Google has been beefing up its security chops over the years, first through every version upgrade and then through monthly security patches. Google has taken steps to protect users against vulnerabilities by addressing issues proactively. In fact, there’s also an Enterprise version of Android that promises more robust security features. Yet, the world’s most popular operating system has had the reputation of less secure than Apple’s iOS which prides itself as a ‘walled garden’. It seems Google is trying to bridge that gap by taking steps to push out the security updates easier and faster by OEMs.
XDA Developers looked into AOSP code and found that Google might separate the Android Framework patch level, which houses the operating system from the Android vendor patch level which hardware makers like Qualcomm push out. This means phone manufacturers can send out updates to the Android Framework even if the hardware makers are not ready with it.
As of now, to update a device to the latest patch, both Android Framework and the vendor patch needs to be updated at the same time. The possible separation will mean that the OEMs can push out the OS-level changes even if the firmware-level changes like WiFi and Bluetooth fixes take their time.
The separation could be a refinement in Project Treble that was launched alongside Android 8.0 Oreo to handle updates more consistently. This is not yet confirmed, and Google might have something else in mind, but the fact that Android is separating the two chunks might be a sign of good things to come.