One of the announcements that might have passed you by during Google I/O 2019 is Project Mainline, but this is also one of those announcements that certainly shouldn't pass you by as it is security-related.
Essentially, Google has now confirmed that it plans to utilize Project Mainline to deliver security-based updates to devices in a much faster fashion than ever before.
This is unlikely to be in use for security updates as a whole, but instead elements (or "modules" as Google refers to them) of those updates that Google can, and deems important enough to roll out quickly.
In explaining this point, Google states “we’re now able to update specific internal components within the OS itself” and therefore they can be decoupled from a security update.
One of the benefits of this approach is that Google can effectively remove third-party companies from the equation altogether.
For example, prior to Project Mainline, Google would have to release a security update to its partners and then wait for those partners to roll it out to their respective devices via a main OS update. Now, Google is saying it can do this all from the Google Play Store - in the same way an app update would be applied in general.
Google specifically draws on this parallel by stating, “ we plan to update Project Mainline modules in much the same way as app updates” although in contrast to other apps, these module updates will be delivered by an update to the actual Google Play Store app.
In doing this, the modules that are downloaded will then be able to be loaded the next time the phone boots up. Google also argues the updates themselves will be richer and inclusive of more fixes as the source code for these modules will be made available via the Android Open Source Project (AOSP).
The benefits to the end user here are evident although Google also points out that Project Mainline will be equally beneficial to device-makers as well. As they will no longer need to focus on the entire security update, but can just focus on the “key parts” that are not included via the module updating method.
At present, Google has only confirmed this feature as part of Android Q and so there is currently no suggestion the feature will become available via older versions of Android. Something that seems highly unlikely considering the announcement indicates that going forward Androids Q will be the minimal requirement for Project Mainland.
This was only one of many Android Q announcements that were made today during the developer-focused event and you can read up on some of the other main new Android Q features by clicking here.
For those with a compatible device, Google also today confirmed the third beta preview of Android Q is now available to download or apply via the beta program. As well as announcing that the beta program also now supports more third-party devices.
In other words, more devices are now capable of receiving Android Q sooner, and those devices will also now be able to take advantage of this new modular approach to security updates.