One surprising note made in the Ars Technica review was that Motorola would not be providing monthly Android security updates for the Moto Z.
Motorola reached out and issued this statement regarding monthly updates, "Moto Z and Moto Z Force will be supported with patches from Android Security Bulletins. They will receive an update shortly after launch with additional patches."
That statement didn't completely answer the question about supporting monthly updates -- so, Ars Technica pressed for more clarity and was told:
"Motorola understands that keeping phones up to date with Android security patches is important to our customers. We strive to push security patches as quickly as possible. However, because of the amount of testing and approvals that are necessary to deploy them, it's difficult to do this on a monthly basis for all our devices. It is often most efficient for us to bundle security updates in a scheduled Maintenance Release (MR) or OS upgrade."
In other words: it will provide patches, just not when they're first available.
In response to growing security concerns on the Android platform, Google committed to monthly Android security updates. Samsung, LG, and BlackBerry agreed to offer these regular patches. Only HTC hesitated, calling it an "unrealistic" target. It appears that Motorola is following HTC's lead and will be releasing these security updates when it is convenient for Motorola.
The two new Moto Z phones launched this week and will come installed with the May security update. Previously, Motorola would release updates nearly as fast as Google did for Nexus devices. Things have clearly changed for the worse with Lenovo's ownership.
Motorola has a rather poor track record of updates over the past year or two, but even then monthly security updates should be a basic requirement for all Android makers. The Moto X Pure Edition just received the May security patch, previous update was dated for February, while Samsung S7 Edge currently has the July update.
Samsung, along with Google, has been leading the charge with monthly security update support, which is saying something when most of Samsung's new phones in the US come from carriers so have even more hoops to jump through.
The yearly report released in April showed that nearly one in three devices will never get the latest Android security patches. Those devices should be avoided for enterprise use. The latest July security bulletin contained dozens of security fixes; many of which were considered critical.
There is no excuse not to release these updates on a regular basis and if you are looking for an Android phone for your business I would look elsewhere.