Android OEMs Forced to Provide Updates

Android is great. It’s established a solid reputation when it comes to the wide and varied choices in handsets, reliable hardware, fast charging and a fantastic range of apps. Unfortunately, Android is not that great on all fronts. In fact, when it comes to security updates it’s quite a mess.

The problem with Android updates

There’s no issue with the availability of Android security updates. Even when security patches are rolled out in time, Android device manufacturers often take their time by delivering patches to their customer base. This leaves major parts of the Android ecosystem vulnerable to hackers. To combat this, it is crucial that patches are delivered regularly and on time – which is currently not happening.

What Google is doing about it

In Google’s I/O Developer Conference in May, the company revealed a plan to compel Android device manufacturers to roll out security patches on a regular basis. Later in the year, an unverified copy of Google’s new contract with OEMs was leaked. According to the contract, manufacturers will have to provide regular security updates for popular devices for at least two years. This is defined as all devices that have been launched after 31 January 2018 and have achieved over 100,000 users. The mandate specifies a minimum of four security updates during the first year but fails to specify an amount pertaining to the second year. It also stipulates that patches created for security risks may not be delayed for more than 90 days.

Change is on the horizon

According to a spokesperson from Google, 90 days is a minimum requirement when it comes to security hygiene. It was also stated that the most recently-deployed Android devices are running an update from the last 90 days. Although this ties in with the leaked contract, its authenticity has not been verified. Should it be genuine, the changes made by Google are set to make a profound impact on the state of Android security and be of serious benefit to Android users. In other news, Google has announced a plan to start charging licensing fees to Android OEMs in Europe who want to include Gmail, the Play Store, Maps, Chrome and YouTube on Android handsets.