In the past, Android has been a little more lackadaisical in bundling security fixes with more noticeable UI or app updates. Following a recent widespread security scare, Google Android will be stepping up its game to provide monthly updates, and it looks like other manufacturers will follow suit.
The Android Official Blog on Google explained how the new process will work. The blog cites the Nexus line of mobile devices specifically, and explains that as of today, Nexus phones and tablets will get one big security update each month, and each product will have Google’s full support for two to three years. Additionally, Google will release all of its fixes to the Android Open Source project so that other developers can take advantage of the company’s patches.
The impetus for the sudden ramping-up in security was the Stagefright exploit, which was capable of hijacking Android phones with just a text message. Android has said that they always had a strong focus on security with a generous rewards program for independent researchers who hunt bugs and less than 1% of Android handsets with harmful software installed from Google Play.
However, everyday users might not get the security updates as quickly as they’d like. Users who purchase phones on contract through wireless carriers tend to have tweaked versions of Android specific to those carriers. (A Moto X from Verizon is slightly different than a Moto X from AT&T, and so forth.) As such, wireless carriers can often give and withhold updates as they see fit.
Our advice would be to keep your devices up-to-date with security updates. With that being said, it never hurts to use common sense with your phone or to install a third-party security suite. By being lazy with your updates, you are potentially putting yourself and your company at risk of a major security breach. And that is a mess nobody wants to deal with.