[bb88]

That's actually a real issue that needs addressing. Any phone that makes 911 calls should still get security updates. All phones that can reach the cell network can still make 911 calls per FCC requirement.

Imagine the worse case scenario where malware infects the phone but requires a credit card to call 911.

Maybe congress will get around to this to make Google and everyone else do the right thing, but from my perspective Google should have done the right thing here.

[earthscienceman]

Worst case scenario? Sounds like best case scenario to me so long as no one is harmed.

It will take some horribly idiotic event like that to get the manufacturers to actually address that when you sell a phone you're selling hardware and software.

[Dylan16807]

> Worst case scenario? Sounds like best case scenario to me so long as no one is harmed.

It's hard to see how that wouldn't cause some ugly delays, so yes people will be harmed.

[bb88]

Sadly, yes. Though it's already happening, just not in that vile of a situation. Yet.

[onion2k]

If Google are concerned they could fix it more easily that a software update for older, unsupported phones - they could just mark every app that registers itself as a third party dialer as incompatible with older Pixel devices in the Play Store, and remotely remove them from Pixel phones presumably. It'd be a bit "user hostile" but you have to remember that you don't really control the code on your phone if you use Google services, so it's entirely possible for them to act this way.

[CuriousCosmic]

The thing I think people are missing is that the response from Google indicates that this isn't a Pixel issue. This is a "all android phones on Android 10+" issue.

Without full cooperation from manufacturers, there's really not a lot that can be done outside of blacklisting all dialer apps on the Play store and even that would do little for anything already installed.

[bb88]

I think you miss the point here. Security updates for phones need to be longer than 3 years -- for that reason.

The pixel 2 is already EOL'd 4 years after it's release, but it can still make 911 calls. I believe there are people that still depend upon that phone to make phone calls -- and therefore need 911 when they need it.

[CuriousCosmic]

Oh definitely. I wasn't disagreeing with that aspect. Everybody had been focusing on how the Pixel line would be able to solve this issue which kinda ignores that bigger issue that the entire industry needs to be maintaining these security updates. There's no good reason for OS security updates to be gated behind manufacturer control.

[bb88]

Yes, but I think the issue I see is that all exploits that gain root post-EOL could then interfere with dialing, right?

It's not just some bad-app on the play store (though that is one approach I believe google could use).

It's the fact that the android OS is EOL after 3 years, and the user is still using it as his main phone -- and needs 911 services.

[onion2k]

EOL does mean something. I don't believe 3 years is long enough personally, but even if it was 10 years the same problem would exist, just for older phones. Then it becomes a semantic argument about where phones should ever have an EOL date for critical fixes.

I think Google would argue that malware interfering with your phone after its EOL date is a reason why you should upgrade your phone to a newer model rather than use that as a reason to extend the life of their phone software indefinitely.