It would be nice if the updates came from a source that wasn't directly under the thumb of the US government as all commercial businesses are, and wasn't amoral and beholden to profit motive. Not having to worry about intentional subterfuge would free up my time to worry about implementation flaws.

While you can certainly bribe, coerce or trick an upstream maintainer to accept a malicious patch, there's still a whole network of downstream maintainers that all want to have their say, and there's usually ample time for the community to form their own opinions about what's going on, even if that sometimes leads to a lot of silly polemics.

I don't know of any free operating system that forces updates, and even if Apple doesn't they still have excellent means to coerce users to accept those updates by withholding all their centralized services. Which is precisely what Sony already did with the PlayStation 3 update in 2010.

This is where the Affero GPL comes in. If the users of one service find the terms and conditions to be onerous, they can simply launch a replacement service using the same software on the same day, preferably without breaking a sweat.

I've been happy to see (and participate in) a recent discussion on software update transparency, which I think could change this situation someday -- assuming software users and publishers have enough interest in reducing the publishers' power.

Some publishers understand that a reason to try to do this is to be less vulnerable to coercion, and also to be seen to be less vulnerable to coercion -- like when distributing software to foreigners who think that your local government might try to force you to backdoor it. A recent example I heard along these lines was a Chinese vendor who was interested in pursuing a means to help customers confirm that the software updates they got hadn't been backdoored at the behest of the Chinese government. Technology distributors who are based in other countries might face similar concerns.