In a post on the Android Developers Blog, Google vice president and head of security Dave Kleidermacher explained the company’s vision and how it plans to get there.
To kick things off, Kleidermacher discussed the current commercial best practice for Android security updates. Google recommends monthly updates for Android devices. Kleidermacher cites the Pixel line as examples of reliable monthly patches.
However, Kleidermacher notes that may not always be possible. Instead, manufacturers should aim for a 90-day frequency at an absolute minimum.
Additionally, Kleidermacher says Google offers manufacturers free use of its over-the-air servers to help push out updates.
For business users, security is paramount. Google introduced the Android Enterprise Recommended program earlier this year to highlight frequently updated devices.
Kleidermacher suggests that consumers interested in up-to-date devices should refer to the program as well.
Finally, Kleidermacher outlined how Google is working to make Android easier to update.
Project Treble is a key component of that. The modularity makes security updates much easier. These updates can now be applied independently of device specific components.
Another part of Google’s strategy is to move operating system services to applications like Google Play Services. This allows for faster updates through the Play Store instead of through patches.
Kleidermacher says Google is working with system-on-a-chip (SoC) suppliers. The company wants to provide SoC suppliers with monthly pre-integrated and pre-tested Android security updates for SoC reference designs. This would reduce cost and time-to-market for delivery to users.
Overall, Google has done good work in improving the way Android is updated. Kleidermacher says that roughly a billion Android devices received security updates in 2017. That’s an increase of 30 percent over 2016.
That’s an impressive feat. However, Google is hoping to reduce the need for that. Kleidermacher writes that even though monthly updates is the standard now, the company hopes for a future where Android is so secure that it doesn’t need frequent updates.
Source: Android Developers Blog