Google I/O was a massive event, with many things announced across the three days. One of the interesting nuggets tucked away in a developer talk was that Google is going to start requiring OEMs to deliver regular security patches.
The announcement was made during the ‘What’s new in Android Security’ and picked up by Mishaal Rahman from XDA-Developers.
We’ve also worked on building security patching into our OEM agreements. Now this will really … lead to a massive increase in the number of devices and users receiving regular security patches.David Kleidermacher, Google’s head of Android platform security
Google hasn’t previously required OEMs to deliver security patches to their devices, even after starting to deliver monthly Android security patches in the wake of the Stagefright vulnerability back in 2015. Stagefright was the first of a number of vulnerabilities which affected Android and made more people aware of the need to run the latest version of Android.
While Google hasn’t announced how often they will need to deliver security patches to devices, it’s at least promising that they’re seeing the need to build the requirement into their OEM agreements.