Google is finally requiring Android manufacturers to stay on top of updates

Samsung Galaxy Note 9 in Cloud Silver
Samsung Galaxy Note 9 in Cloud Silver (Image credit: Andrew Martonik / Android Central)

One of the biggest reasons to buy a Google Pixel (or even an iPhone) is because of the frequent software updates. Not just major platform updates, either; just as important are the regular security updates that keep your phone from being vulnerable to exploits and tidy up minor bugs. While there are exceptions, most other Android phones don't receive those updates nearly as often as a Pixel.

According to confidential documents obtained by The Verge, though, that may be about to change. Google is requiring Android manufacturers to provide regular software updates for "popular devices" — meaning devices activated by at least 100,000 users — for at least two years, applying to any devices released after January 31st of this year.

More specifically, Google is demanding at least four security updates within a phone's first year of life, and manufacturers must patch any vulnerabilities identified at least 90 days ago by the end of each month. Google plans to begin strictly enforcing this rule starting January 31st of 2019.

The incentive? Any manufacturer who doesn't follow these guidelines with its popular devices may not receive approval from Google for any consequent devices — this could push back the launch of important phones for a manufacturer, giving plenty of motivation to keep up with these regular updates.

While this won't necessarily improve the major platform upgrade situation with various manufacturers — say, the upgrade from Android 8.1 to Android 9, for example — but having strict regulations requiring regular security updates should be a big win for the consumer, and prevent major vulnerabilities in popular Android phones in the future.

Hayato Huseman

Hayato was a product reviewer and video editor for Android Central.

65 Comments
  • Android Enterprise Recommended.
  • I'll believe it when it actually happens.
  • Same here it will be nice! 😎😎😎😎
  • Oh, this should be fun to follow.
  • It would definitely be a good thing if they can pull it off. Although even if they can force manufacturers to push out updates, they can't force me to install them! ... Hopefully...
  • Why on Earth would choice even be an option for security patches? It makes no sense to say no to a security patch.
  • Or it pushes some manufacturer to create their own OS.
  • True, it is so easy that I'm going to create my own OS with app store and everything, just for me! I'm sure I can convince Netflix to release their app in my app store! It's going to be Awesome! and I'll release updates whenever the hell I fell like it, man it's going to be so popular! that'll teach Google, forcing people to provide updates, pfs...
  • Like BlackBerry and Microsoft? Ha!
  • And LG
  • Sorry, but what OS does LG use on their phones? I thought they used android..
  • Probably is thinking of WebOS which u don't recall if they still own/use
  • Still sold as the OS for their TVs. And already has netflix & youtube!
  • Or even Samsung with Tizen, had a few phones and got left as a watch OS.
  • L.o.L.
  • With no app support. It'll fail
  • If they could do their own OS they would have. It would take at least five years to get anything that can compete with iOS, and Android. Ask Microsoft for Christ's sake. Nokia? Lol, tiezen. Wouldn't even be able to get GMail on a tiezen phone. No YouTube. No Google search, you could get Bing and Skype though.
  • Youtube and Gmail are the easiest to port to Tizen. There are so many MS apps on Windows 10 to prove that.
  • I'll believe it when I see it !
  • Me toooooooo!🤔🤔
  • Google should have done this years ago. This is one area the iPhone absolutely crushes Android in.
  • - If - this is actually true - it is a win for the everyday consumer. 👍
  • Finally. Someone at Google is taking the OS and security seriously.
  • Will the same apply to carriers? When I gad a Priv, I went months without an update, not because of BlackBerry but because Verizon didn't allow updates.
  • Note 8 has been security patched monthly since launch aside from July 2018. Currently on 8.0, Oct 1 Security. Perfectly fine with waiting for pie, not much changes on Samsung builds anyhow. And Goodlock 2018 adds a lot of value for me personally.
  • who has the most money?
  • Manufacturers were given the tools for this with project treble what 2 years ago. Who has actually implemented this to help them push out updates easier? Yeah...not until Google changes things to anything with play store will have to have "TIMELY" updates for 2 years, manufacturers won't do $hit
  • Project Treble definitely enabled Essential to push out updates as quickly as Google, but they seem to be the only one :(
  • I got pie in 45 days on oneplus 6, but I'd imagine that won't happen again with this phone. If treble didn't get Samsung, Huawei, or. Lg to improve their update times there's no way this policy will, who are we kidding android needs Samsung and Huawei selling phones in the tens of millions and aren't going to punish them at all
  • For the most part Samsung already follows these guidelines with their flagships at least.
  • And that's part of the problem. Sure, Samsung provides security updates - and that's a bare minimum requirement for a connected device. OS upgrades are as iffy at Samsung as anywhere else. That's where Apple earns it's high price - and why anyone would be nuts to pay Apple prices for an Android device (other, I suppose, than a Pixel - if you can excuse Google's half baked aesthetics). Don't get me wrong. I'm an Android fan. But for me, a mid-range Android with an unlockable bootloader and a healthy ROM community is worth more than a $1000 device that's a 1-2 year dead end.
  • I'm still on July 2018 security update on my S8 Active...
  • Their mid range phones all get monthly security updates while their low-end phones get quarterly updates which amount to 4 updates a year.
  • Android should be thankful companies make better phones than Google has. But sure, update stuff like security should not take long... We all understand why Android updates take longer.
  • Let's hope they test them better than Google tests their own updates.
  • Great point... I don't mind later updates that work as intended. Apple has gone to biannual updates because annual updates were so notoriously buggy.
  • As proven by Moto. I don't mind waiting as their software has always been bug free and solid for me.
  • LG is the worst for this. Just ask the V20 owners.
  • I think this is already happening. Recently got security update on note 5. Speeding up software updates would be nice.
  • Motorola just pushed out the October security maintenance update.
  • THANK YOU "GDPR".....!!!
  • Thanks To Invite Me! I'm Use Mobile Phone Model Xiaomi Mi A2 ( Android One), Can Be UpGrade It To Android 9? Now Version Is 8.1. Thank You!
  • This is funny (or not), I just received the Pixel 3XL & I'm stuck on September Security Patch & it's almost November.
  • So, this applies only to phones that choose to include Google apps (with payment or with Chrome/search-contract (which EU could shoot down)), right?
    AOSP devices without Google Play store don't necessarily get security updates, Play doesn't scan apps and does not provide API updates (because it's not there) -> users will get malware and apps that don't work -> **** will rain on Google (because Android=Google) :/ _IF_ EU approves Play store bundling with Google apps (Google is just testing this, they don't have green light), I guess Google may end up thinking if that was a good move in the end...
  • at last
  • Cue antitrust lawsuits in 3....2....1....
  • Google has used the carrot with OEMs and carriers for too long when it comes to encouraging updates. Now it's time for the stick.
  • So are they going to require the carriers to release the updates? It doesn't do a whole lot of good to force the MFRs to release updates when the carriers aren't pushing them out.
  • Two years is not enough when the phones cost nearly $1,000.00 or more. Google needs to follow what the PC OS manufacturers do, supporting older devices with later OSes for 3-5 years. The marketplace hasn't held their feet to the fire because people are willing to fork over more money every two years. I don't think that is sustainable.
  • Agreed!
  • More than 2 years would benefit us, the consumers (yes, I know anyone thinking "planned obsolescence" is snickering at me for saying that). But we just had news that Italy fined manufacturers for trying to make their older phones work with updates... This doesn't bode well for us, I'm afraid.
  • My cricket LG Stylo 4 has gotten 2 updates in the past 2 months. My old ZTE phone never got updates.
  • It's just my opinion, but security updates are way overblown. My wife has a 2014 Moto X that hasn't seen a new security patch since May, 2016. if you're not going places on the internet that you shouldn't be going, like porn sites, and other sites that contain malware, you have nothing to worry about when it comes to security on your phone. I would much rather Google do the hard work and demand that OEMs provide two years of platform updates for every phone that sells over a hundred thousand units. That would include phones like the Moto E, which is pretty much abandoned as soon as it's launched as far as software upgrades go.
  • i think this is a good push for compatible roms, ius and overall platform stability..are you hearing this nokia
  • It's about time!
  • It's about time!
  • Crossing fingers to get updates for zenfone selfie..........
  • I think it's fantastic that Google is taking this stand... But it's right after Samsung and Apple got fined in Italy. The big message I got from that story was the fact that we've now created a strong incentive for manufacturers to drop phones from their updates as soon as possible. I know the ruling was meant to be for consumers, but its long term effect will be the opposite. So how will this news mitigate or compound...? We'll have to wait and see.
  • It's about time. I can live with at least security updates. In fact, I would prefer to install just those and skip the OS updates sometimes. Samsungs can be brutal after OS updates when they get older. I'd rather stick with an older version of Android that works well than have an update that kills my phone. I always suspected it was a conspiracy to get us to update.
  • Don't expect any changes. They'll all find an excuse to delay. To delay just makes the next phone an easy sale if people want the update early. BS
  • Four security updates a year still isn't enough.
  • Keep in mind that this won't necessarily include updates. (I know it's mentioned but it bares repeating) And there's not much Google can do to force phone companies to update phones beyond security. The reason for this is simple: phones like the Note, Active, LG V series use different hardware than an essential. They have different software modules that utilize this hardware. As we demand more advanced from our phones, the upgrade path gets longer.
  • Samsung has kept Notes, from Note 4 up to date on updates for at least 3 years. Platform updates as you say do take a long time due to a lot of functionality available on these phones.
  • This doesn't mean much, a lot of manufactures already do this. Samsung gives a phone two platform updates and 3 years of security updates. The problem is that 90 day window for security updates can feel long, it would be nice if platform updates also had the 90 day window.
  • I think Google needs to updates the Pixel, given the numerous software problems found. Number one would be unable to connect to Android Auto.