Google says it will need phone manufacturers to release security patches on a “regular” bases, however, it is not clear who the necessity will apply to neither does it say how severe the authorization will be. On Wednesday, when there was a talk at the Google’s annual developer conference, one of our sources reported that the company announced that many more users would receive security patches regularly as a result of the agreements that it has made with its partners.
Google’s head of Android security, David Kleidermacher, said that, “When you have billions of users, it’s a large target. And so it deserves the strongest possible defense. We’ve also worked on building security patching into our OEM agreements. Now this will really lead to a massive increase in the number of devices and users receiving regular security patches.”
Unfortunately, there are no details that we got apart from that. In the meantime, we have reached out to Google to learn how frequent the security updates will be and who they will apply to, but the company didn’t give us any information. It does however seem as if the requirement will pertain to only new phones launching on Oreo or later that take advantage of Google Play services which means that China is not included. Even at that, we cannot say for sure if it will apply to all of Google’s partners.
Despite the fact that Google delivers monthly Android security patches, it hasn’t required manufacturers to provide them, and phone makers are often frustratingly slow to release updates. The new requirements will make use of Project Treble to make things to release updates. Project Treble gives manufacturers the opportunity to update without having to make a lot of software changes first.
Though it is a good thing that Google is thinking of ways to get security updates to users at a faster pace. The chances are however, that any effort will get off to a slow start given how vast and fragmented the Android landscape is.