Samsung has now confirmed that the Galaxy Note 5 and the Galaxy S6 edge+ will no longer receive monthly security updates. It’s not surprising as the Galaxy S6 has already dropped off the list of devices receiving monthly security updates earlier this year. The aforementioned devices will not be receiving security patches regularly every month going forward.
Those are €800-1000 computers released only 3 years ago, probably available in stores for years, maybe even now – and just like that, no more security updates. Why do we and our lawmakers just allow these companies to get away with this? It’s high, high time we mandate a minimum lifespan for these expensive devices.
I have a simpler solution: consumers refusing to buy devices that don’t get updates.
I know, I know, it’s a reflexive statement from a European citizen to call for more government, but a law like this could make such devices more expensive. Meaning less European citizens could afford them, giving an edge to countries without such laws.
Also, this law could be another example of protecting big companies. A small startup, offering services to upgrade such devices, will have to cease operations.
He said “mandate a minimum lifespan”, not “mandate OEM-provided updates”. There are various ways to accomplish that goal.
Heck, by some definitions, that constraint would be satisfied if smartphones were as open, driver-wise, as Linux on x86, regardless of how long the OEMs actually took responsibility for producing software updates themselves.
Edited 2018-09-05 23:40 UTC
ssokolow,
Exactly! This would be a non-issue if the open source community could support the phones themselves. That’s always been a problem especially with mobile tech, not necessarily that the manufacturer dropped support, but that the manufacturer has a monopoly on support in the first place.
It would actually be less work for manufactures to allow the community to support their customer’s phones, the reason they don’t like this is because of their conflict of interest. We must understand that from a business perspective, killing off older devices is actually one of their goals. They don’t want to risk anyone extending the life of consumer goods, even if the hardware still works, and even if someone else did it for free.
Consider the math, for example a $600 phone with 3 years of support with 200k units sold for $120M. To increase support to 5 years, manufacturers would have to pay a couple of developers to backport bug fixes. Having done this work myself, it’s certainly doable for one developer on a part time bases, but even if they are very inefficient it should cost less than $1M for those two years. This works out to about $5 per phone, which is quite reasonable.
Revenue lost to decreases in sales caused by extended product life-cycles, every additional year of support has a $200 new sale opportunity cost. So increasing support to 5 years would potentially cost $80M in lost sales. In order to make up for lost sales with 5 years of support, they’d have to tack on an extra $400 per phone!
We can run the numbers different ways, but it’s not even close. However we look at it, it’s clear that support costs are a drop in the bucket compared to to lost profits associated with the longer product life-cycle. This is fundamentally why manufacturers aren’t solving this problem voluntarily. It has very little to do with the cost of support (even if it were free) and everything to do with wanting customers to buy new phones.
I worry about all the environmental damage these companies are needlessly causing our planet; we should be more careful. Unfortunately corporations only respect profits, and that’s pointing in the direction of shorter product life cycles with planned obsolesce.
Edited 2018-09-06 02:42 UTC
Not true: Fairphone has been putting out security updates regularly for the Fairphone 2 and even shipped a major upgrade (5.1 -> 6.0) with 7.0 coming soon. If they can pull it off with a staff of only a few dozen people then I don’t see why others can’t.
7.0 coming soon while we are already at 9.0?
Google has had so few OEM upgrading to Oreo that they are finally requiring updates as part of the device certification processes.
https://android-developers.googleblog.com/2018/08/evolution-of-andro…
I have voted you up, though I do not agree at all.
Leaving the government out of the equation is not a good approach. It is like saying there should be no compulsory testing and no regulations to ensure that appliances are safe, and let the public decide if they buy one that can burn their house down. Because oterwise, consumers and local dishwasher makers will be in a disadvantage to those in countries where electrocution, fire and flooding are no issue.
With a complex issue like this, it is much more so, with 99% of the population completely unaware that such an issue exists, much less such a remedy as frequent patches.
At the very least there should be a wide campaign to teach the consumers the dangers of shitty software, and promote a compulsory, prominently visible seal in the packaging that lets you know what the update policies are: something like “OS upgrades until 2020; Bimonthly security patches until 2022”, and so on. Then, upon some concrete information, people could decide.
Anyhow, the government is there to ensure citizens are safe when buying anything that is allowed to be sold, and citizens expect merchantability by default. There are technical regulations for just about everything, be it in Europe, USA, Japan or Korea: I fail to see why dangerous shitware should be the exception.
An excellent, testable hypothesis. Since it didn’t happen, we can expect that it won’t.
Why do you still believe in that nonsense?
Well, if consumers are not interested in that, why do you think the market should offer it?
It clearly is a non issue for consumers.
Only some IT people get all worked up about this.
A lack of awareness doesn’t eliminate a problem. Why are you free-market ideologists always so fucking retarded?
Don’t buy devices from vendors that refuse to unlock your bootloader. You don’t own your device if you are at their mercy for any sort of updates.
Edited 2018-09-06 00:20 UTC
Yeah I am going to rip out the stock ROM for an unintegrated ROM like LineageOS – not. Manufacturers should provide updates, but they aren’t legally obligated too and nobody except us nerds care enough about it
kurkosdr,
Your point is well taken, however I think if the specs and bootloaders were more accessible to developers that we could actually end up with open source that rivals the original experience, akin to dd-wrt. It’s the fragmentation combined with roadblocks to obtaining development information needed for every device that kills 3rd party innovations to the point that many would be devs/fans just give up.
If it weren’t for software changes, these devices would continue to do everything they did the day they were purchased.
I don’t see what’s wrong here.
You seem to think the company that sold the device should continue to offer you free service on that device instead of you purchasing a newer device. Am I restating that correctly?
More like planned obsolescence via locked bootloaders and the use of short-lived closed-source drivers written against a purposefully unstable kernel ABI intended to deter them.
Desktop and laptop PCs don’t have that problem. Heck, there are perfectly good examples of doing it in a less obsolescent way. For example, the GPU in the TI OMAP3 chip used by the OpenPandora handheld has all the closed-source bits in userland and both AMD and nVidia do a good job of providing nice long support windows for their GPU drivers, Windows or Linux.
It should be illegal to apply planned obsolescence tactics to an $800 device.
Edited 2018-09-06 01:29 UTC
Desktops don’t have yet that problem.
Laptops are becoming what computers used to be, before Compaq made it possible for PC Compatibles to go wild.
All thanks to thin razor margins and computers reaching appliance status.
I think an 800€ device produces more than razor thin profits.
My first laptop was around 1 500 euros and it was pretty cheap compared with the alternatives.
I mean, I don’t need constant OS updates for 5-10 years, but not getting security updates on $500+ devices after 2-3 years is ridiculous.
Exactly, including any security flaws they may have that leak credit card information, location, and other personal info.
That’s the problem when you suddenly start carrying a pocket computer everywhere and using it 24/7 for everything. It’s your own damn fault.
and the court of law.
https://www.zdnet.com/article/no-samsung-doesnt-have-to-keep-patchin…
Each manufacturer has to be blamed per se but above all Google is responsible for still keeping up with all this BS.
Edited 2018-09-06 04:56 UTC
It’s your own damn fault for pretending you can’t live without a smartphone. If you really need to satisfy your Twitter/Facebook/whatever addiction, then you’ll have to deal with vendors f***ing you in the bum in various ways, such as dropping support as soon as they please. Take it or leave it. It’s not like anyone is forcing you to buy that €800-1000 computer.
https://www.blog.google/products/android-enterprise/android-enterpri…
Some of the Android Enterprise Recommended requirements and best practices for rugged devices include:
* Delivery of Android security updates within 90 days of release from Google, for a minimum of five years
* Support for at least one additional major OS release
Of course I personally think that a device should receive all major OS releases 3 years after the OEM stops selling it and this worked quite well for my Nokia Lumia 1520 and will hopefully work well for my Nokia 7 Plus with Android One
Probably why Apple supports its phones for so “long” – since old models are pushed on consumers much longer than by other manufacturers, they aren’t supported that long since the end of mainstream sales at all…
TLDR: Limited choice in hardware results in the best upgrade policy.
There are a whole bunch of Android manufacturers selling all kind of devices, but only Apple makes iOS devices. That means that if you want an iOS device but don’t want to pay flagship prices you are going to have to buy an older model iPhone and Apple will have to keep making and selling these older models to maintain a relevant marketshare. Of course Apple cannot sell unsupported devices so they have to support their low-tier devices with support. Apple has chosen to support only their latest OS-version so everyone, also the low-tier devices get the latest OS-version. In the past the result was that my iPad 2 became slower and eventually unusable because of these upgrade policies, but nowadays the hardware in even low-tier devices doesn’t struggle with just running the OS anymore so this works out very well for iOS.
Agreed; my point simply beeing that extended support period of those older models isn’t that long as most commonly seen comparisons (from the start of sales) would suggest…
Back in the 1960s Mercedes offered a SIX month warranty on their cars in Australia. These were up to 100x the price of a Galaxy S6 adjusted for inflation.
Edited 2018-09-06 09:01 UTC
Curious, since Mercedes cars have a reputation of being among more long-lasting ones.
Had. Now they are at the bottom of the list along with with Volkswagen and FCA. At least FCA doesn’t change the moon, do they are actually the most honest of the bunch…
Well, since the old ones are long-lasting, and the new ones expensive, there’s a lot of the former so still sort of “have”
(also, VW/Skoda are rather nice (helps that VW tech is introduced in them later, so ~debugged) and inexpensive)
Precisely why my Galaxy Note 3 was my last Samsung phone. And my last “flagship” too. I’m feeling better having bought a $200 Asus phone, looks like updates last a bit longer, and I won’t have to regret my money if I have to abandon it in 3 or 4 years.
Also the reason why I would buy any windows 10 phone if one was released. When you see how any simplest win10 barebone PC gets updated every month and how long this lasts, it would really be a deal.
Rofl. Guess you missed the whole Windows Phone fiasco, where people who bought into one version had no upgrade path whatsoever and were basically told to go fsck themselves or buy a brand new phone?
Microsoft still supports their discontinued Windows 10 Mobile line actually. In fact, they’ll continue support a few phones (like my Lumia 950) until December of 2019. Also unlike some companies where ‘support’ means “we’ll help troubleshoot but won’t issue any updates”, Microsoft still sends out security updates for Windows 10 Mobile. I’ve gotten several since they announced the discontinuation of the product line.
https://support.microsoft.com/en-us/lifecycle/search?sort=PN&alpha=W…
As an aside, it struck me while looking at that chart that Microsoft is one of the only mobile phone companies in recent memory that actually committed to a defined support period. Most everyone else supports their phones for however long they feel like doing so.
Edited 2018-09-06 19:54 UTC
Matter of fact, I didn’t, as I didn’t miss the WebOs fiasco, either (and I regret the latter much more than the first one…). But my option is not for a windows phone but a real, classic x86 modded to a phone.
To be clear : I own a Pipo X8 barebone, I paid it about $150. Runs Windows 10 night and day, I never booted the android partition (and I even wonder why I never deleted it).
Just add a (even big) battery, change the format and add phone features, it would have everything I would ask from a smartphone. I’d buy this blindly, because I’d be pretty sure the support would be long…
Edited 2018-09-07 10:18 UTC
They are still being sold.
e.g. here: https://www.amazon.com/Samsung-Galaxy-Note-Black-32GB/dp/B013X8XQY2
That’s one of the reasons, why the corporation where I’m working at has a “No-Android” policy.
I am using LineageOS on my Moto G4 (it’s perfect) and on my Samsung Galaxy S5 (it’s almost perfect). Now I ordered a “new” Nexus ^for 150 US$ on Ebay, planning to install LineageOS too, so I can get Oreo. My other older phones are for my kids. My rule is that a phone should not cost more than 200US$.
While less than $200 US sounds ideal, I find most decent phones in this price range are Chinese models with built in security back doors.
Edited 2018-09-06 16:30 UTC