Hacker News new | past | comments | ask | show | jobs | submit login

Somehow firmware updates should be enforced by consumers.

It doesn’t help, that there are so many different smartphone vendors, and the most of them are pursuiting only for sales. New chips are coming constantly, and old ones get forgotten, left unpatched.

Is the future of the smartphone market of secure phones only in the hands of big ones (Apple et al)?

What's really needed here is for the tech press to make this a priority when reviewing devices, which they currently don't. Right now consumers aren't aware of how important it is for the device to have drivers in the mainline kernel tree to avoid getting pwned.

Not having that should be an absolute bar to a device making it onto anyone's "recommended" list.

At which point device makers would prioritize not getting panned by reviewers and losing many sales just because they couldn't be bothered to get their drivers into the kernel tree.

> Right now consumers aren't aware of how important it is for the device to have drivers in the mainline kernel tree to avoid getting pwned.

Customers are actively hostile to updates, because they hate UI changes.

If you want customer uptake of updates to be higher, uncouple them from UI updates.

Or just stop making pointless UI changes. But that's not really the point.

Right now most Android devices come with a custom Linux kernel, and you can't just use the vanilla kernel instead because it doesn't have the drivers for the hardware. Which means that when the OEM stops supporting the custom kernel and it has vulnerabilities in it, you can't replace it with anything on that hardware, so your choices are to stay vulnerable or throw away the hardware.

If they'd spend a minimum effort to get their drivers into the mainline kernel tree, the hardware would work with any version of the kernel without needing special support from the OEM, so then it would keep working with new third party kernels indefinitely -- even if the OEM goes out of business.

But reviewers don't distinguish between the devices that have this and the ones that don't, and don't tell consumers why it's important, so consumers buy devices as if it doesn't matter, when it does.

That would be the free market way. Apple has a track record of patching even low level issues for a very long time after sale. If that is something you care about, then you buy the product that supports that.

Perhaps we should also block malware infected devices from using the internet as well to stop there negative external effect on the rest of us.

I care about phone security but also about privacy from corporate entities and control of my own devices. Our sorta-free market does not serve this demand. Voting with money just doesn't do anything to counter supply-side solidarity. I.e. leveraging the indisputable utility of their products to force hostile spyware and dark patterns onto people and abuse them.

As for disconnecting malware hosts, we could only block what we could identify & verify as malicious.

For voting with money, consider Librem 5: https://puri.sm/librem-5.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact