Timely security updates for Android devices are becoming more and more important, due to the increase in the number of Android phones on the market, as well as the growing number of malware and other threats from cybercriminals. Today, Google pledged to offer faster Android security patches in 2017, but it also admitted that about half of all Android devices that were in use by the end of 2016 did not get a security update in the previous year.

Google launched its monthly security update program for Android in 2015. In a blog post today it stated that in 2016, over 735 million devices from over 200 OEMs received some kind of security patch. It added that those updates were rolled out for over half of the top Android 50 devices worldwide in the last quarter of 2016.

According to Google, the following devices received security patches to the highest degree:

  • Google Pixel
  • Google Pixel XL
  • Motorola Moto Z Droid
  • OPPO A33W
  • Nexus 6P
  • Nexus 5X
  • Nexus 6
  • OnePlus 3
  • Samsung Galaxy S7
  • Asus Zenfone 3
  • bq Aquarius M5
  • Nexus 5
  • Vivo V3 Max
  • LG V20
  • Sony Xperia X Compact

However, the company still has a long way to go to close that gap and get the other half of active Android products covered under its security updates. It stated that it will be streamlining its program in 2017, so it should be easier for device makers to roll out Android security patches in the future. In a chat with TechCrunch, Android security lead Adrian Ludwig stated that it has already reduced the wait time for new security patches in the US down from six to nine weeks to just a few days, in collaboration with both device makers and wireless carriers. He added that at the end of 2016, 78 percent of Android flagship devices in the US had the current security update installed.

At the end of 2016, 78 percent of Android flagship devices in the US had the current security update installed

Google has also made better efforts to detect what it calls Potentially Harmful Apps (PHAs) in the Play Store.  It stated that its Verify Apps system conducted 750 million daily checks in 2016, up from 450 million in 2015. It said that by the end of 2016, only 0.05 percent of Android devices that downloaded apps exclusively from the Google Play Store contained a PHA, and that number is down from 0.15 percent in 2015.

Needless to say, Google recommends that Android users download apps just from the Play Store. If a device downloads apps from multiple sources, the likelihood of getting one that is considered a PHA goes up. Google said that by the end of 2016, about 0.71 percent of all Android devices had PHAs installed, up slightly from 0.5 percent from the beginning of 2015.