Google creates Android Security Updates Google Group for more transparency

One of the big takeaways from the recent Black Hat security conference was Google announcing plans to issue monthly security updates, and that it would strive to keep us all better informed.

Lead engineer for Android security at Google Adrian Ludwig has announced a big step in the right direction with the creation of the Android Security Updates Google Group. The focus of the group is to provide more information about security issues and bulletins, and the first post details exactly what's in the current update for Nexus devices.

A quick peek shows that they have taken the "Stagefright" issues pretty seriously, and they detail exactly why it's an issue, where the patches are in the code tree, when they (and partners) were first informed and when they started patching Nexus devices. It's technical, because it needs to be technical. But it's also well worth reading if you're concerned about security and Android.

On Episode 248 of the Android Central podcast we talked in detail about how media outlets (including ourselves) aren't really qualified to dissect most security issues, and hoped for better transparency from the folks who are qualified — such as Ludwig. We're pretty stoked about having an historical record of security bulletins and their patches from here on. This is a great resource for everyone, not just folks trying to figure out security and Android as a journalist. It's not perfect, but it's a great start.

We hope the vendors who make the majority of Android phones follow the lead here. Google telling us about updates and patches for the Nexus line and their relevant patches for AOSP is great, but knowing when Samsung or LG or Motorola is going to incorporate the fixes, which phones will get patched and when they plan to send out updates is just as important, if not more.

For now, this is all required reading for anyone who wants to have a serious discussion about Android security going forward.

Read the Android Security Updates Google Group here

Image source: Ludwig's BlackHat slides

Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.

  • Good to see Google taking this initiative Posted From my Nexus 6/Nexus 7 2013/Surface pro 3
  • I will believe it when I see it. I will wait for the day when android OS will receive patches like how Microsoft does it for all android devices and not just Nexus and Motorola devices. Meanwhile, this announcement is just smoke and mirrors.
  • Did you have to by the Android OS? Did your phone's manufacturer have to buy Android OS? I think it's pretty kick ass that Google is putting it out to AOSP so that your manufacturer can make it work for their hardware and proprietary layers. If you don't want smoke and mirrors, complain about your manufacturers. Oh, and NEWS FLASH! Google doesn't own Motorola anymore. Posted via the Android Central App
  • Google provides the patch in a format that anyone can use to update their phone. Not just Samsung or Motorola. The problem is that the people who made your phone have it locked up so that you can't install any software that they don't want you to install. If installing critical security patches immediately is important to you, stop buying phones that lock you out of the software. Posted via the Android Central App
  • Is there a list of phones that don't lock you out of the software?
  • Its a good sign that google has already made up its mind to take actions about the internal security.I was concerned from my mobile as most of the relatives used to check my mobile everytime and i have some adult content in it so i found a tool called Leo master safety guard.Using this app i got a lot of help to hide the private data as i can hide any image or video or any other file from it. Also it can lock third party apps, battery saving and a screen lock also.I think this app is also a good initiative in terms of mobile security: Facebook Page: Official Website:
  • Really refreshing to see such attention to security issues, I really hope the other vendors follow suit. Posted via the AC App on Note 4 N910F (CM12.1)
  • Interesting enough, "the more things change, the more they remain the same." Microsoft issues security patches and updates every...? When Microsoft issues a patch I don't have to wait for a third party (Samsung) to maybe reissue the patch. Hopefully my device will be new enough list to make the cut. This sounds like a huge headache for corporation that allow bring your own device to work (BYOD). Posted via the Android Central App
  • no, not at all. Google isnt updating android on your Samsung phone. It is not going to be like MS where the OS updates independently of vendor.
  • yes,! all very well and good, but in the meantime still waiting for the nexus 6 ota lol
  • And yet, more than 2 weeks after the newest update was first released for the S6 edge XEU, the S6 XEU is still waiting for it's update. Posted via the Android Central App