The 5% of problem Android devices on the Internet are not manfactured or imported in the US. So the US law sounds great, but isn't solving a problem.
Plus, given that the proposed law dictates -future- behaviour I'm not sure who, how or where an affected person (one who only has money for an ultra cheap phone they haven't updated in 7 years) would get relief from.
To fix the "future behavior" problem, maybe the law could work like this: make selling a device at all require escrowing the full source code, and if the manufacturer stops releasing security updates, the government releases the source code.
Plus, given that the proposed law dictates -future- behaviour I'm not sure who, how or where an affected person (one who only has money for an ultra cheap phone they haven't updated in 7 years) would get relief from.