Tuesday , November 13 2018 Ausdroid » Hardware » Google now requires Android device manufacturers to deliver two years of security updates

Android updates are a sticking point for many people, with many stops along the way from the release from Google interrupting (rightly or wrongly) the flow of updates to your phone. It appears that Google’s intention to mandate regular updates has come to fruition according to a new report.

The Verge obtained a confidential contract agreement between Google and device manufacturers, which shows that OEMs are required from 31st July this year to ensure that security patches and OS upgrades for poplar devices are maintained for at least 2 years.

This isn’t the first we’ve heard of this arrangement being built into manufacturer agreements, with David Kleidermacher, Google’s head of Android platform security saying after Google I/O that they had begun to mandate this. It’s only now we’re getting more details on what is involved.

The contract sets out the requirement for what constitutes a ‘popular’ device, stipulating that any device with over 100,000 activations falls into the category. The contract stipulates that as of July 31st, 75% of a company’s Android devices falling into this category must be provided with consistent security updates for at least two years. From January 31st 2019, 100% of devices in this category must receive security updates for the two year period.

There’s a minimum effort that vendors need apply to meet this agreement. Google mandates only that “at least” four updates be supplied in the first year after a device’s release, while the second year gets murky with a requirement for updates, but no minimum amount specified.

Google has specified in the contract that manufacturers must to offer protection against all vulnerabilities identified over 90 days ago, regardless of how many updates they have done previously – which may force the hand of some manufacturers.

The agreement allows Google to penalise manufacturers who do not comply with the new terms of the agreement, by refusing approval of and effectively blocking the sale of a device.

In a statement to The Verge, a Google spokesperson pointed out the statements made by the company earlier this year, which stated that the 90-day bug fixes “a minimum security hygiene requirement” and saying that “the majority of the deployed devices for over 200 different Android models from over 30 Android device manufacturers are running a security update from the last 90 days.”

The spokesperson also pointed to Google’s Android One program, which provides monthly security updates for three years to supported phones. It is important to point out that the hygiene statement referred to best practices, and most phones aren’t covered by Android One’s terms.

Android software updates have been fraught with inconsistency for many years, and Google has tried many different approaches to ensure the safety of devices and thus users for years. We’ve seen the carrot approach, so perhaps the stick is now being applied, but how manufacturers react to the terms is something we’ll have to see over time.

Source: The Verge.
Via: Engadget.

Alex Dennis   Journalist

By day, Alex works within the Industrial Relations field/occupation but by night and in his spare down time he searches the net for anything and everything relating to Android and Chrome related products and news.

Other various interests Alex has include, Accessible transport for people with disabilities along with LGBTIQ and Health related fields and interests for again for people with disabilities.

14
Join the Ausdroid Conversation

avatar
5 Comment threads
9 Thread replies
11 Followers
 
Most reacted comment
Hottest comment thread
11 Comment authors
DarrenSujay VilashGordonDavid AndertonLes Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
Adam
Ausdroid Reader

Even without Android One, isn’t the theory that Project Treble will make all of this much easier anyway? Although as there’s been no widespread news on Treble or any examination of its effects it is a little hard to say.

David Anderton
Ausdroid Reader

It’s a start but it’s still pretty crap. You can buy a laptop for $500 and get updates for a decade. Why should a $1500 phone only receive updates for 2 years.

Also the 2 years should start from when the OEM stops selling the phone, not when it is released.

Les
Guest
Les

The lithium battery will be rather useless after three years.

David Anderton
Ausdroid Reader

Depends on how you’ve treated the battery, but even if you’ve thrashed it after the years you sound still be getting at least 60% of the original capacity. Also there are still phones with replaceable batteries.

Jeff Dean
Guest
Jeff Dean

All sounds good in theory until your ISP/Phone service provider steps into the ring, and then the updating schedule flys right out the window.

Gordon
Guest
Gordon

I absolutely agree – it was frustrating to see LG release monthly Android Security Updates for my G5, while none were being passed on by Telstra. That was a big factor in me moving to a SIM-only plan and buying my Huawei Mate 10 Pro outright. To their credit, Huawei are releasing monthly Security Updates, so I’m only ever 1 month behind Google. It will be interesting to see how long the Security Updates keep coming – I’m guessing the tap will probably turn off at 24 months from release…

Darren
Ausdroid Reader
Darren

I’ve had Telstra block updates from devices I bought outright from the Play Store, it’s pretty annoying. I assume you have moved away from Telstra or they are simply not blocking the updates for that model?

Oldmike
Guest
Oldmike

Good to see google making updates for at least a minimum period..
Wouldn’t it be nice to see 3 years of software and 4 years of security updates ?
But i suppose we need to crawl before we walk 😀.

Les
Guest
Les

What will Samsung do? It hardly ever provides OS updates. Now it appears Google will hit them with a stick.

Matthew McQuilty
Ausdroid Reader

Funnily enough I was just thinking that I had received a lot more than usual from Samsung this year on my S8+. Pretty much second monthly. I’m on Vodafone.

ilobo
Guest
ilobo

Sammy are actually very good with security updates, even my old s7 is still getting them every couple of months. They would have to get the most improved award, that’s for sure

Oldmike
Guest
Oldmike

Yeah , Sammy does not seem any where near as bad as people make it out to be. I also seem to be doing alright with my S8+ with security updates , and do get the occasional performance and stability up date as well , and the phone is running well. In fact I would say Sammy had actually lifted his game with the updates. Even my old 2014 note 4 got a 490 meg update a bit earlier this year. My LG G5 on the other hand, I don’t think it even made it to two years of updates… Read more »

Markus
Guest
Markus

HTC on the other hand… HTC 10, released April 2016 (about 2 1/2 years old now since its release), Android version 8.0.0 (software number 3.20.710.2), security patch level: 1 December 2017 – HTC gave up on the device less than 2 years after they’ve released it.

Last HTC I buy ever.

Sujay
Ausdroid Reader

They are not as bad as OPPO. I have not had a single security patch for my R15 Pro. Makes me regret buying that particular brand.

Check Also

Google Play User’s Choice Awards 2018 open now, get your votes in

What’s your favourite app or game? Google really wants to know with voting for their …