The recent Stagefright vulnerability that could affect hundreds of millions of Android phones may have been a blessing in disguise. Responding to the situation, Google in August announced monthly security update availability for its Nexus phones.
President of HTC America, Jason Mackenzie, tweeted over the weekend that the company "will push for them, but unrealistic for anyone to say guaranteed every month."
The issue for HTC revolves around carrier-branded phones, mainly because Android's hardware partners take Google's security fixes, integrated them into their own software build and then rely on carriers to approve and push the updates.
That's a real problem for a smaller partner such as HTC. The company just today announced another quarterly loss after taxes -- NT$4.48 billion ($137 million US) on revenues of NT$21.40 billion ($657 million US) -- and has fewer resources available than its larger Android competitors.
Fewer phone sales compared to its peers is another obstacle for HTC as Mackenzie says since "Sometimes you won't receive due to lack of space in their labs," when speaking of carriers and their approval process.
While the reasons are real and make sense, they don't help HTC's cause in this specific case, mainly because the scope of the security issues are potentially massive.
Consumers don't want to hear blame being passed along from handset maker to carriers. They simply want their data, privacy and devices to be protected. And they (rightly) feel that the company that sold them their smartphone or tablet be responsible for at least part of that.
Google is doing its part and frankly, that's where the solution starts. Now it needs Android partners to step up to do theirs.
If HTC can't commit to monthly security updates for carrier-branded devices, perhaps the company would be better served by following in Motorola's footsteps: Skip the carrier branding and directly sell unlocked handsets to those who want them.