Google says it will require Android phone manufacturers to roll out security patches on a “regular” basis — though it isn’t clear who that requirement will apply to or how rigorous the mandate will be. On Wednesday, during a talk at Google’s annual developer conference that was caught by 9to5Google, the company announced that many more users would receive regular security patches thanks to new agreements it’s making with partners.
“When you have billions of users, it’s a large target. And so it deserves the strongest possible defense,” says David Kleidermacher, Google’s head of Android security. “We’ve also worked on building security patching into our OEM agreements. Now this will really lead to a massive increase in the number of devices and users receiving regular security patches.”
Unfortunately, there are no details beyond that. We reached out to Google to learn how frequent the security updates will be and who they’ll apply to, but the company didn’t immediately have answers for us. It sounds like the requirement will apply only to new phones launching on Oreo or later that take advantage of Google Play services — so likely nothing in China. Even then, it isn’t clear whether it’ll apply to all of Google’s partners.
While Google delivers monthly Android security patches, it hasn’t required manufacturers to provide them, and phone makers are often frustratingly slow to release updates. The new requirements will use Project Treble to make things go smoother. Project Treble lets manufacturers update without having to make a lot of software changes first.
It’s a good sign that Google is thinking of ways to get security updates to users at a faster pace. But chances are, any effort will get off to a slow start given how vast and fragmented the Android landscape is.