You can do amazing crap with the Android phone. The question is; are you talking SANCTIONED upgrades or unsanctioned ones?
Let me give you the skinny.
Most Android phones have three layers on them.
2) Android OS
#1 and #3 are owned by the phone manufacturer (HTC, Motorola, Samsung) and are overseen by the carrier (Verizon, T-Mobile, etc) - #2 is owned by Google.
The bootloader controls access to the bare core of the phone. In computer terms, think BIOS. This is the code that runs immediately when the phone is turned on and BEFORE control is given over to the Android OS.
The Android OS controls the core Android experience. Google Accounts, services, market, database storage/access, etc. On the PC, consider this WINDOWS.
The Shell UI are things layered OVER the Android OS to offer extended services and provide a unique experience per phone. Usually, this means "eye candy". Most people feel that Android OS (before Ice Cream Sandwich) is boring, drab and dull (like Windows 3.1). The Shell UI overlays are like Windows 7 Aero and all the glassy love that the Mac people like. The Shell UI often REPLACES Android services like Mail, SMS, Contacts, etc. with their OWN product. These UIs have names like MOTOBLUR, SENSE and TOUCHWIZ on Motorola, HTC and Samsung phones respectively.
Google constantly updates the OS with fixes and features - these releases are incremental and have cool dessert names like Cupcake, Froyo and Gingerbread. Google uses a "reference" or developer device branded "Nexus" to test all these changes on first. This is a pure, Google-only device; no bootloaders, no Shell UI - just plain Google.
The second that Google approves an update, the reference device (Nexus) gets the update immediately. They will ALWAYS be first to get the latest and greatest from Google.
But what about the NON-reference phones like Thunderbolt and Razr? These are controlled by both the carrier and manufacturer.
The manufacturer wants THEIR branding shell on the phone. They want their distinctiveness on the phone because that gives them some sort of edge against the rival manufacturers.
The carrier demands their "premium apps" (you and I call it BLOATWARE) like VZ Navigator (that wants to charge you $10 a month for what Google gives you for free). and VCast.
Once Google "blesses" a new release of the OS, the manufacturers download the source code and then spend weeks (even months) adapting their "shell" to work on top of it. Then, the manufacturer gives this cobbled code to the carrier that must then test the crap out of it - in addition to making sure their bloatware apps are inserted (and locked into) this new hybrid version of the OS.
Finally, after what seems to be months - the OTA updates of "Motorola Droid X Gingerbread for Verizon" FINALLY starts getting pushed to the public. You may get it right away, or you might have to wait - as they do "trickle" releases to ferret out any last bugs or glitches.
EVERY phone suffers this grueling insane process:
Except the Nexus line. These aren't Verizon's phones or Samsung's phones; they are GOOGLE'S phones. Sure, Samsung makes 'em and Verizon sells them - but in the end, the Nexus phone is devoid of either MANUFACTURER or CARRIER meddling.
Back to your question. Can you update Android phone OS? Absolutely. The question is ... WHEN? With a Nexus phone, you get the updates immediately from Google. With everyone else? You have to wait for the other two boneheads to get it together ... IF THEY WILL EVEN DO IT.
Don't forget, these manufacturers have dozens of models with various hardware configurations. Motorola et al have to decide which models of phones they are even going to waste time on putting upgrades out for. And the carrier has to want to put forth the effort and expense of pushing out the updates, etc.
When you hear people whine about "fragmentation" in Android, this is what they mean. As you can see, it is NOT Google's fault - the fault lies in the carrier and manufacturer wanting to dick with the OS before putting it out on the phones.
Now, the last part of the equation. You've probably heard of "custom ROMs" like Cyanogen Mod or BAMF or "XDA Roms".
These are community created custom OSes for your phone. You can go get one of these and blow your phone away - like a blank hard drive on a PC, and fill it up with a totally new OS. Your phone only come with Froyo and Motorola isn't going to update to Gingerbread? No problem. Go get Cyanogen Mod 7 and you now not only have Gingerbread, but a whole host of insane features they added to the OS (since Android is open source, pretty much ANYONE can make a rom).
Since the hardware architecture is mostly closed, these roms are often better and more stable than the ORIGINAL PHONE's OS! Plus, they are usually updated frequently - CM7 is updated NIGHTLY.
I know what you're thinking ... DONE! SOLD!
Before doing a dance, custom rom installation is not as simple as putting a CD in your drive and running SETUP. It can be mildly unpleasant all the way up to a downright pain in the ass.
What determines this? That damn bootloader we talked about.
The bootloader controls the phone during power up. If this cannot be altered or patched to work properly with the custom rom, then you don't get to run the custom roms. Sometimes, exploits are found to "work around" these "locked" bootloaders, but most of the time, the phone ends up gimped because of it.
Imagine is someone set the password to your computer in the BIOS. Literally, the INSTANT your computer is turned on, there is an ENTER PASSWORD screen. There is no way around it. You can't "boot" off another disc and recover the password. You can't hack into it. The password is 100% safe and unbreakable until someone lets it slip out.
Most locked bootloaders are only hacked because someone on the inside of the manufacturer leaks the "password". Some bootloaders have taken YEARS to crack. I believe some are still uncracked.
Who does this? The manufacturer ... at the behest of the carrier. Who the hell wants to waste time blocking the customer from doing whatever the hell they want with their phone? The carrier. They want you loaded down with their bloatware. They want you NOT using unauthorized tethering apps they cannot control. Where is the best way to stop the intruder? At the front door; the bootloader.
Do not mistake the bootloader with something called "root" (Apple people call this jailbreaking). Like Unix, "root" access is the highest level access to the device possible; nothing is prohibited (think Administrator on your WIndows PC). Root access allows you to do things like remove bloatware from Verizon (see, the bloatware is stored in the SYSTEM area of the filesystem - so no one BUT root users can get to it and delete it). It allows you to modify system level stuff in your phone that allows you to do things you want (but THEY don't want you) to do. Like the HOSTS file to block ads. Or a configuration file that identifies what kind of phone you have (this is used by Netflix and other programs to decide who can use their service - spoofing another phone might allow these services to work on an unsupported phone).
MOST if not all Android devices can be "root"ed. Even those with totally locked bootloaders.
What most people want from their phone is "root" access. Get rid of the bloat. Block ads. Run "system level" apps like screenshot tools. Custom roms are just a bit too much for most people to deal with.
BUT - the bottom line is - the Android phone (regardless of carrier or manufacturer) is the most hackable, customizable and "free" phone out there. How much you do or do not do with it largely depends on how much effort you're willing to exert to make it happen. Sure sure, there are the locked bootloaders that make things a pain in the ass - but in the end, the consumer wins because they are cracked eventually - and your phone is yours again.
The ability to do custom roms is how people are getting Ice Cream Sandwich on phones that don't officially support it. The ability to put Gingerbread on a Cupcake phone.