Comment by CobrastanJorji
14 hours ago
Android vendors have been notorious about updates for a long time. Part of that is supposedly because all of the phone companies want to distinguish themselves from each other, and so they all want to fork the default Android UI so they can offer some psychedelic UI vision with some brand-specific features. But that means that when an update to stock Android comes out, it's a lot of work to migrate.
I don't think Android UI customization is the main issue. Many vendors are not even able to keep device firmware and Linux kernels in sync. Qualcomm and others are doing monthly bulletins:
https://docs.qualcomm.com/securitybulletin/may-2026-bulletin...
Since a lot of vendors are months or even years behind, their phones are full of known holes.
When it comes to security, basically: GrapheneOS > iOS > PixelOS >> Samsung OneUI >>>>>>>> everybody else.
Sadly, Samsung lets anyone who pays enough push bloatware and analytics on their phones. E.g. AppCloud from an Isreali company, Meta services that stay even when you remove Meta apps (only removable with ADB/UAD), etc. So there are only three somewhat serious options (and for two of them, you still give a lot of analytics to Apple or Google).
How is GrapheneOS able to get around the issue of SoC firmware blobs being slow to roll out?
they aren't, but they often push kernel/system patches faster than Google. they also have more kernel hardening in place, which makes some classes of exploits ineffective.
mainly by only supporting devices with consistent fast fw updates (which is how pixelos is also on the list)(samsung is also mostly on top of their shit but multiple security features are unavailable to third party operating systems so unviable)