Originally Posted by
Rukbat Since most people replace their phones every 21-24 months, 18 months is a good interval. But just updating to update is a waste of time, money and resources. You update software when it becomes outdated - usually, in a phone, that means an exploit that can compromise security. You don't update the phone's software to keep it current with a phone 2 models later.
So if there's no exploit, you're not going to see an update. And you may not see an update for a flagship phone if a new version of Android comes out.
I understand what you are saying. But there are hundreds (if not thousands) of security threats that never make the news, but the phone should still be updated to protect against them by the OEM's. I think this is Googles point. You don't know how serious a security threat is until it is too late.
As too new Versions of Android type updates, I think if a phone is less than two years old, it is the responsibility of the OEM's to update it. That is my opinion of course.
With what 7-8% of devices running Marshmallow and we are on verge of N, I think that is pretty bad. Bottom line, if PC's had this kind of update pattern, our world would be over run with viruses and stolen data. Smart phones are taking over, so if things don't change soon, it is going to get ugly. When you experience identity theft for yourself like I have, you might feel different. So for me, I think Google needs to use whatever tools available to make these OEM's be responsible. Even if it is public shame.