Samsung and LG have taken the lead among Android phone manufacturers in embracing a new monthly schedule for releasing Android security patches. In fact, Samsung's so excited that today it has reissued the press release announcing its new policy — which had already been in the works for six months, but was accelerated by the revelation of the Stagefright vulnerability. The Korean company clearly wants to be seen as a front runner in pushing through stricter security standards, and it has the blessing of Google, which has announced a similar initiative to update its Nexus devices on a monthly basis.
In its essence, this once-a-month security update is very much like Microsoft's Patch Tuesday for Windows. It will aggregate all the latest information on Android's potential vulnerabilities — which Google says it's already providing to its manufacturer partners — and help alleviate new threats as early as possible. Unlike Windows, however, issuing an Android update is a notoriously laborious and slow process, due in large part to the need to gain carriers' assent before rolling out the new software. Samsung says it "is currently in conversation with carriers around the world to implement the new approach," but LG's statement is more revelatory (emphasis added):
"LG will be providing security updates on a monthly basis which carriers will then be able to make available to customers immediately."
Carriers will make or break this initiative
Even if LG and Samsung adhere perfectly to their new update roadmap, there's no guarantee that your carrier will actually be ready to implement the patch when it becomes available. Samsung certainly has the scale and sway to nudge carriers into greater alacrity, but only time will tell if that will indeed be the case. Moreover, smaller (and shrinking) manufacturers like Sony and HTC may well be reluctant to take on the added cost and complexity of keeping up the same pace of updates as Samsung, Google, and LG. There's no doubt that Android's popularity has made it an attractive target for attacks and that the mobile OS would indeed benefit from a Patch Tuesday of its own. But it's not at all clear that the broad ecosystem of device makers and carriers is ready to provide it.