[conite]

I’m not really noticing any difference between either OS since the updates come through consistently on both 3a and XR but the other various licensed Android OEMs still vary greatly.

Agree... at least for phones.

Tablets.... I know Samsung still lags behind. Not sure about watches or other Androidy things they might do.

Rumours say Google will be offering 5 years of updates (& monthly patches) starting with the Pixel 6 - matching the official Apple commitment.

[Elephant_Canyon]

Rumours say Google will be offering 5 years of updates (& monthly patches) starting with the Pixel 6 - matching the official Apple commitment.

But not the reality, which will be 7 years as of iOS 15.

[conite]

But not the reality, which will be 7 years as of iOS 15.

The 6s will likely get its 6th update with iOS 15, so we'll see in the fall. The 6 only got 4 updates.

But honestly, 5 years (or 6, or 7) might as well be 100 years for me. I'll be long onto something else - and so will most businesses. Using a 5+ year old device is torture.

[grover5]

The 6s will likely get its 6th update with iOS 15, so we'll see in the fall. The 6 only got 4 updates.

But honestly, 5 years (or 6, or 7) might as well be 100 years for me. I'll be long onto something else - and so will most businesses. Using a 5+ year old device is torture.

The 7+ has held up well. It will be 5 in a couple months. I know lots of folks that still use it.

[JohnHa]

Making hardware is a slow, slow, difficult process fraught with all sorts of problems, multi-jurisdiction regulations, supply chain, carrier management, etc. etc. etc.... Here's to the OM team and see if they can make it happen.

[Dunt Dunt Dunt]

Making hardware is a slow, slow, difficult process fraught with all sorts of problems, multi-jurisdiction regulations, supply chain, carrier management, etc. etc. etc.... Here's to the OM team and see if they can make it happen.

Then stick to just doing the US market to begin with...

They have had three years to work on this already.... it not that it's hard to make a phone from a jurisdiction point of view. It's have to make a viable product that makes you money and is still somewhat compitivie in it's market.

A PKB phone cost more to make starting out with the keyboard and a custom display to fit above it.
A start-up company has higher cost that either backers or investors cover.... or the product must.
A low volume product has higher material costs as it can't qualify for volume discounts on components or construction.
A low volume product has MUCH HIGHER software cost that have to be factored in - both up front and ongoing. I bet Samsung spends over a billion dollars a year on software development for smartphones... with their volume it only add a few buck a unit. OM would never be able to offer that level of development and support... which is a problem in and of itself.

Only way this would have worked is if Enterprise needed it and was willing to pay the premiums.... and it seems they were not. While there is no doubt about their being a market to some degree for a PKB phone, the question is it viable to chase at this point.

[Apple Aya]

OM will never bring anything to market. And even if they do, so what? Who knows what kind of phone that will be. It could be a complete disaster like the Unihertz Titan. The point is that OM is a completely unproven entity with 0 track record. This isn't an insult, it's a fact. I wouldn't risk my own personal privacy on an unproven entity, so why would you risk an entire company you built?

There are many great phones out there. Yeah none of them have a PKB but I'm sure you'll live.. The physical keyboard is great but let's be real for a minute, it's a gimmick. Just like a folding phone is a gimmick. In the real world, all you really need is a communication device that can make calls, answer some texts and maybe knock out a quick email. The rest you should be able to do from home or the office.

So let me ask you this. If you're waiting on an unproven entity with 0 track record to release a gimmick phone, do you think that maybe you need to reevaluate your decision making here a little? Especially if it's for your business. Get a bunch of Samsungs or iPhones. Just stay away from Chinese spy phones and you should be good.

[Ph1llip]

I take a different approach to this. Why does it have to be so complicated? Buy a phone you like and can afford. Use it until you don't like it/get bored of it/it doesn't suit your needs anymore. Repeat.

Why is everyone agonizing over how long you get updates for, who supports it, etc. etc.? The chances you'll be hacked if you follow good protocol like not visiting dodgy websites, only downloading from the Play Store, etc. are so minimal. You're more likely to be compromised in your digital life by poor practices that have ~nothing to do with updates or patches.

At work, we are warned about things that have nothing to do with what technology we use, and everything to do with how we interact with it. Don't fall for social engineering. Use complex passwords. Secure your CAC. Don't share credentials etc. etc. 95% of commsec breaches are attributable to human behavior. Poor ~human behavior is the low-hanging fruit of bad actors.

Life is short. It's just a phone.

[EdMinghuang]

Lol American don't have spy phones?
If I live in China I would try to get my hand on an American device. If I would live in the States I rather buy one from China. It's the same with clouds/ vpn/email. Always in those countries where your own country isn't friends.
Don't worry spying on you they all do.
Just don't make it to easy for them.

[conite]

Lol American don't have spy phones?
If I live in China I would try to get my hand on an American device. If I would live in the States I rather buy one from China. It's the same with clouds/ vpn/email. Always in those countries where your own country isn't friends.
Don't worry spying on you they all do.
Just don't make it to easy for them.

You're missing the point. Chinese COMPANIES are legally required to assist the CCP in espionage activities. But Western companies only provide extremely targeted information (if any) under warrant or other due process.

I'll take my chances against state-level players, but I don't need my phone OEM (and all of their software and hardware suppliers) helping them and serving up all of my info on a platter.

[conite]

I take a different approach to this. Why does it have to be so complicated? Buy a phone you like and can afford. Use it until you don't like it/get bored of it/it doesn't suit your needs anymore. Repeat.

Why is everyone agonizing over how long you get updates for, who supports it, etc. etc.? The chances you'll be hacked if you follow good protocol like not visiting dodgy websites, only downloading from the Play Store, etc. are so minimal. You're more likely to be compromised in your digital life by poor practices that have ~nothing to do with updates or patches.

At work, we are warned about things that have nothing to do with what technology we use, and everything to do with how we interact with it. Don't fall for social engineering. Use complex passwords. Secure your CAC. Don't share credentials etc. etc. 95% of commsec breaches are attributable to human behavior. Poor ~human behavior is the low-hanging fruit of bad actors.

Life is short. It's just a phone.

So don't worry about updates and patches then, even though every single month Google publically discloses 20-40 new methods of hacking a device, or secretly harvesting data from it?

[Ph1llip]

So don't worry about updates and patches then, even though every single month Google publically discloses 20-40 new methods of hacking a device, or secretly harvesting data from it?

Yup. Life is short. It's just a phone. Human behavior is more important. I couldn't give a flying fig about which OS/patch version is the latest. If my phone tells me there's an update available, I update it.

If I don't like a phone or it doesn't suit me anymore or I think it's been compromised, I wipe it and drill it. I'm not Jason Bourne and don't need to behave like him.

The amount of people worried about crap like spying is ridiculous. If a government or corporation specifically targets you or you move in those sorts of circles, your latest OS/patch version isn't going to help you.

[conite]

Yup. Life is short. It's just a phone. Human behavior is more important. I couldn't give a flying fig about which OS/patch version is the latest. If my phone tells me there's an update available, I update it.

If I don't like a phone or it doesn't suit me anymore or I think it's been compromised, I wipe it and drill it. I'm not Jason Bourne and don't need to behave like him.

The amount of people worried about crap like spying is ridiculous. If a government or corporation specifically targets you or you move in those sorts of circles, your latest OS/patch version isn't going to help you.

But the point is you don't NEED to use an unpatched device. So why add to the cumulative risk?

Buying a decent phone from a decent OEM will provide 3 to 6 years of updates.

I'm not worried about the state. I'm more concerned with some dude in a Starbucks hacking my WiFi or Bluetooth connection, or an app that (by accident or not) has a payload that is trying to achieve elevated privileges on my device and sending info back to someone.

I'm not advocating for complete paranoia. I'm simply suggesting people take intelligent steps to avoid exposure - and patches/updates are a reasonable and easy thing to keep part of the mix.

[Ph1llip]

But the point is you don't NEED to use an unpatched device. So why add to the cumulative risk?

Buying a decent phone from a decent OEM will provide 3 to 6 years of updates.

I'm not worried about the state. I'm more concerned with some dude in a Starbucks hacking my WiFi or Bluetooth connection, or an app that (by accident or not) has a payload that is trying to achieve elevated privileges on my device and sending info back to someone.

I'm not advocating for complete paranoia. I'm simply suggesting people take intelligent steps to avoid exposure - and patches/updates are a reasonable and easy thing to keep part of the mix.

Totally agree! And I do the same.

I may have failed to word my post better. I guess all I meant is, if I really, really, REALLY like phone A, but it only comes with two years of patches, and there's phone B with five years, don't let that be the deciding factor. Buy phone A and mitigate the risk in other ways until it becomes unacceptable to you, and then replace it.

To the mods: apologies if this is slightly OT! Maybe a new category on the main board called "Phone Security", and underneath, types like "BBOS Security", "AOSP Security" may be popular because it comes up a lot!

[Dunt Dunt Dunt]

Yup. Life is short. It's just a phone. Human behavior is more important. I couldn't give a flying fig about which OS/patch version is the latest. If my phone tells me there's an update available, I update it.

If I don't like a phone or it doesn't suit me anymore or I think it's been compromised, I wipe it and drill it. I'm not Jason Bourne and don't need to behave like him.

The amount of people worried about crap like spying is ridiculous. If a government or corporation specifically targets you or you move in those sorts of circles, your latest OS/patch version isn't going to help you.

Problem it isn't just governments, it's bad actors that are collecting information and selling it to others who might one day have collected enough info on you to steal your identity and your savings.

Using older devices with unpatched software... is a real danger. I don't care if it's a smartphone or a computer... it's a bad practices that puts the user at greater risk. It's really not that hard to understand, but as you said HUMANS are the biggest risk in all of this.

[Chuck Finley69]

Totally agree! And I do the same.

I may have failed to word my post better. I guess all I meant is, if I really, really, REALLY like phone A, but it only comes with two years of patches, and there's phone B with five years, don't let that be the deciding factor. Buy phone A and mitigate the risk in other ways until it becomes unacceptable to you, and then replace it.

To the mods: apologies if this is slightly OT! Maybe a new category on the main board called "Phone Security", and underneath, types like "BBOS Security", "AOSP Security" may be popular because it comes up a lot!

The biggest problem is that one can mitigate the risk when the device is getting security updates because there's somebody on the consumers side looking at the platform and doing the heavy lifting. Once the updates stop, mitigating the risk isn't really a possibility since you won't know when you haven't been successful until it's too late.

[Ph1llip]

The biggest problem is that one can mitigate the risk when the device is getting security updates because there's somebody on the consumers side looking at the platform and doing the heavy lifting. Once the updates stop, mitigating the risk isn't really a possibility since you won't know when you haven't been successful until it's too late.

I would argue that the heavy lifting should be done by the user practicing good digital hygiene, not the manufacturer/carrier.

One can patch a phone all they like but if they visit risky websites, have simple passwords, don't use 2FA if possible, load apps from APK mirrors, turn on Developer Options, etc. etc., such a user carries significantly more risk than someone who has a Key2 with Sep 2019 patch and Android 8.1 but who doesn't go off the reservation much if at all.

Present company here excluded, a lot of people don't understand very well the Android Security Framework and how it would require a lot of successful "things to fall into place" for a successful crack to occur on a modern smartphone these days. It's really isn't that simple anymore. Large parts of Android security are now updateable via 'apps' like System Webview and Carrier Services, regardless of what OS version and patch revision a phone is on.

A Bittium handset running a hardened custom Android 9 kernel with various hardware and software protection features is in my opinion as comparatively secure as a Galaxy S21 on Android 11. New OS versions always come with the possibility of new undiscovered vulnerabilities.

It's really just an endless game of whack-a-mole and isn't a linear Old=Less Secure New=More Secure comparison.

[Chuck Finley69]

I would argue that the heavy lifting should be done by the user practicing good digital hygiene, not the manufacturer/carrier.

One can patch a phone all they like but if they visit risky websites, have simple passwords, don't use 2FA if possible, load apps from APK mirrors, turn on Developer Options, etc. etc., such a user carries significantly more risk than someone who has a Key2 with Sep 2019 patch and Android 8.1 but who doesn't go off the reservation much if at all.

Present company here excluded, a lot of people don't understand very well the Android Security Framework and how it would require a lot of successful "things to fall into place" for a successful crack to occur on a modern smartphone these days. It's really isn't that simple anymore. Large parts of Android security are now updateable via 'apps' like System Webview and Carrier Services, regardless of what OS version and patch revision a phone is on.

A Bittium handset running a hardened custom Android 9 kernel with various hardware and software protection features is in my opinion as comparatively secure as a Galaxy S21 on Android 11. New OS versions always come with the possibility of new undiscovered vulnerabilities.

It's really just an endless game of whack-a-mole and isn't a linear Old=Less Secure New=More Secure comparison.

Yes but I'm speaking from the context of the average user that isn't doing much if anything beyond keeping a device OS and the apps updated.

Especially when it comes to using the old BBAndroid devices. You can't really do anything beyond security updates that seem to be finished across the board and the mobile OS is forever stuck on 8.1 so.....

[conite]

I would argue that the heavy lifting should be done by the user practicing good digital hygiene, not the manufacturer/carrier.

One can patch a phone all they like but if they visit risky websites, have simple passwords, don't use 2FA if possible, load apps from APK mirrors, turn on Developer Options, etc. etc., such a user carries significantly more risk than someone who has a Key2 with Sep 2019 patch and Android 8.1 but who doesn't go off the reservation much if at all.

Present company here excluded, a lot of people don't understand very well the Android Security Framework and how it would require a lot of successful "things to fall into place" for a successful crack to occur on a modern smartphone these days. It's really isn't that simple anymore. Large parts of Android security are now updateable via 'apps' like System Webview and Carrier Services, regardless of what OS version and patch revision a phone is on.

A Bittium handset running a hardened custom Android 9 kernel with various hardware and software protection features is in my opinion as comparatively secure as a Galaxy S21 on Android 11. New OS versions always come with the possibility of new undiscovered vulnerabilities.

It's really just an endless game of whack-a-mole and isn't a linear Old=Less Secure New=More Secure comparison.

Yes but I'm speaking from the context of the average user that isn't doing much if anything beyond keeping a device OS and the apps updated.

Especially when it comes to using the old BBAndroid devices. You can't really do anything beyond security updates that seem to be finished across the board and the mobile OS is forever stuck on 8.1 so.....

A solid hull without oars is just as useless as great oars on a hull with a hole in it.

I think security is cumulative, and you need all cylinders firing.

To me there is no excuse for behaving badly NOR having an unpatched device.

[Dunt Dunt Dunt]

I would argue that the heavy lifting should be done by the user practicing good digital hygiene, not the manufacturer/carrier.

One can patch a phone all they like but if they visit risky websites, have simple passwords, don't use 2FA if possible, load apps from APK mirrors, turn on Developer Options, etc. etc., such a user carries significantly more risk than someone who has a Key2 with Sep 2019 patch and Android 8.1 but who doesn't go off the reservation much if at all.

Present company here excluded, a lot of people don't understand very well the Android Security Framework and how it would require a lot of successful "things to fall into place" for a successful crack to occur on a modern smartphone these days. It's really isn't that simple anymore. Large parts of Android security are now updateable via 'apps' like System Webview and Carrier Services, regardless of what OS version and patch revision a phone is on.

A Bittium handset running a hardened custom Android 9 kernel with various hardware and software protection features is in my opinion as comparatively secure as a Galaxy S21 on Android 11. New OS versions always come with the possibility of new undiscovered vulnerabilities.

It's really just an endless game of whack-a-mole and isn't a linear Old=Less Secure New=More Secure comparison.

And you studied cyber security where? What is your degree in?

Me I'll stick with what the experts have to say on the matter.... not one or two but as a community. There was a time long ago when some in IT felt it was best to let others install patches on a Server or Workstations and give it a few weeks to work the bugs out. These days most say you better do it ASAP... as most the vulnerabilities were found months ago anyway and the Black Hats are pretty fast to find these themselves. While both Android and iOS have some inherit attributes that make them less of a concern than Windows. There are still concerns.

Not sure what random points like user practices, Bittium phones or whack-a-mole have to do with the current BlackBerry Android Secure phones... none of which are on anything close to a current OS and sadly the one that was still getting updates, no longer is.

As for present Company... I'd only hold those that have already moved on in that category of understanding. If BB10 meet your needs, I might consider it less of a risk..... as it's just not an easy target. But PRIV? DTEKs? Motion? KEYS?

You can say your willing to take the risk, and that's fine.... but it is a risk over moving on to something current.

[app_Developer]

A solid hull without oars is just as useless as great oars on a hull with a hole in it.

I think security is cumulative, and you need all cylinders firing.

To me there is no excuse for behaving badly NOR having an unpatched device.

This. Do everything reasonable and practical to be safe.

[endiadi77]

are we still talking about OM?

[fairmarketvalue]

OM: a non-entity hyping a non-phone

[Dunt Dunt Dunt]

OM: a non-entity hyping a non-phone

Hyping?

You remove one random YouTuber and OM hasn't said anything in a long, long while.

[siung6]

finally moved on to virtual keyboard full time.