TL;DR: google is moving from monthly to quarterly security updates
My Linux laptop gets an update almost every other day. Why can’t Android?
My understanding is that Android has shitloads of out of tree modifications to the open source projects it relies on, then every single device manufacturer has even more out of tree modifications to Android and aligning all of these modifications of modifications of modifications of open source projects whenever the mainline project gets an update takes a ton of time and testing, and ultimately managing to get all of that done within a few weeks of an upstream update is a massive headache.
Basically it all comes back to the original sin where Google decided not to force hardware manufacturers to open source their device drivers and let the drivers exist out of tree. And while Google could still make it happen, they choose not to likely because a truly open ecosystem can lead to devices running forks of Android with Android app compatibility (like Amazon’s FireOS) which then might reduce Android market share and therefore app store recenue
While at the same time clamping down on sideloading.
Pick a fucking lane dickheads.
Noooooo but it’s for your security bro trust me!
But also sharing the exploits with OEMs ahead of time
And malicious actors all over the world. Don’t forget that they are also sharing exploits with malicious actors all over the world, several months before deploying fixes for those exploits.
What could possibly go wrong?!
