Lead Engineer for Android Security at Google Adrian Ludwig recently spoke at the Black Hat security conference, announcing their recent plan to provide monthly security updates to Nexus devices for up to three years from availability. As an after effect, Adrian has announced on Google+ that Google has opened up a Google Group where Google will be listing the security updates and bulletins for each of the monthly security release.
The updates for the first release have been patched into the Android Open Source Project and are available to OEMs to apply to their own skinned versions of Android as they see fit. Announced at the conference was a list of manufacturers and a brief run down of the more well known devices due to receive the updates.
The Google Group which is now live heavily focuses on the libStagefright vulnerability, with almost all the updates carrying the following thankyou note :
The Android Security Team would like to thank Joshua Drake for reporting this issue and providing patches.
For the more technical out there, the group is going to be a gold-mine for information on what is happening in Android security, but for the average user, it’s pretty dry reading. If you are interested you can head over to the Google Group and check it out now.
it’s pretty pointless if you ask since individual makers still have to patch their own version of Android. And Nexus market share is relatively small