Google says it has been working closely with smartphone manufacturers in order to deliver security updates for the Android OS faster, and has recently got wait times down from six to nine weeks to several days.
The complexity of Android is a big part of the issues related to the delays in the release of Android security updates. For example, there are many cases where your Samsung or HTC device may not get an update as fast as the Google Pixel model. At the same time, there are hundreds of carriers and manufacturers that have their own ways of testing and deploying patches.
At the latest Android Security 2016 Year in Review, Google revealed that around half of the 1.4 billion Android devices out there didn't get important security patches in 2016. This year, however, it plans to improve that stat.
"In North America, just over 78 percent of flagship devices were current with the security update at the end of 2016," said security lead Adrian Ludwig. Samsung, recently vowed to release security patches every month.
"There's still a lot of room for improvement, however. About half of devices in use at the end of 2016 had not received a platform security update in the previous year. We're working to increase device security updates by streamlining our security update program to make it easier for manufacturers to deploy security patches and releasing A/B updates to make it easier for users to apply those patches."
A/B system updates ensure a workable booting system remains on the disk during an over-the-air (OTA) update. This reduces the likelihood of an inactive device afterward, which means less device replacements and device reflashes at repair/warranty centers.
Customers can continue to use their devices during an OTA. The only downtime during an update is when the device reboots into the updated disk partition. If the OTA fails, the device is still useable since it will boot into the pre-OTA disk partition. The download of the OTA can be attempted again.
Google has also reduced harmful apps by scanning the Play store more often -- 750 million times in 2016 compared to 450 million in 2017. That helped them drop the frequency of trojans by 51.5 percent, backdoors by 30.5 percent, phishing apps by 73.4 percent and hostile downloaders by 54.6 percent compared to 2015. The company also made numerous fixes for Nougat in the areas of Encryption, audio and video and enterprise.
"While only 0.71 percent of all Android devices had Potentially Harmful Apps (PHAs) installed at the end of 2016, that was a slight increase from about 0.5 percent in the beginning of 2015. Using improved tools and the knowledge we gained in 2016, we think we can reduce the number of devices affected by PHAs in 2017, no matter where people get their apps," Ludwig added.