• OEMs may soon be required by Google to release regular security updates.
  • This could lead to a huge increase in the number of users regularly receiving these patches.
  • Google currently releases monthly security patches, but OEMs aren’t required to roll them out.


During a speech at the annual Google I/O developer conference, Google’s head of security for Android David Kleidermacher appeared to suggest that OEMs will soon be required to roll out regular security patches. XDA Developers quoted him as saying that Google is working on “building security patching into our OEM agreements” and that this would lead to a “massive increase” in the number of Android users regularly receiving updates.

Google has been releasing monthly security patches for Android since 2015. These updates contain fixes for recently discovered vulnerabilities. In order to keep devices as safe as possible, OEMs should roll out these updates to their devices as soon as they can. However, they are not currently required to do so.

Editor's Pick

A recent report even suggested that some Android vendors had been purposefully lying about rolling out security updates for their devices. Brands like Samsung, Sony, and Google were found to have been honest about releasing the monthly patches, while TCL and ZTE were said to be less so.

As of now, there isn’t any other information about how Google plans to enforce these requirements or what kind of turnaround we can expect. Whatever the final agreement looks like, though, it seems Google is keen to improve the Android update situation.

If Project Trebel makes it much easier for device manufacturers to implement updates, then it makes sense to hold them more accountable also.

Next up: Malicious apps reinfest Play Store after name change