[ad_1]
Devices with more than 100,000 users would be required to receive 4 security updates in one year.
Google has been identified as having imposed two years of Android security updates for all the most popular smartphones and tablets. This new development is apparently part of the contract that device manufacturers must sign to use the Android operating system on their hardware. A few months later, David Kleidermacher, head of Android security at Google I / O 2018, focused on developers, revealed the modification of OEM agreements to include revisions related to the usual security patches. Interestingly, the search giant was already proposing its Treble project to help manufacturers easily integrate new software updates on their Android devices.
Under the terms of the new contract, as obtained by The Verge, any Android device launched after January 31, 2018 with more than 100,000 users must receive security updates for at least two years and at least four updated within one year. its launch. As of July 31st, the new security update requirements have been applied to 75% of a manufacturer's "mandatory security templates", though this is extended to all mandatory security templates at the same time. as of January 31, 2019.
It should be noted that manufacturers will not be required to provide each security update to their devices. However, Google would have added the condition "at least four updates" during the first year after the launch of the device to ensure the correction of all major vulnerabilities. However, the company did not specify the number of updates required in the second year. That said, Android device manufacturers are also required to protect the mandatory security templates from all vulnerabilities identified more than 90 days ago, regardless of the number of updates they have already sent, in accordance with to the advertised contract.
If a manufacturer does not comply with the conditions specified in the reported contract, it is stated that Google may refuse the approval of future devices of the same manufacturer. This would encourage all major appliance manufacturers to adhere to the terms and conditions.
The conditions reported initially appear in Google's license agreement with the EU, designed for Android phones and tablets using Google applications and services in the European Union. However, Google could deploy them to global markets to limit security issues on Android devices.
A spokesman for Google has not explicitly confirmed whether the advertised contract would be valid for devices available in global markets, although, in a statement to The Verge, the 90-day patches constituted a "minimum requirement in Safety Hygiene "and said that" the majority of devices deployed for more than 200 different Android models from more than 30 Android device manufacturers run a security update of the last 90 days. "
At the I / O 2018, in May, Klidermacher of Android Security would have hinted that it was developing by revealing a change in Google's OEM agreements to include the requirement of regular security patches. "We have also been working on setting up security patches in our OEM agreements," Kleidermacher said.
<! –
->
Source link
