Google gets serious about Android security: Monthly Nexus software updates

Google just added another big selling point its Nexus line of phones and tablets: The safest Android experience possible.
Written by Kevin Tofel, Contributor

In an effort to improve mobile security, Google is taking a new approach: Monthly Android software updates focused on locking down any backdoors or risks. Of course, the company is doing this only where it really can: On its own line of Nexus devices.

The first such update started rolling out on Wednesday to the Nexus 4, Nexus 5, Nexus 6, Nexus 7, Nexus 9, Nexus 10, and Nexus Player devices, with an emphasis on fixing the Stagefright exploit reported last month.


The updated software will also be made public via the Android Open Source Project, which is the license-free version of Android that anyone can use on devices. That software build doesn't include any Google services, however. It does mean that devices built on the AOSP platform -- such as Amazon's Fire OS tablets -- can integrate the security fixes.

Google also gave a support timeline on the new policy, saying "Nexus devices will continue to receive major updates for at least two years and security patches for the longer of three years from initial availability or 18 months from last sale of the device via the Google Store."

Where does that leave the Samsungs, LGs, HTCs and Motorolas of the world? Right where they've always been: At the mercy of their carrier partners to get software fixes developed, tested and released.

As always then, if you want the best (and now safest) Google Android experience, Nexus devices are your best bet. I'd place Android One phones not far behind, even though the low-cost handsets aren't specifically mentioned in Google's announcement.

The development makes me wonder: Perhaps the Nexus and Android One lines are part of a longer game for Google's Android aspirations.

Now the Android has hit critical mass with around 80 percent of mobile users worldwide relying on it, Google in theory could slowly wean itself away from it hardware partners and push Nexus devices at the high-end with Android One phones targeted towards the low- to mid-range markets.

After all, Google has one key advantage that its hardware partners don't have: Complete control over the software on such devices. Might people pay for that control as long as Google is diligent in beefing up security through monthly updates? I think they just might; removing the stigma of Android as an unsafe platform could go a long way.

See also:

Editorial standards