Google now requires two years of regular security patches for popular Android devices

Google now requires two years of regular security patches for popular Android devices
The Google Pixel 3

Back in May, it was revealed that Google would soon start requiring regular security patches for Android devices in the hope of better protecting the ecosystem. Today, The Verge has obtained a copy of Google’s latest contract which provides all of the details that were previously unknown.

Moving forward, Android manufacturers will need to provide a minimum of four updates during the first year of release, which equates to at least one patch every three months, and an unspecified number during the second year of release. Moreover, by the end of each calendar month, any vulnerability discovered over 90 days ago must be patched. This same rule is valid with newly-released devices, regardless of when they were announced.

This latest agreement centers around smartphones launched after January 31st, 2018. However, not all are subject to the contract. Instead, Google is focusing on popular devices and will only require manufacturers to regularly update smartphones that have been activated by 100,000 users or more. As of July 31, 2018, these patch requirements were applied to 75% of “security mandatory models” but starting January 31, 2019, the rules will cover every one.

On a related note, if manufacturers fail to comply with this latest set of rules, Google reserves the right to stop approving future phones which means the companies in question may no longer be able to release Android-powered smartphones.

These specifics can be found inside Google’s updated licensing agreement for the European Union and, while it’s likely that some small details may be changed, very similar terms are expected in other regions of the world.

source: The Verge



1. gamehead unregistered

Google\Android can learn a thing or two from apple/iOS.

3. VZWuser76

Posts: 4974; Member since: Mar 04, 2010

It's quite a different thing to only support your own hardware/software powered by your customer built SOC. VersusnGoogle having to deal with multiple OEMs with multiple hardware and software configurations, all powered by multiple SOCs fromultiple vendors.

5. Crispin_Gatieza

Posts: 3166; Member since: Jan 23, 2014

At least Android is still alive and vibrant. Windows is dead and their phones get bug fixes and security patches every month.

2. Jrod99

Posts: 778; Member since: Jan 15, 2016

Only 2?

4. emjoigently

Posts: 154; Member since: Aug 22, 2017

Long overdue. It's an operating system, just as complex as anything you get on a desktop. I run Ubuntu on my work computer. Its users are far fewer than those using Samsung or LG phones, but the security patches large come in every few days. It is part of the deal of offering a Linux distro, and should be the same for offering an Android distro.

6. Venom

Posts: 3821; Member since: Dec 14, 2017

I agree with this. It gets irritating when popular phones like the S9 and the Note are far behind when it comes to Android updates. The least they can do is keep up with the monthly security updates, which Samsung has failed to do for the unlocked S9 models. Completely unacceptable.

8. perry1234

Posts: 654; Member since: Aug 14, 2012

Yep. OS is understandable due to custom skin requirements. Security patches on the other hand must mandatorily be instantaneous.

18. strategic_developer

Posts: 1627; Member since: Jul 17, 2018

They aren't far behind. How many phones run Android do out the box what the S and Note do? That's right, NONE OF THEM. Updates dont matter u less they bring something to the table. My Note 8 got several updates during the year I had it and my Note 9 has gotten a few too. Google pushing doe this is certainly a plus. But because of Knox, Samsung phones are more secure than any other Android device. Period! So we are protected even if we NEVER get an update. I've never heard a S or Nite or any Galaxy for that matter getting hacked. Have you? But iOS gets slammed regularly. Tou guys an this update garbage. The problem with security on any device is the same as with any computer. A phone is as secure as the person using it. If you are a fool and download questionable software, then all the updates in the world aren't gonna protect you.

7. maherk

Posts: 7010; Member since: Feb 10, 2012

Sadly, I don't think it's going to happen. Google presented project treble to make it easier for OEMs to update their phones, and look at Android flagships so far, only 2 or 3 phones have received official Android Pie builds.

9. AbhiD

Posts: 856; Member since: Apr 06, 2012

Again wrong. If your buddy boy huawei sucks in update department, doesn't mean others are similarly bad as well. Essential Phone, OnePlus 6, Nokia 7 Plus, Nokia 6.1, Sony XZ3, XZ2, XZ2 Compact, XZ2 Premium, Xiaomi Mix 2s (about to get). Never before in Android's history so many OEM devices had received latest Android so early. It is working. But remember it is beneficial only on treble supported devices. Which are far and few in between. As more and more devices launch, situation will only get better. Infact for the 1st time OnePlus will be launching a T version (6T) with latest Android Pie.

10. mootu

Posts: 1539; Member since: Mar 16, 2017

Please explain how Huawei sucks in update department? Before the end of November Huawei / Honor will have around 8 phones running Pie. Thats more than any other OEM Also all 4 Honor / Huawei devices in my household all get regular security updates. So no you're Huawei hatred doesn't wash this time.

12. maherk

Posts: 7010; Member since: Feb 10, 2012

Ignore this troll. I could say the earth is round and he'll comment back arguing that. He's a sad OnePlus fanboy who seems to have an issue with me, always stalking my comments and desperate for some of my attention. He'll just have to look somewhere else, as I don't like entertaining trolls.

14. AbhiD

Posts: 856; Member since: Apr 06, 2012

Who is a troll is quite evident by the fact that everything that is good by huawei sees your immediate appreciation while anything else that Huawei sucks at makes you diss it as non important or some kind of failure. You are suffering from fanboy disease. And huawei has entered your blood vessels.

16. bwomack01

Posts: 17; Member since: Oct 21, 2018

Wow! Take it easy there, buddy! It’s not the serious! This is just phone and other tech stuff! No need to get all personal.

13. AbhiD

Posts: 856; Member since: Apr 06, 2012

Will be! And that too on an expected timeline. Let's talk after November. Btw all Huawei/Honor devices supposed to get Pie are running on Kirin 970. Yeah, so much for updates. So some random 4 Huawei devices in your house receive regular security updates and we should believe that? If you were speaking truth, you would have rather provided the names of devices. Not just some random blubbering.

11. nodes

Posts: 1163; Member since: Mar 06, 2014

Google should have done it years ago. It's their OS after all.

15. bwomack01

Posts: 17; Member since: Oct 21, 2018

It should be more than two years for security updates. Should be three.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit for samples and additional information.