[zaroth]

It would have been interesting if CA legislature had focused on forcing companies to provide security patches for some number of years instead of the 'kill switch' issue.

Maybe the EU will take this up as a part of the baseline warranty requirements they push. You don't have to ship a perfect device, but you do have to provide support for security critical patches for a certain time frame. It seems beyond reckless, certainly unethical, borderline negligent, to ship a smartphone and then just leave it exposed as known vulnerabilities pile up.

Once we're talking about phones with a certain level of sophistication, I think 3 years of auto-pushed security updates is not too much to ask! To me, it's a minimum requirement of any device I would buy, but the average consumer has no idea how vulnerable their device actually becomes over time.