[nevi-me]

Could Google possibly be able (before were discuss willingness) to push an update to root certificate via Play Services?

I'd like to think that anyone not using Play Services (i.e. Android with no Play) is likely using a custom browser, and would heed a call to switch to Firefox.

The problem with some devices in Africa would be that many people will using older phone often don't have enough data for the big Play updates to succeed.

Teens often buy 10-100MB of data so they can use WhatsApp. (If you're from Southern Africa, and disagree with this, hit me up, you probably need to spend some time in a village ;) )

[toast0]

No play services on an Android phone in the US probably implies willingness to tinker. No play services on an Android phone in China only implies it's an Android phone. In the developing world, it most likely implies a very low cost Android phone of Chinese origin.

Bundling things that need timely updates with the OS with no mechanism to update them individually is a design error. Things like root certificates, time zone databases, leap second information, and even TLS libraries need to be updated on a regular basis. These items should be distributed outside of the general upgrade process, even if the general upgrade process worked (which is clearly not the case). Alternatively, root certs and TLS libraries could be bundled with applications as needed. You could probably have a stable core x.509 library and cipher algorithms bundled with the OS, so that the application level TLS library can be kept small. You still need to get tzdb updates out though.

In an ideal world, large OS vendors could work with carriers to get this small set of updates zero-rated in exchange for making sure they are very small and background downloaded only at times of low network congestion.

[sandworm101]

In an ideal world carriers wouldn't have a say in what software updates were installed on my phone. Comcast doesn't control the software on the computers it services. Why should Telus control what updates are made available for my phone?

[freeone3000]

Because they're the ones who push updates over the cell network. Comcast absolutely controls what software you run on your modem. You can update "out of band" manually, at least on recent Android Pixel phones. Any other manufacturer could also make their updates public, but since installing the one not for your carrier band makes the phone unusable as a phone, it's not likely to be common.

[fishtacos]

Comcast has 0 control over what runs on my modem (Spectrum in my case). As long as the modem is DOCSIS compliant, it will work.

The same applies to unlocked phones. The service provider has 0 control over what I am running on that phone, and they don't control the updates (the OEM does), but as long as the baseband firmware complies with established standards, the phone will work. This was mandated by law some years back in the US and I am certain it's been the case in the EU for longer.

What you seem to be referring to is telco customized phones (subsidized ones), and in those cases you'd be correct.

[ocdtrekkie]

Because security and privacy is the compromise Google made for dominance: Letting OEMs and carriers do what they want is what sold them on Android.

I'd absolutely agree that this is a design error though: We'll be better off when Android is dead and gone as a platform.

[young_unixer]

Can't you buy hardware directly and then just put the carrier's SIM card?

[floatboth]

Starting with Android 10, Google can push updates to lots of system components (media codecs, android frameworks, tzdata, …) https://android-developers.googleblog.com/2019/05/fresher-os...

But those on older versions are screwed. It's really a major fuck-up that Google didn't do this for root certs since the beginning of Android.

[cassepipe]

Actually I was surprised that there would be such an easy fix : Switching to Firefox. Which is apparently around 70MB, apparently affordable from what you wrote and definitely worth it if it allows you to unlock a chunk of the internet. So no need for an improbable and costly Play update.

[qqii]

That won't fix any other apps though will it? Anything that uses chrome webview for example.

[cassepipe]

Oh, I did not think about that. On Android 8, you make firefox the default ... (renderer ?) for other apps but idk if it's the case for older versions of Android. On the other hand, as others have said, these devices are generally quite painful to browse on so accessing the wweb version of many apps could be a solution, plus firefox will let you place shortcuts on your home screen . I also wonder how LineageOS works on those old devices. Could be another solution.

[im3w1l]

I know little about conditions in African villages. Do they ever make city trips where they have access to free wifi with unlimited data?

[trillic]

How much does that much data typically cost??

[DominikPeters]

Here are some South Africa prices: https://www.mtn.co.za/recharge/data

Valid for a day: 25MB for $0.32; Valid for a week: 50MB for $0.64; Valid for a month: 100MB for $1.28, 1GB for $6.35