Google is rectifying the Android ecosystem and will force mobile phone manufacturers to provide security patches

In terms of system security, Android has always been far behind iOS. We can find a long list of "unqualified" Android manufacturers in any survey report, and even recently there was a scandal that many manufacturers cheated in pushing security patches. Seeing such a chaotic Android ecosystem, Google naturally cannot stand it. At this I/O conference, Dave Kleidermacher, head of Google's security department, said that OEM manufacturers will be forced to provide security patches.

Dave Kleidermacher said that Google has modified the agreement with its OEM partners (referring to third-party manufacturers such as Huawei, Samsung, Xiaomi, etc.), and providing regular security patches is an important item. In the future, these manufacturers will be obliged to release patches regularly, which will enable more users and devices to receive security patches regularly.

Previously, Google has been updating security patches at a frequency of about once a month, but many Android manufacturers have not followed up. According to SecurityLab's investigation, it takes months for most Android devices to receive updates after a vulnerability is exposed. Even brands such as HTC and OnePlus have to wait for several months for their flagship phones. The blood-red scores fully reflect the poor security of Android phones.

What's more, foreign media "Wired" said that many manufacturers will miss patches, Xiaomi, OnePlus and Nokia miss an average of 1 to 3 patches, Huawei, HTC, LG and Motorola miss an average of 3 to 4. Some even push a "security patch" to users, but in fact it is just a change of the update date of the last update package, which is obviously a fraud.

According to a survey by security company RSA, only 47% of companies or organizations will take patching measures immediately after learning of vulnerabilities, and as many as 26% of companies will ignore some major security vulnerabilities because they do not have time to fix them; 16% of companies said they do not have the ability to fix these problems. Therefore, in the past, many Android manufacturers would submit applications to Google, hoping that they would not fix certain vulnerabilities, but directly shut down the functions related to the vulnerabilities. This method obviously saves time and effort, but Google will not agree to such applications in the future.

Even this kind of application is usually submitted by large manufacturers. Many small manufacturers will not have any communication with Google at all because they are not included in the GMS (Google Mobile Services) agreement and the Android Partner Program. The open source nature of Android has become a double-edged sword here.