Android is broken. We're all fans here, and I'd never want to switch to any other smartphone platform for my own needs, but we all know inside that Android is broken. The introduction of monthly security patches and how most of us aren't getting them only solidifies this simple truth.

Let me explain. Android is a huge convoluted set of source code files. It's not a stand alone product, as someone needs to build the actual product from those sources and distribute it. Any of us, with a little studying and some time, can take those source files and build an operating system out of them. Because most of it is open source, we can also change anything we like to make something unique. Google the words AOSP custom ROM — all of those people have access to the same code that Samsung or LG uses to build their "Android" with. It's fabulous.

Google encourages people to look through the code, try to break everything, be sneaky as hell and find security vulnerabilities in Android. Android may not be the most "open" open-source project out there, but the way they encourage others to find bugs and exploits is really great. Cash incentives work really well for a lot of things.

We're promised monthly updates, but instead we get a few updates on specific versions of a small handful of models. And a bunch of broken promises.

Once a month, since August of 2015, they take the information other people have given them about bugs and exploits, and edit the code to try and prevent it from happening. Code maintenance and security patching isn't fun or easy, but it's part of responsible software development — take care of your users. They then publish these changes, both in the code itself and as a bulletin so we know what they did without looking at code commits, each month. Nexus products get a small OTA security patch soon after.

Google's partners who make the phones we love get the changes a month in advance so they can also be ready to update as soon as they can. Some, like BlackBerry, are able to push these updates right away, with a short delay for carrier branded (remember this, it's important) models. Others take a little longer, and some phones will never, ever get any security patches.

These are the important updates. We all love the idea of getting new features and a new version of the operating system, but these patches are what you need to make sure the phone you keep your digital life inside is fit to use. Read some of the exploits addressed the next time Google announces their monthly patch notes. That's some scary stuff, and one day someone is actually going to release some bad software that takes advantage of all the unpatched phones. A bonafide Android security apocalypse is a real possibility.

That is broken. That needs fixed.