Many manufacturers haven't quite got over their liking of tethering to a computer to apply software and updates. For example Samsung has Kies (although you can often do OTA too). For one of my phones (HTC/Tmobile G2), there is an update available but it can only be installed over a cable from a Windows computer and completely wipes your device in the process. (I used CM instead.)
The real problem that has to be addressed for his contention about automatic updates is economic. Things that are sold have the payment upfront (eg operating systems, phones). There is usually no economic reason to have updates. The reason why they are done is to avoid losing customers, or because of (possible) harm to the vendor and their partners. At the moment this is a strong effect on operating systems, while almost non-existent on Android handsets.
Did you really need to phrase the criticism this way? It seems unnecessarily confrontational, and serves only to detract from the rest of your (well-considered) points.
Why not "The author appears to be unaware of the realities of Android updates."?
I read HN comments because there tends to be a far higher level of civility than (for example) reddit technology threads. It is a simple thing to foster a better atmosphere, but it makes all the difference in the calibre of the discussion.
"Is it hard to update? No! Android devices can be upgraded through the settings without having to pay for the new version. Here is how simple it is!"
My manner is to be direct and to match the rhetoric of what I'm responding to. You are right that it can be seen as unnecessarily confrontational - please downvote as appropriate.
AFAIK, only Google devices (Nexus*) reliably get the latest updates. Handset manufacturers profit when customers buy new phones to get new software features; free software updates dip into those profits.
The purpose of the article was to focus on why A]auto updating is beneficial from a security standpoint. I'm assuming the end user doesn't want their device compromised. They want security baked in.
I also agree that automatic updates don't make sense from an economic standpoint. But, users assume applications are secure when they purchase. It is up to the manufacturer or the developer to make sure the users of their applications and devices aren't being compromised because of their mistakes.
It is far more complex than that. How many users have no lock screen, weak passwords, use old versions of operating systems, let others play with their devices, share accounts etc?
What a user wants is for their devices to perform a job such as communication and entertainment. It gets very confusing for technical folk who then fail to distinguish between goals and tasks. (The software we write is focussed on tasks.) Here is an excellent article on the distinction: http://www.drdobbs.com/goal-directed-software-design/1844099...
"security" as such is not a goal - it is more an annoyance. It is why you have to have a lock screen (which gets in the way of the goals), "strong" passwords, and worry about compromise. Performing maintenance (which is what updates are about) are also not helping the goals - they are actually more work that also gets in the way of the goals.
A good way of looking at security is not as a binary on/off thing, but rather as an expense for someone who wants "your stuff". Does it cost an attacker 1 cent, a dollar, a million dollars? If "security" was part of the purchase decision process then it would be mentioned in the specs in some sort of measurable way.
Ultimately what will happen will only happen because of the economics or laws. Laws that try to put liability on the developers won't work for many practical reasons. What would be most effective is for it to be easy to for consumers to respond by taking their money elsewhere. This happens when there is low barriers of entry to the market, and low/no switching costs, as well as the items being relatively cheap. This is happening to various degrees, although it is fought tooth and nail by some (eg carriers in the US).