Android is changing its approach to security updates, moving towards a new risk-based system that prioritizes critical vulnerabilities over minor issues. In the past, Google would release a monthly bulletin detailing every single fix, but this could overwhelm phone manufacturers and lead to delays in getting updates to users.
Now, Google is adopting a Risk-Based Update System, where high-risk vulnerabilities are addressed in monthly releases, while moderate and low-severity issues are saved for quarterly updates. This shift allows manufacturers to focus on the most critical issues and deliver updates more consistently to users.
The new strategy benefits both manufacturers and users. Manufacturers can allocate resources more efficiently, and users can expect more timely and comprehensive security updates. While there is a potential downside in terms of longer lead times for quarterly fixes, the system is designed to prioritize the most dangerous patches to protect users from real threats.
Overall, Google’s new risk-based approach aims to enhance the security of the Android ecosystem and make users’ devices safer with each update. By focusing on what matters most, Google is working towards a more secure Android experience for all users.