Maybe not forced, but I did update several s60 devices as they had new firmware published. So they should at least have made the updates public and explained that everyone must upgrade.
Imagine, for example, openssl being told about the heartbleed vulnerability, then being pressured into paying big money to prevent disclosure, and then keeping their mouths shut about it for six years. Except this is even worse because at least then someone could look at diffs. I can't even think of a proper analogy here.
Nobody but the nerdiest of phone users bothered to ever connect their phones to a PC and over-the-air updates were not supported. The risk of malware signed with the key showing up was probably weighted against the hassle updating everything would have caused.
The difference is that OpenSSL updating was the responsibility of the admins maintaining the server, not general public. The general public did have to act, but it wasn't something technical like updating firmware on a phone is.
Back in the day, I had an S60 phone but no way to even connect it to a computer to get the firmware.
Imagine, for example, openssl being told about the heartbleed vulnerability, then being pressured into paying big money to prevent disclosure, and then keeping their mouths shut about it for six years. Except this is even worse because at least then someone could look at diffs. I can't even think of a proper analogy here.