Google Finally Gets Serious About Android Security Updates

It’s no secret Android phone makers are really bad at keeping their users updated. Not only do they fail to deliver major feature updates, they even miss out on security updates, partly because of carriers and a bunch of other weird things.

Well, Google is finally trying to fix some of the issues. The company is now making it mandatory for Android phone makers to deliver security updates for “popular devices” for at least 2 years.

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

A contract obtained by The Verge has revealed that Google is now requiring Android phone makers to deliver at least four security updates within the first year of a device’s launch, followed by more in the second year — although it’s not clear whether the amount of security updates required in the second year is the same or less than the initial year.

The contract apparently claims any device with more than 100,00 users will be required to follow the contract, delivering the security updates regularly. Moreover, new devices must launch with the latest bug fixes and security patches, according to the new contract, which covers any device launched after January 31st, 2018. Failing to oblige will probably prevent a phone maker to get Google’s approval for its upcoming phones.

Although it’s not clear whether the contract applies to Android devices globally, what we do know is that its part of the new tactics Google is employing in the European Union after the company was slapped with a $5 billion antitrust fine. 

The new contract will definitely make sure Android users are more secure than before. Since there really wasn’t any specific requirement for Android phone makers to keep their devices updated with all the latest security patches, they often neglect some of their products, especially the low-end devices. The new contract will hopefully tackle all of that, at least that’s the plan.

Tagged with

Share post

Please check our Community Guidelines before commenting

Conversation 16 comments

  • Thomas Parkison

    24 October, 2018 - 5:49 pm

    <p>Too little, too late Google. This should have been standard practice from the very beginning.</p>

  • locust infested orchard inc

    24 October, 2018 - 5:58 pm

    <p>Adoogle serious about security ? No, get the hell outta 'ere. Go on, pull the other one, and make my day.</p><p><br></p><p>Adoogle is rightly feeling the heat from the EU ruling in July, and it's beginning to s*** itself badly.</p>

  • FalseAgent

    24 October, 2018 - 7:08 pm

    <p>Pitiful. Imagine the outrage from everyone if Ubuntu or Windows only provided security updates for 2 years. Imagine the shitshow if OEMs were in control of PC updates. Yet, we put up with an asinine standard for our phones which are arguably far more important.</p><p><br></p><p>Android may have succeeded in marketshare, but this is one area where they have failed.</p>

    • Winner

      25 October, 2018 - 2:22 am

      <blockquote><em><a href="#356239">In reply to FalseAgent:</a></em></blockquote><p>To be fair, though, Google does updates monthly and their phones get those updates monthly. All the other players are quite slow. Especially Samsung.</p>

      • FalseAgent

        25 October, 2018 - 7:53 pm

        <blockquote><em><a href="#356320">In reply to Winner:</a></em></blockquote><p>Google abandons their own devices after 3 years, no?</p>

  • dcdevito

    24 October, 2018 - 7:16 pm

    <p>This isn't news…they announced this at Google I/O a few years ago. </p>

    • Polycrastinator

      25 October, 2018 - 8:33 am

      <blockquote><em><a href="#356241">In reply to dcdevito:</a></em></blockquote><p>No, I remember the Google announcement, but I believe it was for general updates, not specifically security updates, and the period was only 18 months then. It's a good thing that Google has broken security patches out of the rest of their update mechanism, it should at least make this a little easier to implement.</p>

  • red.radar

    Premium Member
    24 October, 2018 - 9:45 pm

    <p>They can provide it but doesn’t mean the carriers approve it. I can somehow see this still not solving the issue. </p><p><br></p><p>Granted I am being a touch of a cynic </p>

    • wright_is

      Premium Member
      25 October, 2018 - 3:37 am

      <blockquote><em><a href="#356261">In reply to red.radar:</a></em></blockquote><p>Not a problem over here, I haven't had a carrier restricted phone for nearly 20 years.</p>

  • jrickel96

    25 October, 2018 - 12:13 am

    <p>Meanwhile the iPhone 5s is still getting updates. Only reason earlier devices aren't is due to 32-bit architecture. </p><p><br></p><p>The iPhone 5s is five years old. </p><p><br></p><p>People talk about how expensive iPhones are, but what is better – an iPhone XS for $1,000 that has at least a five year support cycle or a $700 Samsung Galaxy S9 that has two years of support at best – and I don't see how Google can enforce this or get carriers to not block some updates. $350 per year versus $200 per year. And one of them will also hold its value much better for trade-in or sale than the other.</p>

    • Winner

      25 October, 2018 - 2:21 am

      <blockquote><em><a href="#356289">In reply to jrickel96:</a></em></blockquote><p>That depends upon how long you keep your phone.</p>

      • nbplopes

        25 October, 2018 - 8:14 am

        <blockquote><em><a href="#356319">In reply to Winner:</a></em></blockquote><p><br></p><p>True. But whoever complains about iPhones prices and than change smartphone every year or two, should instead focus on fixing their expensive habits.</p><p><br></p><p>What is disconrcerring is that people with lilttle money, are left with really bad support in terms of security and privacy.</p><p><br></p><p>Indeed, the core flaw of TC argument on fundamental rights from the point of view of Humanity, it’s that his product strategy pushes Privacy and Securiry rights to the highest payer. In other words, it’s subject to profits … average price rise …</p><p>wall street.</p><p><br></p><p>Cheers.</p>

    • Chris_Kez

      Premium Member
      25 October, 2018 - 11:17 am

      <blockquote><em><a href="#356289">In reply to jrickel96:</a></em></blockquote><p>Yep. A two year old iPhone 7 is still going for $300 and will probably see four or five major OS updates in its lifetime. A Pixel from the same year is now worth about $200 and it will see two major OS updates (i.e. it is done with OS updates after this fall). Both of these phones were $650 at launch (32GB models). Pretty clear which one was the better value.</p><p>I would recommend any regular consumer with mid-tier money (say $300-$500)– who isn't an Android enthusiast or Samsung loyalist– to spend that money on a refurbished or pre-owned iPhone. </p>

  • dontbe evil

    25 October, 2018 - 3:17 am

    <p>lol, google and security cannot be in the same sentence</p>

  • Polycrastinator

    25 October, 2018 - 8:34 am

    <p>Interesting that this only applies to security updates, and there's no requirement for bigger software updates. In some ways, I bet that lets manufacturers off the hook, but at least it will keep handsets more secure.</p>

  • Boris Zakharin

    29 October, 2018 - 10:36 am

    <p>Pretty Sure Motorola is already meeting these requirements with updates every 2-3 months being 1-3 months late. I'm currently on the August update. And I think that's pretty bad considering some of the security vulnerabilities out there.</p>

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2024 Thurrott LLC