Two types of updates are coming to our Android phones: newer versions of Android or the personalization layer and security updates. Unlike Android updates, security updates come relatively frequently, at best monthly. But what are they and what are they for?
Given the landscape of fragmentation of Android versions, receiving a new version of Android is cause for celebration, although with security updates, the excitement is usually less: after you install them, everything. look alike. But this is not the case, and it is important to install them as soon as they arrive.
What are security updates
Android Security Updates are nothing more than a collection of fixes that fix bugs, issues, and system security vulnerabilities. Specifically, errors that apply to system components and not to specific apps, the errors of which could be resolved by updating the app on Google Play.
Like Android updates, security patches must be adapted by manufacturers before they are available to users. The reason is simple: not all phones have the same software or hardware, so a Qualcomm vulnerability patch is not necessary on a mobile with a MediaTek processor, and vice versa. This is the reason why some mobiles lack patches.
Not all phones have the same hardware, so they don’t all need the same patches
To facilitate their dissemination, Google compiles these fixes in monthly packages, which it publishes in a monthly bulletin that details all the vulnerabilities collected. For example, the May 2020 security patch fixes 39 vulnerabilities in different components. This is the AOSP (Android Open Source Project) newsletter, on which manufacturers build theirs by adding and removing.
Then, it is the turn of the manufacturers, who have their own security bulletins detailing the patches that they included in their last security update (Google, Huawei, LG, Motorola, Nokia, Samsung. They resume the patches. Android security bulletin that affects them and add theirs For example, Samsung includes in its latest bulletin a fix for a security issue that affects the S Pen.
Some of the vulnerabilities fixed in the latest security patch
In short, security patches are nothing more than Android bug and vulnerability fixes that are available faster than full system updates. In this way, an Android mobile can be more secure and less exposed to security problems even if it does not have the latest version of Android.
Android 10 has released a new way to install security updates: from Google Play
With Android 10 came another type of security update: those for Google Play. To make it even easier to fix bugs in critical system modules, some Android components can be updated from Google Play, without the need for a full Android update or security patch. These fixes are also detailed in the monthly security bulletins.
Why is it important to install them
When your mobile has a security update, you will receive a notification on your mobile which is difficult to get rid of. You can ignore it, although it will reappear periodically until you do the right thing: install it.
Installing security updates is very easy, as all you need to do is press a button and wait for the process to complete, although it will prevent you from using your mobile until it is finished. This added to the fact that there is usually no noticeable novelty after installation can cause a bit of laziness to install them. However, you must install them as soon as they arrive.
Keep in mind that from the time vulnerabilities are discovered until a patch is created for them and they are included in the bulletin, it can take months. As they are included in the newsletter until it reaches your mobile it can take weeks. Or months, if your mobile receives them quarterly and not monthly. The sooner you install it, the sooner your mobile will cease to be vulnerable to security breaches.
While Google, Sony and Nokia release security fixes the same day they are posted in the newsletter, other devices can take weeks or months. These are weeks or months during which your mobile is vulnerable to attacks. This does not mean that a hacker or a malicious application will exploit these security holes immediately, although the possibility is always there.
In case that helps, although it is not usual, some manufacturers take advantage of security updates to put certain system improvements in the same package. No big changes, but some optimizations here and there, for example in the camera app or in any other element. These types of changes are usually specified on the screen to install the update.