Many of us get these updates on our smartphones, or tablets just about every month. They are security updates which don't really change anything for the user, or really show them anything new, but it does protect the user from exploits. Now many users will see this update come in as a notification and opt to ignore it (in fact, more than half of Android users will ignore it, according to Google's numbers), instead of installing the update. It's no surprise, seeing as this forces you to restart your device and can sometimes take your device out of commission for around 20-30 minutes. That's not something that users want to do, especially when they are at work or maybe sitting at the doctor bored and using their phone to pass the time, but it's something they need to do. These updates that Google pushes out every month and sends to their partners to push to their own devices, are important ones. These are here to make sure that Android is as secure as possible. There are many vulnerabilities in Android, and that's true for just about any OS, whether it's mobile or desktop, and Google is doing what it can to push out fixes for these vulnerabilities to keep their users safe.
Since 2015, Google has been pushing out a security update to their lineup of Nexus and Pixel devices and AOSP every single month. They even made the security patch level available in the "About Phone" section of all Android devices, as of Android 6.0 Marshmallow, which was released in late 2015. This way users are well-informed of what security patch they are on, and how out-of-date they might be. Since Google started doing these monthly updates, manufacturers like LG, Samsung, BlackBerry, and OnePlus have been pushing out security updates every single month. And according to Google's Android Security report for 2016, by Q4 of 2016 over half of the top 50 devices had a recent security patch.
Now we've all heard of those vulnerabilities like QuadRooter, Stagefright and others. These were just the big ones, the ones that affected over a billion Android devices. These are the vulnerabilities that forced Google to start pushing out monthly security patches (and security bulletins detailing what was patched in these updates), but they aren't the only ones. If you take a look at any of the security patches from Google in the past few months, you'll notice that there are around 10 or so vulnerabilities in each patch that are being fixed. And these are all vulnerabilities that could put your smartphone and your data at risk. Some of these can use code in an app that you installed to give someone remote access to your device, and others are a bit more difficult.
Why should a user care about being protected against these vulnerabilities? It's simple. Think about all the data that is on your smartphone. Not just the pictures, videos, and music, but your accounts, your Google account – which for most people is their key to basically their entire online life – if that gets compromised and into the wrong hands, that could be a huge disaster. Sure the 20-30 minutes it takes to download and install a security update is an inconvenience but it beats having your device become compromised. Now while those instances are few and far between, it can still happen. So it's always good to protect yourself from these vulnerabilities, rather than waiting until it's too late.
Not every manufacturer updates their smartphones as often as Google does, with their security patches, but they should. Motorola is one of the few manufacturers that has decided against updating their devices every single month with the new security patch and will roll multiple patches together into a single update for their customers. That sounds good to customers, but for those that might have a device with a major vulnerability, that's a big no-no. These days, many of us choose a new smartphone based on a few factors. These include the price, the look of the phone, it's features and whether it's on our wireless carrier or not. But now we should be looking at their update track record. The manufacturers I mentioned earlier – LG, Samsung, BlackBerry and OnePlus – have all done pretty well at updating their smartphones with the latest security patch. While it may not be on the latest version of Android, their devices are on the latest security patch, or at least a recent one. With the carriers involved, it's tough for LG and Samsung to push out security updates to every device and every variant each and every month, but all of their devices are on a recent security patch, which is good.
Now there are things you can do to help protect yourself from these vulnerabilities, besides installing these security patches when they land on your device. That includes installing apps only from the Google Play Store. This is because Google has a feature called "Verify Apps" on every Android smartphone which scans apps that are installed, whether from the Play Store or elsewhere, to see if they are malicious. And it's pretty good at catching malicious apps and protecting the user. It's also a good idea to secure your device with a lock screen. Whether you use the fingerprint sensor, a PIN, Pattern or another method, by all means do not leave the lock turned off. While it may be more convenient that way, you do open yourself up for all kinds of security issues. And of course, pay attention to the news. When a new major vulnerability appears, it'll be all over the news, and security experts will give you tips on how to stay safe, which can vary from vulnerability to vulnerability.
Google notes that there's a surprising number of people that do not install their security patches at all. Not just delaying the installation, but they never install it on their device. Google is going to need to find a way to change that. It's not going to be easy though. These security patches are only installed on about half of the devices that they are available for, which is pretty telling. If you don't want to worry about a vulnerability compromising your smartphone or tablet, then you're going to want to install these security patches. And as I noted above, you'll want to look at manufacturers history when it comes to security patches. We've started including the security patch that devices launch on, in our reviews, so that users can see whether they are launching on an older patch, or a relatively recent one. For the most part, most manufacturers are launching with a security patch that came out in the past 60 days, which is pretty good.