AOSP hints at new security update system for faster patches

Google may be changing the way it handles monthly security patches, and the result could be faster and more consistent updates.

According to XDA, Google might start separating the Android Framework patch level (relating to the operating system), from the Android vendor patch level (that which the hardware makers like Qualcomm deliver), meaning OEMs could roll out the most recent Framework updates even when hardware makers are months behind.

Currently, both Android Framework and vendor component vulnerabilities must be addressed for devices to be patched to the latest level. While this proposed update method wouldn’t mean vendor-side concerns like Bluetooth or Wi-Fi vulnerabilities are patched any faster, it does mean that OEMs wouldn’t have to wait around to deliver their part of the deal.

XDA points to a recent commit in the Android Open Source Project (AOSP) as evidence for the potential change, which adds a separate “VENDOR_SECURITY_PATCH” level label to the system. It looks like a further refinement of what Google has started with Project Treble.

This is pure speculation for now and Google may have altogether different plans for the labelling. At the very least, however, it looks like Android users may get a clearer picture of where their devices are at in terms of OS and hardware security.