Quite so. There's another thing: reversion. On your local machine you can revert failed upgrades or upgrades you just don't like easily, but mobile devices rarely give you that freedom. Also, because of the absence of anything like a boot menu, if the update is completely nonfunctional you have a brick.
So they are less like PC kernel upgrades than like BIOS upgrades. Quick, who here keeps their BIOS religiously up to date? I think I've upgraded mine once, when I had a serious bug I had to fix, and never again, because every upgrade carries with it the possibility of bricking your machine (and is there a recovery path other than pulling the chip and putting in a new one? Do you *have* a spare? I doubt it.)
Now thanks to ACPI and SMM, BIOSes can have security holes in them -- in fact given their general code quality I suspect they are a mass of security holes packed edge-to-edge with no space between. But *even so* I don't upgrade unless I must, and upgrading fills me with trepidation. Embedded and mobile devices are just like that, except that if the upgrade is automatic you don't even get a chance to say no (or in the case of games consoles 'hey, I pay for my bandwidth, you bastard!')