Home News Android Security Updates Now Mandatory in Newer Devices

Android Security Updates Now Mandatory in Newer Devices

Nov 3, 2018

Google has updated a contract with manufacturers that now mandates that Android security updates be released to popular devices. We have told you for a long time about the monthly security updates that Google releases to various Android devices. These security updates happen monthly and patch up security vulnerabilities that are within the Android ecosystem.

It is difficult for Google to get the manufacturers and carriers to actually update their devices on time though. Now, there is a new contact that was written out that explains the mandatory updates and which devices are required to get them. Read on to learn more about these mandated Android security updates and what Google hopes to accomplish with this news.

Google Now Mandates Android Security Updates for Some Devices

There is a new contract that Google just released to manufacturers. The contract now requires the Android security updates for newer devices. These obligations require that the manufacturer install the updates for two years. This will be required on any popular Android tablet or smartphone. There have to be four different security updates released within the first year of the device launch.

The new contract also goes onto explicitly state that there are security updates required for the second year of the device too. There are no minimum amount of required updates for the second year. That means in the second year, the manufacturer could only release on of the security updates, and it would still be following the guidelines. All of this is being done to get rid of all of the vulnerabilities that exist on Android devices. A lot of people would like to patch up the vulnerabilities. These updates have not been regularly rolled out by the Android manufacturer though.

Android Security Update Mandates First Mentioned at Google I/O

We first learned about the mandated Android security updates at the Google I/O this year. The head of Android security, David Kleidermacher, was the one to talk about this change during the Google I/O. At that point in time, it was not yet determined how long the security updates would be required.

We also did not know for which devices the updates would be mandatory. We now know that you have to push out four updates the first year. There is no set amount for the second year. We know now that this is also only a mandatory thing for two-years. The two-years are after the launch of the Android device.

Other things that we know about the security update mandated requirement is that the device has to launch after January 31, 2018. The device would also have to have been activated by over 100,000 people in order to be included in the new terms. It was determined that starting at the end of July, about 75 percent of the mandatory devices had received the new patch requirements. After January 31, 2019, all of the mandatory devices will need to get all of the security updates. This is part of the new requirements by Google.

New Details Emerge about Mandated Android Security Updates

We have also learned that there is a specific time frame to when the manufacturers have to patch the various flaws. Google is giving the manufacturers three-months to get the patches out to the devices. This means that by the end of the month, the device must have all of those vulnerabilities fixed. This stipulation means that the fixes have to be out for the issues from three-months prior. Even without requirements for the second year, it still brings us to four minimum following these rules.

Google also said that any manufacturer not following these new rules could end up not getting their future smartphones approved. That means manufacturers need to ensure they are keeping their devices updated to ensure future smartphone approvals. If Google does not approve the smartphone, that means the device likely will not be released.

In the comments below, we want to know what you think about the new requirements pushed out by Google for the device manufacturers. Do you think that this will help Android devices be more secure and less likely to get a virus or other malware? Is the fact that manufacturers are so slow in rolling out these security updates an issue for you? What else do you think Google should do to get the device manufacturers to roll out these important updates?