Google Reportedly Directs OEMs to Push Android Security for at Least 2 Years

Share on Facebook Tweet Share Reddit Comment
Google Reportedly Directs OEMs to Push Android Security for at Least 2 Years

Devices with over 100,000 users are reportedly obligated to receive 4 security updates in one year

  • Google has reportedly brought a new contract for OEMs
  • The new contract is designed to mandate Android security updates
  • It is already applied to 75 percent of "security mandatory models"

Google was spotted to have mandated two years of Android security updates for all popular smartphones and tablets. The new development is reportedly a part of the contract that device manufacturers need to sign to use the Android operating system on their hardware. It comes months after Android Security Head David Kleidermacher at developer-focused Google I/O 2018 revealed the modification of OEM agreements to include revisions related to regular security patches. Interestingly, the search giant already offered its Project Treble to help manufacturers easily push new software updates to their Android devices.

According to the terms of the new contract, as obtained by The Verge, any Android device launched after January 31, 2018 that has over 100,000 users is required to receive security updates for at least two years and at least four security updates within one year of its launch. It is reported that as of July 31, the new security update requirements were applied to 75 percent of a manufacturer's "security mandatory models", though this will be expanded to all security mandatory models starting January 31, 2019.

It is worth pointing out that the manufacturers won't be obligated to provide each security update to their devices. However, Google has reportedly added the condition of "at least four updates" within the first year after the launch of the device to ensure that all the major vulnerabilities will be fixed. The company didn't specify the number of updates required in the second year, though. Having said that, the Android device makers are also required to protect the security mandatory models against all vulnerabilities identified over 90 days ago - irrespective of how many updates they've already pushed, as per the reported contract.

If a manufacturer fails to follow the terms specified in the reported contract, it is said that Google could withhold approval of future devices from the same manufacturer. This would encourage all the major device makers to honour the terms.

The reported terms initially appear in Google's EU licensing agreement that is designed for Android phones and tablets using Google apps and services in the European Union. However, Google could roll them out in the global markets to limit security issues on Android devices.

A Google spokesperson didn't explicitly confirm whether the reported contract will be valid for devices available in the global markets though in a statement to The Verge said 90-day patches were a "minimum security hygiene requirement" and stated that "the majority of the deployed devices for over 200 different Android models from over 30 Android device manufacturers are running a security update from the last 90 days."

During I/O 2018 in May, Android Security's Klidermacher reportedly hinted at the development by revealing a modification in Google's OEM agreements to include the requirement of regular security patches. "We've also worked on building security patching into our OEM agreements," Kleidermacher was quoted as saying.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Further reading: Android Security, Android, Google
Jagmeet Singh Tech journalist by profession, tech explorer by passion. Budding philomath. More
Nokia Kicks Off Cost-Cutting Plan After Third-Quarter Profit Drops 27 Percent
Acer Aspire 5s With Intel Whiskey Lake Processors Launched in India; Swift 3 Also Launched




© Copyright Red Pixels Ventures Limited 2019. All rights reserved.