updates.

~~~
Spivak
Two years is too short but once you get on the extended warranty loop you can
basically get another 2/4 years of new phones on the cheap.

~~~
The_DaveG
For the 5X's, the were a great deal, and it would cost more than the phone to
get into the extended warranties. Not worth it for our purposes. As long as
they keep working, we'll keep using them.

------
JepZ
One fact I was not completely aware about: Even if you have updated your
Android device with a Custom ROM (e.g. Lineage/Cyanogen) to a newer Android
Version you most likely still have an old Kernel.

So yes, I am very happy that I can still run Android 7.1.2 on my 5 year old
S3, but at the same time it runs on a 3.0 Linux kernel which was originally
release in July 2011. As far as I know, that is because some drivers (e.g. the
graphics driver) are closed source and are only available as binaries.
Therefore, they were never properly integrated into the Linux kernel source
and when the kernel changes nobody cares about them.

Yes, I know about the discussion about stable ABIs, but even with a stable
ABI, I would still be stuck with an outdated buggy graphics drivers, because
the kernel developers only care about source they can access.

To sum it up: I would like to have a product which does not only have an up-
to-date userland software, but also a more or less current kernel.

~~~
jiggunjer
I don't think they just drop in an older Linux kernel. I think Android is more
like a Linux fork these days. The current version being based on an
older/stable Linux kernel.

If Android updates never touched the kernel, how is it drivers break. They
must be updating the kernel too.

------
shadowtree
Love the HN crowd here explaining that staying still on old tech full of
security holes is a-ok. :)

Both Android and iOS have made awesome progress on all fronts, from security
to stuff like AR and ML.

You can now have a supercomputer in your pocket - just using it for
phone/texts is such a waste.

~~~
spookthesunset
> Love the HN crowd here explaining that staying still on old tech full of
> security holes is a-ok. :)

It’s disheartening when a forum full of supposed tech enthusiasts starts to
morph into a bunch of paranoid tech Luddites. That is what, imho, killed
slashdot. Every post was full of comments slamming anything new. Eventually it
just got toxic and boring. Who wants to hear a bunch of paranoid outliers brag
about their 8 year old phone on a forum like this?

The tech industry is constantly changing. If you can’t handle it, you should
go into something else...

~~~
askafriend
Harsh tone but 100% warranted imo. It’s fascinating to see so many otherwise
smart people completely fail to understand the changes around them.

~~~
spookthesunset
Its harsh because there is no way to sugar coat it. This post is full of
people bragging about running 9 year old phones with ancient highly vulnerable
operating systems. On the same forum that has people bragging about being
child geniuses and making posts like “I’m assuming that just by reading HN you
have an above average intelligence”.

No. You don’t get to claim you are “above average intelligence” when you brag
about downloading OS updates off sketchy “community” forums and then make
posts like “better than some faceless corporation”. That isn’t intelligent.
That is just being stupid.

Ever hear of the dunning kruger effect? Some folks need to go read about it
and then smack themselves upside the head.

Seriously. Paranoid tech ludditism is an eye rolling, tedious, boring
circlejerk. Go back to your green screen gramps— I’m sure it is good enough
for anything but I like my 4K color monitor, thanks.

...Keep that stuff out of tech forums because it is cancer. Sla

~~~
pjmlp
I am happy for you, that you can afford spending several hundred
euros/dollars/yen/whatever every couple of years for OS updates.

Majority of us have better things in life to use our money for.

~~~
briandear
However, a large number of people on HN are software engineers who make their
living writing software for these devices; it would seem like a crowd that
loves tech like React “Native” might consider the latest devices somewhat
important to their business. If developers are running old devices and old
OSes, then it follows that they aren’t developing around the latest
capabilities because they themselves don’t use the latest capabilities. For a
“progressive” crowd, it sure seems like there are quite a few reactionaries.

This “keep my older device” argument makes perfect sense if you are an end-
consumer but it makes no sense if your business is building software. Software
developers ought to consider it a minimum requirement to be on the cutting
edge. We should be leading the way and not doggedly hanging on to older tech.

If we were house painters, then running a 5 year old device makes no
difference, but if we are supposed to be building the future, it’s illogical
to be obsessed, almost to a hipster-degree with running outdated equipment.

It’s Jay-Z rocking an 8-track.

~~~
pjmlp
Just because I am a software engineer, doesn’t mean I am willing to spend more
than 600 euros every three years for the privilege of having an updated
device.

That are more important things in life.

If Google wants us to actually use the latest features, then they should force
OEM to upgrade to Treble and push to their devices.

Not to force us to buy an Oreo device, hoping that this time around OEMs will
actually push updates on ALL devices.

------
na85
Having to wait and sometimes pray for your vendor to ship an update is why I
chose to stick to the Nexus line of phones until it ended.

My next device may or may not be a Pixel, but the above coupled with the
shitty "value adds" like custom file managers and stuff that Samsung et al
tend to cram into their already bloated Android implementations pretty much
guarantees I'll never by a Samsung or similar.

My wife's Galaxy S3 was slow the day she got it, and it only went downhill
from there, to the point that a spare BB Priv felt like an upgrade to her. At
that point the Priv was already 2 years old.

edit: can someone explain the down votes? for real, I thought this was a
pretty level headed comment. is it just that I dumped on Samsung?

~~~
ruytlm
As a long time Nexus user (back to Nexus S), the clean OS and updates were
always the selling points for me.

With Pixel now dropping the headphone jack, I'm starting to look elsewhere.
Here's hoping I get some more life yet out of my 5X.

~~~
pasbesoin
Make sure you are regularly backed up. Anecdote, but I bootlooped -- that's
with quite gentle care. Friend bootlooped a couple of weeks later.

~~~
Geeflow
Second that. I bought three Nexus 5x for me and my family. Two of those
bricked themselves without warning.

Plus I keep reading these stories over and over again. Multiple anecdotes in
the discussion to this article alone...

Both got repaired (mainboard replaced) under warranty without issue. I'm still
happy with the phone and haven't found anything comparable considering the
price (270€ approx. 1 year after release), but you definitely need to have a
solid backup strategy.

------
SteveGregory
Does this seem like a trend that goes beyond just tech products? Clothes,
appliances, furniture (with fiberboard) all seem to have lower longevity
today, whether it's from lacking updates/service or just lacking durability.

~~~
Double_a_92
Might by survivorship bias. You only remember old furniture that survived long
enough for you to see it...

------
bitL
I still have Nexus 7 running on KitKat 4.2 as I dislike material look and for
newer Android versions I always go with phones that ship with customized UI
that better correspond to my aesthetics sense. Disclaimer: I am a visual
artist as well and hate it when somebody enforces certain style, in my case
anything flat, low-contrast, confusing where my brain has to spend >20ms
identifying controls.

~~~
goalieca
Are you concerned at all with security of the device? Just asking because I
know lots of people who stick with older droids and none seem to care.

~~~
5ilv3r
Old device user here. The frequency of exploits is going up, so older devices
with few features and small attack surface are safer than new devices with the
bells and whistles and a bigger attack surface. Basically, fuck you to the
assholes pushing updates. They are doing it wrong and I reject them. I will
accept no update with antifeatures, no matter how much they say it is good for
me.

~~~
goalieca
The old device runs a complete browser with network access and daemons etc. It
seems like all of the bells and whistles were already around for quite some
time.

------
joelthelion
That's why I only buy phones that are supported by LineageOS (usually second
hand). Not ideal, but it's the best I've found so far.

I guess paying $150 for a fully up-to-date phone that was worth $700 just two
years ago isn't such a bad deal.

~~~
Rotareti
The last time I tried to install LineageOS on my phone I had to execute a non-
reproducible binary of some anonymous haxxor to flash the OS. I remember I
could have build my own image from source, but the only documentation was
spread over a thread on a message board with a couple hundred pages... and if
you screw your build you brick your device.

~~~
joelthelion
You never have to do that if you choose your phones well.

~~~
Rotareti
How do you flash LineageOS onto a well chosen phone? Don't you need something
like TWRP?

~~~
joelthelion
Yes, you usually flash TWRP, then Lineage.

~~~
Rotareti
And how did you build TWRP from source or where do you get a reproducible TWRP
build from? When I checked some month ago, there was pretty much no
documentation available on how to build TWRP from source for my phone. The
pre-build TWRP binaries were not reproducible.

~~~
joelthelion
I just use the prebuilt binaries. But saying it comes from "some anonymous
haxxor" isn't fair to TWRP. The situation is no different from the vast
majority of binaries we run (unless if you run gentoo maybe, but if you don't
audit all sources I don't see how this adds value).

------
Ologn
> We’ve seen that Android devices appear to be getting more out of date over
> time. This makes it difficult for developers to target “new” Android API
> features, where new means anything introduced in the past few years.

This used to be more of a problem, but the support library deals with this
more nowadays. Not for every change and new feature, but for most of them.

~~~
amorphid
If don't mind answering, I'd love it if you could provide an example or two of
features that are implementable enough with support libraries, but would be a
pain to build without them.

~~~
weeks
[https://developer.android.com/guide/topics/ui/layout/recycle...](https://developer.android.com/guide/topics/ui/layout/recyclerview.html)

[https://developer.android.com/guide/topics/media/exoplayer.h...](https://developer.android.com/guide/topics/media/exoplayer.html)

RecyclerViews are only implemented in the support libraries, even for newer
versions of Android. I haven't used Exoplayer personally but by reputation it
does all of the hard media stuff for you.

~~~
s73ver_
I don't believe that's the kind of feature being talked about. Rather than new
controls, I think they're talking more about new things to do.

------
ryuuchin
The obvious thing to say is to just get a Nexus/Pixel device and enjoy your
updates but I'm sure this isn't an option for some people.

I think the best thing that you can do to ensure you still get security
updates is either make sure you get a device with an unlocked bootloader or
hope there's a root exploit available so you can put something like
LinageOS[1] on it.

I picked up an Essential Phone (on the cheap) for the former even though they
appear to be getting timely updates so far (one day behind pixel) if you're
willing to sideload with adb (and promises of support for 3 years). Also
managed to grab it for < $150 TOTAL (sprint lease after buyout on day 1). They
really seem to want to offload some of the stock.

I don't think I'll ever buy an android phone that's not a pixel (formerly
nexus) that's not unlocked again.

[1] [https://lineageos.org/](https://lineageos.org/)

Edit: On second thought some of what I wrote is probably not correct[2].

[2]
[https://twitter.com/CopperheadOS/status/852833915073056769](https://twitter.com/CopperheadOS/status/852833915073056769)

~~~
macspoofing
>The obvious thing to say is to just get a Nexus/Pixel device and enjoy your
updates

... for 2 years.

~~~
ryuuchin
It's 3 years now with the Pixel. The Google branded devices have always
received timely updates. That's the only point I was trying to make. I'm not
saying this is ideal, just pointing it out.

Also unless you get the Verizon version it's going to be unlocked so you can
load whatever you want on it.

~~~
slyall
Nexus 5x and 6p was always 2 years of Android version updates plus another
year of security. They have recently increased that by a month or two.

[https://support.google.com/nexus/answer/4457705?hl=en](https://support.google.com/nexus/answer/4457705?hl=en)

Add me to the list of Nexus users who like plain Android with guaranteed
updates but don't really want to pay $650+ for our next phone.

------
jlarocco
Perhaps the real problem is sloppy development practices that make staying up
to date so important.

Unfortunately, nothing is going to change because the companies making these
phones (and other software based products) see it as a way to drive sales.

~~~
willtim
It's even more fundamental than that. The world is built on C and C++, both of
which were designed a long time ago and without safety and security in mind.

~~~
jlarocco
That's true, but it is actually possible to write C and C++ safely, it's just
really difficult and really expensive and requires a lot of discipline, so
it's not very fun.

So crappy code is cheaper to develop in the first place, and then companies
can sell more down the line when new versions have bug fixes and security
improvements. There's really no incentive to change anything.

------
5ilv3r
Stop bundling antifeatures into security updates and maybe people will want
them.

------
nigma
Why software updates and especially security bug fixes are not covered by
manufacturer warranty as it is with hardware issues? Or maybe they are but no
one enforces that?

In other words if I buy a phone with 2y warranty (a standard duration in many
European countries) it would be reasonable to expect that any security updates
(device fixes) will be provided in a reasonable time within that period
starting from the purchase date.

------
b3lvedere
My ye olde Samsung Galaxy S4 mini is better software supported at
lineageos.org than Google or Samsung ever did. LineageOS even plan to support
Anroid 8 on it!

It's better hardware supported at aliexpress.com than any other phone shop.

In its very small lifespan it has become the most modifyable hackable
smartphone i've ever owned. :)

Sadly this is the only way to succesfully update my outdated Anroid device. :(

------
anad7
Part of the reason for this mess is the greed of manufacturers, they want us
to buy new devices every 2 years. Consider mid-range devices from OnePlus,
Xiaomi and Samsung, these are intentionally sold at a lower price to users who
like budget phones and if you would see the device manufacturer distribution
list these devices top the list in number of units sold, this is especially
true in developing countries. These phones seldom get updates after the (T +
2) cycle.

I hope that with introduction of project Treble this trend can be reversed,
Google is literally forcing these greedy manufacturers to include Treble if
they ship devices with Oreo and above, but this doesn't mean we will see
updates as frequent as iOS anytime soon, one thing I observed lately is that
after announcement of project Treble almost all manufacturers are releasing
newer phones with Nougat 7.1, this is funny considering that it's mid November
now and Oreo was released way back in August.

------
XorNot
Up until very recently if I had an old 386 I could still install modern Linux
on it and use gnu apps.

Whereas if I have a 2 year old phone the official story is: no it totally
doesn't work, throw it away.

This is garbage. Phones are a lot more powerful then that 386, what's
different is no one is building to any reasonable standard. Kernel updates
should just work.

------
richsaunders
I'm one of those people. Still using US$100 Asus Zenfone 4, running Android K;
with 8GB internal memory and 1GB RAM. My phone still looking and running good,
no scratches, and no lags. I only use 1.56GB internal memory for apps, nothing
fancy, just some apps that I truly need.

The reason I'm not considering to upgrade my Android is because of this
article: It's The User Experience, Stupid.[0] I already see Android O in
action, and some newest Android devices, but I don't think it's worth my
money. So, I'm planning to keep using my 3 year old phone until it's dead.

[0]: [http://usabilitypost.com/2008/12/03/its-the-user-
experience-...](http://usabilitypost.com/2008/12/03/its-the-user-experience-
stupid/)

------
paulddraper
Outdated device user here. (Android 6.0)

I bought a Google Nexus 5 so this wouldn't happen. But apparently it did
anyway.

~~~
johndoe90
Flash some custom rom (LineageOS for example) and you'll have all the updates
you want.

------
herbst
I have a obscure low level Oppo device from Asia. Its hardly up to date, but
it is still more than i need plus provides a 2 day battery life even after a
year of using.

I think we just reached the point where phones grow in specs we dont actually
need.

The thing is i use my phone mostly like a public wifi. Trust nothing.

~~~
scarface74
What about security updates?

~~~
herbst
Oppo no have. But no seriously there still are some but AFAIK they stop next
year.

------
fulafel
See also:
[https://androidvulnerabilities.org/](https://androidvulnerabilities.org/)

They used more fine grained tracking on vulnerabilities vs Android versions in
the field. Shame they haven't kept updating it.

------
Simulacra
I didn't see it in the article, and so I wonder what the country breakdown for
this might be. I get the impression that in the developing world, where
android has really taken off, the ability to receive updates is diminished.

~~~
averagewall
Importantly, in China, the biggest Android market, none of the phones access
the Play store, so that entire country will be omitted from the data. I'll bet
they're not getting updates either.

------
Chiba-City
I do not enjoy phones except for pocketable phone, camera and map. I still
have an old stubbornly adequate Moto-G. Chromebooks are cheap lightweight
browsing and light typing devices. They work better than fine with no
surprises.

------
coding123
This is why I will only ever buy the OnePlus brand at this point. I used to
buy Nexus until they started skyrocketing the price (Ting user here) not to
mention my last nexus bricked itself when the battery got low.

~~~
nextos
Is OnePlus good at updates?

With CopperheadOS going non-free, but still open, and Pixel getting an order
of magnitude more expensive than Nexus I'm looking for alternatives to run
LineageOS.

~~~
dogma1138
No it’s not the one plus one was killed very quickly. Not to mention it has
its own privacy concerns atm.

------
mamoswined
I have an old HTC Inspire (circa 2011) I still use in my kitchen to control a
stereo system. I'm shocked anything on it still works. It's probably a
terrible security vulnerability I should throw away.

~~~
JustSomeNobody
I have a galaxy s2 skyrocket that I use for music in the childrens' room. It's
fine as long as I don't reboot it. Takes like 8 reboots to get it to recognize
the storage.

------
Sytten
If it is a problem to update smartphones, I just don't want to imagine the
nightmare that is going to be on our doorstep with IoT updates...

~~~
scintill76
To borrow another quip -- the "U" in IoT stands for updates.

~~~
mtgx
Just like the "S" in it stands for security.

------
dbcooper
What do you guys think of Lineage OS and Open GApps?

I put them on an old Nexus 7 (2013) tablet, and they run well. How trustworthy
are they though?

~~~
CaptSpify
I'd strongly argue that they are more trustworthy than the crap that comes
pre-installed on most phones by the manufacturer nowadays.

------
gnu8
Those billion outdated devices are the low hanging fruit screening me and my
fully updated iOS device. I can be confident that casual attackers aren't
coming after me, only the higher tier ripoff artists gunning for iOS users and
the APTs who are attacking my company specifically.

~~~
junkscience2017
No, with certainty your private information has already been stolen or sold
once or even multiple times. Equifax is just the hack you know about. Insider
threats are common and your identity is surely sitting in some giant tarball
that is bought and sold. Until society reboots you with a new SSN, new credit
score, new drivers license...you are already compromised.

In ten years will there even be a single US citizen whose private data is
wholly uncompromised? Doubtful

This is the ultimate data slavery...unable to protect our identifying
strings...and unable to repudiate them when they are compromised. My SSN is
compromised and I am stuck with it for another fifty years...same as you.
Enjoy your phone.

------
friendzis
Anecdotally, vendor released Android 7 for my phone some time spring 2017 -
not the worst case. Although, OTA update fails. The only path to upgrade my
phone is manually flash OS image and lose all data. I'm still running 6
¯\\_(ツ)_/¯

------
iainmerrick
Another interesting iOS and Android comparison: _all_ fully supported iOS
devices on the latest OS -- back to the 2013 iPhone 5S -- are 64-bit. On the
Android side, almost none are 64-bit. Everything besides ARM7 is a rounding
error.

------
sengork
With the sheer number of outdated devices still in use, one wonders what the
real world rates of hacks look like.

I don't think that the two are linearly proportional at all unless individuals
or groups are being specifically targeted.

------
rb808
I'd like to buy an Android Ereader - there are a few but they're all on
Android 4.x, is there a reason for that? I'm guessing its licensing not
technical but I'm not sure.

------
erikbye
Updated my 5s a few days back. Touch ID stopped working and refuse to activate
(error message). Spotlight no longer finds the Calculator app. App titles,
like Messages, have become larger and hence takes up more space. When I slide
an app up to close it, the animation indicating a close triggers, but the app
pops back up, so I have to do that gesture twice now to actually close apps.
There’s more but I’m typing on my phone and that’s horrible.

------
z3t4
I think Google, Apple, Samsung et.al should be upfront on when they plan to
end of life (EOL) their devices. Many devices now a day is SaaS with a upfront
cost. So divide the cost of the phone with how long it will be supported, then
you'll get the monthly cost. Guys! We need a fully open source smart-phone
that can be community supported forever! Why isn't there on yet ?

~~~
dmitriid
> I think Google, Apple, Samsung et.al should be upfront on when they plan to
> end of life (EOL) their devices.

iOS 11 (released in 2017) is compatible with these devices [1]:

\- iPhone 5s (released on September 20, 2013)

\- iPad mini 2 (released on November 12, 2013)

\- iPod touch 6th generation (released on July 15, 2015)

Apple doesn't have to be upfront. Apple users know that the support lasts for
years (iOS 10 was released in 2016 and oldest supported device was from 2012,
iOS 9: 2015 and 2011, previous versions would usually support three-year old
devices).

[1]
[https://www.apple.com/lae/ios/ios-11/](https://www.apple.com/lae/ios/ios-11/)

------
kpennell
I have an old-ish Android tablet and have no idea how to update it. I tried
and quickly gave up.

------
sjreese
My problem is some independent first movers made great games for the Android,
then were force off by slow-to-market game owners - who then produce junk
"official versions" of the same games - all under the guise of security
concerns. To get their way they used the LAW (UCC ) Now we have to have
constant update checks for copyright,trademark,look & feel, and anything else
they can use of themselves ( like echo,google home, vs independent home
automation) or (cloud vs X-drive ) xor (academic library vs paywall library
where every student pays for public domain information) rip Aaron Swartz

------
anotheryou
How are they not all zombies or hit by ransomware?

------
agumonkey
how is postmarketos doing ?

------
junkscience2017
For most users, the phone works and they don't care.

For everyone in my family, iOS updates are just an annoyance.

~~~
jasode
Yes, I think user apathy has to be a big part of it.

I have a 2012 iPhone5 with iOS 6.1.3 still on it. I never upgraded it. When
iOS 7 came out, all the news reports said it killed the battery. Same with iOS
8, 9, and finally iOS X.

Yes, I assume that eventually, iOS point release 7.x.x fixed the battery issue
but I don't care to keep visiting news websites to figure out which exact
version is finally "safe" to upgrade. I don't want to be a slave to the
housekeeping of my phone.

Others say the news reports are alarmist -- all one has to do after a new iOS
release is to dig into the settings and disable all the new
features/polling/etc that eats up the battery. But it's the same situation --
I don't want to put the effort into learning "what's new" that I have to
disable.

On the other hand, I'll quickly upgrade major releases of MS Visual Studio
from VS2015 to VS2017, or upgrade Webstorm from 2016 to 2017.

I was puzzled over my contradictory approaches to updating software. I think I
figured it out: my phone feels like an "appliance" to me instead of a computer
and I don't want to mess it up. Another reason is that Apple won't let me pick
an exact version to upgrade. I can't pick iOS 7.1.2 -- I'm forced to upgrade
to the buggy iOS X or nothing at all.

As a result, I have willingly performed an "IE6" legacy lobotomy on my iPhone.

(As trivia, I also notice that iPhone5s on ebay that still have iOS 6 sell for
a slightly higher premium.)

~~~
scoot
It doesn't help that "upgrading" an iOS device is a one-way ticket.

Religiously updating the original iPad effectively bricked it (not literally,
but to all intents and purposes) years ahead of its natural lifetime, due to
one particular major release that killed performance, reliability and battery
life in one fell swoop.

If there no going back, why would you risk going forward?

~~~
saagarjha
Security fixes, new features, etc.?

~~~
recursive
If you risk losing the old features, that probably doesn't sound too
attractive to most people.

------
mtgx
I wonder if Google will brag about _that_ number at its next I/O event. "We're
now at 1.3 billion outdated Android devices in-use" \- _Applause_

I've lost hope that Google will ever do anything meaningful about this
situation, when they can't even approach the iPhone in updates when their very
own Pixel devices. This is despite now having a standard hardware abstraction
framework for their devices and having a kernel that will be supported for 6
years. Even so, they can't commit to updating their devices for the time these
devices for at least 80% of their lifecycles.

What's a smartphone lifecycle? Well it's certainly not 2 years. The 2 year old
phones will not just be thrown into the garbage. They'll either be sold on
second hand markets or they'll be given to other family members, who will then
use it for at least another 2 years themselves.

Google, and really all makers of "smart" devices, should be supporting
hardware at least until only 10-20% of those devices remain in active use.
Kind of like how Microsoft couldn't quit supporting Windows XP when it was at
20%, even though it was already like 12 years old. Only when Windows XP got to
below 10% or something, Microsoft stopped supporting it for consumers at
least, and even then it will be supported until 2019 for enterprise customers.

Ideally this is how all devices should be supported - until they have fewer
than 10% of the customers use them anymore. But as an absolute minimum, they
should at least follow the 80/20 power Pareto principle, and update the
devices until less than 20% of the people use them anymore.

I know this logic isn't totally alien to Google because they are applying it
to the supported OS versions by their Play services and APIs for Android.

If 25% of the Pixel 2 devices (which come with Project Treble and a 6-year
supported LTS kernel) are still in active use after 3 years, then Google
should be supporting the Pixel 2 for at least 4 years (at least with security
patches). But as I said, this should be the bare minimum, like something I'd
expect from LG. Google should not stop support until fewer than 10% of the
Pixel 2 users have stopped using it.

------
madshiva
The problem is not only with security, ok it's the first problem but there's
plenty of device that can't do any job right now, event if I want use that
mobile for a diy like camera, etc. most of the software no is no more
compatible. I don't understand why we go so fast on the new device when the
majority won't use that damn new API, and all these gadget UI are so damn
useless. Like hearthstone, why didn't you optimize your game for less device
do you really need to do a animation if my device don't support it? just don't
display it!

------
dont_q_oh_me
I don't see how they're "outdated" if they still work and are being used. So
to me, something that doesn't work/isn't or can be used = outdated. There.

------
sharpercoder
The most effective way to solve this is to write a set of exploits that work
on most devices. Then brick all the phones that are vulnerable.

Surely not nice, but users suddenly got cured of their complete apathy towards
mobile phones.

~~~
thomastjeffery
That's not a solution, that is an exploitation of the problem.

The problem is that there _are_ security holes that _cannot_ be patched in the
first place. There is no technical reason that for that to be the case, simply
an arbitrary one: Manufacturers _do not_ allow users to unlock the bootloader
on devices they sell.

