Like clockwork, Google has announced the December 2018 security patch for Nexus and Pixel devices. This is pretty much how Google typically does it, launching it on the first Monday of the month. The December 2018 security patch is available for the Nexus 5X, Nexus 6P, Pixel C, Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3 and Pixel 3 XL. The OTA's are all available now to sideload onto your device as well. If you are one that doesn't want to wait to get the latest security patch onto your device.
This security patch from Google, doesn't patch a ton of vulnerabilities, which might be a surprise. There is only one vulnerability disclosed here, which has to do with Qualcomm components. This was a "Moderate" level vulnerability, but still good to see it fixed in this update. Now there might be other vulnerabilities that Google has patched in this security update, but Google will not detail all of them. This is because not everyone has the update (especially those not using a Pixel or Nexus device), and it doesn't want to put those users at risk of being exploited. On top of that one vulnerability that Google patched, it has also included a ton of bug fixes for Pixel smartphones, mostly the Pixel 3 and Pixel 3 XL since those are newer.
Among the many fixes included here, Google has improved the memory performance in certain circumstances, improved camera capture performance, improved Android Auto compatibility and much more. Many of the fixes that Google said would be coming soon for the Pixel 3 and Pixel 3 XL are included here, which is going to make both smartphones a bit better and more fun to use. You can see all of the fixes that Google included in this update on the Security Bulletin here. Google also indicates which smartphones get these fixes. The updates have not yet started rolling out, though they should be rolling out in the next few days. Usually before the middle of the month, Nexus and Pixel users will have their monthly security update available on their device.
Background: A few years ago, Google began doing these security patches each month, after a few pretty major exploits were discovered that affected essentially every single Android device in the world. These were some pretty crippling exploits and Google decided to push out monthly updates so that its users were no longer affected by these very old exploits. It also provided a way for Google and other companies to release bug fixes without needing to do a separate OTA. Seeing as the certification for these updates can be pretty costly for manufacturers, and being able to do it all in one update, is much more cost effective and easier. While Google has been leading the way with these security updates, other manufacturers have been pretty good at updating their smartphones to have the latest security patch from Google. While only a couple of manufacturers – like BlackBerry Mobile and Essential – have been able to update their phones every single month, most of the others do it every two to three months. So they are still fairly recent, but with the amount of phones that say, Samsung or LG put out, it's very difficult to update all of them every single month.
Google works closely with its partners on these security updates. In fact, it provides the code for these security patches to its partners about a month before it actually rolls out. This is how companies like BlackBerry Mobile and Essential have been able to release these patches before Google even announces them. This also allows its partners to get the patches ready for their smartphones, and incorporated with the skin if need be. And for companies like Samsung, it will actually include some of its own patches that it found in its skin overlay (called Samsung Experience). Which is also a pretty important thing here, since that is a part of the phone that Google can't control. But Samsung is still looking out for its customers by keeping it safe.
Impact: These security updates can be pretty annoying, like any other update. It means that your smartphone is going to be unusable for a few minutes while it is updating. But it also means that your phone is up to date and it won't be getting hit by hackers looking to exploit your device. It is always important to keep your device up-to-date, and that includes updating your smartphone to the latest version of Android or just the latest version of your software. So if you do get an update notification make sure that you update then and there. As you never know what could happen to your device between now and when you get around to letting the update do its thing. These security updates are also much smaller, so they don't take as long to download and update your device – usually under five minutes – so it's not as inconvenient as getting Android Pie onto your device.
Android is not the safest operating system out there, but Google and its partners are doing what it can to make it as safe as it can. There is truly no 100-percent safe operating system out there, even Apple has its issues with iOS and macOS. But since so many more people use Android, and there are a ton of other variables in Android, it makes it the perfect target for hackers. However, as you can tell by the not-so-lengthy changelog of exploits that were patched this month, it appears that Google has gotten up to speed with keeping Android patched and safe for everyone to use, which is a good thing here. Just a year ago, every security update would have at least 15 to 20 exploits or vulnerabilities patched. And now we are down to just one, which wasn't even that big of a deal. That means that Android has really come a long way in the past year or so, and that is good to see, from a security perspective.