Google Will Soon Mandate OEMs to Roll Out Android Security Patches Regularly
Regular updates have always been a problem with the Android operating system, with several million devices still running an outdated security patch. Google has been hard at work attempting to remedy the situation, which is a herculean task, considering the sheer number of devices that run Android. At the annual Google I/O developer conference, Google‘s head of Android platform security David Kleidermacher talked about the upcoming security changes in the Android P release. He further stated:
We’ve also worked on building security patching into our OEM agreements. Now this will really lead to a massive increase in the number of devices and users receiving regular security patches.
Every month, Google releases monthly security patch bulletins that list patches for known vulnerabilities which are released to the public generally in the first week of each month. On the other hand OEMs and vendors receive the monthly security patches a month in advance so that they can roll it out to their respective devices. So far, Google hasn’t mandated the OEMs roll out security patches, and the responsibility of rolling them out lies solely with the companies. Large companies such as Samsung roll out security patches regularly, but the same can’t be said for lesser-known names such as Micromax and BLU. Some companies are complacent about rolling out patches, while others flat out lie about them. It is a disturbing trend, and Google may have something in mind that can stop it.
Changes likely in the Android partner program
Google is reworking the agreement with their Android partners to include terms requiring regular security patches which might require OEMs to roll out security patches on a monthly basis. Unfortunately, that’s all we know about the agreement for now. It is uncertain how often Google will require their OEM partners to implement patches.
Similarly, it’s unclear if Google has provisions in place to verify that security patches are being properly implemented. A penalty for companies that don’t comply would be a nice start. We could even see repeat offenders lose their Android license altogether. Only time will tell. With newer, more powerful exploits being developed daily, security is of the utmost importance and we’re glad to see that Google is finally doing something about it.
Source: XDA developers