[TheDong]

The Nexus 6 (2014) can still run a version of android with security patches: https://wiki.lineageos.org/devices/shamu/

Google no longer offers security patches directly, but since you control the phone sufficiently to install your own OS, the community can come together and keep security updates flowing. You could do it yourself if you wanted.

Apple devices make this sort of community maintainership effectively impossible.

I know this means practically nothing since only nerds can actually install a third-party ROM, so for the general populace only the "default" security patch window matters, but for the hacker news crowd it seems like it might be a meaningful difference.

[tsimionescu]

But it is effectively impossible on Android as well. Let's ignore for a minute the fact that practically no one can install a custom ROM.

The bigger problem is that a huge bunch of software running on the phone is fully proprietary and closed source, and there are many many different versions for different phones around - making it virtually impossible to do any meaningful reverse engineering. So sure, your main OS may be up to date, but the baseband OS and virtually all of the device drivers will be left vulnerable, and they have just as much if not more access to the data on your device.

[dangus]

Is my grandma going to install a custom rom? If it’s not over the air it might as well not exist.

[mattigames]

Maybe you could be a good grandson and do it for her?

[mattl]

I don’t consider it a good thing to install a custom OS for someone and not give them the same level of support.

[fh9302]

Does that include updated drivers? If no, then there are still many unfixed security vulnerabilities.

[mrcarruthers]

It's all well and good to say "oh you can just install a custom ROM". But you (and many here) can do that. Because you're technically inclined. But the vast majority have users have no idea what the hell you're talking about. They barely know what a security update is or what version of Android they're using, let alone being able to find, choose, and install a ROM.

Can we just choose to stop suggesting it as a legitimate solution cause outside of this bubble, it absolutely is not.

[realusername]

people don't know how to install Windows either. In theory they could go to a shop to update their phone like their are doing with Windows but the reality is that nobody cares about updating their phone.