No shit. It's important but I'm wondering if it's overrated. It's a phone. I've passed on lots of devices because they aren't supported for long. It makes me wonder if the security updates are a mere sales pitch that doesn't actually benefit the user a whole lot. Great, it's harder to hack me. Would I have been hacked if I stuck with my Pixel 3? Hard to say. Overrated

> security updates are a mere sales pitch that doesn't actually benefit the user a whole lot

Whose sales pitch would that be? I haven't noticed that, I believe security is mostly seen a source of cost.

Also we tend to change phone frequently, which is the same as a security update. But if you keep it for 5 years, it starts to matter more.

> Would I have been hacked if I stuck with my Pixel 3? Hard to say.

Everyone should fasten their seat belt when driving a car, but it does not mean at all that if you don't, then you will have an accident. But if you did, it is an established fact that the seat belt would probably help.

People do get hurt by security issues. Remember NSO Pegasus? Would you want that to be out in the wild, such that a kid in your daughter's school could get access to her phone/social media/camera/pictures?

I am pretty sure you do want some level of security.

I like the analogy but there is already a level of safety after a phone reaches EOL. It seems more akin to selling a 5-point harness to somebody who already has a seatbelt.

A seatbelt does not lose its ability with time (I have never heard about "changing the seatbelts"). So they don't need updates. However, software that connects to the internet "loses" security with time (as time passes, more vulnerabilities are found). That's why we need updates: to maintain our non-zero security level. Then you could argue that we could have smaller updates with fewer patches, because what we have right now is overkill. And maybe some of those updates don't really matter much, indeed. But some do.

And for those, you need security updates.