It's an ongoing surprise to me that I don't see google doing more to ensure these are out to end users quicker. Android must pretty much be the only OS used by consumers in large quantities where security patches are almost completely overlooked. 

This coming from a self professed fanboy of Android, and a general disliker of all IOS.

gzt: Nexus wins again.

ditto

thats why i love my nexus 7

There are a few OEM's that have said they would keep up with monthly patches, samsung being one of them.  What i have found is that the telco's seem to be holding things up.  I have twice message spark about new firmware for s7 edge and both times have had them come back that they are testing android 6.01 for older phones and will get to the security updates when they can.  I find this unacceptable when samsung has said that flagships will get the monthly updates.  If a telco can not keep up with security patch testing then they need to stop interfering with firmware on devices.  Holding up security patching so their splash screen and apps are baked into the rom is not acceptable.

If they want to put in their custom splash screen and apps then have the staff employed to do the testing for faster releases.  If the OEMs have promised to release monthly updates then it's up to the telco's to also make sure they are.  

There has been no update on any nz telco for s7 edge etc from release yet the non branded firmware in Australia have had monthly updates (saying that however July's is currently MIA, could have something to do with the early android 7 talk currently around). 

So it's not always the OEM's issue, the telcos need to make sure they can get things tested on their custom firmware otherwise sell non branded phones that get patched from the OEMs.

I've recently moved my S4 to Resurrection Remix, a CyanogenMod based ROM made to help older phones last longer. It's available for many phones. It's based on Android 6.01 and get regular patches. Performance is a bit better than Touchwiz, battery life is about the same, but it's fully patched. Installation was pretty easy, but you have to follow the instructions precisely, including a full format. Not for the faint-hearted as you can probably brick your phone if you do it wrong.

freitasm: And this is a problem. Security shouldn't be something for the non-mainstream hearted.

Yes, the phone manufacturers should provide updates. I guess when you release so many varients, and each one can be customised, it would take a lot of effort if there wasn't good automation in place regarding build and test.

BlackBerry, Sony, and Xiaomi have been pretty good at keeping up with the patches. Still boggles my mind that phone manufacturers make this much harder for themselves than it needs to be, with endless regional SKUs and unnecessary - unasked for - local-market customisation. What Apple do is not revolutionary or difficult.

tripp:

 

What i have found is that the telco's seem to be holding things up.

Can't speak for Spark, but when I was there, Voda's testing and approval process took a week at max. The delays were all on the manufacturers' ends*.

Went a little like this:

"When are we getting a new build? Enterprise customers are concerned about recently-publicised vulnerabilities." "Dunno."

"Okay, it's approved, when will you roll it out OTA?" "Dunno."

From the big vendors' perspectives, NZ is a tiny market and its region-specific SKUs are low on the priority chain for updates. Several have said this to me directly. I don't like that at all, but that's how it is. Right now, the truth is that you have to choose between suitability for/reliability on local networks, and frequency of security patches.

*Except that one time HTC decided they'd ship a single flagship SKU with a unified software build to AU and NZ, then found they couldn't roll updates to any of them until every telco in both markets had approved said updates...and naming no names, but some telcos are great at dragging their feet in the name of user experience.

August is out already too: https://source.android.com/security/bulletin/2016-08-01.html

Honestly, android sucks for updates. Even my nexus takes till the end of the month to get updates when they are released. At least it gets them though.

Dingbatt: Once again a reason to split OS-Skin-Radios so that each can be patched individually and without the need for the arcane provider approval process where the blame merry-go-round between Google/manufacturer/provider seems endless.

This. iOS has the concept of "Carrier Settings" which can be updated independent of the device software. Surely this is a better model for the carriers.

iOS doesn't have the concept of skins/branding/carrier apps, which IMO is a really good thing - but can't see that going away in Android any time soon.

I love my Nexus devices, and the fact that gives me the right experience in terms of being at arms-length from the carrier, and frequent updates, but it does mean I am far more limited in my device choice.

I believe Spark is working on releasing security and malware services for Spark Broadband and Mobile customers

ajobbins:

 

Dingbatt: Once again a reason to split OS-Skin-Radios so that each can be patched individually and without the need for the arcane provider approval process where the blame merry-go-round between Google/manufacturer/provider seems endless.

 

This. iOS has the concept of "Carrier Settings" which can be updated independent of the device software. Surely this is a better model for the carriers.

 

iOS doesn't have the concept of skins/branding/carrier apps, which IMO is a really good thing - but can't see that going away in Android any time soon.

 

I love my Nexus devices, and the fact that gives me the right experience in terms of being at arms-length from the carrier, and frequent updates, but it does mean I am far more limited in my device choice.

 

Windows 10 Mobile implemented this as well. OS updates are separate from Radio/firmware updates that would affect Carriers. Means everyone gets updated on Patch Tuesday same as Windows on the desktop.

I also don't understand the bizarre update method of Android not using cumulative updates. I should get one and be on the latest update. My nexus went through 7+ rounds of updates when I bought it. Took most of an afternoon with the optimizing apps step.