Motorola has today confirmed that they will not commit to regular, monthly security patches for their 2016 product line, which includes the Moto Z family and the Moto G4. They has stated that the device will receive these important updates but that “it’s difficult to do this on a monthly basis” and “it is often most efficient for us to bundle security updates in a scheduled Maintenance Release (MR) or OS upgrade.” In other words, if you buy a 2016 Motorola device, it will receive the monthly security updates, but likely not around and about the same time as Nexus, BlackBerry or even Samsung devices. Motorola may bundle security updates together, as it has been doing with the 2015 range of devices. For a company offering a stock-plus user interface, and one that in the past had released operating system updates in a timely fashion, this is not good news.
These monthly security patches are important because the company is striving to improve how responsive Android is to new security threats: 2015 was an important year for device security and we saw a number of high profile security issues, from iCloud being hacked and celebrity pictures being leaked, through to the Stagefright critical security vulnerability. Google’s regular monthly patches will help keep devices patched up against these critical security vulnerabilities, which otherwise could theoretically exposure the device and ultimately the customer to a malware threat. As at the time of writing, the Android platform has yet to truly experience a widespread malware issues that Windows machines saw with various virus worms in the 1990s. For some security analysts, this is a problem waiting to happen. It is impossible to determine how severe the issue is until it happens, and for customers this is not a comfortable place to be.
Some manufacturers have openly supported the monthly security patches, such as BlackBerry, Samsung and LG, alongside the Nexus device line. Others, such as HTC, have said that it is unrealistic to provide updates so rapidly. This underpins one of Google’s issues: the device manufacturers need to support their devices. It has encouraged manufacturers to support software updates even to the point of including the software version and date in About, Settings (something HTC removed). Perhaps the Android platform needs a blasterworm issue before customers – and device manufacturers – take software security patches seriously? Manufacturers are in a potentially difficult position: they may wish to support devices for longer, but this will have an impact on sales going forwards. Customers may not buy a device that is unsupported but might instead buy a new device. If we do not see a seismic security issue in the Android world, customers may need to vote by keeping their wallets and purses closed.