Google has urged companies to get better at patching Android devices.
The tech giant's cybersecurity branch Project Zero has addressed the way its updates work, with Android being based on Linux and essentially working as an open-source solution, which allows third party manufacturers such as LG and Samsung to control their version of the operating system.
However, this decentralisation means when Google releases a patch, it is analysed and modified by the manufacturer before arriving on the device, which can leave users vulnerable.
In a blog post, the team said: “Just as users are recommended to patch as quickly as they can once a release containing security updates is available, so the same applies to vendors and companies/
“Minimizing the 'patch gap' as a vendor in these scenarios is arguably more important, as end users (or other vendors downstream) are blocking on this action before they can receive the security benefits of the patch."
"Companies need to remain vigilant, follow upstream sources closely, and do their best to provide complete patches to users as soon as possible.”
