Latest in Gear

Image credit:

Popular Android devices must receive two years of security updates

The rules took effect July 31st.
Jon Fingas, @jonfingas
October 24, 2018
Share
Tweet
Share

Sponsored Links

Cherlynn Low / Engadget

When word got out that Google would require timely security updates for Android devices, there were unanswered questions: when would it take effect, how long would it last, and which devices would be affected? Now we know. The Verge says it has obtained a contract showing that, as of July 31st, 75 percent of a company's "security mandatory" Android devices (hardware activated by over 100,000 people) must provide consistent security updates for at least two years. All qualifying devices will have to receive those updates starting on January 31st, 2019.

The terms don't require vendors to supply every update, but they aren't allowed to slack for long. They have to supply "at least" four updates in the first year after a device's release, and provide an unspecified number of updates in the second year. They also can't afford to let security go neglected for very long -- at the end of each month, companies have to offer protection against all vulnerabilities identified over 90 days ago, no matter how many updates they've issued.

There are teeth behind the agreement, too. If a company doesn't honor the requirements, Google can refuse approval and effectively block the sale of a device.

In a response, a Google representative didn't directly acknowledge the contract but did say 90-day patches were a "minimum security hygeine requirement" and observed that "the majortity" of more than 200 Android devices had security updates from the last 90 days.

It's not certain that you'll get the updates in a timely fashion. You'll still have to deal with carrier testing delays in some cases. Even so, this could help address the bad habits of those Android makers who either deliver updates sporadically or reserve fixes for certain models. Now, even a modestly successful device will have to be relatively secure. While the policy won't help much if there's a very recent security flaw, it should set a baseline to prevent particularly serious lapses.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Facebook inexplicably logs out iPhone users

Facebook inexplicably logs out iPhone users

View
Put Bernie Sanders almost anywhere with this Google Street View app

Put Bernie Sanders almost anywhere with this Google Street View app

View
Microsoft reverses Xbox Live price hike, will add free multiplayer for some games

Microsoft reverses Xbox Live price hike, will add free multiplayer for some games

View
Apple's Magic Keyboard for iPad drops to $199 at Amazon

Apple's Magic Keyboard for iPad drops to $199 at Amazon

View
The Morning After: The Galaxy S21 reviews are in

The Morning After: The Galaxy S21 reviews are in

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr