Google commits to monthly security updates for Nexus devices

Security.  We all worry about it, and we all leave our security in the hands of Google when we use Android devices.  Our smartphones are continually gathering more information about us, from passwords to pictures and geotagging, to financial information such as credit card numbers and bank account numbers.

Security is absolutely crucial, and Google released an announcement today to make security a monthly update to Nexus devices after feeling the pressure from vulnerabilities in regards to libStageFright where malicious code could take over your device with just a text message.

Starting today, the Nexus 4, Nexus 5, Nexus 6, Nexus 7, Nexus 9, Nexus 10, and Nexus Player will receive OTA updates each month with security as the key focus in addition to platform updates. This week’s update does contain fixes for the libStageFright issues, and the fixes have been released to the public via the Android Open Source Project.

Nexus devices will continue to receive major updates for at least two years and security patches for the longer of three years from initial availability or 18 months from last sale of the device via the Google Store.

I have a couple concerns I have about this commitment.

1. I use a Samsung Galaxy Note Edge.  I am vulnerable to the libStageFright issue until Samsung decides to update their devices.  Google needs to commit to reduce fragmentation to ZERO when it comes to security.  Also, considering that Google is only committing the monthly updates to their devices, my next phone HAS to be a Nexus device because I do not know the commitment Motorola, Samsung(although Samsung did respond with a new process, but they will need to prove themselves considering their poor reputation for updating their devices), LG, HTC, etc. have to fixing their devices as well.  It makes me rather disturbed knowing my Note Edge is vulnerable to libStageFright when I know there is a fix for Nexus devices.

2. Google just announced a lifespan of three years for Nexus devices.  I can’t imagine one single person who would want a device that is vulnerable to security threats.  If Google will not commit to security beyond 3 years, or 18 months after the device is last sold in the Play Store, they are basically telling us to buy a new device every three years.  No one can store anything personal on a device that is susceptible to malware.

I seriously hope Google rethinks this commitment to security patches, because I know plenty of people who use phones and tablets beyond three years.  Security is one area where users are not forgiving.  Mess up once, and users will probably jump ship to another mobile platform.

Source

If you’re interested in a security review from Google, check it out at this link.