[zmmmmm]

This is the really important point. We've been protected so far by the fast evolution of phone hardware and the mass migration of people to smart phones. It's hard to perceive it but the game is now changing: we're into an iteration of phones now that the masses are purchasing that they may well hold onto for 5 years+. If security updates stop after 1.5 years, that's a terrifying mass of insecure phones holding everything from email accounts to bank details. Google can update a lot of things via the Play Store, but they can't patch kernel vulnerabilities or driver exploits.

Google really needs to include in their play store agreement some kind of requirement to ship critical security updates within a defined period of time. Yes, that's going to hurt - the maintenance burden of shipping an Android phone is going to rise dramatically if you inherit a burden of 5 years of updates. But then, critical security updates should be extremely incremental updates that rarely involve any functional changes to the user.

I'm not sure how the Android ecosystem is sustainable without something like this. At some point there will be an Android security apocalypse: an exploit that can't be fixed without a kernel update that affects hundreds of millions of legacy phones that have been abandoned by their makers.