Google, every month releases security patches for Android and this becomes tedious for carriers and manufacturers to get them installed on actual phones. However, that might soon change. According to confidential contracts, many manufacturers now have explicit obligations to keep their phones updated written into their contract with Google.
The contract requires Android device makers to regularly install updates for any popular phone or tablet for at least two years. Google’s contract with Android partners stipulates that they must provide “at least four security updates” within one year of the phone’s launch. While the security updates are mandatory in the second year as well, there is no specific count to the number of releases.
David Kleidermacher, Google’s head of Android security, referred to these terms earlier this year during Google I/O. He further said that Google has added provision into the agreements with partners to roll out regular security updates. These terms cover any device launched after January 31st, 2018 that’s been activated by more than 100,000 users. Starting July 31st, the patching requirements were applied to 75 percent of a manufacturer’s “security mandatory models.” Starting on January 31st, 2019, Google will require that all security mandatory devices receive these updates.
Android manufacturers need to patch the flaws identified by Google within a specific time frame. This means, by the end of each month, said devices must be protected against the vulnerabilities identified more than 90 days ago. Additionally, devices must launch with this same level of bug fix coverage. If manufacturers fail to keep their devices updated, Google says it could withhold approval of future phones, which could prevent them from being released.
While the above-said terms appear in Google’s new licensing agreement for Android phones and tablets to be distributed in the European Union, there’s no way to tell if the terms apply for global licensing terms. The contract and Google’s public comments indicate that the terms are likely the same or substantially similar in all regions.
In recent times, Google had to nudge carriers and manufacturers to fix the problem. Recent versions of Android have made it easier to see how recently your phone was updated and the last full version, Android Oreo, restructured the system in a way that made overall OS updates easier and faster to build. Since manufacturers rely on Google for its suite of apps, the company can also make outright demands for updates in its contract. As for the consumer, there is no way for them to know whether a device they buy is covered by this agreement, but if a phone or tablet sold internationally hit the 100,000 sales mark, this forces the manufacturer to push updates.