The year is 2020. The topic? Update prevalence & support within the Android ecosystem.
Google had not long dropped the requirement mandating three* years of security updates for AER devices in favour of OEM update transparency statements – which is still a bad idea in my opinion – and I found myself expressing displeasure at the thought of long term support akin to iOS and desktop operating systems rapidly returning to little more than the pipe-dream it had been for so long.
Around the same time, Google published their annual Android Security Transparency report showing an ever-improving percentage of ecosystem partners publishing security updates within 90 days (around 80% across over 800 models with >100k units in the wild) and given the AER news I struggled to imagine this improving far beyond without big changes made by a select few historically problematic OEMs that made up a growing proportion of devices on the market at the time.
* AER has technically always mandated two years of security updates, with a further year of critical update support as needed, but nevertheless.
That isn’t likely I assumed, given Google’s typically softly-softly approach to making ecosystem partners fall in line, as evidenced through a history of proposed CDD changes ultimately dropped before release due to pushback or reigning their enthusiasm back in, but Mr. G was adamant it’ll continue.
So we made a bet.
Either it stagnates/decreases resulting in a static or downward trend, or it grows through the 80’s and into the 90’s over the following months, showing an upward trend. Loser buys a steak dinner. It’s not a 1:1 of the issue I took originally with the ecosystem dropping updates for supported hardware sooner, but it’s a decent ecosystem indicator nevertheless.
Looking at the transparency report today, it would appear I owe Mr. G a steak. Although it peaks and troughs in line with devices being added to and dropping off the list as they launch/fall outside of the 24 month window, there’s a clear upward trend that’s steadily grown since Dec 2020 when the bet was made through to when data stops in September.
That means consumers and organisations who’d purchased devices launched in the last two years of Sep 2021 are highly likely to be receiving regular security updates, though for how long is now entirely down to the OEM and no longer guaranteed or enforced by Google.
This is looking less impressive, and is covered off in detail here.