@david.hamner has written a new blog article for Purism.
I find this kind of comparison to be incomplete and somewhat disingenuous.
These operating systems are at very different points in their lifecycle with PureOS in need of much more rapid development.
PureOS, like all linux distro’s isn’t a core system that updates as one but is rather a bundle of applications that develop independently and in turn are patched independently. Having those patches all coming in as those separate projects make changes and claiming that as an OS upgrade comparable to what the BSD’s, Windows, Apple, or Android do isn’t comparing comparable things.
Also taking credit for patches from other projects as PureOS upgrades and comparing that to patches developed internally is not providing the full context to the reader.
Maybe more specifically … Linux on mobile is at a very different point in its lifecycle compared with Android. Linux in and of itself is mature, and yet still manages, say, one update a week.
The reality is though that it’s not maturity alone that may mean that no updates for Android are forthcoming. More often than not it’s Android Abandonware.
This is just a FUD and PR piece. Poorly made comparisons. No new information. Outright misinformation regarding Android updates (e.g. implication that immutability affects the frequency of updates when it is well known that Google, for example, pushes security updates to their Pixel phones on the first Monday of every month). And it ends with an outright lie:
Order your Purism device and keep it running and running and running, all while being far more secure than an Android phone a year or two old.
Maybe they are scared that the new Pixel 8 has 7 years of support and the new Fairphone ( which is modular and they actually stock and list replacement parts) will have 8 years (and maybe even 10 years) of support.
The blog post focuses on wrong aspect. There are immutable Linux distributions which are considered to be more secure and have other pros and cons.
The right aspects would be: Do you have superuser access or the vendor has it? Is the system verifiably build from open source? Etc.