3 years security updates isn't class leading any more

Hi all, You are all surely aware of HMD's "Pure, Secure and Up to Date" mantra as well as it's somewhat misleading "Just Keeps Getting Better" promo message.

3 years security updates isn't class leading any more

madbilly madbilly
Super User  / 

Hi all,

You are all surely aware of HMD's "Pure, Secure and Up to Date" mantra as well as it's somewhat misleading "Just Keeps Getting Better" promo message. These are both based around the 2 years of OS upgrades and 3 years of security updates promise which was started by HMD with the Nokia 8, then backfitted to the Nokia 3, 5 and 6 and then Google decided it liked is and rebranded its existing Android One brand to fit this new promise.

Before Android One HMD had had created a message which really rang with a lot of people (including those who like beige 😉) and the Pure, Secure and Up to Date promise attracted a lot of people to HMD (as well as the Nokia badge). When Android One appeared HMD's USP was somewhat no longer unique, because any vendor could get Android One certification and provide the same promise to consumers. Android Enterprise Recommended is a similar programme which promises similar things (it actually promises more and is stricter on updates than Android One).

More recently, Googles various projects for taking responsibility for updates away from vendors and Google will push the updates directly to the phone themselves. This started with Project Treble and now is Project Mainline. With these projects pretty much any manufacturer can offer the Android One promise about updates (purity is another matter). So HMD's USP here is soon to disappear.

Now, this class leading USP, whilst no longer unique, is also no longer class-leading. Samsung now guarantee 4 years of security updates to some of their devices - so called Enterprise Edition devices. https://news.samsung.com/uk/samsung-unveils-new-galaxy-enterprise-edition-devices

These devices aren't intended for consumers really, but there's no reason why consumers can't buy them as far as I know.

Still, 4 years is still not as good as iPhones which often get at least 5 years of security and OS updates. for that much money you would expect to get several years of software maintenance too, so it's a surprise that Samsung haven't gone further.

The 8.3 will only get 3 years of updates still, but it will also cost a lot less than the Samsung S20s or iPhones. Will HMD provide 4 years updates on the next 9-series?

Cheers 🙂



  • singhnsk singhnsk
    Super User  / 

    Hi @madbilly, that's an interesting share. I think Samsung is taking more mature decisions than what HMD does. These days we often hear that Samsung is updating most of its devices regularly and in some cases, faster than most other OEMs. So, HMD's USP is indeed diminishing.

    I followed the link that you shared and it seems that the option will be limited to a few phones, which is all that an enterprise needs - some products which will be supported for long. Similar to Ubuntu's LTS or Firefox's ESR releases.

    The page says "S Series, Note Series, A50 and XCover 4s updates are available monthly for the first three years, then quarterly for the final year. A40 updates are available quarterly for the full four year term.".

    You see, the 4th year is just 4 more updates and they get to carry the "4 year promise". If HMD would wanna do it, they easily can do it. If you have happily done 36 updates, how much resources will it take to give 4 more and get to a great rounding digit and 1 extra year to feature in the marketing? I believe next to nothing. Plus in fact they happily did with the original Nokia 6 and Nokia 8 in the 3rd year. They can do the same for all of their Android One mid-range and higher devices.

    What's getting my utmost interest is how Samsung kept the mid-ranger A50 and even cheaper A40 in the league as well. Samsung gave 2 cheap option to the Enterprise. They will only need to spend extra resources on only these 2 and yet manage to capture a significant amount of enterprise market.

    Compare that to HMD and see how they spend resources on all of their similar looking phones just to get that Android Enterprise Recommended rating. Would be in their best interests if they also make similar "few" mid-rangers which are ready to serve the enterprise customers and are supported for extra long. And leave the others to be better, more enriched devices with fewer, but quality updates (I am not asking to reduce the update life cycle, but maybe quarterly updates from the beginning and then they can even hit 4 or even 5 years while only making lesser amount of updates as they are doing right now). Sounds like a great plan, isn't it? - 5 years of regular security updates

    And as I usually point out, if enterprises are happy with quarterly security updates, why in the world do regular consumers need monthly security updates? They can be very easily avoided, especially for devices which cost lesser than $200.


    PS: The devices don't seem to be available for purchase via open market as Samsung directs the buyers to hit up with their provider - onecom for any sales questions. And onecom's website has no signs of it being interested in dealing with individual device orders. That will cut short the feature pack of Samsung's offering, like the 3 years of support via dedicated business services center. Maybe at a future time Samsung will turn towards regular consumers. That said, I don't think any significant volume of consumers will ever demand such a thing from them.

    What's your thought, @Kartik Gada? And if you hang out someday, hear us Mr. @juho.

  • madbilly madbilly
    Super User  / 

    Hi @singhnsk,

    Lots of good observations there.

    Yes, only a limited set of phones. However, HMD now announce/release much fewer smartphones per year than they used to. In the past 12 months we had 2.2, 7.2, 6.2, 2.3, 8.3 and 5.3 announced and if you count releases it would be 1 plus, 3.2, 4.2, 9PV, 2.2, 7.2, 6.2 and 2.3. I've left out the C phones because they don't get the update promise (though I'm sure they still get some updates) and the USA network specific versions which only get 2 years I think. That's not many phones which HMD have to add to their supported device list and over the next year we'll start to see some existing ones losing support or moving to quarterly updates. I think HMD can manage this, they don't need to start restricting their update promise further.

    However, 3 years is still not enough compared to that Samsung competition, some Sony devices (updated but not guaranteed IIRC) and probably some other Android vendors too, never mind Apple.

    Using quarterly updates guarantee (which is all that Android Enterprise Recommended requires, and Android One doesn't even require that - no need for monthly at all, strictly) should allow HMD to extend support on some models to 4 years. But can they do 5 years? This would require both Google and the chipset vendor to support the device for that long, which will be pretty difficult. Actually, Google still hasn't supported any Android version for longer than 3 years and even its own Pixels are only guaranteed 3 years of updates. It's difficult to find info on Qualcomm support length, but Samsung may be guaranteeing 4 years updates only on the phones which use its Exynos processors, which they control the software support for. Still, how can they guarantee 4 years of updates to Android, if even Google doesn't guarantee this? https://support.google.com/pixelphone/answer/4457705?hl=en

    In terms of reducing the support burden on cheaper devices, you're right that quarterly updates would lessen the burden on HMD a bit, but probably not by a factor of 3 like you suggest, as all the bulletins still need to merged and tested.

    Cheers 🙂

  • I'm sure most people won't mind (in fact will be happy) with security update coming quarterly for another additional year of OS upgrades.

Sign In or Register to comment.