Google, T-Mobile too mum over Android security?

When it comes to telling customers about security weaknesses, there's a fine line between alerting customers and inviting attacks. With T-Mobile G1, the first phone to run Google's Android operating system, I think the companies are erring on the side of inadequate disclosure. I've been testing a review model of the G1, and an update arrived first on November 1 and then a second a week later. Only by dint of much pestering and more than a week of waiting did I find out from Google what was in those two Android patches. And T-Mobile has been pretty quiet, too. (I'm waiting for comment from the company about its choices.) I'm not the type to blithely ignore patches. Sure, I'm not convinced the security patches I download for Adobe Reader, Microsoft Windows, and Firefox are flawless, but I think the odds are good enough they'll be an improvement that I install them. But with the Android phone, I couldn't even tell if the patches were security related, much less how important they are, much less what they actually do. The closest I could come was figuring out what operating system build I had installed, then using that nugget of information to snoop around the T-Mobile forums, the Android bug-reporting system, and assorted Web sites to see if I could piece together what was going on. In short, even if companies are generally looking out for their customers' best interests, I think it behooves them to keep the customers better informed. It prevents us from feeling like disempowered pawns. It helps us make intelligent choices with our products. And it can even make us happy, when pesky bugs are stamped out or useful features are added. Even Microsoft, which hardly has a reputation for coddling its users, does a better job of keeping people in the loop. It gives a heads up a few days in advance about what's coming on its next monthly "patch Tuesday" upgrades.