Androis versions and longevity.

[David]

I've started looking around for an Android tablet with a SIM card.
There seem to be loads around the £100 UKP mark, but they all seem to be
running Android 10.

My mobile phone is running Android 11 and I read that Android 12 is out.

Should I avoid Android 10 (a couple of years old now) because of lack of
long term support?

I expect to run the tablet for as many years as possible, so whatever
Android I get will be out of date eventually, just wondering how old is
sensible.

I did see some with Android 8 but decided to ignore them.


Cheers



Dave R


--
AMD FX-6300 in GA-990X-Gaming SLI-CF running Windows 7 Pro x64

--
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

[Andy Burns]

David wrote:

> I expect to run the tablet for as many years as possible, so whatever
> Android I get will be out of date eventually

With a £100 tablet, you shouldn't be surprised if it never receives an upgrade.

> just wondering how old is sensible.

Android10 wouldn't feel bad at the moment, but if you can see devices with 11
for a few quid more, I'd go newer, android13 developer previews are out already.

[Carlos E.R.]

Is there a reason for not finding relatively cheap tablets or phones
with the most recent Android version?

Just wondering.

--
Cheers, Carlos.

[Joerg Lorenz]

Am 14.02.22 um 21:49 schrieb Carlos E.R.:

The manufacturers need a reason for consumers to spend *more* money on
newer models. That is good for the margin.
> Just wondering.

That was easy.

--
De gustibus non est disputandum

[Andy Burnelli]

On 14 Feb 2022 20:13:15 GMT, David wrote:

> Should I avoid Android 10 (a couple of years old now) because of lack of
> long term support?

Android 10 is just fine.
Android 10 can do almost anything (if not everything) Android 11 or 12 can
do.

Besides, what is it that you want to do?

Because it's not the Android version that matters anyway.
It's how fast the CPU is, and how much RAM, and how much storage, etc.

The Android version is almost completely meaningless.
Why?

Because almost everything you can get in any version.
Just like with all operating systems _other_ than iOS.

It's only iOS that the version matters.
A lot.
(And that's because of Apple's primitive clusterfuck release methods.)
--
Personally, I suspect this is a troll, but the advice is the same anyway.

[Andy Burnelli]

On Tue, 15 Feb 2022 08:58:43 +0100, Joerg Lorenz wrote:

> The manufacturers need a reason for consumers to spend

I give this thread a 90% chance of being a kindergarten troll.
With Android, the version is the least important thing to worry about.

*What's _more_ important is _what functionality_ does the OP want.*

He didn't say.
But almost everything he "can" want, is in _every_ Android version.

So the Android version doesn't matter to anyone intelligent.

It's only the Apple iOS devices which _need_ the latest versions.
And even that is only because of Apple's primitive update mechanism.

They have to update the entire iOS just to fix a single line of code.
No modern operating system use that primitive of an update mechanism.

[David]

The question (hopefully) includes the importance of OS updates to counter
threats.

I have thankfully never had an Android device compromised (as far as I
know) but technology moves inexorably onwards.

If the consensus is that keeping the OS up to date is a minor issue when
the applications are regularly updated via the Play store, then that is
the kind of information that I was looking for.

[David]

Yes, me too.

Given the vast number of unknown names and similar specifications coming
up on searches, all with Android 10, there could well be a Chinese
production line churning them all out which sees no point in going through
the pain of an OS upgrade cycle to their standard product.

[Theo]

David <wib...@btinternet.com> wrote:
> The question (hopefully) includes the importance of OS updates to counter
> threats.
>
> I have thankfully never had an Android device compromised (as far as I
> know) but technology moves inexorably onwards.
>
> If the consensus is that keeping the OS up to date is a minor issue when
> the applications are regularly updated via the Play store, then that is
> the kind of information that I was looking for.

There's at least 4 parts to this:

Apps - usually updatable via the Play Store or other app store

Middleware (eg Google Play Services) - increasingly updatable via the Play
Store

Kernel and drivers - typically only updated by the silicon vendor for the
lifetime of the silicon (eg 3 years for most Qualcomm). The device vendor
has to approve them, which they may not if they no longer support the
device. It is very hard for device vendors to support a device past the end
of the silicon vendor support period (although LineageOS and Fairphone try).
Some updates can now be pushed via Play Store

Major OS updates - need substantial work by the device vendor (less than
they used to for devices running vanilla Android, but still QA etc), usually
only happen within the device's supported lifetime. Often the period in
which devices get major updates is much less than their security update
lifetime.


Vulnerabilities can come in all layers of this stack - while it's good that
apps and middleware are easy to update, the kernel is still exposed to apps
and so if you do get a malicious app it can try exploits against the kernel
and device drivers you're running. So either you try to keep them up to
date, or you're very circumspect about the apps you do run.

Less frequently there are OTA vulnerabilities that can be attacked from
wifi/Bluetooth/LTE/etc. For those nothing but an update will help.

Theo

[Andy Burnelli]

On 15 Feb 2022 12:37:59 GMT, David wrote:

> The question (hopefully) includes the importance of OS updates to counter
> threats.

I already said it, and others did too, that the Android version has
_nothing_ whatsoever (AFAIK) to do with the "counter threats" need you
claim.

At least not directly, as the version doesn't fix individual threats
(AFAIK). The version simply adds features (most of which, and in fact,
almost all of which, can be added separately to the older versions too).

On iOS you can't get the default browser bug fixes without getting an entire
new iOS update, but on Android you can get the default browser bug fixes
without getting an entire Android OS update. You just download Chrome.

> I have thankfully never had an Android device compromised (as far as I
> know) but technology moves inexorably onwards.

Like most people here, I've had most of the Android versions, and, while
every once in a while there is a "bump", they are all about the same (IMHO).

The only "big bump" in security is Android 10, IMHO, since it has Project
Mainline which updates about two dozen core Android modules over the net.

That update is forever, as far as anyone (yet) has been able to show.

> If the consensus is that keeping the OS up to date is a minor issue when
> the applications are regularly updated via the Play store, then that is
> the kind of information that I was looking for.

The apps?
Unlike with iOS, with Android you can get app fixes individually.

If the default messaging app has a bug, not only can you change it on
Android, but you can update it independently of the operating system.

The only help I need to figure out exactly are the Android Security Patches,
which I'm going to leave it to people who know more than I do like Andy
Burns to answer that one, but nobody is getting malware left and right on
Android.

I install hundreds of apps on my phone (up to around 700) and to my
knowledge, I've never seen malware in action (of course anything can be
happening in the background).

I do run a free system firewall though, which is something iOS can't do
anywhere nearly as easily as does all other operating systems.

But I don't run an anti-virus program, and I doubt many people do.
Do they?

[Andy Burnelli]

On 15 Feb 2022 14:12:36 +0000 (GMT), Theo wrote:

> There's at least 4 parts to this:

There are at least a _score_ of parts, where I've broken down the most
important Android-specific components into three different versions.
a. The Android version
b. The Android Security Patch version
c. The Google Play System Update version

That's only the Android-specific stuff (and yes, there are more, but those
are the big three as far as I can tell with consultation with Andy Burns).

> Apps - usually updatable via the Play Store or other app store

I would break this down into _two_ different kinds of apps, but probably
more so because the iKooks are always claiming their primitive update
mechanism gives them "frequent updates", but that's because a bug in Safari
requires the entire operating system to be updated, so they should be
getting iOS updates every single day.

The two _types_ of apps I would claim are updated over Google Play are:
a. Default apps (aka key apps, aka non-removable apps, perhaps)
b. User apps

Yes, I know there are carrier apps but I lump them into "Default apps".
A Default App for Android might be any of the following:
a. The Chrome browser
b. The message app
c. The launcher
d. The search widget
etc.

The distinction needs to be made because anyone "worried" about Android
updates is often an iOS troll who is claiming the superiority of the
primitive monolithic update mechanism of iOS which can't even fix a Safari
bug that was published in January until a week later because they had to
rush out the entire iOS update.

Android (and all other operating systems other than iOS) uses a layered
approach, where the default apps are _also_ found in the App Store.

So if there is a bug in an app, you just download the new version.
It happens every day so most people have that set to do it automatically.

> Middleware (eg Google Play Services) - increasingly updatable via the Play
> Store

Google calls these the "core modules", which Andy Burns and I have been
discussing separately, where the OP can google for "Project Mainline".

As far as anyone knows, so far anyway, these are updated forever.
You don't even notice the updates. They happen in the background.

> Kernel and drivers - typically only updated by the silicon vendor for the
> lifetime of the silicon (eg 3 years for most Qualcomm). The device vendor
> has to approve them, which they may not if they no longer support the
> device. It is very hard for device vendors to support a device past the end
> of the silicon vendor support period (although LineageOS and Fairphone try).
> Some updates can now be pushed via Play Store

Look up Project Treble.
Qualcomm supposedly updates the firmware over Google Play nowadays.
I don't know much more about that though so let us know what you learn.

Note: It would be a good thread to ask _how_ we can tell which Qualcomm
firmware driver we have on our systems (mine isn't Qualcomm unfortunately).

> Major OS updates - need substantial work by the device vendor (less than
> they used to for devices running vanilla Android, but still QA etc), usually
> only happen within the device's supported lifetime. Often the period in
> which devices get major updates is much less than their security update
> lifetime.

This is, I think, what I'd call the "Android version", and my point on that
is that it's nice to be able to update it, but almost every feature in the
newer version is often available for download on an older Android version.

That's why I posit the Android version doesn't matter all that much.

It's not like iOS which has a cutoff and you can no longer run any apps,
which isn't a decreed cutoff mind you, but it exists very definitely so.

> Vulnerabilities can come in all layers of this stack - while it's good that
> apps and middleware are easy to update, the kernel is still exposed to apps
> and so if you do get a malicious app it can try exploits against the kernel
> and device drivers you're running. So either you try to keep them up to
> date, or you're very circumspect about the apps you do run.
>
> Less frequently there are OTA vulnerabilities that can be attacked from
> wifi/Bluetooth/LTE/etc. For those nothing but an update will help.

Overall, I assess Android has at least a half dozen core update layers
1. User apps are often updated forever (and very many are open source);
2. Key apps like Chrome are updated forever (some of those are open source);
3. Firmware (such as the Qualcomm modem firmware) are updated by Qualcomm;
4. Security updates (these are sometimes monthly or quarterly for years);
5. Android versions (these are what changes Android 11, say, to Android 12);
6. Core modules (updated either over GPS on the net or OTA by partners);
7. In addition, all core modules are donated to AOSP to maintain forever.

On my Android 11 Samsung Galaxy A32-5G there are additional update layers:
Settings > About phone > Software information >
<https://i.postimg.cc/4ymqRF7n/updateallapps11.jpg>

Notice there are additional Android sub components listed there.
1. Android version
2. Google Play system update
3. Baseband version
4. Kernel version
5. Build number
6. SE for Android status
7. Knox version
8. Service provider software version
9. Carrier configuration version
10. Security software version
11. Android security patch level

I think, perhaps, the three most important might be these though:
*Android version*
*Google Play system update*
*Android security patch level*
--
Every post to Usenet is a team sport which should strive to add value.

[Andy Burns]

Andy Burnelli wrote:

> Theo wrote:
>
>> Middleware (eg Google Play Services) - increasingly updatable via the Play
>> Store
>
> Google calls these the "core modules", which Andy Burns and I have been
> discussing separately, where the OP can google for "Project Mainline".
>
> As far as anyone knows, so far anyway, these are updated forever.
> You don't even notice the updates. They happen in the background.

I had another dig about today.

Using "adb sh", I can see the .apex files in /system/apex
I copied one over USB using "adb pull"
renamed it from .apex to .zip
extracted it, nothing in the manifest seems to have timestamp or version info

looks like I need to copy the .img file to a linux box, so I can loop-mount it
as an ext4 filesystem ...

[Andy Burnelli]

On Tue, 15 Feb 2022 17:35:23 +0000, Andy Burns wrote:

>> As far as anyone knows, so far anyway, these are updated forever.
>> You don't even notice the updates. They happen in the background.
>
> I had another dig about today.
>
> Using "adb sh", I can see the .apex files in /system/apex
> I copied one over USB using "adb pull"
> renamed it from .apex to .zip
> extracted it, nothing in the manifest seems to have timestamp or version info
>
> looks like I need to copy the .img file to a linux box, so I can loop-mount it
> as an ext4 filesystem ...

Thanks Andy, for trying to find the answer as I ran a search and Google
doesn't seem to mention it anywhere publicly the two things we want:
a. How to tell when/if Google Play System Update has updated anything
b. How to tell the current version for each of the 25 core modules.

I'm still hoping an app exist that will tell us this information.
I looked today and noticed that your app of choice says this:
<https://i.postimg.cc/7hZrrSwc/treble01.jpg>
Notice it says I am "supported" for Treble updates, which we know to be the
firmware that the hardware supplier (often Qualcomm) provides over Google
Play System Updates.

But then the question becomes _how_ to find the firmware version it updates?
<https://i.postimg.cc/Kv4h9793/treble02.jpg>

I don't know.
When/if you find out how, I'd love to be the first to know!
--
Every post should add value (I should write for an Android magazine).

[Carlos E.R.]

I don't think it is minor.

As the OS gets older, there are also fewer other updates.

For example, my Motorola G6+ (Android 9) got its last update on November
2020 (security patches (PPW29.116-20-28, whatever that means); and my
notes say it was patches till July 2020, so they were not fast at delivery).

I have detected things that stopped to work and that I use, Like Android
Auto. If I ask Motorola they will say it is too old. I bought it
somewhere during the summer of 2018, so it is now on its 4th year.


My tablet got its last security patch on October 2016. It is Android 6,
an Asus. I don't remember when I bought it.


--
Cheers, Carlos.