Wednesday, 24 October 2018

Google requires popular Android devices to get two years of security updates, report says

Google Android Lollipop statue

Security updates are always a hot topic when it comes to Android, which is part of what makes Google Pixel and Android One phones so attractive. Now a new leak suggests that Google is trying to make the security update situation better for more of the Android ecosystem.

According to a leaked contract, Google is requiring makers of popular Android phones and tablets to push at least two years of security updates to their devices. The contract states that companies must push "at least four security updates" within one year of a device's launch, says The Verge, and while security updates are required in year two as well, there's no number of updates specified.

This contract covers any device launched after January 31st, 2018 that's been activated by more than 100,000 people. Beginning July 31st, these patching requirements were applied to 75 percent of a company's "security mandatory models." And starting on July 31st, 2019, all security mandatory devices will be required by Google to receive these updates.

Also of note is that device makers must patch flaws identified by Google within a specific period of time. Before each month ends, devices covered by the program must be protected against all vulnerabilities identified more than 90 days ago.

If a manufacturer doesn't meet these requirements, Google could withhold approval of future devices, meaning that they may not be released.

These requirements are part of Google's new licensing agreement for Android devices that'll be released in the European Union that include Google's apps. It's not clear if the terms appear in Google's global licensing terms, but the wording of the contract and Google's own public comments hint that the terms are similar in all parts of the globe.

This licensing contract is welcome news. While some Android device makers are better than others about pushing out regular, timely security updates, most every manufacturer could stand to improve. Many folks rely on their smartphone for communication and for storing personal data, so it's important that they're kept secure from vulnerabilities. Hopefully this leaked contract does apply to all regions of the globe and hopefully it does bring more security updates for popular devices.


Google requires popular Android devices to get two years of security updates, report says originally posted at http://phonedog.com

No comments:

Post a Comment