Chris wrote:
Agreed. This is all uncharted territory for Samsung (and Google) as like
you say they've never supported anything longer 4 years.
We'll also find out if after 4 years it's only security updates or whether >> they'll still support new versions of Android.
This is a good discussion to have on the Android newsgroup because nobody here will try to defend Google (or Samsung) to the death, no matter what.
So we can talk about facts here (which can't be attempted on Apple ngs).
To help get Apple users "over here", I let them know about this discussion.
It's clear NO OEM historically had "fully supported" phones for more than,
at most, an average of ~5 years for iPhones & much less for Android phones.
So 7 years beats Apple by a mile,
although the longest fully-supported
iPhone (that reached EOL by today) was iPhone XS / XS Max at 6.99 years.
Looking at the UK letters, it's clear the promised minimum timeline is:
iPhone === Minimum 5 years from the first supply date
Pixel === 7 years of "Security Updates, OS Updates & Feature Drops
Galaxy S === 7 years of "Security Updates & Android OS Upgrades"
What this means, at the highest level, is Apple is promising pretty much
what Apple has delivered in the past (on average) but Google & Samsung are stepping up, way, way, way over what they've delivered in the past.
Google/Samsung are equalling Apple's admittedly stellar XS/Max support!
This is good for everyone.
The problem is defining exactly what a "security update" really means.
I'm going to have to assume that "security updates" doesn't mean all bugs.
a. It likely doesn't even mean all CVEs (but that's just a guess).
b. It perhaps likely simply means CVEs of 8 to 10 (again, just a guess).
Is there a definition that the three OEMs used for "security updates"?
I'm focusing only on the current set of "new" post 2024 devices.
a. iPhone 15 and up
Minimum 5 years from the first supply date (Sept 22, 2023)
I haven't found any Apple definition of the CVE-selection process.
<https://www.macrumors.com/2024/06/06/apple-iphone-security-updates-five-year-minimum>
Apple doesn't seem to have a "fade away" period at the end.
Apple simply summarily drops full support when the next OS ships.
b. Pixel 8 and up
7 years of "Security Updates, OS Updates, and Feature Drops.
Google defines this internally as addressing all issues listed
in the Android Security Bulletin (ASB)
<https://source.android.com/docs/automotive/security/mfg_guide>
As for the fade-away problem...
In year 7, they are technically still committed to the "Monthly
Bulletin," but their hardware partners (modem/GPU vendors) often
stop providing patches for the "bottom" layer of the phone,
meaning Google can only patch the Android Framework (the software),
not the Firmware (the hardware drivers).
<https://source.android.com/docs/security/bulletin/pixel>
c. Galaxy S24 and up
7 years of "Security Updates and Android OS Upgrades"
Internally, Samsung divides updates into "Security Maintenance
Releases" (SMRs). These include Google's patches + Samsung's
own "SVE" (Samsung Vulnerabilities and Exposures).
<https://www.sammyfans.com/2026/04/06/samsung-april-2026-security-patch-details/>
Samsung seems to be the most transparent about the "fade away" problem.
That's likely why all of us know how only Samsung works on fade away.
Their policy explicitly moves phones from Monthly to Quarterly to
Biannual updates as they age. By year 6 or 7, we are almost certainly
only getting "Critical" (9-10) fixes twice a year.
So, for fade away, "my" summary (open to correction) appears to be:
iPhone === It's a cliff. You're either fully supported, or not.
Pixel === Near the end, your monthly updates are no longer monthly
Galaxy S === Near the end, your monthly updates are quarterly to bi-annual
lol Maria Sophia <mariasophia@comprehension.com> wrote:
Chris wrote:
Agreed. This is all uncharted territory for Samsung (and Google) as like >>> you say they've never supported anything longer 4 years.
We'll also find out if after 4 years it's only security updates or whether >>> they'll still support new versions of Android.
This is a good discussion to have on the Android newsgroup because nobody
here will try to defend Google (or Samsung) to the death, no matter what.
So we can talk about facts here (which can't be attempted on Apple ngs).
The only reason is being your very poor understanding of "facts".
To help get Apple users "over here", I let them know about this discussion.
They'll be thrilled. I'm sure.
It's clear NO OEM historically had "fully supported" phones for more than, >> at most, an average of ~5 years for iPhones & much less for Android phones.
That's terrible language. You're mixing "more than" with "at most" and "average". No absolute number will fit all three.
Being precise we do know that the *mean* support of Samsung S-series and Google Pixel phones is around three years. I can no longer find the details as you refused to post them here. For iphones the average is 5.5 years
across every single iphone since v1 (nearly 20 years of data) or 6.5 years for the last 10 years.
So 7 years beats Apple by a mile,
Empirical data contradicts your statement.
although the longest fully-supported
iPhone (that reached EOL by today) was iPhone XS / XS Max at 6.99 years.
And it's worth noting that they keep getting security updates for longer.
The XS series have recieved all the updates more recent models have as
well. Your definition of EOL is narrow and inconsistent. Arguably the XS models are still fully supported 7.5? years after release.
Looking at the UK letters, it's clear the promised minimum timeline is:
iPhone === Minimum 5 years from the first supply date
Pixel === 7 years of "Security Updates, OS Updates & Feature Drops
Galaxy S === 7 years of "Security Updates & Android OS Upgrades"
Note that these are required to fulfill UK regulations. Whether they are applicable whether remains to be seen. Esp. for google and samsung.
What this means, at the highest level, is Apple is promising pretty much
what Apple has delivered in the past (on average) but Google & Samsung are >> stepping up, way, way, way over what they've delivered in the past.
Google/Samsung are equalling Apple's admittedly stellar XS/Max support!
This is good for everyone.
The problem is defining exactly what a "security update" really means.
I'm going to have to assume that "security updates" doesn't mean all bugs. >> a. It likely doesn't even mean all CVEs (but that's just a guess).
b. It perhaps likely simply means CVEs of 8 to 10 (again, just a guess).
Is there a definition that the three OEMs used for "security updates"?
I'm focusing only on the current set of "new" post 2024 devices.
a. iPhone 15 and up
Minimum 5 years from the first supply date (Sept 22, 2023)
I haven't found any Apple definition of the CVE-selection process.
<https://www.macrumors.com/2024/06/06/apple-iphone-security-updates-five-year-minimum>
Apple doesn't seem to have a "fade away" period at the end.
Apple simply summarily drops full support when the next OS ships.
b. Pixel 8 and up
7 years of "Security Updates, OS Updates, and Feature Drops.
Google defines this internally as addressing all issues listed
in the Android Security Bulletin (ASB)
<https://source.android.com/docs/automotive/security/mfg_guide>
As for the fade-away problem...
In year 7, they are technically still committed to the "Monthly
Bulletin," but their hardware partners (modem/GPU vendors) often
stop providing patches for the "bottom" layer of the phone,
meaning Google can only patch the Android Framework (the software),
not the Firmware (the hardware drivers).
<https://source.android.com/docs/security/bulletin/pixel>
c. Galaxy S24 and up
7 years of "Security Updates and Android OS Upgrades"
Internally, Samsung divides updates into "Security Maintenance
Releases" (SMRs). These include Google's patches + Samsung's
own "SVE" (Samsung Vulnerabilities and Exposures).
<https://www.sammyfans.com/2026/04/06/samsung-april-2026-security-patch-details/>
Samsung seems to be the most transparent about the "fade away" problem. >> That's likely why all of us know how only Samsung works on fade away.
Their policy explicitly moves phones from Monthly to Quarterly to
Biannual updates as they age. By year 6 or 7, we are almost certainly >> only getting "Critical" (9-10) fixes twice a year.
So, for fade away, "my" summary (open to correction) appears to be:
iPhone === It's a cliff. You're either fully supported, or not.
False. Which I have shown you multiple times.
Pixel === Near the end, your monthly updates are no longer monthly
Galaxy S === Near the end, your monthly updates are quarterly to bi-annual
Then there's also project mainline in the mix. Is there truly any
(objective) way to know whether an (android) phone is fully patched or not?
As Carlos's thread highlights, there's massive inconsistencies between manufacturers.
Chris wrote:
lol Maria Sophia <mariasophia@comprehension.com> wrote:
Chris wrote:
Agreed. This is all uncharted territory for Samsung (and Google) as like >>>> you say they've never supported anything longer 4 years.
We'll also find out if after 4 years it's only security updates or whether >>>> they'll still support new versions of Android.
This is a good discussion to have on the Android newsgroup because nobody >>> here will try to defend Google (or Samsung) to the death, no matter what. >>>
So we can talk about facts here (which can't be attempted on Apple ngs).
The only reason is being your very poor understanding of "facts".
To help get Apple users "over here", I let them know about this discussion. >>They'll be thrilled. I'm sure.
It's clear NO OEM historically had "fully supported" phones for more than, >>> at most, an average of ~5 years for iPhones & much less for Android phones.
That's terrible language. You're mixing "more than" with "at most" and
"average". No absolute number will fit all three.
Being precise we do know that the *mean* support of Samsung S-series and
Google Pixel phones is around three years. I can no longer find the details >> as you refused to post them here. For iphones the average is 5.5 years
across every single iphone since v1 (nearly 20 years of data) or 6.5 years >> for the last 10 years.
So 7 years beats Apple by a mile,
Empirical data contradicts your statement.
although the longest fully-supported
iPhone (that reached EOL by today) was iPhone XS / XS Max at 6.99 years.
And it's worth noting that they keep getting security updates for longer.
The XS series have recieved all the updates more recent models have as
well. Your definition of EOL is narrow and inconsistent. Arguably the XS
models are still fully supported 7.5 years after release.
So, for fade away, "my" summary (open to correction) appears to be:
iPhone === It's a cliff. You're either fully supported, or not.
False. Which I have shown you multiple times.
Pixel === Near the end, your monthly updates are no longer monthlyThen there's also project mainline in the mix. Is there truly any
Galaxy S === Near the end, your monthly updates are quarterly to bi-annual >>
(objective) way to know whether an (android) phone is fully patched or not? >>
As Carlos's thread highlights, there's massive inconsistencies between
manufacturers.
Hi Chris,
I see you added the Apple newsgroup, so the tone of this article changes.
The fact is Apple drops full support the instant the next release ships.
This is Apple's own documented policy & it is backed up in the record. https://arstechnica.com/gadgets/2022/10/apple-clarifies-security-update-policy-only-the-latest-oses-are-fully-patched/>
<https://screenrant.com/apple-product-security-update-lifespan/> <https://support.apple.com/en-ph/guide/security/sec87fc038c2/web> <https://support.apple.com/en-us/HT201224> <https://www.androidauthority.com/iphone-software-support-commitment-3449135/>
etc.
The question here, is how do Apple competitors handle full support.
The Pixel isn't really an iPhone competitor but we included it below.
iPhone 15(+) === Minimum 5 years from the first supply date
Pixel 8(+) === 7 years of Security Updates, OS Updates & Feature Drops
Galaxy S(+) === 7 years of Security Updates & Android OS Upgrades
Where things get messy is how each vendor defines "security support".
Google uses the Android Security Bulletin; Samsung layers SMRs and SVEs.
If Apple publishes a CVE-selection policy, I need your help to find it.
<https://support.apple.com/en-us/100100>
Google does not publish a narrative policy but the bulletin structure is
the policy. .
Specifically, for the Pixel's 7 years of security support...
1. Pixel updates include all issues listed in the corresponding
month's Android Security Bulletin.
2. Google also includes Pixel-specific patches not in the ASB,
grouped by subsystem (modem, baseband, bootloader, GPU, etc.).
3. Each CVE entry includes severity, type, subsystem, and references
to AOSP changes when applicable .
<https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01>
Samsung's process is more complex than Google's selection policy.
Specifically for the S24's 7 years of security support...
1. Samsung updates all CVEs from the Android Security Bulletin
2. Samsung-specific SVEs (Knox, One UI, Exynos, Samsung services)
3. Plus chipset-vendor CVEs when applicable
All prioritized by severity, with Critical and High addressed first. https://docs.samsungknox.com/admin/fundamentals/whitepaper/samsung-knox-mobile-security/security-operations/vulnerability-reporting/
Apple's policy is the simplest of all since it doesn't exist.
In fact, Apple's policy is literally to not have a policy!
"Apple doesn't disclose, discuss, or confirm security issues
until an investigation has occurred and patches or releases
are generally available." <https://support.apple.com/en-us/100100>
Apple publishes lists of CVEs fixed in each update, but never the criteria for choosing them. As such Apple is the only major vendor that refuses to provide a transparent, standardized commitment to which CVEs they will
patch on older versions.
Note: Apple acknowledges in their own Platform Security Guide that "not all known security issues are addressed in previous versions." <https://support.apple.com/guide/deployment/about-software-updates-depc4c80847a/web>
This is Apple throwing the previous iOS version off the cliff in support.
Maria Sophia <mariasophia@comprehension.com> wrote:
Chris wrote:
lol Maria Sophia <mariasophia@comprehension.com> wrote:
Chris wrote:The only reason is being your very poor understanding of "facts".
Agreed. This is all uncharted territory for Samsung (and Google) as like >>>>> you say they've never supported anything longer 4 years.
We'll also find out if after 4 years it's only security updates or whether
they'll still support new versions of Android.
This is a good discussion to have on the Android newsgroup because nobody >>>> here will try to defend Google (or Samsung) to the death, no matter what. >>>>
So we can talk about facts here (which can't be attempted on Apple ngs). >>>
To help get Apple users "over here", I let them know about this discussion.
They'll be thrilled. I'm sure.
It's clear NO OEM historically had "fully supported" phones for more than, >>>> at most, an average of ~5 years for iPhones & much less for Android phones.
That's terrible language. You're mixing "more than" with "at most" and
"average". No absolute number will fit all three.
Being precise we do know that the *mean* support of Samsung S-series and >>> Google Pixel phones is around three years. I can no longer find the details >>> as you refused to post them here. For iphones the average is 5.5 years
across every single iphone since v1 (nearly 20 years of data) or 6.5 years >>> for the last 10 years.
So 7 years beats Apple by a mile,
Empirical data contradicts your statement.
although the longest fully-supportedAnd it's worth noting that they keep getting security updates for longer. >>> The XS series have recieved all the updates more recent models have as
iPhone (that reached EOL by today) was iPhone XS / XS Max at 6.99 years. >>>
well. Your definition of EOL is narrow and inconsistent. Arguably the XS >>> models are still fully supported 7.5 years after release.
<snip>
So, for fade away, "my" summary (open to correction) appears to be:
iPhone === It's a cliff. You're either fully supported, or not.
False. Which I have shown you multiple times.
Pixel === Near the end, your monthly updates are no longer monthlyThen there's also project mainline in the mix. Is there truly any
Galaxy S === Near the end, your monthly updates are quarterly to bi-annual >>>
(objective) way to know whether an (android) phone is fully patched or not? >>>
As Carlos's thread highlights, there's massive inconsistencies between
manufacturers.
Hi Chris,
I see you added the Apple newsgroup, so the tone of this article changes.
That's purely on you. There's no need to be any different in any newsgroup. What's immediately obvious is your sneering tone.
<snip>
The fact is Apple drops full support the instant the next release ships.
Factually incorrect. Apple supports two iOS version for ~3 months while people choose to upgrade. People do upgrade because almost all models are supported between major versions. After about 6/7 years one or two models
are dropped.
This is Apple's own documented policy & it is backed up in the record.
https://arstechnica.com/gadgets/2022/10/apple-clarifies-security-update-policy-only-the-latest-oses-are-fully-patched/>
<https://screenrant.com/apple-product-security-update-lifespan/>
<https://support.apple.com/en-ph/guide/security/sec87fc038c2/web>
<https://support.apple.com/en-us/HT201224>
<https://www.androidauthority.com/iphone-software-support-commitment-3449135/>
etc.
Again the data contradicts you.
https://imgshare.cc/a08v04ce
The question here, is how do Apple competitors handle full support.
The Pixel isn't really an iPhone competitor but we included it below.
iPhone 15(+) === Minimum 5 years from the first supply date
Pixel 8(+) === 7 years of Security Updates, OS Updates & Feature Drops
Galaxy S(+) === 7 years of Security Updates & Android OS Upgrades
Where things get messy is how each vendor defines "security support".
Google uses the Android Security Bulletin; Samsung layers SMRs and SVEs.
If Apple publishes a CVE-selection policy, I need your help to find it.
<https://support.apple.com/en-us/100100>
Google does not publish a narrative policy but the bulletin structure is
the policy. .
Specifically, for the Pixel's 7 years of security support...
1. Pixel updates include all issues listed in the corresponding
month's Android Security Bulletin.
2. Google also includes Pixel-specific patches not in the ASB,
grouped by subsystem (modem, baseband, bootloader, GPU, etc.).
3. Each CVE entry includes severity, type, subsystem, and references
to AOSP changes when applicable .
<https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01> >>
Samsung's process is more complex than Google's selection policy.
Specifically for the S24's 7 years of security support...
1. Samsung updates all CVEs from the Android Security Bulletin
2. Samsung-specific SVEs (Knox, One UI, Exynos, Samsung services)
3. Plus chipset-vendor CVEs when applicable
All prioritized by severity, with Critical and High addressed first.
https://docs.samsungknox.com/admin/fundamentals/whitepaper/samsung-knox-mobile-security/security-operations/vulnerability-reporting/
Apple's policy is the simplest of all since it doesn't exist.
In fact, Apple's policy is literally to not have a policy!
"Apple doesn't disclose, discuss, or confirm security issues
until an investigation has occurred and patches or releases
are generally available." <https://support.apple.com/en-us/100100>
Apple publishes lists of CVEs fixed in each update, but never the criteria >> for choosing them. As such Apple is the only major vendor that refuses to
provide a transparent, standardized commitment to which CVEs they will
patch on older versions.
Note: Apple acknowledges in their own Platform Security Guide that "not all >> known security issues are addressed in previous versions."
<https://support.apple.com/guide/deployment/about-software-updates-depc4c80847a/web>
You missed the whole quote:
"
Note: Because of dependency on architecture and system changes to any
current version of Apple operating systems (for example, macOS 26, iOS 26
and so on), not all known security issues are addressed in previous
versions (for example, macOS 15, iOS 18 and so on).
"
This is Apple throwing the previous iOS version off the cliff in support.
No it isn't and goes against the empirical data, which I share again. https://imgshare.cc/a08v04ce
| Sysop: | Amessyroom |
|---|---|
| Location: | Fayetteville, NC |
| Users: | 65 |
| Nodes: | 6 (0 / 6) |
| Uptime: | 02:07:59 |
| Calls: | 862 |
| Files: | 1,311 |
| D/L today: |
10 files (20,373K bytes) |
| Messages: | 264,321 |