Is a security patch late if it arrives on the last day of the month/quarter?

Hi all, One of the, if not the most popular topic here on the forums is updates - security updates and OS upgrades and "why hasn't it arrived yet" or something similar.

Is a security patch late if it arrives on the last day of the month/quarter?

madbilly madbilly
Super User  /  edited May 2020

Hi all,

One of the, if not the most popular topic here on the forums is updates - security updates and OS upgrades and "why hasn't it arrived yet" or something similar.

Ever heard the phrase that society is just two/three/six/nine (?!) meals away from anarchy? Well on these forums you can replace meals with security updates (there's a comedy sketch in there somewhere which I've not got time to work on now...).

But are our updates really late? Or are they on time? Or even early?! Well, some new research (thanks to Nokiamob for the tip 👍) shows that HMD are actually excellent at providing security updates (note it says nothing about OS version upgrades):

Things to note, and one which goes back to the topic I posted, is that SRLabs only consider a patch late if it arrives after the end of the month which it is scheduled for, e.g. if the May patch arrives on 31st May then it's still on time and not 31 days late.

The research makes some interesting observations, e.g. that HMD's speed of delivering patches actually seems to improve over time (I would dispute that, as the patches now seem to be later in the month than they used to be). SRLabs also think that HMD have a "less broad device portfolio", which we may all find surprising! Last time I counted HMD had released 39 different smartphone models (not including RAM/storage/SIM slot variants), not exactly what I would call "less broad", but perhaps less broad than the big companies like Samsung, Huawei, etc.

What is disappointing about the research is that they don't make their data available. Also, their data is gathered partly by crowdsourcing from people who install their app, which is open source, both of which are nice things but the app requires root privileges so this severely limits who can use it and therefore which models of smartphone they are gathering data on because people who use root access typically are more enthusiast consumers with higher specced phones.

It is also only compatible with Qualcomm chipsets, which means that updates for all Mediatek, Exynos and Kirin chipsets are probably not included in the stats. This is a big downside of the research, because it's only useful to focus on brand if all phones are included and excluding the second largest SoC vendor and many of Samsung and Huawei's phones means the research is really not statistically valid, in my opinion.

Still, the research gives an intersting indication of the goodies and baddies at providing security updates and for those people who want to compare HMD to others it shows that the comparable vendors are only Google and Sony (Sony, again, funny how often they come up in my analyses of HMD's Nokia phones 🤔).

Cheers 🙂

Comments

  • German Walter German Walter
    ✭✭✭  / 

    I'm afraid HMD is wasted its future. Let's take a look at the 7.1....

    April Update came on May 4, 2020 - that's probably too late to acknowledge, right?

    Currently we have the 4th of June 2020 and the May update has not yet been released. It's probably to late, isn't it?

    Then the 7.1 users suffer extremely from software bugs since the Android version 10. That was six months ago. A service update has not been distributed.

    When I look at the various Nokia forums, this is unfortunately not an isolated case, but rather so slowly the rule, unfortunately!

    Nokia, or rather HMD, stirs the advertising drum with always pure, always up-to-date - but this tastes more and more like advertising gag without being really true. No wonder, then, that more and more buyers are resorting to other brands after this Nokia experience - see the latest sales figures....

  • German Walter German Walter
    ✭✭✭  / 

    So what is with 7.1 according to your definition? We are writing here the 9th of June (!) and the May patch has not been released! Is this timely or rather late?

  • madbilly madbilly
    Super User  / 

    Hi @German Walter,

    I think that according to the definition above the patch is not late, yet! But I agree with you about the OS version upgrades always causing big problems and rarely get fixed - it makes me want a phone which is not up to date but stays on the Android version is launched with and just gets security updates.

    Cheers 🙂

Sign In or Register to comment.