[exDM69]

Yes, they should use modern kernels but that has not happened yet. I am appalled by the practice of keeping customers on old software and sometimes even without proper security patches.

I hope regulators (EU in particular) will act on this and require manufacturers to provide support for products for a reasonable amount of time.

Devices should be clearly labelled with a "best before" date, until which the vendors should provide (at least) security updates. Right now the situation is unbearable, you buy a phone for $200 to $700 and you don't know how long it is good for. A technically oriented or security minded person can deal with the situation but almost everyone has a smartphone. Billions of unsecure devices out there isn't good for anyone.

It shouldn't be unreasonable to assume that a smartphone should be good for 5+ years.