The new Nexus phones: beautiful, secure, and a shot across the bow

Dan Gillmor has been playing with Google's new Nexus phones, the humungous 6P phablet and the smaller 5X, and he's written a shrewd and thorough review of what these phones do -- and more importantly, what they mean.

Google's mobile strategy is complicated and often goes wrong. The company set out to counter Apple's Ios crystal prisons with an open, tinkerable, hackable platform that offered the possibility of a device that worked as well as Apple's, but failed much more gracefully, letting users opt into different ecosystems and even different operating systems (I'm a big fan of the Cyanogenmod free/open Android fork).

But the same flexibility that let user opt out of control also let carriers and manufacturers create new, even-more-restrictive versions of Android that were full of spying crapware and, worse yet, unable to receive critical security updates until the vendor deigned to push them out.

The Nexus phones have always been Google's flagships and reference models, existence proofs of what Android could and should be. But until the 6P and 5X, they were high-priced phones that only about 1.5% of Android users ever put in their pockets. Now, Google has priced these phones at something closer to the competition's top models, and also moved much of the OS's core functionality into apps that are continuously updated without needed vendor cooperation.

I have a 5X waiting for me at my PO Box, which I haven't been to in a couple of weeks -- I've been on the road -- but I'm looking forward to getting it set up and running.

And as noted, Google’s recent moves to provide much more timely security updates are game-changers. After a particularly nasty security fiasco earlier this year, Google said it would make monthly security updates of the operating system, and several device makers promised to do likewise. Google can’t force other companies to update the devices they sell. Doing so is obviously in their long term best interests; and yet the best Google can do is guarantee to push updates to its own Nexus line in a timely way. It’s critical to Android’s health that OEMs follow suit. Samsung, among other phone makers, has vowed to send updates regularly, but I still remember buying a Samsung tablet a few years ago that never got an operating system upgrade at all. So anyone who wants to get automatic, timely security updates should be looking hard at the Nexus line. (For what it’s worth, I believe all sellers of mobile devices should be required by law to provide timely security updates for a minimum of two years after the device goes on the market.)

Let’s hope manufacturers and carriers will widely take this opportunity to stop being so negligent in updating their devices with the latest security fixes and operating system upgrades. Their maybe-we’ll-fix-this approach may have been designed to push customers to buy new devices. Whatever the motive, that game should be over, the sooner the better.

(For all that, remember one key part of Google’s business model. When it beefs up security, that means security from everyone but Google itself. You have to trust Google. I remain wary.)

Nexus Flexes
[Dan Gillmor/Medium]

(Image: Techstage, CC-BY-ND)