Two types of updates arrive on our Android mobiles: new versions of Android or the personalization layer and the security updates. Unlike Android updates, security updates come relatively frequently, at best monthly. But what are they and what are they for?
Given the landscape of fragmentation of Android versions, receiving a new version of Android is cause for celebration, although with security updates, the excitement is usually less: after you install them, everything. look alike. But that’s not the case, and it is important to install them as soon as they arrive.
What are security updates
Android security updates are nothing more than a collection of fixes that fix bugs, problems and security vulnerabilities in the system. Specifically, errors that apply to system components and not to specific apps, the errors of which could be resolved by updating the app on Google Play.
Like Android updates, security patches must be adapted by the manufacturers before they are available to users. The reason is simple: not all phones have the same software or hardware, so a Qualcomm vulnerability patch is not necessary on a mobile with a MediaTek processor, and vice versa. This is the reason why some mobiles lack patches.
Not all phones have the same hardware, and therefore do not all need the same patches
To facilitate its distribution, Google collect these fixes in monthly packs, which publishes in a monthly bulletin that details all the vulnerabilities collected. For example, the May 2020 security patch fixes 39 vulnerabilities in different components. This is the AOSP (Android Open Source Project) newsletter, on which manufacturers build theirs by adding and removing.
After is the builders’ tour, who have their own security bulletins detailing the fixes they included in their latest security update (Google, Huawei, LG, Motorola, Nokia, Samsung. They take the fixes from the Android security bulletin that affect them and theirs add. For example, Samsung included in its last bulletin a fix for a security issue affecting the S Pen.
Some of the vulnerabilities fixed in the latest security patch
In short, security patches are nothing more than Android bug and vulnerability fixes which are available faster than full system updates. In this way, an Android mobile can be more secure and less exposed to security problems even if it does not have the latest version of Android.
Android 10 has released a new way to install security updates: from Google Play
With Android 10 they have arrived other types of security updates: those of Google Play. To make it even easier to fix bugs in critical system modules, some Android components can be updated from Google Play, without the need for a full Android update or security patch. These fixes are also detailed in the monthly security bulletins.
Why is it important to install them
When your mobile has a security update, you will receive a mobile notification which is difficult to get rid of. You can ignore it, although it will reappear periodically until you do the right thing: install it.
Installing security updates is very easy, as all you need to do is press a button and wait for the process to complete, although that will leave you without being able to use the mobile until I have finished. This added to the fact that there is usually no noticeable novelty after installation can cause a bit of laziness to install them. However, you must install them as soon as they arrive.
Keep in mind that from the time vulnerabilities are discovered until a patch is created for them and they are included in the bulletin, it can take months. As they are included in the newsletter until it reaches your mobile it can take weeks. Or months, if your mobile receives them quarterly and not monthly. The sooner you install it, before your mobile stops being vulnerable to security breaches.
While Google, Sony and Nokia release security fixes the same day they are posted in the newsletter, other devices can take weeks or months. These are weeks or months when your mobile is vulnerable to attacks. This does not mean that a hacker or a malicious application will exploit these security holes immediately, although the possibility is always there.
In case it helps, although it is not usual, some manufacturers are taking advantage of security updates. put some improvements in the same package of the system. No big changes, but some optimizations here and there, for example in the camera app or in any other element. These types of changes are usually specified on the screen to install the update.
