+ Monday October 21st, 2019

Google I/O was a massive event, with many things announced across the three days. One of the interesting nuggets tucked away in a developer talk was that Google is going to start requiring OEMs to deliver regular security patches.

The announcement was made during the ‘What’s new in Android Security’ and picked up by Mishaal Rahman from XDA-Developers.

We’ve also worked on building security patching into our OEM agreements. Now this will really … lead to a massive increase in the number of devices and users receiving regular security patches.David Kleidermacher, Google’s head of Android platform security

Google hasn’t previously required OEMs to deliver security patches to their devices, even after starting to deliver monthly Android security patches in the wake of the Stagefright vulnerability back in 2015. Stagefright was the first of a number of vulnerabilities which affected Android and made more people aware of the need to run the latest version of Android.

While Google hasn’t announced how often they will need to deliver security patches to devices, it’s at least promising that they’re seeing the need to build the requirement into their OEM agreements.

Source: XDA-Developers.

Daniel Tyson  


Dan is a die-hard Android fan. Some might even call him a lunatic. He's been an Android user since Android was a thing, and if there's a phone that's run Android, chances are he owns it (his Nexus collection is second-to-none) or has used it.

Dan's dedication to Ausdroid is without question, and he has represented us at some of the biggest international events in our industry including Google I/O, Mobile World Congress, CES and IFA.

newest oldest most voted
Notify of
Ausdroid Reader

I wonder if this is helped by the existence of Project Treble? Surely the same functional separation that makes it easier to upgrade the OS should apply at least equally to security patches? Which would therefore enable Google to be more demanding of OEMs than they have been before when they knew there was (or may be) a lot of work to implement the security patches into the OEM skins.


Let’s hope it is at least 4 minimum per year with a maximum of 3 months between a release for the first 2 years after release. This could then be relaxed to 3 / 4 in the 3rd year and 2 for the 4th. I would think in general after that time the device will be out of date so no updates will be required but could still happen. This would be for mid – premium models and could be more relaxed for entry-level devices but still would have to be at least 2 a year especially if another major… Read more »

Ausdroid Reader

I’ll believe it when I see it!


Not before time .

Check Also

By confirming the demise of Linux on DeX, did Samsung confirm Android 10 for Tab S4 and Note 9?

Did Samsung just let the cat out of the bag regarding an Android 10 upgrade …