Google's now forcing OEMs to update devices with 'regular' security patches

Hide your keys, hide your phone
Hide your keys, hide your phone (Image credit: Android Central)

Google I/O is always home to a lot of announcements, and while the biggest ones usually come from the opening keynote, there are little nuggets to be found throughout the smaller breakout sessions over the week.

As spotted by XDA Developers, there was one particularly interesting statement that came out of Google's "What's new in Android security" talk.

During it, David Kleidermacher, Android's head of security, said the following:

We've also worked on building security patching into our OEM agreement. Now this will really lead to a massive increase in the number of devices, and users, receiving regular security patches.

Some OEMs such as Essential and Sony have shown a good track record for updating their phones with security patches on a timely basis, but other brands have a tendency to keep users waiting and waiting.

Kleidermacher didn't explain what exactly "regular" updates mean, but by requiring OEMs follow through with this, we should hopefully see many more smartphones running the latest patches compared to what we've got right now.

Google I/O 2018: All the big announcements!

Joe Maring was a Senior Editor for Android Central between 2017 and 2021. You can reach him on Twitter at @JoeMaring1.

  • I'll believe it when I see it. LG and Huawei are notoriously slow so hopefully it kicks them up the backside
  • Yeah it's really inexcusable. My G6 is still running 7.0 with December security. Absolutely ridiculous.
  • Operating system & monthly security patches are two entirely separate issues.
  • So being 5 months behind in security patches is not an issue?
  • Financial penalties would be a very strong argument for them to be faster with it. It takes away economic considerations that might favor a slow update cycle.
  • Huawei is really doing a better job this year. Got February's update in March, and just got the April update today on my Mate 9. My fiancée's S7 Edge is still waiting.
  • I have April securiry patch on S7edge from 2 weeks ago. Something wrong with your carrier.
  • They can force them all they want for non carrier branded. There's no one holding US Carriers responsible and that's an issue too.
  • The only thing that would scare US carriers into acting is exploiting all of the issues that they leave unresolved when refusing to allow companies to security patch.
  • Carriers have a right to ensure they know what software is doing on their networks. No company can force/demand a carrier to run their software.
  • Except Apple...
  • They could remove access to the Play Store for devices that are not kept up to date... When people get pissed off and quit buying their devices then OEM's will learn.
  • Well that would hopefully improve things.... It would change the face of Android if it were to happen because the devices are powerful and beautiful, the only real problem is lack of updates.
  • Motorola also, with their unlocked phones. My G5+ plus phone is waiting for Android 8 since September
    The Z2 Force line through the mobile providers got Android 8 in January 2018
  • I just bought a G5+ in March for my mom. Got the security patches through March when I first updated it, still haven't got April or May yet
  • Yet, I cannot get my Pixel 2 to update to the May, 2018 update.
  • It's only May yet. You'll prob live.
  • Try clearing your Google Play Services "cache" and then check for updates.
  • I've done that a few times, switched to the beta Google Play Services, tried to sideload. No dice. The sideload seems to get stuck at verifying package. Going to try again this evening and just let it sit for a while.
  • I got a Nokia. If we haven't gotten it, Google's probably not released the May patch yet. Honestly I'm amazed at Nokia keeping it's promise of steady n fast paced patch seeding. We usually get it a week or two right after the Pixel line ups.
  • Mine just got it an hour ago... Have a look now.
  • The beta for P has the May security update as well. Last go around the security updates were one month behind on the Pixels. So there is that option.
  • Yeah, right. The only way they can do this is by restricting Play Store access to updated devices. That is extremely consumer unfriendly and will get people to flock to iOS.
  • No, they can do it through contractual arrangements and refusing to allow backsliding manufacturers to put Google apps (in particular, the Play Store) on new phone models. If necessary, they can use copyright law to obtain injunctions preventing backsliding manufacturers from importing new phones to major markets. Copyright law is very well established, so this will be no problem. At this stage, they could also insist that carriers update on a reasonable time by threatening to cut them out of the update loop (for new phones, obviously). Ten years ago, Google needed the carriers to sell Android phones: these days, what else are the carriers going to do?
  • It's not "consumer unfriendly"Google is serious about security on Android devices now and I'm in favour of this move. Nobody but an wannabe iSheep will want to go to that crappy, unfriendly, restrictive and locked down platform called iOS.
  • Since when has google EVER been serious about security? If they were the same apps with adware/malware wouldn't continually show up in the play store over and over and over. Then there are the malware ridden chrome plugins they have been allowing for years, you are so naive.
  • At last, it's taken Google how long to do this. Security patches should be mandatory not optional 😉
  • "As spotted by 9to5Google" =/ we actually spotted it first at XDA (made top of Reddit hours before their article went live.)
  • Meanwhile, my old HTC U11 is still on December 2017 security patch. Typed on my updated Pixel 2 XL.
  • They didn't specify what regular means so I don't think we should expect the same frequency of patches and major updates that Google provides to Pixels. In fact I would be very surprised if Google does that because that would take away a key advantage.
  • Disagree. It's in Google's best interest not to have Android operating system compromised . PR nightmare.
  • This is great news, especially those with midrange phones like myself (I have an Alcatel A7 running Android 7.0/ Nougat on the November 5th security patch. Security patches are the least OEMs can do since Google gives what is the world's most popular, powerful and advanced mobile OS on the most powerful hardware out there.
  • Wow no mentioning of a Pixel in this comment bravo. Except for some arse kissing to mother google.
  • Lol thinking same thing
  • Seeing is believing, and I don't believe that they will enforce anything beyond quarterly security updates for other oems, not to mention carrier delays.
  • I hope this works. My S9+ is still on the Feb security patch. Ridiculous.
  • Lol 😂, mine too, but I bought it knowing they suck at updates and that’s the way it would be. My Pixel 2 XL on the other hand is on the May 5th security patch and running Android P.
  • Hmm maybe a US thing? I'm in the UK and my unlocked S8 is on April patches which to be honest is unusual to be this up to date lol
  • Same on my Essential as your Pixel 2 XL. May 5th Security patch and beta P. If Essential can do it I don't understand why a behemoth of a company like Samsung can't do it for my S9. Wait, I do know.......they can, they just don't want to. Disgusting considering the premium they charge for them. I'm giving my daughter my S9 and my wife my iPhone X. Essential has won me over. I initially bought it out of curiosity and because I could get it at a dirt cheap price. Little did I know it would displace the flagships in my lineup.
  • Good deal, glad to hear that you like it so well. I'm pretty curious to see their version 2.0.
  • My S7 is on the April patch.
  • Who is your carrier? My T-Mobile S9 is on April
  • It's about time! Actually long overdue. Good move Google. Now to see what the penalty is for non-compliance.
  • Good Moto can't fly with Quarterly patch updates
  • Not necessarily. Samsung just announced their Galaxy J (I may be quoting the wrong variant) will get quarterly security updates.
  • My question is when does it take into affect?
  • Project Treble really should function in the same way as Play Services. Google pushes the OS/security patch to the device, and the device installs the update. I realize this is more complex due to hardware variations in all devices, even with the same SoC. But if Microsoft can do this with PCs, Google can do this with Android phones/devices.
  • Question is, how will this force carriers to follow through too? They are the bigger hold-up, most of the time.
  • Unlocked Moto's beg to differ.
  • Aaand unlocked Samsung's and Lg's beg to differ as well.
  • How long before OEMs start filing antitrust lawsuits?
  • Not unless they want to end up like ZTE
  • And updates to software.. Ios in this area kills Android specially samsung
  • Will this also include tablets?
    Also I'm looking at the Nokia 6 this year, how are they doing with the updates?
  • I Have the May 5th security update for Oreo on Essential Phone. Still on March update on Note 8. Ridiculous.
  • You just pointed out one of many reasons why I'll never buy a Samsung flagship and only a Pixel phone.
  • Lol... What carrier? Do you not understand it is carriers that hold up security patches?
    Mobile manufacturers can be blamed for slow upgrades of OS. 3.9 million Pixel phones sold world wide in 2017... It is remarkable to meet one of the few buyers here, lol. Apple sold 216.7 million iPhones and Samsung sold 316.4 million Android smartphones last year.
  • Actually it's not just carriers that "hold up" updates it's the OEMs too carriers only hold up carrier branded phones duh and Samsung despite making gorgeous looking phones, are one of the worst offenders with updates and Google is obviously the best with updates with the Pixel phones. I don't care for popularity, wireless charging, (give me a valid reason why I should care about wireless charging) or expandable memory. The Pixel ticks all the boxes I care about, great design, my favourite version of Android, fast, fluid and smooth experience and nobody can compete with Google in AI or digital assistants.
  • But you can't blame carriers for slow security patches to unlocked/sim free devices?
  • Now, if they can get their AndroidOne OEMs to understand that ASAP means something less than 6 months, and that if they deliver a broken update after 6 months, get it fixed. (Moto X4 AndroidOne just got 8.1 and it completely broke USB as well as Android Auto and BT for some.)
  • There should be a limitation on this though. Google should force OEMs on their more expensive phones. Their lower end phones should get updates here and there. When buying a phone for less than $200usd, you shouldn't be expecting a regular updates. I feel like that's too much work and money into such cheap products that they might stop selling them.