The seriousness of Android’s (lack of) security updates cannot be overstated. Phones that do not receive security updates can be subject to many of the most serious security attacks – such as man in the middle attacks, certificate-based MITM attacks, browser-based attacks, and so forth – and users remain ‘locked’ to their phones because of years-long contracts.
In essence, Android users on lengthy contracts with carriers are forcibly, contractually, linked to long-term security sinkholes.
This is an absolutely inexcusable situation, and one that Google, phone vendors, or carriers should be legislatively mandated to remedy.
Excited Pixels 