I want to answer that Qualcomm-is-the-issue again.
You're pointing out how ridiculous it is, but let me expand:
So, as an order of magnitude, the price asked by Qualcomm for extended support is 1M$. That's 10c/device. The VoLTE license costs more than that. The H264 license costs more than that.
Also Pixel makes Android, so surely, Android can't become incompatible with older hardware because of Android, or if it does, it's Google's own doing!
There is the question of security of binary blobs for which Google doesn't have the source code, ok!
Well let's see:
- Billions (ok, maybe just hundreds of millions) of Mediatek devices have their bootrom "open". Should we stop upgrading those, because of physical access issue?
- Everyone considers 2G utterly broken, allowing downgrading attacks, thus Google gives Android 12 the possibility to disable 2G. Yet, Google "refuses" devices launched with Android 11 Treble HALs, like devices launched with Snapdragon 888, to have this "disable 2g" [1]
- Pixel 6 stayed 45 days on an """obsolete""" security patch
So, maybe we should stop saying that security is the alpha and omega, and all or nothing. It is important. Reducing our e-waste is more important.
[1] This is a weird thing, related to Treble, Google Requirement Freeze, and Vendor System Requirements, I can explain in details if anyone is interested
I'm writing this message from a Fairphone 2 released in 2014 with Android 5, now updated to Android 10 thanks to the company still providing support for it 7 years later. And it has a Qualcomm snapdragon. A small company in the netherland is successful doing it. If Google wanted they would have done it. They just don't want.
ps the Pixel 3 is also supported by Ubuntu Touch.
Yes, but another conclusion from this is that we will miss PCs when they are gone.
A sane architecture means support is much easier. I've used low power PCs that were more than one decade old, and I could still run the same well supported software as in a newly built machine.
Some regulation is needed to stop this madness. We don't have enough resources to let everyone trash their phones every three years. Rare earths are scarce, not to talk about all the junk going to landfills.
PCs only happened because Compaq managed to screw IBM and with it created the clone market.
Had IBM been able to prevent it (and they did try with PS/2 and MCA when the courts failed), there wouldn't be PCs as we know it, rather like every other 16 bit computer of the time.
There is an important distinction between promised lifetime and actual lifetime.
For example if a CPU instruction-level issue was discovered Fairphone would have no way to fix that without microcode updates. This means that a vendor can't guarantee security updates for longer than Qualcomm will offer low-level support. However the discovery of an explotable instruction 3 years after release is quite unlikely and as far as I am aware hasn't occured so presumably Google *could" continue updates in this case.
Of course there is still consumer expection issues. If phones are usually supported for 5 years even though they only promise 3 you might feel cheated if your particular model has to stop at 3.5 years.
There is also the option of ignoring the CPU vulnerability but continuing other security updates. However trying to explain this to users is incredibly difficult. Even if you can get their attention you have to explain the impact of being able to break out of the app sandbox to them.
I know PLENTY of people who bought a Samsung, Pixel, or iPhone because of the software support lifespan being a market leading 3/4-3/5 years, 3/5 years, or 7/7 years respectively compared to the standard 2/3 year support of Android OEMs. The average person now is going north of 4 years with their phone and rising. It's not about wanting to be "eco friendly" it's security, software support, and OS features being supported by some corpo instead of some teenager making a ROM.
This is a huge part of the reason why Androids depreciate so much faster on the used market, if you compare the Galaxy S20 to the even older iPhone 11, the iPhone 11 will likely receive 5 years of OS updates compared to 1 year for Samsung. Other OEMs like OnePlus or Sony will have already had support end. Maybe your average customer doesn't really understand why this stuff matters but they do understand that an old iPhone seems to work better than an old Android that cost the same at release.
Of course this is a great decision because people will be forced to buy a new phone more often right? No! People using your phone are a captive audience for selling high-margin services and accessories. If you don't support the phone they'll still use their old phone anyways but will be annoyed and likely to switch to the competition next purchase cutting off all your profit streams.
Pass a new "right to repair" law, such that any OEM that halts software patches on any network-connected device for more than 6 months will be required to unlock bootloaders and publish technical specs.
Apple and Android will see enormous and wonderful community involvement if that were to happen, and congress could force it, should we motivate them.
> Pass a law that taxes Google punitively for each app sale on an unmaintained phone, and see how quiclky they'll find a way to support their phones.
Wouldn't the result of that, be that phones that get anywhere even close to being unmaintained would stop dead (or close to it), so Google doesn't get exposed to a problem?
To me, that doesn't sound better than the situation you're trying to fix.
Selling apps to the long tail of older phones is probably worth throwing some money in a maintenance team. Especially with phones having a 3 year shelf life.
As long as there is also a minimum support window, say 3+ years, and full specs and source are community released, then why not?
The important part could easily be ensuring that older hardware can be accessed. We need an end to binary blobs, or, to force long term blob support and updates.
I imagine a scenario where you pay $20 per year for support and updates for your old device, to a third party.
Or of course, there could be foundations, compile it yourself, etc too.
But if the environment is the reason, why not share the load?
Manufacturers publishing code, sources, and docs is not trivial in of itself.
I'm not a fan of it, because that basically means that Google asks the community to take up the bill for a service they sell at extraordinarily high price.
I know that's the case for lots of open-source software, but since we're coming to that topic, Google's open-source policy that produces software that is either tightly aligned with their own interest (Chrome) or barely usable without their proprietary ecosystem (Android) is shameful. Quite frankly, I would much rather see open-source communities work on linux phones, no matter how useless that may be.
Another reason I'm not a fan of it is that if Google is allowed to transfer their responsibility to a community, I'm willing to bet that their initial support duration will drop even more, and that any issue will be blamed on open-source maintainers, log4j-style.
> But if the environment is the reason, why not share the load?
Does Google share the profits? Is their Android business barely profitable to justify getting free labour?
> will be required to unlock bootloaders and publish technical specs
is probably sufficient motivation. There's no way Apple would be willing to do that. Google might be, but they might have a lot of resistance from Qualcomm and possibly mobile carriers and other partners.
That is imo a bad fix, because it would be very easy for Google and Apple to make sure the technical specs are unreadable and the bootloaders complicated to use, without much recourse for the lawmaker.
Comparatively, it's much easier to make a law targeting the stores that's hard to avoid.
Yes, indeed. But that is a massive footgun to use, and it creates a direct incentive to have longer service durations.
It is likely that Google would stand to make more money by offering longer service duration for their OS, and by demanding phonemakers to maintain their firmware.
I guess the info we need to see whether this would be a good decision or not is how much money Google makes from selling apps to phones 3 year and older.
I'm sure that, was such a law allowed to pass, lawmakers and prosecutors would magically find a way to express their dissatisfaction if Google was trying to skirt the law in such a crude way.
My bet would be on Google successfully lobbying to kill the bill in the first place, or to cripple it and make it irrelevant (for instance with a long grace period that always gets extended).
> lawmakers and prosecutors would magically find a way to express their dissatisfaction if Google was trying to skirt the law in such a crude way.
Depends on what the law makers actually want. Enough legislation is passed just do they can tell their voters "look, we did something" without actually hurting their corporate buddies.
Disagree. For certain vendors you can already get unlocked bootloaders and kernel sources. That's how various aftermarket android ROMs are built. However, even for a project like lineageos, there's only one or two maintainers per device. Do you think one or two volunteer maintainer (presumably working in their free time), can keep the entire kernel up to date and patched?
>Any locked device must brick itself after 6 months of no patches, to ensure the safety of the network.
What does this accomplish? Get people mad? Moreover, what prevents someone from making trivial patches to keep a device "up to date", kind of like how people make trivial changes to their passwords to keep up with password rotation policies?
To be fair if the devices bricked themselves people would start to value update lufetime even more and sales of devices with short support would drop like a rock.
But this suffers from goodhart's law. "support period" becomes the metric to game, so manufacturers would say they "support" for 10 years or whatever, but what that entails is having an inter bump up the version number every 6 months.
If they say security updates for 10 years and there are unpatched security vulnerabilities living in the device before that I think they should have to refund the purchase.
> Do you think one or two volunteer maintainer (presumably working in their free time), can keep the entire kernel up to date and patched?
Maybe I misunderstand it, but I think it’s not that bad?
The kernel gets kept up-to-date by LineageOS, the device builds (official or unofficial) use the base builds, but add device-specific tweaks, and cherry-pick commits from elsewhere. And actually a level above that is AOSP which is maintained by Google.
>And actually a level above that is AOSP which is maintained by Google.
How do you think the CVEs get discovered? What about CVEs in the qualcomm specific code? How do you know that the amateur kernel developers wouldn't fall prey to c footguns and introduce new vulnerabilities?
Don't get me wrong, this is strictly better than the current state of affairs where there's zero patches, but I think people are underestimating how much effort it takes to keep a huge codebase patched.
> We need a lemon-like law for consumer electronics.
I wonder how this should apply to planned obsolescence of devices like smartphones.
On one hand, it's obscene that manufacturers expect us to routinely spend ~$1k on a device that will in the best case scenario last for three years. There's no inherent reason that a flagship Samsung from 2017 shouldn't be perfectly serviceable today, and likewise for a Pixel 6 or iPhone 13 in 2030. However, the discontinuation of security updates makes it so that for all practical purposes they are not.
On the other hand, we can't exactly compel speech or labor. It would be one thing if there were a kill switch triggered after N years, but in this case the obsolescence isn't caused by an active update, rather a lack thereof.
Here's a possible middle ground:
1. Block device manufacturers from arbitrarily deprecating hardware. We can't compel the release of new software, but we can block the release of new software. Require manufacturers to submit a filing with request for approval before the release of any new mobile OS update, which must include an exhaustive list of all supported devices. In the event that a device is dropped from the list in a subsequent filing, it must be explained to the satisfaction of regulators that a specific hardware limitation makes continued support for the device problematic or impractical. Given approval to drop support for a device from an OS release, there would be no obligation on the manufacturer to backport security updates to prior releases.
2. Block component manufacturers from arbitrarily deprecating hardware. Any hardware included in a publicly available consumer electronic device must have its manufacturer commit to providing up-to-date driver software with support for the latest OS for the lifetime of the device. Failure to provide this within a certain time frame (say, three months) following the request of a device manufacturer would open them up to a lawsuit, wherein they could be compelled to publish the most recent release of the driver as open source / public domain. #1 would provide the incentive for each device manufacturer to proactively enforce this, as their entire product roadmap would be effectively frozen if they allowed component manufacturers to drag their feet.
3. Ban irreversible bootloader locking in new devices. Maybe an initial bootloader lock would be acceptable, but power users should have some way to override the lock and install a custom ROM without relying on vulnerabilities in the software.
Delaying patches slightly doesn't really help revenues unless it's widely publicized, in which case they look bad and possibly get sued and it doesn't even save them any effort. Maybe it's a risk, but I'll definitely take that risk over what we have today.
> but they do understand that an old iPhone seems to work better than an old Android that cost the same at release.
I suspect that the majority of Android-using techies that notice this are either on a faster new phone cycle than 3 years, or have already priced that difference into their total value calculation.
I also strongly suspect that the average customer does not indeed understand.
By this logic Google should do away with their QA department and product support staff.
You spend the $1M because it improves customer value by far more than $1M and that works out for everyone in the long run. This thread is a testament to what happens when you pinch pennies.
Part of the problem here is that SoC drivers are hacked on top of the kernel (and are not merged in-tree). So SoC vendors have this pile of legacy and hacked-on code they need to cherry-pick every time the Kernel changes an interface they used (which is a lot) [0]. Of course, that costs and fortune and hampers the sales of newer chipsets so it’s not in the SoC vendor’s interest to do so.
I was hopeful with Windows Phone running a build of NT that the platform would still have the same strict ABI compatibility for drivers as the desktop version has. So you get kernel updates and the existing drivers just work.
Now, with Windows getting some emulation support for Linux (one of their Subsystems for Linux effectively translates system calls and execution happens in the NT kernel) I wonder if they could ship a phone running NT with an Android userland.
While Qualcomm is assuredly partially at fault here for encouraging piles of one off unsupportable devices without backwards compatibility with the previous SoCs they are also largely a victim of things outside of their control (although its good business for them to force everyone to buy a new phone every couple years). Plenty of blame can also be found with:
Arm, who has refused to bundle or assure system IP compliance to the level of their CPUs (aka interconnects, interrupt controllers, iommu's, pcie bridges, etc). Meaning that even very basic things like how one gets an interrupt isn't reliable, and somewhat worse are the buggy implementations of arm system IP that are allowed to reach the market.
Google, for failing to provide platform standard interfaces, similar to what the Arm server vendors enforce via SBSA/SBBR. Meaning that every single phone is doing low level platform mgmt in proprietary ways. That includes its own power mgmt, led blinking, etc, a good part of the time actually in the linux kernel, or via proprietary hooks in the linux kernel. Further despite making more money on the android ecosystem than RH+suse+canonical put together their changes are generally dwarfed by other much smaller players (although they have hired a bunch of maintainers over the past couple years).
Linux itself, for failing to provide a stable/backwards compatible driver API. Meaning a small simple driver either needs to spend months upstreaming (if that is even possible, see GPUs) or man years of maintenance keeping up with the kernel churn over the lifetime of the device. Further the arm/kernel community encourages a "everything in the kernel" (everything from firmware functionality, to the actual machine descriptions in the form of all the DTs) attitude which completely fails to grasp the huge number of bugs and device varieties on these arm devices. Its rumored that QC by itself had a million plus lines of out of tree code a few years ago. Its likely that this attitude could more than double the number of lines of driver code in the linux kernel if just the past few years of Arm Soc's were fully supported.
So, the combination of the three are the perfect storm of massive overhead for supporting the couple hundred phone models in existence. Imagine for a moment if every PC model made in the past 10 years required a few (tens) of thousand lines of kernel changes, how unworkable that would be.
There aren't enough engineers to solve this as a brute force problem, the solution is to look at the PC market and consider that maybe it would be better if there were actually some standardization in the phone space.
It's fascinating that Google, the stewards of Android, have refused to solve any of those problems. The most successful operating system in history is managed by a company who refuses to solve its deficiencies.
Compare with the second most successful platform, and how Microsoft has been solving problems for decades while maintaining their first commandment: Thou shall not break backwards compatibility.
> It's fascinating that Google, the stewards of Android, have refused to solve any of those problems. The most successful operating system in history is managed by a company who refuses to solve its deficiencies.
I wouldn't say that they've refused to solve its deficiencies; Google is not to blame for nor do they have any control over the Linux kernel's development practices. The kernel developers don't want to have stable APIs and the natural result is that out-of-tree drivers are poorly supported.
There is a saying about thrust and bricks around here somewhere... one example does not the ecosystem make. That said there are examples of SoC's which get attention and manufactures which do a better job than 3 years, but its the exception rather than the rule, and the updates frequently are quite late.
If your willing to dedicate an engineer or two to keeping it running then so be it. I can assure you that your average 10 year old PC running Linux probably hasn't gotten that much attention since before it was released. But then again, PC's adhear to industry standards and are mostly iterative designs.
(pretty sure most people will miss this answer, but anyway)
So, to clarify things considering all the answers:
- Qualcomm's development cost is shared amongst all OEMs (Except Google), because all OEMs share the same development branches Qualcomm-side. So 1M$ isn't 1M$ for Qualcomm but more
- Qualcomm's development cost is shared amongst a lot of SoCs. Qualcomm have like one shared tree per year. So one development tree spans maybe 10 SoCs, including XR, automative, IoT, and smartphones. So yeah, from Qualcomm's PoV, it's not 1M$ additional revenue it's much more.
- "Extended support" is +30% of support time (so just one additional year). My source tells me that the actual content of "Extended support" varies a lot. Sometimes it's just security patches, sometimes it's Android major upgrade
- Qualcomm "standard" support is 3 years,
- My source is currently writing a full-blown article about Android upgrades. Not sure you'll trust them more than me though
Also don't discount that most of your APPS themselves will still get security updates (as long as they keep compatibility with your Android OS version - which is likely for awhile) and realistically poor app security often worries me more than the OS itself. Android is (overall) a pretty secure system. Unless some massive exploit is released past my phones final security patch I am not that worried about using my device longer.
Supporting it for 3 extra years for $1M is only $333k per year, which probably only pays for 2 junior developers.
Would you like to be one of two developers whose responsibility is looking after all security patches and the build and release process for a 100 million line codebase?
I'm calling BS on this. There is no way you can get years of extra support out of Qualcomm for $1m.
As for e-waste, well unlike other major manufacturers every Google phone can be unlocked and you can install any OS you want. So there is no need to discard the hardware after support ends. You just have to bear the support costs yourself. Too expensive? Well, you're the one saying it's not too expensive, so why not start a company to provide extended support for devices like this? Charge $1 per device, that's a healthy profit over the $0.10 you claim it costs.
That's really great! I'm glad that you can do that.
But (and I'm sure this will be an unpopular sentiment) you realize that it doesn't fully address the article's concerns about security. Nor does it provide the experience people expect from tested manufacturer updates (which are far from perfect, but still). This is not the same thing as manufacturer support. You could provide that level of support even as a third party, but it would be a lot more work and it would require the cooperation of Qualcomm and other vendors. You'd need to start a company and charge for your work to make it feasible.
Well, I'd say the existence of phh's ability to do this despite being in an environment that's unsupportive (or even hostile) is proof the model works. It would flourish with a regulatory bump keeping the manufacturers in check and unable to continue this poor support lifecycle.
This is about their profits. It's not about security, environmental responsibility, or the users. Regulatory authority exists to promote the interests of the people when the interests of the corporation's profits conflict with them.
> So, as an order of magnitude, the price asked by Qualcomm for extended support is 1M$.
....and even if that estimate is two orders of magnitude too small, it's still basically pocket change for Google, which (based on about 30 seconds of Googling, so if I've misread I apologize) has been making tens of billions of dollars per quarter the past few years in net income.
I hate these arguments. It doesn't matter what their overall revenue is, it only matters what the cost is relative to the product at hand and to the value of the thing they're paying for. Nobody is sitting there approving expenses relative to their overall revenue.
Would you pay $50 for a stick of gum? Why not? If you make hundreds of thousands of dollars, surely it shouldn't phase you?
Personally, I don't care what's "efficient" and what will make Google the most money. What I care about is how they treat a) their users, and b) the planet.
Money is a means to an end. The fact that so much of our society treats it as their score in the game of life—something to be maximized at all costs as an end in itself—is a disease of the mind.
If Google (and, yes, literally every other major corporation) made more decisions based on what was better for their users (not just "their customers", because in certain aspects of their business that's advertisers, not regular users) and for the health of the planet, while simply making sure that they had a reasonably comfortable financial cushion, we would all be better off, and Google's executives and shareholders would barely notice the difference in their high scores.
That's a different argument, but this one too works even if “the estimate were two orders of magnitude too small”. Even $10 a year is a bargain when the alternative is throwing the phone away.
For perspective, they could have asked each additional Pixel purchase $.50 from the starting price to support it for an additional 5 years. (also pixel 3 owner)
You're right, the relative expense to the revenue isn't a good argument when you're framing it in the light of efficient business practices.
On the other hand if you consider the real intention of illuminating Google's cashflow it's pretty damning. Do you pay some relative pittance to keep devices supported, adding value to customers, reducing waste, increasing convenience? 'Cause this is a moral argument, not a financial one, and if you're fleecing the public at large (in myriad ways) it's more a question of the lord giving alms to his subject than it is paying $50 for a piece of gum.
Should Lord Google be a beneficent ruler, or a shitpile?
> 'Cause this is a moral argument, not a financial one, and if you're fleecing the public at large (in myriad ways) it's more a question of the lord giving alms to his subject than it is paying $50 for a piece of gum.
The argument still breaks down at bigger numbers. If you have 500 different ideas for ways the lord should spend a negligible 1% of his money, then even if you have a good argument that the lord should do something, that's not enough by itself to show that any particular idea meets the bar.
If Google starts subsidizing their physical devices from their infinite money bin of advertising revenue, they'll run afoul of antitrust and anti dumping laws.
You can't run afoul of antitrust laws without being a monopoly. It's why Apple can make it so safari is the only browser available on the Iphone whereas microsoft lost a bunch of money (particularly in the EU) for installing IE by default on everyone's computer.
Android phones are nowhere near antitrust territory, specifically from google. Before they'd run any risks they'd need to actually outsell someone like samsung or apple.
Just because you are rich and potentially a monopoly in one market, doesn't mean you are in all markets.
If Google is deemed a monopoly in search (or advertising, or Android app store, etc.), using that position or money to try and gain advantage in another market (in this case, phones) is problematic.
And this way, they risk running afoul false advertising and class action lawsuits. Its not mentioned anywhere that the phone becomes dangerous to use after 3 years.
If Apple-level support was a decisive factor for Android customers either they wouldn't be buying Android phones, or Google would have offered it long ago.
It seems reasonable for Google to offer that level of support, certainly. But anyone expecting it isn't paying attention to Google's record.
For somebody that uses Linux privately and professionally, Apple support was one of the major reasons I switched from Android to iOS based devices. Just until recently I had iPhone 6s (I keep my devices until they break or go out of support).
Apple used to look expensive to me, but if I divide initial cost per number of year of device exploitation, it actually gets cheaper then Android devices.
Not necessarily. Every time you force a user to abandon their current product you risk them looking over the wall at your competitors. In the U.S. at least, iPhones are really attractive, and I say this as an Android user. When my Pixel 3a is EOL'ed in May 2022, I think I may take the plunge and finally switch. If I do that, Google immediately loses my valuable telemetry, they lose my usage of Chrome mobile, and they risk my switching to iCloud - something I can't use on my Android phone.
Google's operating income is like $50B. A more proportionate question would be whether I was willing to pay $10 for a reusable shopping bag since it's marginally better for the environment compared to a free plastic bag—and the answer is yes, absolutely, it wouldn't even be a question.
Google has a profit of ~20 billion dollars per quarter. That is, it has a profit of ~80 billion dollars per year.
There's only so much you can do with money. Their yearly profit (once again, not revenue, profit) is larger than the entire state budget revenue of more than 150 countries (not combined) [1].
The gums were repackaged and auctioned off to fans who would do anything to have something already used by Britney Spears, including an already been chewed, sticky bubble gum. The gums were sold for between $50 to $100.
You're pointing out how ridiculous it is, but let me expand:
So, as an order of magnitude, the price asked by Qualcomm for extended support is 1M$. That's 10c/device. The VoLTE license costs more than that. The H264 license costs more than that.
Also Pixel makes Android, so surely, Android can't become incompatible with older hardware because of Android, or if it does, it's Google's own doing!
There is the question of security of binary blobs for which Google doesn't have the source code, ok!
Well let's see: - Billions (ok, maybe just hundreds of millions) of Mediatek devices have their bootrom "open". Should we stop upgrading those, because of physical access issue? - Everyone considers 2G utterly broken, allowing downgrading attacks, thus Google gives Android 12 the possibility to disable 2G. Yet, Google "refuses" devices launched with Android 11 Treble HALs, like devices launched with Snapdragon 888, to have this "disable 2g" [1] - Pixel 6 stayed 45 days on an """obsolete""" security patch
So, maybe we should stop saying that security is the alpha and omega, and all or nothing. It is important. Reducing our e-waste is more important.
[1] This is a weird thing, related to Treble, Google Requirement Freeze, and Vendor System Requirements, I can explain in details if anyone is interested