Patching has long been a problem for Android devices, with erratic rollouts of major version updates across OEMs. While Project Treble, announced last year, was meant to solve this problem, Google is now increasing its security patching requirements for OEMs, its head of Android platform security David Kleidermacher announced at the I/O developer conference on Friday.
“We’ve been trying to make Android just easier to patch,” Kleidermacher said in his talk. “At Google, we have a pretty steady track record for years now of every single month delivering those patches to the market. We want to make sure that all Android OEMs are delivering patches regularly to their devices as well, not just Google’s devices.”
Project Treble and others have helped to make Android more module and easier to patch, Kleidermacher said. But now, Google is also working on building security patching into its OEM agreement, he added–marking a major change.
SEE: Mobile device computing policy (Tech Pro Research)
“This will really lead to a massive increase in the number of devices and users receiving regular security patches,” Kleidermacher said in the talk.
As noted by 9to5Google, while Google has offered Android’s monthly security patches for a while now, it has never had any real requirements for them. Most OEMs provide updates for security, but they have remained optional until now.
While Kleidermacher did not specify what Google will be requiring with the change, it’s unlikely that the tech giant will require updates on a monthly basis, 9to5Google noted. However, it should still encourage OEMs to roll out more regular updates.
OEMs that implement Project Treble will have an easier time implementing the security updates, Kleidermacher noted.
At I/O 2018, Google also announced a host of security improvements that will come with Android P. Stronger security requirements could make Android a better option for professionals who may have gravitated toward iOS in the past.
The big takeaways for tech leaders:
- At I/O 2018, Google announced that it would require OEMs to roll out regular security patches.
- Google’s Project Treble will help OEMs implement more regular security patches.