I sent the below to Google just now, after a very helpful phonecall with a support guy called, I think, Cedric:
Hi
Had an experience two days ago, walking along the street, where I feel someone external to my Pixel XL 1st Gen took control of my Chrome browser or Google Maps (can’t remember which).
I have been notified of what are now Android 10 updates frequently, and similarly notice that January 2020 is the last one for my phone. However, I also have realised that security updates are as old as October 2019. Checking the Android website, I see that severe security patches have been delivered for Android and other Pixel phones since then. This means my own phone has been functionally updated but not from a security point of view for over two months now.¹
If I WAS hacked two days ago, I could equally be hacked today or tomorrow, as I have currently no way of updating security.
If I were litigious, I would consider taking Google to court for prioritising functionality beyond security, and with the operating system updates, unintentionally perhaps giving the impression – as is customary in the rest of the sector – that security updates always go on for longer than op sys ones.
I am definitely not litigious, but supportive of continuous improvement everywhere. So here’s my suggestion for Pixel 2, when its time comes: firstly, deliver security updates longer than functionality and op sys ones. And secondly, match Apple in the time it supports its hardware, more than anything to help the sustainability of this beautiful rock we still have the privilege to live on.
____________________
¹ Clearly, I will be manually resetting and installing an alternative version of the op sys ASAP. I was helpfully assured it was possible, and as I pointed out, knowing something exists always makes finding it easier and more pleasurable. 😎 No?
eiohel 