Google is making regular security patches mandatory for OEMs

Google is making regular security patches mandatory for OEMs

Google is well aware of the fragmentation problem in the Android ecosystem, but it also knows that isn't limited to just different Android versions. Some manufacturers don't offer regular security patches either. It's possible that this situation may get under control soon.

The voice of reason

Google I/O, the annual developer conference, is divided into a number of sessions during which Google addresses a variety of topics. In the session on security, head of Android platform security Dave Kleidermacher explained how Google is trying its best to solve one of Android's biggest blunders so that manufacturers can offer security patches as quickly as possible by using Project Treble.

"We’ve also worked on building security patching into our OEM agreements. Now this will really … lead to a massive increase in the number of devices and users receiving regular security patches."
AndroidPIT nokia 7 plus 5001
Nokia is one of the partners, allowing the Nokia 7 Plus to get Android P. / © NextPit

Why is this such good news?

Some manufacturers aren't lazy about patching, while others only make it a priority for their flagships. Generally, the monthly Android security patches arrive on the smartphones of the luckiest users around the first few days of the month, but manufacturers get the details a full month earlier so they can prepare themselves ahead of time. So, it's left up to manufacturers to have them ready by the beginning of the month or not.

Since some manufacturers don't offer the security patches to their users as quickly as they should, that means some users are left vulnerable. As such, Google is taking things out of the manufacturers' hands and into their own, to force manufacturers to offer these important patches more regularly. 

androidpit repartition android mai
The fragmentation of Android versions is a huge concern. / © Android Developer

Google is offering partnerships

Google is counting on its GMS partner program and its Android partner program to turn this situation around. These allow manufacturers to get updates earlier than others, which gives them more time to prepare their implementation and hopefully deliver it in good time to users. It's because of this partnership that some non-Google manufacturers are able to offer the Android P Beta.

Google would like to make a change to the partnership agreements. While the details are unknown, it would most likely require the release of monthly security patches. 

Will it work as hoped?

While this is promising news, it's still up in the air whether the plan will work or not. Making regular security patches mandatory could get in the way of creating more partnerships. We'll have to wait and see how the situation evolves. In the meantime, let us know your thoughts in the comments.

Source: XDA Developers

Latest articles at NextPit

Recommended by NextPit


Write new comment:
All changes will be saved. No drafts are saved when editing
Write new comment:
All changes will be saved. No drafts are saved when editing

  • My telco here in Australia (Telstra) actually released an update only 1 MONTH behind!, normally they are at least 3 months behind.

  • One small step closer to being "like Apple". Now, work on forcing every OEM to issue timely OS updates as well.

    •'re against this?

      • Of course not. What gave u that idea? Google is trying to be like Apple, charging an arm and a leg for Pixels (but failing miserably in sales). The only thing Google can't seem to imitate is superior customer support and timely updates on ALL Android devices. Forcing all OEMs to issue timely security updates is a step in the right direction.

  • This should have been done since by Google. Security issues has been the main reason people prefer Apple phones than Android. Anyways, it's better late than never.

  • This is long, long, long overdue, and hopefully only the start. Android should always have been implemented like Microsoft Windows, with Google providing updates when it detects compatible hardware. Windows proved a quarter-century ago that the OS doesn't have to be part of an Apple-like proprietary "garden" - it gives OEMs lots of room to design unique hardware and configure software (or bloatware) and for end-users to reconfigure for themselves. Google should have realized this Day One for Android, even if it means a surcharge on the OS.

Write new comment:
All changes will be saved. No drafts are saved when editing