Two types of updates come to our Android mobiles: the new versions of Android or the customization layer and the security updates. Unlike Android updates, security updates arrive relatively frequently, being monthly at best. But what are they and what are they for?
Considering the fragmentation landscape of Android versions, receiving a new version of Android is cause for celebration, although with security updates the emotion is usually less: after installing them, everything seems the same. But it is not, and it is important to install them as soon as they arrive.
What are security updates
Android security updates are nothing more than a collection of patches that fix bugs, problems and security holes in the system. Specifically, those errors that apply to system components and not to specific applications, whose errors could be solved by updating the application on Google Play.
Like Android updates, security patches need to be adapted by manufacturers before they are available to users. The reason is simple: not all mobiles have the same software or hardware, so a patch for a Qualcomm vulnerability is not required on a mobile with a MediaTek processor, and vice versa. This is the reason why some mobiles are missing patches.
To facilitate its dissemination, Google collect these patches into monthly packages, which publishes in a monthly bulletin detailing all the vulnerabilities collected. For example, the May 2020 security patch fixes 39 vulnerabilities in different components. This is the AOSP (Android Open Source Project) newsletter, on which manufacturers build their own by adding and removing.
Then it is manufacturers turn, who have their own security bulletins detailing the corrections they have included in their latest security update (Google, Huawei, LG, Motorola, Nokia, Samsung. These take the corrections from the Android security bulletin that affect them and add their own For example, Samsung includes in its latest bulletin a patch for a security issue affecting the S Pen.
In short, security patches are nothing more than Android bug fixes and vulnerabilities They are available faster than full system updates. In this way, an Android mobile can be kept safer and less exposed to security problems even if it does not have the latest version of Android.
Android 10 released a new way to install security updates: from Google Play
With Android 10 they came other type of security updates: Google Play updates. To further facilitate the correction of errors in critical system modules, some Android components can be updated from Google Play, without the need for a full Android update or a security patch. These corrections are also detailed in the monthly security bulletins.
Why it is important to install them
When your mobile has a security update available, you will receive a notification on the mobile from which it is difficult to get rid of. You can ignore it, although it will reappear periodically until you do the right thing: install it.
Installing security updates is very simple, because you only have to press a button and wait for the process to complete, although it will leave you without being able to use the mobile until it ends. This together with that generally there is no visible novelty after installing it can result in some laziness installing them. However, you should install them as soon as they arrive.
Keep in mind that it takes months for vulnerabilities to be discovered until a patch is created and included in the bulletin. From the time they are included in the newsletter until it reaches your mobile, weeks can go by. Or months, if your mobile is receiving them quarterly and not monthly. The sooner you install it, before it will stop your mobile from being vulnerable to security holes.
While Google, Sony and Nokia release the security patches the same day that they are published in the bulletin, other terminals may take weeks or months. Those are weeks or months in which your mobile is vulnerable to attack. This does not mean that some hacker or malicious application is going to take advantage of these security holes immediately, although the possibility is always there.
In case it is an incentive, although it is not usual, some manufacturers take advantage of security updates to put some improvements in the same package of the system. Not big changes, but some optimization here or there, for example in the camera application or in any other element. These types of changes are usually specified on the screen to install the update.