HTC One M9+-14

Following the discovery of the Stagefright exploit that could affect nearly all Android devices, Google and a number of major OEMs pledged monthly security updates to ensure that users would be quickly protected from any future security issues. Although it has already rolled out some security patches, HTC has refused to commit to guaranteed monthly patches, and it appears that the company doesn’t want to promise something that it can’t deliver.

Answering questions via Twitter, HTC’s America President Jason Mackenzie states that, despite the company’s efforts to push them out, it is unrealistic to say that these type of updates can be guaranteed every month. This is not an unreasonable statement once you take into account the number of handsets that would require an update and the added delay from carrier testing and approval, but the news is not reassuring to those concerned about device security.

The revelation comes shortly after a second Stagefright vulnerability was discovered. The latest exploit can affect devices with malicious code just through previewing audio files. A patch for this issue is expected to appear in October’s monthly Android update from Google, but who knows when other OEMs will get around to releasing their fix.

What do you think about the current state of Android security patches?

Robert Triggs
Lead Technical Writer at Android Authority, covering the latest trends in consumer electronics and hardware. In his spare moments, you'll probably find him tinkering with audio electronics and programming.
  • daizyujin

    So if you care about security then just don’t buy a carrier branded device I guess.

    • M0987

      Or dont buy a Android phone. My confidence in Android as a secure platform is waning by the day.

      • Android Developer

        But both have security holes:

        Also, if you are talking about StageFright 1 or 2, I think there is a very low chance of any device to really be affected, as the method to use them is only known to a single company.

      • Guest123

        But i wonder how many people are actually being exploited by it. iPhone get it too but they play it down until they have a fix for it.

        Fact is, no OS is safe, it’s how you use it that will affect you.

      • Endaeias

        Just because a handful of security vulnerabilities have come out for Android (that were made rather public), doesn’t mean it’s the least secure operating system right now…

        Currently, iOS and OSX are the two most vulnerable operating systems in the computing world right now. By this logic, we should probably all just go to Windows Phone 10. … Right? … um.. guys…?

        • Toukale

          Stop with the butthurt, he is right. Every os are vulnerable it’s just how fast and reliable said os can be patch. Android, unlike iOS and Windows have proven to the extremely bad at it. That was his point and I am sure you knew it too.

          • Endaeias

            The point was his “confidence was dwindling” regarding Android being a secure operating system. My point is.. there’s no such thing as a totally secure operating system. Windows, by far, has the least amount of vulnerabilities … which was my joke regarding Windows Phone 10.

            Please stop with the trolling, it’s no good for you, mang.

          • Toukale

            How secure is a platform when most of those platform devices can’t get updates for months if ever. People likes to point to nexus but even those gets block by carriers too, and frankly the number of nexus devices are so low it’s insignificant to say the least.

  • Luis

    Tell that to Microsoft. I get my monthly security updates on Windows 10, 8.1, and 7 just fine. And they wonder why they’re losing in the cell business.

  • Bak Choi Kim

    “unrealistic” as in “got your money, now F-off!”

  • Sergio Arroyo

    If other companies can do it, so can you HTC!

    • Toukale

      No other company do or will. Even nexus devices can’t guarantee that kind of update. They can say it, or promise it, but we all know it’s bull. Just like their promised “Android Update Alliance” and others. Just like Moto has done with their Moto E, and pretty much every oem. The only company who does it is Apple (like them or not). They have been the only one, and the only reason is because they made sure of it before the iPhone launched, no one would control their baby but them.

      • Christopher Sutton

        So no one else gets updates form windows, apps, antivirus. I do. It’s not unrealistic to have a team that has that one job to do. Multiple companies do it everyday without difficulty. HTC just doesn’t want to take the time and money to do it. Remember you could be that 2%. HTC just lost a customer.

  • B4kken

    Now, I’ve never owned an HTC device but.. He pretty much speaks the truth. the guarantee ensures that EVERYONE should get an update every month right? that is unrealistic considering updates in the US, seemingly, go through carriers and some of the seems to be slow as fuck. Just saying.

    • Toukale

      Stop with your honesty here, you won’t win many friends here for agreeing with the man’s honesty. People would rather be lied to even when they know it’s a lie.

      • B4kken

        People are strange that way… Good thing I’m not that into cyber-friends. I’m way to anti-social anyway ;)

    • T4rd

      Yup, I agree with them as well; the issue is carriers. Which is all the more reason for HTC to follow Moto and the Nexus’ lead and launch a single unlocked model that works on all carriers like the Moto X Pure.

    • GNT01

      Im with you

      • B4kken

        That’s the spirit!

  • Alex

    Simply buy unlocked phones from independent retailers. Its cheaper than contracts anyway. Problem solved.

    • TheIcemanCometh

      I came here to basically say the same thing. “Get a Nexus” seems to be appropriate as well if it’s enough of a concern to consumers. It’s up to them on how much of a priority it is.

      [EDIT] Of course, now that I think about it, maybe this is a passive-aggresive approach by Google to sell more Nexuses/Nexxi.

    • Sean

      How is that? The phone cost $50 with the contract and $450 w/o it. You don’t get a discount at my carrier if you BYOP?

      • TheDude

        Because with contract the phone costs you $50 a month, for 2-3 years…. and how much does it end up being?

        At least $1200, yeah big surprise.

        Get an unlocked phone and then a contract for like 10-20$ and you’ll end up paying less.

        In my country can buy an unlocked galaxy S6 32G for around $630 (taxes and shit make it expensive here), I also got a contract with unlimited calls/texts and unlimited data for ~$10. In 3 years it’ll total up to: $990.

        I can buy the same phone with a 3 year contract for around $1200.

  • 2020

    We says that yearly multiple HTC One models are “unrealistic”

  • J G

    I agree. Its a big product line to get a fix on it. Maybe he should have said that their “flagship” would get guaranteed updates monthly followed up by there other phones ASAP.

  • Butane87

    This will only affect 2% of the smartphone world anyway. Didn’t know they still produced smartphones.

  • T.J.

    HTC’s new slogan:
    “Security? ¯_(ツ)_/¯”

  • diazea

    Just another reason to hope the direct purchase model kills carrier model. There is nothing more annoying than waiting and hoping ATT will grace me with updates for the phone I got from them. LAST TIME EVER.

  • C Lo

    HTC, your future in mobile is unrealistic.

  • Karly Johnston

    My Idol 3 gets monthly Stagefright patches… if Alcatel/TCL can do it then HTC is dead.

  • hekermeker

    HTC is unrealistic about any updates , generally. And it’s unrealistic about all in general.

  • Timothy McGoldrick

    Slightly off subject, but what phone is that?