14 DAY TRIAL // Google has outlined plans to streamline Android updates in cooperation with carriers and device manufacturers, which will help get security fixes to consumers faster.
Google has failed to advertise Android as a secure platform, especially because of the platform's openness which allows users to install apps from untrusted sources, but also because of the market's fragmentation.
At this time, when buying an Android phone users have no warranty that they will receive updates or when will it happen, not even if they go for high end brands.
Android updates are currently shipped in three steps. First of all, Google needs to release the reference Android build.
Then, device manufacturers need to update their custom versions and work with carriers to deliver it over the air. This process can take many months, which is a real problem when it comes to security issues.
For example, back in November, a security researcher discovered a vulnerability in the native Android browser which allows remote attackers to steal data from smartphones.
Google said it will patch the flaw in the first maintenance release of Android 2.3 (Gingerbread), which was not even out at the time, but even now, more than half a year later, some very popular phones have not received an update to Android 2.3 and remain vulnerable to this attack.
Google announced at its Google I/O conference a partnership with major carriers and smartphone manufacturers, including Verizon, T-Mobile, Vodafone, AT&T, Sprint, HTC, Samsung, Sony Ericsson, LG and Motorola, aimed at standardizing Android updates.
The partners have agreed to guarantee an 18-month update period for all devices. This means that after a device is released, it will receive updates for at least 18 months, as long as the hardware allows it.
The update frequency has not yet been decided, but the alliance is working on a guideline for the amount of time hardware partners will take to release an update once a new Android build is out.