Updates are easily the biggest problem facing the Android ecosystem, and Google is working hard to fix that. Project Treble has proven that it’s capable of making updates easier, and now Google is stepping up requirements for OEMs when it comes to security patches.
Nomad case for Pixel 3
At Google I/O 2018 this week, Google has made a ton of announcements, including the arrival of Android P’s beta. The company had several reveals regarding the Android platform following the initial keynote through other talks.
In the “What’s new in Android security” talk yesterday, the company made an interesting announcement. Google’s head of Android platform security, David Kleidermacher, revealed some new changes coming to the company’s security policy which effectively require OEMs to roll out security patches.
We’ve also worked on building security patching into our OEM agreement. Now this will really lead to a massive increase in the number of devices, and users, receiving regular security patches.
Google has offered Android’s monthly security patches for quite some time at this point, but it has never really had any requirements for them. Most OEMs push out updates to some extent, mainly to help users have a sense of security on their device. However, the updates are still totally optional in the long run.
It’s still unclear what Google will specifically be requiring with this change, as it only mentions that updates will need to be “regular.” That could mean basically anything, but it’s unlikely that Google will require these updates on a monthly basis. Hopefully, though, this encourages OEMs to be more timely when the changes are put in place.
Of course, Project Treble will play a big role in this, as Google even notes that OEMs who implement Treble will find it much easier to implement these security updates. You can view the entire talk from Google I/O below. Kleidermacher talks about the changes at the start of the talk.