The Android ecosystem has faced somewhat of a challenge as far as keeping devices up to date as far as the operating system and security updates are concerned. Particularly with respect to the former, Oreo in both its variants is still only found on 5.7% of all Google Play Android devices, a 1.1% increase compared to April. Meanwhile, Nougat and Marshmallow still hang on to more than half of the counted install base, with a total of 56.6%.
Putting aside major OS updates, security updates for Android-powered units continues to be an issue outside of Pixel-branded devices. Although Android security patches are released on a monthly basis, manufacturers tend to roll them out later compared to Google's own hardware or, as was discovered last month, lie about having deployed those updates in the first instance. Now, it appears that Google is cracking down on OEMs to do a better job in this area.
Speaking at Google I/O, David Kleidermacher, head of Android platform security, discussed how the Mountain View company was streamlining the process of pushing out security updates, citing Project Treble as an example. Despite the implementation of Project Treble being optional for units upgrading to Oreo, it does make the patching pipeline easier to execute for hardware that ships with Oreo already installed. However, the company is following this up with more stringent agreements with OEMs, with Kleidermacher making the following comment:
“We’ve also worked on building security patching into our OEM agreements. Now this will really … lead to a massive increase in the number of devices and users receiving regular security patches.”
Of course, the devil is in the detail with respect to any agreement. While patches are released monthly by Google, the cadence at which OEMs implement them may possibly differ from that schedule, depending upon how the term "regular" is defined. Furthermore, in light of the misrepresentation of installed patches by manufacturers, Google will need to examine how it quantifies compliance with the revised Android partner agreement in order to hold OEMs to the mark. Time will tell exactly how effective this latest strategy ends up being.
Source: XDA Developers