My tinfoil hat might be on too tight again... but the timing of this exploit coinciding with Google's full court press on Android user rights is just a little suspect. Especially after the ongoing public education campaign about the evils of "sideloading" an Android application.
>But in reality, Samsung (and the other Android OEMs) cannot compete with Google and its unique control over hardware and software.
Yes, they can. We are talking about applying provided security patches to source code, and then releasing a new version of their OS. For patches that have existed for months. The time from patch to release should be on the order l
of days from receiving the patches to having a validated OS release with the fix being sent to users. It's not the control of Android which makes Google possible to patch their Pixel branch of AOSP faster than Samsung can patch their own. It's that Samsung doesn't care about prompt security fixes so they don't allocate engineers to do the work.
Never mind the December security patches, Samsung haven't even released the November patches yet, the ones for the critical severity RCE. Unless you have a "major flagship model" [1], because apparently only the richest users deserve to be secure.
I don't understand why Samsung, with all their money, does not make their own fork so it does not have to rely on Google. I guess that is how they get all their money though. I was inches away from buying a 25+ this week. Glad I did not.
But I mean, why do we only have two choices of OS for phones (I did not include GrapheneOS because it not easily available for the normie)? That is what is ridiculous. And why, in the US, do I only get three choices of flagship phones when in Asia they have like twenty? I hate this third world country I am living in.
I've been Samsung since S3, but recently picked up a cheap Motorola as a secondary. Been pretty satisfied with it, clearly not as fancy as the S23 I got, but decent enough. However they only get 2 years of Android updates, and I'm getting spammed by Motorola at least once a week of not more to install some silly game or whatnot.
I've also not been terribly impressed by the UX changes Samsung has made recently, lots of questionable decisions there.
Closely tieing hardware and software instead of using unified OS images like on desktop, together with play "integrity" lock-in are the reasons why there are no security updates and software freedom on the mobile.
25 comments
[ 3.0 ms ] story [ 47.4 ms ] threadPixel 8 here, still don't have the update. That's... not great.
Yes, they can. We are talking about applying provided security patches to source code, and then releasing a new version of their OS. For patches that have existed for months. The time from patch to release should be on the order l of days from receiving the patches to having a validated OS release with the fix being sent to users. It's not the control of Android which makes Google possible to patch their Pixel branch of AOSP faster than Samsung can patch their own. It's that Samsung doesn't care about prompt security fixes so they don't allocate engineers to do the work.
https://source.android.com/docs/security/bulletin/2025-12-01
[1] https://security.samsungmobile.com/securityUpdate.smsb
My fold 6 has the November "security patch level" or what does that refer to?
Denial of service doesn't sound so bad... Does a reboot of the device solve it?
But I mean, why do we only have two choices of OS for phones (I did not include GrapheneOS because it not easily available for the normie)? That is what is ridiculous. And why, in the US, do I only get three choices of flagship phones when in Asia they have like twenty? I hate this third world country I am living in.
Every single Samsung product I've had to use is actively user hostile. Like a petty kind of hostile.
I've also not been terribly impressed by the UX changes Samsung has made recently, lots of questionable decisions there.
What other decent options are out there?