Security updates on mobile operating systems have typically been bundled inside larger patches that include other bug fixes and improvements. Unfortunately, the world of security exploits isn't tuned to a company's release schedule, which can leave devices and platforms vulnerable to exploits for long periods of time. Microsoft recognized this issue long ago and has since used Windows Update to roll out regular security patches when needed. With the growth of mobile, more attention is now being placed on the security of smartphones and tablets.

Google appears to have come to the same realization as Microsoft, and today they announced that they will start pushing monthly security updates over the air to Nexus devices that are still within their support timeframe. The list of supported devices includes the Nexus 4, Nexus 5, Nexus 6, Nexus 7 (both generations), Nexus 9, Nexus 10, and Nexus Player. In addition to security fixes, the monthly OTA updates will include general bug fixes, but the focus is primarily on security improvements.

The first monthly patch for Nexus devices is rolling out today, although as usual it may take some time to get to your device due to Google's staged rollout system. In addition to this announcement, Google has also implemented a long rumored change to their Nexus update policy. While in the past devices were guaranteed 18 months of updates, under the new policy they will be supported for two years of major software updates, and security updates will continue for three years or eighteen months after the device is discontinued on Google Play depending on which is longer.

Source: Google Android Blog

Comments Locked

41 Comments

View All Comments

  • jeffkibuule - Wednesday, August 5, 2015 - link

    Let's be honest, if you care about security to that level, then Android can never be the OS for you, because there are too many players at the table which have to give the OK befor a software update actually hits a device that it's impossible. Google, phone OEM, and wireless carrier all have to say yes in a timely fashion. Both Apple and Microsoft say "Good luck!"
  • Daniel Egger - Wednesday, August 5, 2015 - link

    > Let's be honest, if you care about security to that level, then Android can never be the OS for you, because there are too many players at the table which have to give the OK befor a software update actually hits a device that it's impossible. Google, phone OEM, and wireless carrier all have to say yes in a timely fashion.

    Nonsense, Google does have very little to nothing to say and the wireless carrier even less: order a noname phone from China, put your SIM card in and you're good to go; your carrier could not care less that you do and whenever the friendly Chinaman is going to provide updated software.

    > Both Apple and Microsoft say "Good luck!"

    I've no idea what that means.
  • watzupken - Wednesday, August 5, 2015 - link

    I strongly agree. Considering that they enforced that manufacturers using Android OS needs to have the suite of Google apps, I think they need to enforce mandatory security updates. It is after all their OS.
  • grooves21 - Wednesday, August 5, 2015 - link

    The only way to ensure that happens is to not buy devices from a manufacturer until they make the same commitment. Based on recent practices, I'm guessing Motorola will jump on this boat, which is why it's either gonna be the next Nexus phone or the Moto X for my next device. Samsung, LG, et al can go kiss my A.
  • twizzlebizzle22 - Wednesday, August 5, 2015 - link

    "three years or eighteen months after the device is discontinued on Google Play depending on which is longer."

    This is big news especially now we seem to have plateaued when it comes to device performance. Any flagship phone in the last 2-3 years is still extremely viable device for day to day use. Noway could my HTC One X or LG Optimus hold up after 2 years. Slow as a dog.
  • FYoung - Saturday, August 8, 2015 - link

    Article: "...security updates will continue for three years or eighteen months after the device is discontinued on Google Play..."

    It should be three years after the device stops being sold; eighteen months is not enough. If the device is too slow for that, it is too slow to be sold as a new phone.

    Buyers would legitimately feel betrayed if they bought a device with a built-in security defect that the maker refuses to fix after 18 months given that the fix would cost only a tiny fraction of the cost of the device, and no one else is able to fix it.
  • lilmoe - Wednesday, August 5, 2015 - link

    "Commits"

    Anyone getting the irony here?
  • Impulses - Thursday, August 6, 2015 - link

    On a nightly basis.
  • dragonsqrrl - Wednesday, August 5, 2015 - link

    NOICE.

    I'm hopeful that the 2015 Nexus 5 will be my next phone, if the rumored specs for the device are accurate. 5.2" 1080p display with a very thin bezel + front facing stereo speakers and ~3200 mAh battery (Hey Motorola, can you say Google gets it?). The SOC still seems to be a bit in the air (Snapdragon 620 or 808?) Google could have a real winner on their hands again.
  • Impulses - Thursday, August 6, 2015 - link

    You had me at 5.2" with 3200mAh... They'd have to screw up the rest of the phone pretty badly or price it way too absurdly for me not to be on board with a small (relatively) Nexus model that finally gets great battery life (N5 wasn't terrible mind you, larger flagships with larger batteries just lapped it over the last two years and even within the release year in the form of the G2).

Log in

Don't have an account? Sign up now