At the beginning of each month, Google updates its monthly Android Security Bulletin and pushes out a security patch to its Pixel phones to ensure they're as up-to-date and secure as can be. The process is pretty smooth and painless for those Pixel owners, but if you have a phone that's made by Samsung, LG, Huawei, etc., you can often find yourself waiting a while before the patch arrives on your handset.
With a new initiative Google's calling "Project Mainline", the company's aiming to get security patches out to users faster than ever by handling them through the Google Play Store similar to app updates.
Project Mainline will only be available for phones that ship with Android Q out of the box, meaning a device that is later updated to Q won't be supported (including the new Pixel 3a and 3a XL that just launched).
At launch, Google's aiming to update a pretty extensive list of components through the Play Store, including:
- Media Codecs
- Media Framework Components
- DNS Resolver
- Documents UI
- Permission Controller
- Timezone Data
- Module Metadata
- Networking Components
- Captive Portal Login
- Network Permission Configuration
To make Project Mainline work, Google's using traditional APK and new APEX files. APEX is similar to APK, with the main difference being that it's loaded onto your device very early on in the booting process. Per Google:
As a result, important security and performance improvements that previously needed to be part of full OS updates can be downloaded and installed as easily as an app update. To ensure updates are delivered safely, we also built new failsafe mechanisms and enhanced test processes. We are also closely collaborating with our partners to ensure devices are thoroughly tested.
There's no firm date as to when we'll see the benefits of Project Mainline in the real world, especially with devices that aren't Pixel phones. Google says it's "looking forward to extending the program with our OEM partners", meaning it could be some time before the Samsungs and LGs of the world decide to hop aboard the Mainline train.
Even if it is a couple of years before Mainline really comes to fruition though, a move like this is still exciting. The benefits of Project Treble weren't readily available from day one, but it's now resulted in Android Pie seeing an adoption rate of 2.5x higher than Oreo and an 84% increase in security patch updates in Q4 2018 compared to a year prior. If Mainline can do even more good for the security patch update process, I'm all for it.