With every smartphone launch, whether this is one Xiaomi or another rival brand, we always hear controversy about the fact that support for system updates will be lacking. It does not always refer to the version of the operating system, so to speak Android 9, 10 etc .. but often refers to the monthly security patches, a particular type of update that Google has released monthly for almost 5 years.
As the name suggests, the security patches allow to correct important security holes related to the Android OS, often addressed to a specific smartphone, or better processor equipped on a specific terminal.
Every day, Google but also external companies, work with a common goal in the discovery of vulnerabilities that could compromise the security of a device. Android security patches are characterized by a nomenclature in the format year / month / 01 or 05, often confused (also by me) with the reference day of the month while the abbreviation 01 or 05 is indicating a different type of patch.
01, is the suffix indicated for a security patch with fix dedicated to the Android framework while those with the suffix 05 refer to patches related to the various vendors and their Linux kernel as well as to what is contained in patch 01. This therefore allows the various manufacturers to insert the specific fix for your smartphones within a specific patch.
As already mentioned, the security patches are released over a period of about 30 days, therefore each month we will have a different and updated patch. But this generally applies to Google Pixel devices and not by other OEMs, who can decide and schedule the release at their convenience.
So often the release of a particular patch does not happen immediately, because companies prefer to support additional updates too, which add new features or correct other system-level bugs. However, it should also be noted that many companies are not Android Partners and therefore do not receive notification of the security bulletin 30 days in advance as happens precisely to OEM Android Partners, who also benefit from additional tools. For example, the issues resolved in the May 2019 patch were reported on March 20, 2019.
Android security patches: what are they and how do they work? Let's clarify
Obviously all the main OEMs are Android partners, but it is not so simple to become one: it is necessary to comply with certain requirements in terms of Compatibility Definition Document (CDD) and pass some tests, including Compatibility Test Suite (CTS), Vendor Test Suite (VTS ), Google Test Suite (GTS).
But does this justify the major delay, in some cases, in the release of the updated security patches? Well the situation is not always so easy to manage, as although it benefits from receiving it in advance, smartphone manufacturers must overcome significant technical problems to implement fixes such as conflicts with pre-existing code.
Sometimes the problem is also caused by telephone operators who delay in issuing the certification, to which must be added the desire to add new functions by the firmware development team of each mobile phone company.
To get a clear idea on the reliability of a brand on this issue, it is good to know that each company is obliged to release at least four security updates within the first year of life of the Android terminal, and also to guarantee 2 years of total updates , without however specifying in this case how much the number of mandatory updates is within the two-year period.
This often induces the user to turn to the use of Custom ROM, which entails unlocking the bootloader which, on its own, can represent a risk to the general security of the device. In these cases, there will be two levels of security patches, one concerning the platform and one concerning the smartphone manufacturer. This means that the update situation could worsen in case of general problems.
GBA36401 (Black) GBA36402 (Blue)
GBA312801 (Gray) GBA312802 (Blue)