Google Is Making Android Security Updates Mandatory

Google Is Making Android Security Updates Mandatory

Most Android phones get updates, but they don’t get very many of them. This has been an issue even for very expensive and popular phones, which quickly end up with old security patches that can’t protect you from every online threat. Google is reportedly rolling out a new Android licensing agreement to OEMs that will require security updates for two years on certain devices.

The new contract, obtained by The Verge, says that Android device makers will have to deploy at least four security patches for new phones in the first year they are on the market. They will need to continue supporting devices in the year following with patches, but Google does not specify how many.

These new rules only apply for phones launched after January 31, 2019. In addition, this is meant to target “popular” devices. Google deems phone or tablet with at least 100,000 activations to be popular enough to warrant a high level of support. Google apparently started enforcing this on a limited basis over the summer. In August, 75 percent of each device maker’s popular phones were subject to the new rules. Next year, all of them will be.

Companies can’t just roll out any old security patch and call it a day, either. The patches need to cover all the flaws reported as of the patch date noted in the system software, and the patch level cannot be more than 90 days in the past. For the first year, that basically guarantees quarterly updates. Even without a required number of updates in a device’s second year, users should still get reasonably new security fixes.

Google Is Making Android Security Updates Mandatory

You can always check the security patch level of a phone in the system settings, a feature implemented by Google after the Stagefright vulnerability several years ago. On many devices, the patch date is also a link to the official Android patch notes so you can see which vulnerabilities it covers.

This is all separate from system updates, which are still sluggish even after the deployment of Project Treble in Android Oreo. It takes more time and resources to develop a new underlying version of Android for a phone than it does to patch security holes. Google has provided some guidelines on system updates but nothing as strict as these supposed security guidelines. While getting the newest features is fun, a more secure phone is arguably much more vital.

Continue reading

Android 12 Could Include Major App Compatibility Improvements
Android 12 Could Include Major App Compatibility Improvements

Google has attempted to centralize chunks of Android over the years, and a major component called ART is set to get this treatment in Android 12. The result could be vastly improved app compatibility, which is sure to make everyone happy.

Qualcomm’s New Snapdragon 888 Will Power Flagship Android Phones in 2021
Qualcomm’s New Snapdragon 888 Will Power Flagship Android Phones in 2021

The 888 comes with a new CPU design, integrated 5G, and a massive GPU boost. It's shaping up to be the most significant update to Qualcomm's flagship system-on-a-chip (SoC) in years.

Samsung Starts Rolling Out Galaxy S20 Android 11 Update on Verizon
Samsung Starts Rolling Out Galaxy S20 Android 11 Update on Verizon

Not only does this include the Googley Android 11 enhancements, but it also has numerous Samsung-specific changes as part of the One UI 3.0 revamp.

It Turns Out Huawei’s HarmonyOS Is Still Just Android
It Turns Out Huawei’s HarmonyOS Is Still Just Android

Following the Commerce Department's actions against the Chinese megafirm, Huawei has been unable to use Google services on its new phones. The company's solution was to develop HarmonyOS, but now that we've gotten our first real look at it, one thing is clear: this is just Android with a skin.