We have an OS security update that is only release to users of a specific hardware, once approved by their mobile operator. It may be added to vendor-specific OS versions some time later (weeks, month or never). The vendor-specific may not be approved by a telco if the vendor doesn't have a relationship with that telco.
Now think that millions of people use the same OS on many different flavours, on different hardware, on multiple operators.
Nope. When a new iOS update comes out, all supported devices may immediately install the update if they seek it out. Or it will usually auto update on its own, or at least nag the user to update.
It’s gotten slightly more confusing with the major updates now being optional. You get a choice between getting a feature update or just security patches. Unless I missed it, my phone never really asked me to update to the latest iOS 26. But I can, it’s there. I’m instead on the latest version of iOS 18. (They changed number schemes. 18 is last years major update)
Apple also does security updates for quite a long time. iOS 15, from 2021, got a security patch in September of this year, and works on the iPhone 6s from 2015.
Is this true for updates that might affect the way it interacts with the network (eg baseband firmware updates)? I assume it's much easier for iPhones to decouple that layer from the rest of the OS, which isn't the case for Android/Linux.
Now think that millions of people use the same OS on many different flavours, on different hardware, on multiple operators.
What an inneficient way of doing things.