As of Lollipop a lot of that stuff (like web frameworks) goes through the Play Store too. And the Play Store can upgrade itself. Everything essential is covered as of Lollipop.
Only that article shows that a number of essential things aren't covered. The risk is small, but like I said, it's still there.
No, not at all. Apple sells a premium product for the most part. If you compare them to the most comparable option-Samsung- you see Samsung does provide good support. Heck the American S3- a 2012 phone and easily the biggest selling Android that year-has an official update to Kitkat that avoids this vulnerability. Nexus is not the only phones getting updates, just the only ones getting them in some accelerated manor that nerds demand. I think by now every carrier has shipped out that S3 Kitkat update.
You just supported my argument, actually. The GS3 was a flagship-class device bought by tens of millions of people, so of course Samsung would support it. And how many months did it take after KitKat's release before that update trickled down? I know Samsung started detailing upgrades in February 2014, or a few months after Google made it available.
How is that any different than Apple? If you buy an Apple device that is at the same price point at some of these cheap Android tablets it is used devices that are already passed the update cycle like the iPad 1. Comparing what happens what a brand new $500+ Apple device to a $100 tablet is ludicrous.
The real issue that we are seeing is new because of Android: it is exposing a new lower price point for computers never seen before.
Back in the day the OEMs like Dell who sold you a computer had enough resources to update the drives when new OSes came out and generally provide long-term support. Low end Android is produced with such low margins that if the OEM had to invest money received from the purchase back into long term support it wouldn't be profitable. These things are less computers than compute appliances. Luckily the attack vectors are limited because of Google's control of main way people install apps. I don't know of any exploits that actually take advantage of these pre-Kitkat flaws.
I think you're making a couple of bad connections here.
First, you're implying that Apple wouldn't offer that kind of support if it made lower cost devices. That's speculation at best, and given the company's profit margins, highly unlikely. If a company can't offer decent support because its margins are so low that it'll go bankrupt if the market so much as encounters a hiccup, isn't that a terribly run business?
(For reference, Dell also offers poor support, just in different ways. Ask anyone who's spent an hour waiting to speak to a strictly-on-script person they can barely understand.)
The more important bit: you're implying (if not outright stating) that it's okay for people to face major security flaws simply because their low-end devices are "compute appliances" and not 'full' smartphones. That it's acceptable for, say, a middle-class Chinese person making $7,000 a year to get hacked simply because they don't live in a wealthier country where they'd have a better income and thus a nicer, better-supported phone.
I have a better idea. How about companies operate on better-than-rock-bottom profit margins and pledge longer-term support to their customers, making for happier users who are more likely to buy that company's phones in the future?
Facebook
Twitter