We all know that Manufacturers and CellCos are very slow at updating Android (if they update at all). The updates in addition to adding features these updates also include security updates. Recent news shows that 50% of Android devices have known unpatched vulnerabilities (http://news.cnet.com/8301-1009_3-57512467-83/report-half-of-android-devices-have-unpatched-holes/).

This got me thinking NZ has the Consumer Guarantees Act. Which does say something along the lines of if there is a fault in the product you have purchased the versatile either has to fix it (which they can only do by providing the latest Android update) or to replace (which will only help if it is brand spanking new phone model) or provide you with a refund. Consumer Magazine says that the expected life span of a phone is five years (http://www.consumer.org.nz/reports/appliance-life-expectancy/lifespan-electronics) and they a respected independent body for providing the expected life span for the use in the CGA.

There is a app http://www.xray.io/ which will identify currently eight different privilege escalation  vulnerabilities on Android phones (there are more security than this and the default release notes seem to always say security fixes). This app would provide a easy way to walk into a store and show someone in a repeatable way the (security) fault with your phone. So I was wondering if anyone had all ready tried this method and what success that had?

I got my current phone from a NZ Online retailer, so I will be writing them up an email soon. I am just going down the security update path because they are faults in the product. Feature updates you can't really define as a fault, so leaving those to the side and focusing on the security ones.