There should be no barriers to timely security updates, particularly considering implications for users of various socio-economic status and citizenship. Security updates should be distinguishable from feature updates.
Security updates are essential to maintaining the security of a device and an ecosystem. These should not be tampered with for any purpose other than maintaining technical security, distribution should be as wide as possible, and developed and applied to as broad a base of users as quickly as possible. Too often the poor are forced to use technologies that do not receive security updates in a timely manner, if at all. Users should be able to accept updates without having to worry that it also adds functionalities that might be privacy-invasive or otherwise against the interest of the user.