Hacker News new | comments | ask | show | jobs | submit login

If you want the quickest Android updates, you'll need either a carrier unlocked Google Pixel, or an Android One device. These are devices where there are fewer hurdles between a patch and your device.

If, for example, you have a Samsung device from Verizon, it goes something like this: Google releases new source code containing patch. Samsung takes a few months to roll it into their updates, and sends it to Verizon to Q&A. Verizon either pushes back or accepts it after some time. That whole process takes far longer than it should, partly because they are mixing security and features in the same updates.

Thanks, so I gather it's normal to expect significant delays in security patches for most Android phones, with some exceptions.

People are talking about how _old_ phones don't get patches at all, but even most _new_ phones have "zero-day" vulnerabilities (cause zero day lasts for months apparently) for significant periods.

What a world! How is this okay?

How it's OK is likely because there hasn't been a huge category-5 fuck up yet. Or at least none that we know of. Some of this is probably from sheer luck. Some of it is probably from some decent security design baked in like sandboxing and the like. The first time it becomes public that 80% or more of Android users just had their personal info stolen, it'll suddenly become not okay. Especially if that user group contains significant amounts of celebrities and government types.

It's not all doom and gloom though- there have been improvements. Different partitioning schemes, breaking out core services out of firmware and into the play store, etc. It's just that thus far Samsung, the biggest Android player by far, has decided not to implement all of them.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact