Maria Sophia wrote:
The UK, as you know, forced Apple & Android OEMs to promise "support".
Under the UK PSTI regulations, "support" has a very narrow, legally enforceable definition: it is the "Defined Support Period" for which
security updates will be provided to keep the product safe from vulnerabilities. <https://www.legislation.gov.uk/uksi/2023/1007/data.html>
As far as I understand the UK's consumer-protection rules, they only
require manufacturers to publish minimum guaranteed support periods.
But what is the Samsung/Google definition of "support"?
The problem, as I see it, is that promise of "support" is meaningless when written by a clever lawyer (witness WinXP was 'supported' for ~18 years).
What I see from Samsung & Google are promises of "support".
Which, is meaningless at face value (all they have to do is fix one bug).
Samsung does promise 7 years of Android OS upgrades as part of "support".'
<https://sammyguru.com/these-galaxy-phones-are-eligible-for-seven-years-of-updates/>
An S24 ships at 14 so that gets updated to 14->15,16,17,18,19,20,21.
Samsung also promises "7 years of One UI feature updates" (big deal).
And, "7 years of security updates", whatever that really means.
Does that include regular feature updates and all known security patches?
As far as I can tell, Samsung's promise is almost completely meaningless. Samsung apparently does not promise:
a. To fix every known bug
b. To maintain all older Android branches simultaneously
c. To keep monthly patch frequency for the entire 7 years
d. To update every subsystem (camera, modem, GPU drivers)
If all Samsung needs to do is fix one bug in those 7 years,
they've fulfilled their promise, which makes it a meaningless promise.
All you get, it seems are OS & GUI upgrades, and "some" security patches.
We could "guess" that a 'security patch' includes all known security vulnerabilities but where does it say that in Samsung's promises?
We already know the unsaid patch frequency may slow (from monthly to quarterly to biannual for older devices) which is unsaid in the promise.
And it's highly unlikely to be on all parallel releases.
It's probably only on the current Android version, right?
Same questions go for Google's Pixel 8/9/10 support window.
<https://blog.google/products-and-platforms/devices/pixel/software-support-pixel-8-pixel-8-pro/>
Here's my assumption:
1. All known functional bugfixes? No
2. All known 0-10 CVEs? No
All known 9-10 critical and 7-8 high CVEs? Yes
3. OS Updates? As many as fit in those 7 years
4. Monthly schedule? Yes at first, then not so fast later for Samsung
For Google, it just might be monthly all along (do you concur?)
5. Simultaneous releases? No. Fixes only to the current release
6. Starting gun? Samsung = UK launch date, Pixel = sold in Google Store
7. Feature drops? Probably no for Samsung save for the UI & Yes for Google
(as Google controls the entire line while Samsung depends on others)
But what the hell do I know.
I'm just guessing.
And I hate guessing.
Because we will always guess wrong(ly).
There's little need to guess. Here's the details of the Samsung degraded 7-year support which I shared with you last month. Seems to have finally
sunk in.
https://security.samsungmobile.com/workScope.smsb
You'll see at the bottom of the page how models are separated into those
that get monthly updates and those that only get quarterly updates. That support includes having a known vulnerable phone for up to two months
without a patch.
Chris <ithinkiam@gmail.com> wrote:
There's little need to guess. Here's the details of the Samsung degraded
7-year support which I shared with you last month. Seems to have finally
sunk in.
https://security.samsungmobile.com/workScope.smsb
You'll see at the bottom of the page how models are separated into those
that get monthly updates and those that only get quarterly updates. That
support includes having a known vulnerable phone for up to two months
without a patch.
However, as that page says:
"As of January 2024, we are extending our security update support for
Samsung Galaxy devices by up to 7 years, to help our users enjoy the latest Galaxy experiences longer and securely."
That refers to future devices, not devices then or previously on sale. As
we haven't reached 2031 yet, we don't know at what point devices sold in
2024 will received fewer or no security updates - they're only 2 years old
at this point. I think the prior update offering was 4 years for flagships, so we'll only find out in 2029 whether the 2024 flagships get more than 4 years.
Maria Sophia wrote:
Pixel 8 and up
I know you're not particularly interested in older devices, but the 7
year support period was introduced once google moved to their "own
brand" Tensor SoCs, where previously the various SoCs they used were
only supported for 3 years.
google have tended to slightly over-deliver on the 3 year support
period, e.g. my P3 and P5a each received at least one "bonus" firmware upgrade outside the expected window. Maybe they will think that 7 years
is long enough and won't require such "bonus" updates?
Chris wrote:
Agreed. This is all uncharted territory for Samsung (and Google) as like
you say they've never supported anything longer 4 years.
We'll also find out if after 4 years it's only security updates or whether >> they'll still support new versions of Android.
This is a good discussion to have on the Android newsgroup because nobody here will try to defend Google (or Samsung) to the death, no matter what.
So we can talk about facts here (which can't be attempted on Apple ngs).
To help get Apple users "over here", I let them know about this discussion.
It's clear NO OEM historically had "fully supported" phones for more than,
at most, an average of ~5 years for iPhones & much less for Android phones.
So 7 years beats Apple by a mile,
although the longest fully-supported
iPhone (that reached EOL by today) was iPhone XS / XS Max at 6.99 years.
Looking at the UK letters, it's clear the promised minimum timeline is:
iPhone === Minimum 5 years from the first supply date
Pixel === 7 years of "Security Updates, OS Updates & Feature Drops
Galaxy S === 7 years of "Security Updates & Android OS Upgrades"
What this means, at the highest level, is Apple is promising pretty much
what Apple has delivered in the past (on average) but Google & Samsung are stepping up, way, way, way over what they've delivered in the past.
Google/Samsung are equalling Apple's admittedly stellar XS/Max support!
This is good for everyone.
The problem is defining exactly what a "security update" really means.
I'm going to have to assume that "security updates" doesn't mean all bugs.
a. It likely doesn't even mean all CVEs (but that's just a guess).
b. It perhaps likely simply means CVEs of 8 to 10 (again, just a guess).
Is there a definition that the three OEMs used for "security updates"?
I'm focusing only on the current set of "new" post 2024 devices.
a. iPhone 15 and up
Minimum 5 years from the first supply date (Sept 22, 2023)
I haven't found any Apple definition of the CVE-selection process.
<https://www.macrumors.com/2024/06/06/apple-iphone-security-updates-five-year-minimum>
Apple doesn't seem to have a "fade away" period at the end.
Apple simply summarily drops full support when the next OS ships.
b. Pixel 8 and up
7 years of "Security Updates, OS Updates, and Feature Drops.
Google defines this internally as addressing all issues listed
in the Android Security Bulletin (ASB)
<https://source.android.com/docs/automotive/security/mfg_guide>
As for the fade-away problem...
In year 7, they are technically still committed to the "Monthly
Bulletin," but their hardware partners (modem/GPU vendors) often
stop providing patches for the "bottom" layer of the phone,
meaning Google can only patch the Android Framework (the software),
not the Firmware (the hardware drivers).
<https://source.android.com/docs/security/bulletin/pixel>
c. Galaxy S24 and up
7 years of "Security Updates and Android OS Upgrades"
Internally, Samsung divides updates into "Security Maintenance
Releases" (SMRs). These include Google's patches + Samsung's
own "SVE" (Samsung Vulnerabilities and Exposures).
<https://www.sammyfans.com/2026/04/06/samsung-april-2026-security-patch-details/>
Samsung seems to be the most transparent about the "fade away" problem.
That's likely why all of us know how only Samsung works on fade away.
Their policy explicitly moves phones from Monthly to Quarterly to
Biannual updates as they age. By year 6 or 7, we are almost certainly
only getting "Critical" (9-10) fixes twice a year.
So, for fade away, "my" summary (open to correction) appears to be:
iPhone === It's a cliff. You're either fully supported, or not.
Pixel === Near the end, your monthly updates are no longer monthly
Galaxy S === Near the end, your monthly updates are quarterly to bi-annual
each manufacturer controls
different depths of the software and hardware stack that needs updating.
Looking it up specifically for Google, apparently Google controls
a. The Android OS (but it's also shared with OEMs)
b. The services layer (Search, Maps, Gmail, Photos, Assistant, Play Store)
c. SoC design direction (Tensor G3 is Google-designed at the architecture
level, with custom TPU and ML subsystems)
d. The AI/ML accelerators (Google's custom TPU in the Tensor chips)
e. Security subsystem (Titan M2 security core is Google's own design)
Andy Burns <usenet@andyburns.uk> wrote:
Maria Sophia wrote:
Pixel 8 and up
I know you're not particularly interested in older devices, but the 7
year support period was introduced once google moved to their "own
brand" Tensor SoCs, where previously the various SoCs they used were
only supported for 3 years.
That's incorrect. The Tensor Pixel 6 and 7 got 5 years of support, the 7 years of support came in with the Pixel 8 series.
According to endoflife.date/pixel:
Pixel 6:
Released: (28 Oct 2021)
Discontinued: (06 Oct 2022)
End of Android updates: (01 Oct 2026)
End of security updates: (01 Oct 2026)
Pixel 7:
Released: (13 Oct 2022)
Discontinued: ?
End of Android updates: (01 Oct 2027)
End of security updates: (01 Oct 2027)
Pixel 8:
Released: (04 Oct 2023)
Discontinued: ?
End of Android updates: (01 Oct 2030)
End of security updates: (01 Oct 2030)
The 6 and 7 were originally only announced with 3 years of Android updates and 5 years of support, but Google decided it was easier to give them 5
years of Android updates rather than have to maintain separate forks of
older OSes. But it's likely the 6 will fall off the wagon in October.
google have tended to slightly over-deliver on the 3 year support
period, e.g. my P3 and P5a each received at least one "bonus" firmware
upgrade outside the expected window. Maybe they will think that 7 years
is long enough and won't require such "bonus" updates?
I think it likely they don't release an extra Android update, eg if the support window ends 1 October, they might get a bonus security update in October/November but they won't get the Android N+1 update that people with newer phones get.
It's possible they also do the thing Apple does which is release patches for the worst problems even after the official support window has closed. eg
the 4a and 6a have battery issues. In theory the 4a fell out of support 5 Aug 2023 but the most recent update is January 2025 - in part to reduce the fire risk from the batteries.
Theo
.
Theo wrote:
It's possible they also do the thing Apple does which is release patches for
the worst problems even after the official support window has closed.
Hi Theo,
I won't argue at all with anything you said as it's all reasonable, but I
do want to make the point very clear, especially since the Apple newsgroup posters think it's God like that Apple does what everyone else does, that every single OEM releases a patch years after support has officially ended.
Most of the Apple posters misunderstand that releasing a patch for the most egregious bugs years after support ends is NOT in any way full support.
Chris wrote:
lol Maria Sophia <mariasophia@comprehension.com> wrote:
Chris wrote:
Agreed. This is all uncharted territory for Samsung (and Google) as like >>>> you say they've never supported anything longer 4 years.
We'll also find out if after 4 years it's only security updates or whether >>>> they'll still support new versions of Android.
This is a good discussion to have on the Android newsgroup because nobody >>> here will try to defend Google (or Samsung) to the death, no matter what. >>>
So we can talk about facts here (which can't be attempted on Apple ngs).
The only reason is being your very poor understanding of "facts".
To help get Apple users "over here", I let them know about this discussion. >>They'll be thrilled. I'm sure.
It's clear NO OEM historically had "fully supported" phones for more than, >>> at most, an average of ~5 years for iPhones & much less for Android phones.
That's terrible language. You're mixing "more than" with "at most" and
"average". No absolute number will fit all three.
Being precise we do know that the *mean* support of Samsung S-series and
Google Pixel phones is around three years. I can no longer find the details >> as you refused to post them here. For iphones the average is 5.5 years
across every single iphone since v1 (nearly 20 years of data) or 6.5 years >> for the last 10 years.
So 7 years beats Apple by a mile,
Empirical data contradicts your statement.
although the longest fully-supported
iPhone (that reached EOL by today) was iPhone XS / XS Max at 6.99 years.
And it's worth noting that they keep getting security updates for longer.
The XS series have recieved all the updates more recent models have as
well. Your definition of EOL is narrow and inconsistent. Arguably the XS
models are still fully supported 7.5 years after release.
So, for fade away, "my" summary (open to correction) appears to be:
iPhone === It's a cliff. You're either fully supported, or not.
False. Which I have shown you multiple times.
Pixel === Near the end, your monthly updates are no longer monthlyThen there's also project mainline in the mix. Is there truly any
Galaxy S === Near the end, your monthly updates are quarterly to bi-annual >>
(objective) way to know whether an (android) phone is fully patched or not? >>
As Carlos's thread highlights, there's massive inconsistencies between
manufacturers.
Hi Chris,
I see you added the Apple newsgroup, so the tone of this article changes.
The fact is Apple drops full support the instant the next release ships.
This is Apple's own documented policy & it is backed up in the record. https://arstechnica.com/gadgets/2022/10/apple-clarifies-security-update-policy-only-the-latest-oses-are-fully-patched/>
<https://screenrant.com/apple-product-security-update-lifespan/> <https://support.apple.com/en-ph/guide/security/sec87fc038c2/web> <https://support.apple.com/en-us/HT201224> <https://www.androidauthority.com/iphone-software-support-commitment-3449135/>
etc.
The question here, is how do Apple competitors handle full support.
The Pixel isn't really an iPhone competitor but we included it below.
iPhone 15(+) === Minimum 5 years from the first supply date
Pixel 8(+) === 7 years of Security Updates, OS Updates & Feature Drops
Galaxy S(+) === 7 years of Security Updates & Android OS Upgrades
Where things get messy is how each vendor defines "security support".
Google uses the Android Security Bulletin; Samsung layers SMRs and SVEs.
If Apple publishes a CVE-selection policy, I need your help to find it.
<https://support.apple.com/en-us/100100>
Google does not publish a narrative policy but the bulletin structure is
the policy. .
Specifically, for the Pixel's 7 years of security support...
1. Pixel updates include all issues listed in the corresponding
month's Android Security Bulletin.
2. Google also includes Pixel-specific patches not in the ASB,
grouped by subsystem (modem, baseband, bootloader, GPU, etc.).
3. Each CVE entry includes severity, type, subsystem, and references
to AOSP changes when applicable .
<https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01>
Samsung's process is more complex than Google's selection policy.
Specifically for the S24's 7 years of security support...
1. Samsung updates all CVEs from the Android Security Bulletin
2. Samsung-specific SVEs (Knox, One UI, Exynos, Samsung services)
3. Plus chipset-vendor CVEs when applicable
All prioritized by severity, with Critical and High addressed first. https://docs.samsungknox.com/admin/fundamentals/whitepaper/samsung-knox-mobile-security/security-operations/vulnerability-reporting/
Apple's policy is the simplest of all since it doesn't exist.
In fact, Apple's policy is literally to not have a policy!
"Apple doesn't disclose, discuss, or confirm security issues
until an investigation has occurred and patches or releases
are generally available." <https://support.apple.com/en-us/100100>
Apple publishes lists of CVEs fixed in each update, but never the criteria for choosing them. As such Apple is the only major vendor that refuses to provide a transparent, standardized commitment to which CVEs they will
patch on older versions.
Note: Apple acknowledges in their own Platform Security Guide that "not all known security issues are addressed in previous versions." <https://support.apple.com/guide/deployment/about-software-updates-depc4c80847a/web>
This is Apple throwing the previous iOS version off the cliff in support.
Bob Martin wrote:
My Pixel 7 had a security update last month, but the last Android update
was last year and the phone says it won't get any more.
It should get v17 this year, and likely v18 next year.
Theo wrote:
Most of the Apple posters misunderstand that releasing a patch for the most >>> egregious bugs years after support ends is NOT in any way full support.
That's correct, but you have to measure the time in which they do get OS
version updates, which is typically longer than most non-flagship Androids: >> https://endoflife.date/iphone
Rest assured there is a thread authored by me for each and every iPhone
ever released in Apple's history, where I know EXACTLY how long support is.
It's nowhere near what journalists claim.
Why not?
Because they don't understand how Apple supports releases.
The instant a major release ships, Apple throws full support away.
iOS 26 is the most recent, and that goes back to the iPhone 11 series (2019) >> that were released in 2019. Therefore they de-facto have at least 6.5 years >> of support, and probably 7 until a likely iOS 27 release in September. The >> XS and XR series (2018) are on the prior iOS 18 but still getting security >> patches (perhaps not all of them), which could be viewed as 'extended
support', but still 7 years of OS updates.
Stop it. Just stop it. I spent my energy explaining that (almost) every OEM releases a random patch. Apple isn't special in that regard. Stop it.
People believe too much of the Apple propaganda.
(Almost) everyone releases a random patch every once in a while but only
when talking about Apple is that considered "extended support".
Please do not propagate the bullshit.
I really mean it.
There's too much bullshit that people spew about Apple 'support', most of which is based on Apple's (admittedly stellar) marketing propaganda.
Again, we have a fact-based thread, one for EVERY SINGLE IPHONE that has reached EOL for full support on the Apple newsgroup.
No amount of bullshit is going to turn an average of 5 years into more.
Before those, the 8 series and X
(2017) lasted in official support until March 2025, so that's 7.5 years of >> support - or if you count full OS versions it's 2017 (release) to 2023 (iOS >> 17, which they didn't get).
Theo. I like you. But I'm adamant. Stop it with the bullshit. Just stop it. Saunter over to the Apple newsgroup and *look* at the threads on this.
There is an individual thread for each iPhone ever released by Apple.
The average is 5 years.
The longest is 6.99 years.
PS I apologize, Theo, for being brutal, but I'm sick of the Apple BS.
I've done the math.
I posted it all to the Apple newsgroups.
They've had their chance to "refute" it and they can't.
Because it's correct.
Chris wrote:
The instant a major release ships, Apple throws full support away.
False.
Read this before you deny Apple's own documented policy on full support. <https://arstechnica.com/gadgets/2022/10/apple-clarifies-security-update-policy-only-the-latest-oses-are-fully-patched/
Chris wrote:
The instant a major release ships, Apple throws full support away.
False.
Read this before you deny Apple's own documented policy on full support. <https://arstechnica.com/gadgets/2022/10/apple-clarifies-security-update-policy-only-the-latest-oses-are-fully-patched/
Chris wrote:
You always deny empirical fact and prefer other people's opinions.
Hi Chris,
On an Apple newsgroup, denying all facts works but not here, on Android.
*All of us have discussed the empirical facts in this very thread*
Which of those empirical facts are you claiming don't exist in this thread?
Theo wrote:
There is a long history of
that going back to older iPhone models, eg:
5: released 21 Sep 2012, last iOS=10, iOS 11 released 19 Sep 2017; 5 years 5S: released 20 Sep 2013, last iOS=12, iOS 13 released 19 Sep 2019; 6 years 6: released 25 Sep 2014, last iOS=12, iOS 13 released 19 Sep 2019; 5 years 6S: released 25 Sep 2015, last iOS=15, iOS 16 released 12 Sep 2022; 7 years 7: released 16 Sep 2016, last iOS=15, iOS 16 released 12 Sep 2022; 6 years 8: released 22 Sep 2017, last iOS=16, iOS 17 released 18 Sep 2023; 6 years XS: released 21 Sep 2018, last iOS=18, iOS 26 released 15 Sep 2025; 7 years 11: released 20 Sep 2019, last iOS=26, still in support; 7+ years
Your numbers are dead wrong, but you don't say how you derived them.
So, like all marketing propaganda, you can come up with any value you want.
We have the correct numbers in the Apple newsgroup for each iPhone sold.
a. Longest full iOS support: 6.99 years (iPhone XS / XS Max)
b. Shortest full iOS support: 2.37 years (iPhone 3G)
c. Average full iOS support: 5.10 years (over 20 models)
First off, it's not 6+ on average, it's 5 years, on average, but even so,
my free Galaxy A32-5G was only fully supported for 4 years, so the iPhone average is a full year longer than that of my el-cheapo free Android.
Bear in mind, I don't defend any mothership to the death, no matter what.
I simply state the facts.
Jesus Christ, Theo. Stop it with that bullshit. Just stop it.
I provided "the data" in excruciating detail on the Apple newsgroups.
Stop being ignorant, Theo. Just stop it. Cut the crap. Be a man.
I invested two full days in providing the data to the Apple ng, Theo.
You "invested" two seconds in declaring all the data in the world is meaningless to you because you only believe in marketing propaganda.
Be a man Theo.[snip]
Apologize for saying what you just said.
The data I provided is more detailed than anything you'll ever find on th Internet, so cut the crap when you make childish claims out of ignorance.
Look it up first.
Then apologize if you're a man.
a. Longest full macOS software support was 2.49 years (OS X 10.4 Tiger)
b. Shortest full macOS software support was 0.51 years (OS X 10.0 Cheetah)
c. Average full macOS software support was 1.18 years (20 versions)
d. Typical full macOS software support was ~1.0-1.5 years
Verbatim:
1. iPhone OS 1 was released on June 29, 2007
2. The last known security update was iPhone OS 1.1.5 on July 15, 2008
3. That is 382 days, or 1.05 years of security updates after release
Apple has never fully supported a release after the next release shipped.Does this mean that someone who buys an Apple phone five minutes before
On 18/04/2026 15:10, Maria Sophia wrote:
Apple has never fully supported a release after the next release shipped.Does this mean that someone who buys an Apple phone five minutes before
the next release ships will never have any updates?
| Sysop: | Jacob Catayoc |
|---|---|
| Location: | Pasay City, Metro Manila, Philippines |
| Users: | 5 |
| Nodes: | 4 (0 / 4) |
| Uptime: | 493844:56:14 |
| Calls: | 146 |
| Files: | 547 |
| D/L today: |
6 files (97K bytes) |
| Messages: | 76,691 |