Security updates on mobile operating systems have typically been bundled inside larger patches that include other bug fixes and improvements. Unfortunately, the world of security exploits isn't tuned to a company's release schedule, which can leave devices and platforms vulnerable to exploits for long periods of time. Microsoft recognized this issue long ago and has since used Windows Update to roll out regular security patches when needed. With the growth of mobile, more attention is now being placed on the security of smartphones and tablets.

Google appears to have come to the same realization as Microsoft, and today they announced that they will start pushing monthly security updates over the air to Nexus devices that are still within their support timeframe. The list of supported devices includes the Nexus 4, Nexus 5, Nexus 6, Nexus 7 (both generations), Nexus 9, Nexus 10, and Nexus Player. In addition to security fixes, the monthly OTA updates will include general bug fixes, but the focus is primarily on security improvements.

The first monthly patch for Nexus devices is rolling out today, although as usual it may take some time to get to your device due to Google's staged rollout system. In addition to this announcement, Google has also implemented a long rumored change to their Nexus update policy. While in the past devices were guaranteed 18 months of updates, under the new policy they will be supported for two years of major software updates, and security updates will continue for three years or eighteen months after the device is discontinued on Google Play depending on which is longer.

Source: Google Android Blog

Comments Locked

41 Comments

View All Comments

  • jakeuten - Monday, August 10, 2015 - link

    jellybean? jeez even my S III made it to KitKat on AT&T.
  • edzieba - Thursday, August 6, 2015 - link

    The solution there is DO NOT PURCHASE PHONES FROM CARRIERS. Carriers rebranding manufacturers phones as their own is almost unique to the US market. Buy the phone and contract separately and you avoid whole swathes of issues with lock-in and updates.
  • Impulses - Thursday, August 6, 2015 - link

    Yeah, the whole market including consumers shares a wealth of the blame... OEM, carriers, and the consumers that empower them got us to where we are.

    At least pricing structure has made it so you don't really need to subsidize a phone to save some money anymore tho, so not buying from a carrier is now not only viable but mildly advantageous in the US at last.

    Moto had a good track record for a while but then slowed their roll, I'd be curious to see who's doing best with updates now. I'm sure some of the Android sites cover this but is anyone keeping a solid scoreboard that tallies update progress/timelines across the board?

    For me personally, I'd still rather have a Nexus, screw waiting six months for new features. :p
  • BabelHuber - Thursday, August 6, 2015 - link

    First of all, you can head to sammobile.com and install the latest updates manually with Odin. This should even work for phones with a locked bootloader.

    If you have an unlocked bootloader, you can use CM, where you get daily updates, or somne other ROM.

    I can recommend this AOSP-ROM - your good old S4 will look like a brand-new phone: http://forum.xda-developers.com/galaxy-s4/i9505-or...

    I never go back to this Touchwiz-crap, Samsung builds good phones, but I don't like their software at all.
  • trparky - Thursday, August 6, 2015 - link

    Not always true. For instance, the ODIN flash files for many of AT&T's versions don't get published.
  • FYoung - Saturday, August 8, 2015 - link

    I think that a more effective method would be for the Play Store to report to users whenever the Android version they have is insecure. If a security fix is available, Play Store should offer to apply the latest fix (with a warning that some of the device's functionality may be disabled (eg the custom camera software).
  • Rocket321 - Wednesday, August 5, 2015 - link

    consumers should express the same thing with their spending - only Nexus and Samsung would be viable android purchases (unless/until other OEMs sign on to this cadence of support). I include Samsung because they have made a press release today promising the same monthly patches.
  • blakflag - Wednesday, August 5, 2015 - link

    In an ideal world the consumer would indeed vote with their wallet. But in practice there's too little information. And even technically proficient people too often place faith in supposedly premier hardware vendors to support their products security properly. I think until all the big players get on board with timely (within days) OS updates for security flaws, consumers will have to force their hand with class-action lawsuits whenever provable damage is done because of lack of vendor security updates.
    And hopefully these douchebag marketers who insist on polluting Android with their "value add" will be forced to do so in a way that is at least slipstreamable in an automated way from Googles updates (to prevent vendor lag in rollout of patches)
  • steven75 - Thursday, August 6, 2015 - link

    Samsung's press release is all talk until the carriers actually allow it. Samsung doesn't have the power in that relationship.

    Both Google and Samsung's PR announcements don't mean a hill of beans to the actual problem with the Android ecosystem (at least in the US). So what if 0.5% of Android devices can get monthly updates? What about the other 99.5%?
  • Impulses - Friday, August 7, 2015 - link

    Samsung probably accounts for like 50% of Android devices... And they do have a decent amount of leverage on carriers, they've been building that up year after year and are possibly not getting much credit for it. It was Samsung that initially bucked the trend of custom carrier models as they pushed the Galaxy brand year after year, for self serving reasons of course but still...

Log in

Don't have an account? Sign up now