How a few legitimate app developers threaten the entire Android userbase (Ars Technica)

Perhaps a different ecosystem for Android is needed. Surprised no one mentioned cyanogenmod earlier. I really hope to see adaptation of cyanogenmod by phone manufacturers and strongly believe that will benefit all parties and that either that or something similar is the way to go forward. CM is quick at getting out security patches for supported devices.

The reason I started using CM was initially for it's privacy control. The latter years after seeing most of my less then 5 year old android phones losing officially support after a way to short time and the very slow rolling out of security fixes and new releases I am now done with the a lot of the Android brands (Samsung, HTC I am looking at you especially). I will not buy another phone unless it's a guaranteed support and promise quick patching and upgrades for a minimum of 4 years.

Alternatively if the phone gets official CM status and have a open firmware "policy" making it supportable by cm, I will consider buying it. Who can argue against running the latest, security patched android (well, at least 5.1 for now) on an Galaxy S2.

But of course there are downsides with CM, if the maintainer of a device loses interests, it will become unmaintained as well. But at least at a much better state than if running stock. But I rather take that risk than running a swiss cheese of an OS protecting my most important assets, 2-factor and email confirmation for a ton of sites, banking. Yes, literally access to everything. If you get full access to my phone you basically become me. This is a very serious matter which need to draw a lot more attention than already is.