[jusben1369]

It's really a non event. So much of what you need is no longer at the OS level but at the "Google Play" level if you will. iOS trains you to equate "great new stuff == OS upgrades" but Google has taken a very different route to ensure customers get the latest and greatest without worrying about OS fragmentation.

[binarycrusader]

It isn't a non-event; you may not get some (or any) security fixes because the vendor didn't provide the latest Android update.

Given how much many people depend on their phones and how much information they usually have on them, I think security is pretty important.

That's why I got a Nexus 5; I'm confident I'll continue to see updates for some time.

[zmmmmm]

This is the really important point. We've been protected so far by the fast evolution of phone hardware and the mass migration of people to smart phones. It's hard to perceive it but the game is now changing: we're into an iteration of phones now that the masses are purchasing that they may well hold onto for 5 years+. If security updates stop after 1.5 years, that's a terrifying mass of insecure phones holding everything from email accounts to bank details. Google can update a lot of things via the Play Store, but they can't patch kernel vulnerabilities or driver exploits.

Google really needs to include in their play store agreement some kind of requirement to ship critical security updates within a defined period of time. Yes, that's going to hurt - the maintenance burden of shipping an Android phone is going to rise dramatically if you inherit a burden of 5 years of updates. But then, critical security updates should be extremely incremental updates that rarely involve any functional changes to the user.

I'm not sure how the Android ecosystem is sustainable without something like this. At some point there will be an Android security apocalypse: an exploit that can't be fixed without a kernel update that affects hundreds of millions of legacy phones that have been abandoned by their makers.

[Touche]

I don't know why you feel confident, the old Nexuses stop getting updates too. They get them slightly longer than the average Android phone, but not by a lot.

[millstone]

Isn't Google Play only for Google's own software? It sounds like this strategy ensures that only Google can deliver the "latest and greatest," by limiting new capabilities to Google software and not making them available to any app developers.

[jusben1369]

Well the Google services are the "Core" services that you care about. Email, Browser, Google Now (all of the alert/notifications piece etc) Maps etc. So on an Android device once a month it seems like one of your major core apps is getting a meaningful overhaul. vs the Apple model where once a year or so you get a deluge of new goodies. And naturally other apps are always updating.

[millstone]

Then I guess there's been a big shift in Android's philosophy. Then Open Handset Alliance still says that "Android does not differentiate between the phone’s core applications and third-party applications." [1] But now it sounds like core applications get special treatment.

1: http://www.openhandsetalliance.com/android_overview.html

[NickNameNick]

Android, the operating system, doesn't care at all if you replace the dialler, or the home screen app, or any other app.

What did happen about a year ago is google moved some of the communication framework stuff from android proper, and rolled it into 'google play services' so that it can be updated independently of the version of android on your phone.

As a result, apps like hangouts, plus, maps, the dialer and others which rely on those frameworks can be updated to use the newest version of the framework without worrying about the whether your population of phones have been updated to android x.y, any phone that has the play store installed and updated should be running a recent version of play services.

[joshstrange]

I believe what they mean is 3rd-party apps have the same access to the phone that our (Google's) apps do. The core apps aren't getting special treatment, Google is just deciding to update them more often than some of the 3rd-party apps out there.

[farabove]

But this is only for google services, what if it's a big security hole on a OS level or if you are not using the google services?

[rayiner]

What's the end-result of that patchwork replacement in terms of stability and design consistency?