- Jul 22, 2014
- 2,525
Every month, a security team at Google releases a new set of patches for Android — and every month, carriers and manufacturers struggle to get them installed on actual phones. It’s a complex, long-standing problem, but confidential contracts obtained by The Verge show many manufacturers now have explicit obligations about keeping their phones updated written into their contract with Google.
A contract obtained by The Verge requires Android device makers to regularly install updates for any popular phone or tablet for at least two years. Google’s contract with Android partners stipulates that they must provide “at least four security updates” within one year of the phone’s launch. Security updates are mandated within the second year as well, though without a specified minimum number of releases.
David Kleidermacher, Google’s head of Android security, referred to these terms earlier this year during a talk at Google I/O. Kleidermacher said that Google had added a provision into its agreements with partners to roll out “regular” security updates. But it wasn’t clear which devices those would apply to, how often those updates would come, or for how long.
PHONES CAN’T GO MORE THAN 90 DAYS OUT OF DATE ON SECURITY
The terms cover any device launched after January 31st, 2018 that’s been activated by more than 100,000 users. Starting July 31st, the patching requirements were applied to 75 percent of a manufacturer’s “security mandatory models.” Starting on January 31st, 2019, Google will require that all security mandatory devices receive these updates.
...
...
The terms appear in Google’s new licensing agreement for Android phones and tablets to be distributed in the European Union while bundling the company’s apps, including the all-important Play Store. While The Verge cannot confirm that the requirement appears in Google’s global licensing terms, the contract and Google’s public comments indicate that the terms are likely the same or substantially similar in all regions.
...
...
A contract obtained by The Verge requires Android device makers to regularly install updates for any popular phone or tablet for at least two years. Google’s contract with Android partners stipulates that they must provide “at least four security updates” within one year of the phone’s launch. Security updates are mandated within the second year as well, though without a specified minimum number of releases.
David Kleidermacher, Google’s head of Android security, referred to these terms earlier this year during a talk at Google I/O. Kleidermacher said that Google had added a provision into its agreements with partners to roll out “regular” security updates. But it wasn’t clear which devices those would apply to, how often those updates would come, or for how long.
PHONES CAN’T GO MORE THAN 90 DAYS OUT OF DATE ON SECURITY
The terms cover any device launched after January 31st, 2018 that’s been activated by more than 100,000 users. Starting July 31st, the patching requirements were applied to 75 percent of a manufacturer’s “security mandatory models.” Starting on January 31st, 2019, Google will require that all security mandatory devices receive these updates.
...
...
The terms appear in Google’s new licensing agreement for Android phones and tablets to be distributed in the European Union while bundling the company’s apps, including the all-important Play Store. While The Verge cannot confirm that the requirement appears in Google’s global licensing terms, the contract and Google’s public comments indicate that the terms are likely the same or substantially similar in all regions.
...
...