Subscribe

Everything old is new-ish again —

Two-year-old phone receives 15-month-old software update

HTC Thunderbolt's ICS update perfectly illustrates Android's update woes.

-

HTC Thunderbolt owners can finally chow down on Ice Cream Sandwich, over a year after its release.
HTC Thunderbolt owners can finally chow down on Ice Cream Sandwich, over a year after its release.
Aurich Lawson

If you bought Verizon's first 4G phone, start checking for updates now: the carrier has finally approved the Android 4.0 update (codenamed Ice Cream Sandwich) for the HTC Thunderbolt. The only problem? The Thunderbolt has been on the market since March of 2011, and Ice Cream Sandwich came out seven months later in October—not exactly a great turn-around time.

For anyone still using a Thunderbolt, it's nice that the phone is being updated at all rather than being fated to run Gingerbread forever, as has been the case for so many other phones. But the Thunderbolt's update still sums up pretty much everything that's wrong with the Android ecosystem's ever-worsening software fragmentation problems: this phone is still two major updates behind the current release of Android, and it's only receiving the update as the first customers who bought the phone on a two-year contract are becoming eligible for a new phone anyway.

Gingerbread and its predecessors still account for over 50 percent of all Android devices accessing Google Play as of February 4.
Enlarge / Gingerbread and its predecessors still account for over 50 percent of all Android devices accessing Google Play as of February 4.
Android Developer Dashbard

The new features that many Android users are missing out on are just part of the problem—the more pressing issue is security. Flaws in the built-in Android browser, apps, and the Android operating system itself are going completely unpatched for months or years, which stands in sharp contrast with the more rapid security patches that Microsoft publishes for Windows (just to pick a prominent example).

Activist Chris Soghoian, speaking at the Kaspersky Lab Security Analyst Summit about Android's update problems, puts it the most succinctly: “You don’t need a zero-day to attack Android if consumers are running 13-month-old software.”

There's enough blame to spread around here—all of the OEMs are slow to publish updates, if they publish them at all. The mobile phone carriers introduce additional delays with their validation and testing procedures—Verizon is by far the worst offender in this regard, as even Verizon Galaxy Nexus handsets (which, in theory, should receive direct-from-Google updates promptly) are still waiting for news about November's Android 4.2 update. Google's proposed Android Update Alliance was mentioned briefly at Google I/O in 2011 before vanishing, never to be heard from again. With Gingerbread (and older versions) still accounting for well over 50 percent of all Android devices, it's clear that something needs to be done about this issue—it's just not clear that anyone is going to step up and do it.

Andrew Cunningham Andrew is a Senior Technology Reporter at Ars Technica, with a focus on consumer tech including computer hardware and in-depth reviews of operating systems like Windows and macOS. Andrew lives in Philadelphia and co-hosts a weekly book podcast called Overdue.

Channel Ars Technica

Related Stories

    Today on Ars