The FCC and FTC are investigating how companies release mobile security patches
An operating system may be (in some circumstances) free to Original Equipment Manufacturer's, to do with as they please. But, in many cases, OEMs then seem to create all manner of 'super' hardware to run originally native software, with innumerable proprietary software overlays & drivers, all needed to be added to their final product.
Mobile carriers selling hardware from OEMs are scared to death of a security or feature upgrade 'bricking' (or otherwise seriously screwing up a large number of active devices), resulting in lines of angry customers at local stores & busy customer service lines. So, almost every OEM update (possibly including zero day security related vulnerabilities) seem to require a lengthy time with a carrier in order for them to run through many tests to make sure everything still works.
Because this is a system that makes pushing essential software updates to customers entirely too labour intensive & risky, it has got to the stage where many smartphone's & computers simply don’t get supported beyond a year or two after their sale.
With PCs we have seen many manufacturers drivers no longer supported for an upgraded OS. Particularly those related to graphics, sound & feature sets.
This is not just a bad business model. It is for this reason today & due to previous experience, we no longer recommend owning any carrier branded, locked or non manufacturers 'native' products. For Amazon, Google, Microsoft & Apple, it is fortunate that first party hardware now exists to benefit consumers greatly.
Choice is one of the most important things a consumer has today, but choice does make it a requirement to make decisions. Don't make the mistake of falling for branding or subsidised tech. There is usually a much higher price to pay.
http://www.theverge.com/2016/5/9/11641124/fcc-ftc-inquiry-mobile-security-patches-google-android#comments