More companies are going to forced updates. For example, Microsoft Windows 10 users no longer have an option to refuse updates, only delay them. Enterprise users have more options, but updates generally get deployed often unbeknownst to users.
Over-the-air (OTA) updates are just a variant of this approach designed to keep IoT devices like Amazon's Echo Dot up to date. This can mean fixing bugs, improving security, or adding new features.
Many OTA services highlight secure updates as a key feature. And they are, but there’s much more to deploying updates than guaranteeing that a particular update is valid. Managing updates is a complex task when dealing with hundreds to millions of devices. That’s because many times it’s rare that all devices in a collection will be identically configured or in the same state. This can affect deployment of an update.
An unfortunate consequence of a failed update is a "bricked" device. That’s where a device no longer functions properly, if at all, and is equivalent to a brick. A recent Echo Dot update left many in a bricked state.
Likewise, updates can often degrade different performance aspects. A recent update for my Samsung Gear S3 (see figure) watch resulted in reducing its normally good run time of almost two days to about two hours. This was due to an app update for tracking world time, which I never actively use, but one that can’t be disabled or deleted.
An update to the world clock app for the Samsung Gear S3 reduced runtime to about two hours.
Testing of updates is a serious task and dealing with the plethora of states can be a challenge, especially when updates are done on a regular basis and in an incremental or differential fashion. The latter is common for IoT devices with low bandwidth communication methods, which reduces the amount of data to implement an update.
Designers also need to keep in mind that there are many ways to address these related issues, such as more advanced watchdog facilities and power-on self-test (POST) services. These can identify and address bad updates; therefore, a device may only be temporarily uncooperative rather than permanently bricked.
These issues are very important as the number of interconnected devices grows. New cars, let alone self-driving cars, have hundreds of devices that can be updated, many of which are critical to the vehicle’s operation and the safety of the occupants. Liability for failure or degradation of these types of devices are more important than my watch, but effects can range from annoying to fatal.
No one said building IoT systems would be easy. However, if these devices are to provide the type of long-term functionality we desire, then all aspects related to OTA updates need to be addressed.