For a decade, Android users have had to rely on a byzantine update process involving Google, device manufacturers, and carriers in order to get security patches and new versions of the operating system. Google is now trying to streamline this process and get updates into users’ hands more quickly through a plan called Project Treble.
The change is coming in Android O, due out later this year, and it involves the inclusion of a new vendor interface that sits between the Android OS framework and the vendor implementation of the OS. The idea is to reduce the amount of code that needs to be modified whenever a new version of Android is released.
“Today, with no formal vendor interface, a lot of code across Android needs to be updated when a device moves to a newer version of Android,” Iliyan Malchev, team lead on Project Treble at Google, said in a post.
“With a stable vendor interface providing access to the hardware-specific parts of Android, device makers can choose to deliver a new Android release to consumers by just updating the Android OS framework without any additional work required from the silicon manufacturers.”
The Android security update process has been problematic for many years. It starts with Google creating a new version of the OS, which the company then releases to the community. The company’s silicon-manufacturing partners then take the code and modify it and pass it on to the handset manufacturers, who customize it for their own needs and those of the carriers they deal with. The manufacturers then deal with the carriers to ensure it works for them and then the carriers push it to their end users.
But that process can take weeks or even months, depending upon the carrier and the device manufacturers’ schedule and priorities. That can leave Android users exposed to security vulnerabilities for a long time before an update is available, and in some cases carriers don’t ever bother to push updates to their customers. Google has been providing monthly patch updates for Android since mid-2015, and some of the major handset makers have committed to delivering those to carriers each month. But many others haven’t, and Google said in a recent report that about 50 percent of Android devices didn’t get a security update in the previous year.
“We provided monthly security updates for all supported Pixel and Nexus devices throughout 2016, and we’re thrilled to see our partners invest significantly in regular updates as well. There’s still a lot of room for improvement however. About half of devices in use at the end of 2016 had not received a platform security update in the previous year. We’re working to increase device security updates by streamlining our security update program to make it easier for manufacturers to deploy security patches and releasing A/B updates to make it easier for users to apply those patches,” the report said.
Android O is set for release in the third quarter.