The background to the debate that has now started is a catalog of BSI requirements. The BSI is the Federal Office for Information Security. He is responsible for many security issues affecting IT in Germany. In the catalog of requirements that has been published now, you can read that BSI asks smartphone manufacturers to provide security updates for their devices for five years in the future. This is a particularly relevant topic for Android smartphones. But it’s not just about security, it’s also about Android updates.
The catalog of demands should be the basis of a public discourse with manufacturers, network operators and society. The background: In recent years, the smartphone has increasingly become the control center of life, moving away from the pure phone. Everyday processes are controlled and processed with it, even the smart home opens and closes. An unsafe smartphone can quickly have fatal consequences.
Delivered with the latest version of Android
The BSI wants consumers to be able to rely on the fact that they are fundamentally safe when buying a smartphone. And not just two or three years after the first sale of the model, but five years. Manufacturers must not only guarantee patches for five years, but they must also be available for mobile phones within a month of being published by Google.
In practice, today it looks very different, at least if there are no serious security gaps that need to be closed. So the models only get the so-called cumulative patch after several patches. So if in doubt, wait for a security update for up to six months.
One of the requirements is that smartphones are always delivered with the latest available operating system. This is not the operating system that is currently available for the specific mobile phone, but generally the most current variant. For example, many phones are still sold with Android 9, although Android 10 has been available for almost six months.
Flagship smartphones could be used longer with Android updates
At least for smartphones, which today cost 1,000 euros and more in the high-end segment, such an upgrade guarantee would be desirable for consumers. It doesn’t matter if it’s security patches or Android updates. Because whoever opts for the new Galaxy S20 Ultra today, for example, puts almost 1,500 euros on the table, depending on the equipment. For the vast majority of customers, cell phone features and services should, based on the current state of knowledge, still be more than sufficient in two to three years. But if there are no more updates, it quickly looks different.
The confusion surrounding the Huawei Mate 10 Pro has also shown how sensitive the subject is. The mobile phone, which was only two and a half years old, had been dropped from Huawei’s update list and supposedly should no longer receive any security updates. An error in the list, as Huawei announced to its customers. The Mate 10 Pro continues to receive security updates. However, previously the protest among users was enormous.
An upgrade guarantee for five years after the appearance of a mobile phone model would be a small milestone for Android users. Until now, only iPhone users can assume that Apple will continue to keep their cell phone for so long. It ends much earlier, especially with cheap Android smartphones. However, such an upgrade guarantee does not protect against residual items that are several years old that end up on the search table and then, despite new products, are not supplied with updates for five years. The step towards such an update obligation would definitely be the right one.