[ad_1]
Google is trying to clean Android's random patches by contractually obliging Android handset manufacturers to regularly distribute patches for at least two years.
If successful, the move would bring Android partners closer to Google's patch commitments while providing vendors with leeway to meet the needs of their product lines.
Google warrants that Pixel 3 and 3 XL phones will receive security updates for at least three years after they are released.
And while Google is updating its Pixel devices with Android security updates every month, it is up to Android providers to determine if and when these fixes will reach end-user devices.
This has led to variations in patches, not only between vendors, but within each vendor's product line, which is often much larger than Google's hardware offerings.
Samsung, the first provider to adopt Android's monthly patches, regularly distributes monthly security updates for Android, but only on select devices.
It aims to guarantee, but does not guarantee that the Galaxy S, Note, and A5 and A8 phones, the monthly Android security updates, and makes no commitment as to the duration of the updates. Meanwhile, cheaper models, like the J Series phones, receive only quarterly updates, again with no time commitment.
But a confidential Android provider contract obtained by The Verge explains how this situation could change.
The conditions would hardly affect Samsung, but this could lead to other providers (in the event that they would like to have the essential Google Play Store app on a device) in a similar state.
Suppliers should provide "at least four security updates" in the first year of the phone launch. Android security updates must also be provided the second year, but no frequency has been specified.
As stated, Samsung already meets these requirements for a range of top and bottom-of-the-line appliances, with the exception of the two-year warranty. Interestingly, Samsung recently won a lawsuit in the Netherlands with the aim of forcing it to provide patches for at least two years.
The terms are not just about flagship models; Any phone model launched after January 31, 2018 and activated by more than 100,000 users must comply, according to The Verge.
The contract requires the supplier to meet Google's correction requirements for 75% of the models corresponding to this lower limit by July 31st at the latest. As of January 31, 2019, Google expects all Covered Models to receive patches in accordance with the Terms.
The update requirements appear just as a new Google license agreement is being put in place to comply with the EU's fine and antitrust sanction, under which Google has now agreed to charge device manufacturers for essential Google applications such as Google Play Store.
The contract applies to Android phones and tablets intended for distribution in the EU and bundling Google applications.
Google's ability to monitor and enforce the contract is another matter.
Researchers have recently discovered that some vendors were playing with Google's Android system, stating that they had been patched to a certain level, while they did not contain the missing patches.
The contract would stipulate that Google could refuse the approval of future phones if the provider did not comply. And phones without Google Play Store are unlikely to sell well.
Previous and related coverage
No, Samsung does not need to continue repairing old smartphones
Samsung beats consumer advocates in the case of smartphone security updates.
Android Security: The patch level of your phone indicates that you are up to date, but it may be a lie
A study of missed security updates casts doubt on the Google system at the level of Android patches.
Android Antitrust: Google inflicts a massive fine of 4.34 billion euros on Google
The research giant says to change its practices in 90 days.
These Android smartphone builders provide the fastest security updates to TechRepublic users
Up-to-date security updates continue to be a problem for Android devices. Find out how your manufacturer compares.
For Pixel 3, Google put on a chip to bring security CNET Android
The chip is a variation of what Google uses to protect its data centers.
Source link