| Sysop: | Amessyroom |
|---|---|
| Location: | Fayetteville, NC |
| Users: | 26 |
| Nodes: | 6 (0 / 6) |
| Uptime: | 48:50:35 |
| Calls: | 632 |
| Files: | 1,187 |
| D/L today: |
4 files (4,992K bytes) |
| Messages: | 177,138 |
From: Chris <ithinkiam@gmail.com>
Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.advocacy
Subject: Re: The 11 iOS features that Arlen is ignorant of
Date: Mon, 8 Sep 2025 18:55:28 -0000 (UTC)
Message-ID: <109n8r0$g3g2$1@dont-email.me>
Marion <marion@facts.com> wrote:
On Wed, 3 Sep 2025 15:28:31 -0000 (UTC), Chris wrote :
It isn't the whole OS, is it? Fact is google had to step up for basicThose are not "random services"; they're core critical Android packages. >>>Heh heh heh... every single Android 10 and newer is patched every month. >>>>>Like I said a patch of random services is not proper or full support. >>>>
support of random services because manufacturers abandoned their devices so >>> rapidly. It needed to prop up the ecosystem.
Let's summarize, at a high level what "kinds" of bugfix updates exist.
Firstly you need to stick with common nomenclature. The are updates for several different and overlapping reasons: fix security issues, fix bugs,
add features, change functionality.
Not everything is a bugfix.
At one level, we can summary bugfix support in two fundamental tiers.
a. There is a tier for the operating system
(which includes kernel patches & system-level security updates)
b. And then there is a tier for the applications
(usually delivered via app store updates over the Internet)
c. In the case of both iOS & Android, those tiers are often blended
(e.g., Project Mainline delivers core OS updates over the Internet)
<https://source.android.com/docs/core/ota/modular-system>
In linux/unix speak there's kernel-level, system-level and user-level.
At another level, we can summary bugfix support by the vendor & mechanism: >> A. There is a carrier-operated OTA bugfix mechanism
B. There is an OEM-vendor-operated OTA/Internet bugfix mechanism
(i.e., Apple, Samsung, Xiaomi, etc. camera updates, for example)
C. There is an OS-vendor-operated bugfix mechanism (includes Qualcomm)
ok
Then there is the almost meaningless operating system "version" update.
1. For iOS, that's iOS 18 to iOS 26
2. For Android, that's Android 14 to Android 15
Notice I said "almost meaningless" which applies more to Android than to
iOS
I don't fully agree, but ok.
since Apple has never fully patched any non-current major OS release.
That critical fact alone is likely a huge reason why iOS is so insecure.
Apple is the only OS vendor in the world who has support that bad, Chris.
You don't have to like that fact; but you sure as hell better know it.
What's clear is that project mainline supports the modular parts of Android which have been refactored to meet the requirements for the project. For Android 10 it was a relatively small number (12 modules) and has been
growing since (37 at latest count).
It's up to vendors to choose whether or not to bundle those models or use their own equivalents.
It is also obvious that it doesn't touch vendor-specific kernel extensions.
Likewise it does not cover user-level applications like vendor UIs or third party apps (bowsers, mail clients, games, etc). Nor would you expect it to.
The Android Open Source Project (AOSP) provides the full release versions
of Android plus monthly patches for supported versions (currently 13 onwards).
Beyond project mainline the vendor whether it's Samsung, Google, Motorola, OPPO, etc is responsible for maintaining the non-modular parts of android, the kernel (+ extensions) and their user-space specific tools or applications.
So an owner of an android phone is dependent on both Google/Android and the vendor to ensure that their device is fully up-to-date.
Google/Android provides both AOSP (i.e. full versions) and project mainline (i.e. critical system components) updates.
Project mainline as described above only covers some parts of an Android devices' software ecosystem so if that is the only active update mechanism then a user is still potentially vulnerable due to deprecation in vendor and/or Android non-critical system components.
So if you have a Galaxy A12 (released June 2020) which is stuck on Android 12, you aren't getting any vendor updates (since approx 2023), no Android security updates (since March this year), and are dependent on the Android 12-specific mainline updates to a limited subset of android components
which won't include modules introduced since then (ie the bluetooth stack). It is very unclear what is covered by which support for any given phone.
In contrast, with Apple being both the hardware vendor and OS developer everything comes through iOS updates - or rarely RSRs - and anyone with an iphone is either fully supported or not. Full support is historically 6-7 years since launch, although Apple recently committing to a minimum of 5 years which lacks ambition.
An iphone SE 2nd Gen (launched April 2020) is currently fully supported in iOS 18 and will still be supported with iOS 26.
Admittedly there is ambiguity regarding what users can expect after full
iOS support is dropped. For example, unsupported iphone X (launched 2017) phones stuck on iOs 16 still received 12 updates since the release of iOS
17.
The other downside of the iOS model is that you don't know when or if
updates are due. With Android there's at least a bulletin published every month even when there are no updates.
I have to give you credit, Chris, for looking this information up.
This is the first time, in the history of posting on this Apple newsgroup, that anyone has shown any understanding of how the OS's update.
They update differently. In layers. With varying amount of support.
For varying lengths of time. With different written promises for each.
I give you credit for delving into the complexity that it inherently is.
Kudos to you.
Finally, an adult conversation is possible on this Apple newsgroup.
From: Chris <ithinkiam@gmail.com>
Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.advocacy
Subject: Re: The 11 iOS features that Arlen is ignorant of
Date: Mon, 8 Sep 2025 18:55:28 -0000 (UTC)
Message-ID: <109n8r0$g3g2$1@dont-email.me>
Marion <marion@facts.com> wrote:
On Wed, 3 Sep 2025 15:28:31 -0000 (UTC), Chris wrote :
It isn't the whole OS, is it? Fact is google had to step up for basicThose are not "random services"; they're core critical Android packages. >>>>Heh heh heh... every single Android 10 and newer is patched every month.
Like I said a patch of random services is not proper or full support. >>>>>
support of random services because manufacturers abandoned their devices so
rapidly. It needed to prop up the ecosystem.
Let's summarize, at a high level what "kinds" of bugfix updates exist.
Firstly you need to stick with common nomenclature. The are updates for
several different and overlapping reasons: fix security issues, fix bugs,
add features, change functionality.
Not everything is a bugfix.
At one level, we can summary bugfix support in two fundamental tiers.
a. There is a tier for the operating system
(which includes kernel patches & system-level security updates)
b. And then there is a tier for the applications
(usually delivered via app store updates over the Internet)
c. In the case of both iOS & Android, those tiers are often blended
(e.g., Project Mainline delivers core OS updates over the Internet) >>> <https://source.android.com/docs/core/ota/modular-system>
In linux/unix speak there's kernel-level, system-level and user-level.
At another level, we can summary bugfix support by the vendor & mechanism: >>> A. There is a carrier-operated OTA bugfix mechanism
B. There is an OEM-vendor-operated OTA/Internet bugfix mechanism
(i.e., Apple, Samsung, Xiaomi, etc. camera updates, for example)
C. There is an OS-vendor-operated bugfix mechanism (includes Qualcomm)
ok
Then there is the almost meaningless operating system "version" update.
1. For iOS, that's iOS 18 to iOS 26
2. For Android, that's Android 14 to Android 15
Notice I said "almost meaningless" which applies more to Android than to >>> iOS
I don't fully agree, but ok.
since Apple has never fully patched any non-current major OS release.
That critical fact alone is likely a huge reason why iOS is so insecure. >>> Apple is the only OS vendor in the world who has support that bad, Chris. >>>
You don't have to like that fact; but you sure as hell better know it.
What's clear is that project mainline supports the modular parts of Android >> which have been refactored to meet the requirements for the project. For
Android 10 it was a relatively small number (12 modules) and has been
growing since (37 at latest count).
It's up to vendors to choose whether or not to bundle those models or use
their own equivalents.
It is also obvious that it doesn't touch vendor-specific kernel extensions. >>
Likewise it does not cover user-level applications like vendor UIs or third >> party apps (bowsers, mail clients, games, etc). Nor would you expect it to. >>
The Android Open Source Project (AOSP) provides the full release versions
of Android plus monthly patches for supported versions (currently 13
onwards).
Beyond project mainline the vendor whether it's Samsung, Google, Motorola, >> OPPO, etc is responsible for maintaining the non-modular parts of android, >> the kernel (+ extensions) and their user-space specific tools or
applications.
So an owner of an android phone is dependent on both Google/Android and the >> vendor to ensure that their device is fully up-to-date.
Google/Android provides both AOSP (i.e. full versions) and project mainline >> (i.e. critical system components) updates.
Project mainline as described above only covers some parts of an Android
devices' software ecosystem so if that is the only active update mechanism >> then a user is still potentially vulnerable due to deprecation in vendor
and/or Android non-critical system components.
So if you have a Galaxy A12 (released June 2020) which is stuck on Android >> 12, you aren't getting any vendor updates (since approx 2023), no Android
security updates (since March this year), and are dependent on the Android >> 12-specific mainline updates to a limited subset of android components
which won't include modules introduced since then (ie the bluetooth stack). >> It is very unclear what is covered by which support for any given phone.
In contrast, with Apple being both the hardware vendor and OS developer
everything comes through iOS updates - or rarely RSRs - and anyone with an >> iphone is either fully supported or not. Full support is historically 6-7
years since launch, although Apple recently committing to a minimum of 5
years which lacks ambition.
An iphone SE 2nd Gen (launched April 2020) is currently fully supported in >> iOS 18 and will still be supported with iOS 26.
Admittedly there is ambiguity regarding what users can expect after full
iOS support is dropped. For example, unsupported iphone X (launched 2017)
phones stuck on iOs 16 still received 12 updates since the release of iOS
17.
The other downside of the iOS model is that you don't know when or if
updates are due. With Android there's at least a bulletin published every
month even when there are no updates.
This ability to update every Android 10+ device every month over the Internet, is something that Apple should consider doing for customers.
This ability to update every Android 10+ device every month over the
Internet, is something that Apple should consider doing for customers.
The lack of widespread iOS exploits in the wild says Apple is doing a
good job.
So an owner of an android phone is dependent on both Google/Android and the >> vendor to ensure that their device is fully up-to-date.This ability to update every Android 10+ device every month over the Internet, is something that Apple should consider doing for customers.
Google/Android provides both AOSP (i.e. full versions) and project mainline >> (i.e. critical system components) updates.
Project mainline as described above only covers some parts of an Android
devices' software ecosystem so if that is the only active update mechanism >> then a user is still potentially vulnerable due to deprecation in vendor
and/or Android non-critical system components.
So if you have a Galaxy A12 (released June 2020) which is stuck on Android >> 12, you aren't getting any vendor updates (since approx 2023), no Android
security updates (since March this year), and are dependent on the Android >> 12-specific mainline updates to a limited subset of android components
which won't include modules introduced since then (ie the bluetooth stack). >> It is very unclear what is covered by which support for any given phone.
In contrast, with Apple being both the hardware vendor and OS developer
everything comes through iOS updates - or rarely RSRs - and anyone with an >> iphone is either fully supported or not. Full support is historically 6-7
years since launch, although Apple recently committing to a minimum of 5
years which lacks ambition.
An iphone SE 2nd Gen (launched April 2020) is currently fully supported in >> iOS 18 and will still be supported with iOS 26.
This ability to update every Android 10+ device every month over the
Internet, is something that Apple should consider doing for customers.
Why? The above shows that project mainline is a sticking plaster and
doesn't provide complete coverage.
Chris wrote:
This ability to update every Android 10+ device every month over the
Internet, is something that Apple should consider doing for customers.
Why? The above shows that project mainline is a sticking plaster and
doesn't provide complete coverage.
Hi Chris,
If you understood how iOS & Android update, the why should be obvious given the older Android phones are updated monthly for the core OS modules that matter most.
Meanwhile, once an iOS device can no longer install the latest operating system, you may as well throw it over the next bridge - it's that toxic.
Why do you think iOS has 1-1/2 times the number of known exploits, Chris?