Android has had a long history of battles for the security of devices, and an even longer history of waiting for manufacturers to update their devices. The truth of the matter is that security updates for a lot of Android devices come far too infrequently for users to even feel secure. Those devices that are updated are most likely not getting them often enough, considering that Google has been right on schedule with their monthly security patches. At Google I/O this past week, there was some good news to be had concerning this issue.
Google says that it will start requiring Android phone manufacturers to roll out security patches on a “regular” basis, although it was not made clear what “regular” meant. But starting with Android P, Google is updating its OEM agreements to make sure that manufacturers will take security much more seriously. The agreement hinges on Android P, so for devices with versions lower than Android P, nothing is likely to change. New phones and ones that are updated to Android P should be covered by this updated OEM agreement.
In the video above (starting at the 2:14 mark) Android Security director Dave Kleidermacher said, “We’ve also worked on building security patching into our OEM agreements. Now this will really lead to a massive increase in the number of devices and users receiving regular security patches.”
Unfortunately, there are no details beyond this quote from the Android’s head for Security. Hopefully, Google can push this agreement as far back as Android Nougat, so that OEMs will be required to give security updates.