If you have a Windows machine, then you know that the second Tuesday of every month, like clockwork, you’ll get a whole host of security patches and thorough explanations about what each one does. Up until now, Android has been a little more lackadaisical, bundling security fixes in with more noticeable UI or app updates. Following a widespread security scare, though, Google will step up its game to provide monthly updates, and it looks like other manufacturers will follow suit.
Adrian Ludwig, an engineer, and Venkat Rapaka, a product director, took to the Android Official Blog on Google to explain how the new process will work. The blog cites the Nexus line of mobile devices specifically, and explains that as of today, Nexus phones and tablets will get one big security update each month, and each product will have Google’s full support for two to three years. Additionally, Google will release all of its fixes to the Android Open Source project, so that other developers can take advantage of the company’s patches.
The impetus for the sudden ramping-up in security, according to Ludwig and Rapaka, was the Stagefright exploit, which was theoretically capable of hijacking Android phones with a text message. (There is no evidence that any malefactors took advantage of Stagefright in the wild.) Android has always had a strong focus on security, they said, with a generous rewards program for independent researchers who hunt bugs, and fewer than 1 percent of Android handsets with harmful software installed from Google Play.
Nexus phones and tablets, however, make up only a small part of the Android market. Due to the fact that they come directly from Google, Nexus phones and tablets have always received updates faster than their third-party counterparts. Other manufacturers, however, appear to be on board for the new security initiative as well.
Samsung, which produces the popular Galaxy line of Android devices, also announced monthly security updates. As the fixes will be available open source, it makes sense that other manufacturers like HTC, Sony and LG will follow suit.
Everyday users, however, might not get the security updates as quickly as they’d like. Users who purchase phones on contract through wireless carriers tend to have tweaked versions of Android specific to those carriers. (A Moto X from Verizon is slightly different than a Moto X from T-Mobile, and so forth.) As such, wireless carriers can often give and withhold updates as they see fit.
Keeping up-to-date with phone security is important, so friction between the manufacturers and wireless carriers should be minimal. Even so, it never hurts to use common sense with your phone, or to install a third-party security suite.