A lot of great announcement came out of this year’s Google I/O. An update to maps that will finally make the walking part of navigation useful, multiple voices for the Assistant and even an update to Google Lens. We even got an early look at the many features coming to Android P, along with the first public beta of the next Android OS (which we’ve been testing since). However, as exciting as all these new features may sound, one key problem that Android users are acutely aware of is the severely fragmented update cycle. It's not just OS updates that get severely delayed, but critical security patches are also put pushed out in a timely manner by many OEMs. Google has finally taken a stand against this.
At Google I/O 2018, the company also said that they have revisited the OEM contracts with their partners and included mandatory security patching into the language. What that essentially means is that OEMs will now be required to roll out the monthly security patches to their respective devices as and when Google makes them available. It isn’t the timely OS update we would all have loved but being forced to push out security updates as they are available is a very second close. According to XDA Developers, Google has said that “We’ve also worked on building security patching into our OEM agreements. Now this will really lead to a massive increase in the number of devices and users receiving regular security patches.”
Monthly security patches are extremely critical in a time and age where malware, hijacks and ransomware are rampant. Last year when HMD Global revived the Nokia brand, one of their key selling points was the promise of delivering security patch updates the minute Google made them available. Now, it seems Google is going to force everyone to fall in line. Google had last year introduced Project Treble as a means of speeding up the OS update process, by separating the core Android OS from the OEM layer. This was supposed to allow OEMs to update the core Android layer without impacting their own software implementation. However, as newer phones were launched, we learned that many of them did not support Project Treble. This is because Project Treble requires a separate system partition, which was never baked into any phone prior to Android Oreo. OnePlus even came out and said that they would not repartition the storage via an OTA due to the possibility of bricked devices.
While Project Treble still remains an optional path for OEMs (one they have little reason not to take), monthly security updates sure do provide some peace of mind. What is currently not known is whether there will be an OS-based limitation, for example, if there is a minimum OS version that is required to get these updates. Now only if Google can ensure that OEMs don't skip out on issuing patches and then lie to consumers about it.