Gadgetory

hello I'm Gary Sims and this is Andrew authority now you might find the title of this video a bit shocking but actually a recent report has shown that lots of Android OMS are not providing the kind of updates that we need so that we stays secure when we're using our Android smartphones so why does it appear that lots of the Android OMS are treating their customers in a very different way to maybe like companies like Apple and how they treat iPhone users what if you want to find out more please let me explain ok so what the new report has shown is that some Android OEMs are not shipping security updates for their devices in a timely manner well that's not really news because we've known that for a long time but what the report was also highlight is that some OEMs actually say this ship patches and they change the patch date in the patch level but actually they don't apply the patches at all to the devices now how can that be why are they lying to their consumers so much and what would happen if a company like Paul did something like that so let's first of all look at the fundamental problem with patches and the Android ecosystem here is a quote from the FTC from a report it published this year the Android mobile ecosystems diversity provides extensive consumer choice but also contributes to security update complexity and inconsistency and as a result of this great choice that we've got for Android phones you can pick up phones that are kind of like you know $100 or even at under $100 right up to phones that cost $800 and there's a whole bunch of features and differences between those that great diversity that great choice that we've got means there isn't just one version of Android that Google release and it gets applied to all phones in fact every OAM has to provide their own device independent version of Android that gets shipped to the owners of those particular devices and the FTC goes on because of the complexity of the mobile ecosystem the security update protests can be complex and time-consuming so what happens is when Google releases a new version of Android with some security patches in it those changes get pushed out to just every single OAM manufacturer and they have to then apply those patches to their version of the firmware then that firmware has to get shipped out to each of the individual handsets I thought oh throw into that mix the whole idea of the carriers and the fact that they have control over the software that goes on their handset and sometimes they've included bundled software on the handset and of course they have to all be tested and the labs that the the carriers have have a limited number of resources the result is that it actually take months or even years before software updates finally arrive at an end device I really hope you're enjoying this video if you are if I remind you there is now a separate gary explained youtube channel and there i cover lots of technology outside of mobile so if you're interested go over to youtube.com slash gary explains and i'll see you there now the situation with Apple is different for two reasons first of all of course Apple have a limited number offer phones and when we talk about the iPhone we're actually talking about maybe three or four of the current models that are available so we're not dealing with you know thousands of different molds that exist from LG and Sony and Samsung and HTC and LG we're just dealing with one company who have you know three or four models that are currently being supported and the second thing we have to know is that Apple way back when it launched the iPhone basically said to the carriers we provide the software we're not going through you we then you can use your network but actually the software updates come from us and so as a result Apple have been able to push these updates directly to the iPhone without having to first verify on every single carrier in every single country in all the major markets around the world Apple just release it and it goes out to the phone but if you think about Android globally as a big thing and you've course you've got all these thousands of different handsets you've got all these different OEMs but if you think about an OEM a single manufacturer well actually you know LG have got a limited number of phones and Sony have a limited number of phones and Google itself has a limited number of phones so they in themselves can behave very much the same way as Apple do because LG aren't responsible for the patches that apply to Samsung phones and Samsung are responsible for the patches that apply to you know Nokia phones so each of these companies can take responsibility for shipping out these security patches and also really the telecom providers the carriers really should just renounce any ton of control over the software that's being updated because it really is a bottleneck that stops the software getting quickly and in a timely manner to our handsets so from this point of view I have squarely blamed the OEMs and the carriers for this long delay that it takes for patches to arrive on each of our individual handsets now of course group will also have a part to play in this they had ship out the software it's open source software or they ship out the software to their partners and once they've done that they really have done their part and of course they've been trying to minimize the changes that the OEMs have to make to speed up this process as much as they can over the last few years they've been several changes that Google of introduced to try to speed up this whole process for example many of the components like Google Play services and the built-in web browser and fundamental apps are now part of the normal app store so they get updated so when a bug is found in the web browser that could actually cause some nasty things to happen Google can update it directly and it gets pushed down to your phone without any of the carrier's having any kind of control or any of the OEMs having any kind of influence over this at all and of course there are now things like project treble which came out with android 8.0 Oreo that should speed up the time it takes for an OEM to actually ship the update to their customers and of course when you look at the companies that are guilty of these delays and guilty of not shipping the patches you'll find that Google isn't one of them Google provides updates for its pixel devices up provide updates for Android one devices quickly and timely just in the same way that Apple does for the iPhone and in fact there are other major manufacturers like Samsung and Sony that also act and behave responsibly and get out the security updates on a fairly quick and timely basis however once you go outside the major Tier one OAM you start to go down to the smaller OEMs and we're talking HTC knock here we're talking LG we're talking TCL we're talking oneplus we're talking ZTE once you get down to these companies we start to find that many of them have actually been skipped patches or they've been long delays in getting the patches out and in some cases they haven't even provided the patches at all now one of the big culprit seems to be media taking all of this because often the software that's being shipped on these Android devices comes through the SOC manufacturer because of course they have been able to create the software and tune it for their particular chip so often an OEM will be relying on media tech or Qualcomm to send the latest software to them and they will then pass that further down the chain to the handset owner and the problem is mediatek seem to be very bad at not applying critical patches when they should do so why is it that there are some companies like Apple and some Android companies like Google itself and Samsung and Sony that are able to treat their consumers their buyers of their devices in a responsible manner but there are seems to be a whole bunch of other OEMs that are being irresponsible when it comes to security updates well I would like to suggest there are three reasons the first reason is money if you're buying a device for $100 well you're getting $100 worth of device and that includes after sales service your hundred dollars has to include all of the manufacturing costs and the shipping costs and the advertising costs on the R&D cost and it has to include the after sale servicing costs so if you only paid $100 for the phone that you're going to get $100 worth of updates afterwards if you're paying six seven eight hundred dollars for your device then you can expect a greater level of after sale service the second point is an OEM attitude towards security and when I mean OEM I also include the chip maker like mediatek in that they don't see security as a big deal and that's partly because it's an extra cost it's a headache it's a pain that they have to deal with so they just push it away and say oh it's not that much of a problem but also of course Android has multi levels of protection so for example because there is a Play Store and Google kind of keep an eye on that Play Store and they have various kind of security measures in place the chances of you getting hold of an app that deliberately kind of infects your device or tries to hack your device so that can then do things like steal your credit card information or still other parts of your personal information is quite low not impossible but quite low and so therefore the OEMs kind of say well Google are doing their bit and you know it's all it's all going to be ok and the third problem is partly to do with the attitude of Chinese manufacturers now Chinese manufacturers are very much into the idea of develop it quick ship it cheaply and then move on to the next thing and so this culture of well you bought that phone last year that's not our problem anymore and of course that extends also to how they treat copyright laws also extends to how they treat intellectual property in general this kind of blase approach to consumer services is actually reflected in what we get in our nrn devices and many of the companies that are listed on the report as being bad companies when it comes to security updates and even lying about the security update have strong connections with or are based in China whereas many of the other companies like Google for example and likewise Apple are actually American company Samsung of course is a Korean company and so on so part of the problem is the mentality of the Chinese electronics consumer market well my name is Gary Sims and this is Andrew authority I really hope you enjoyed this video please do give you their thumbs up please subscribe please hit that Bell notification icon so you become part of our notification squad please do tell me what you think about this video in the comments below and well that's it so I'll see you in the next month