Android Intelligence Analysis

Two big buts about Samsung's Android security update announcement

Samsung's plan to provide security patches to its Android phones for a full four years is fantastic news, but there's more to the story than meets the eye.

Samsung Android Security Updates
Google/JR Raphael

Android Intelligence Analysis

Show More

Didja see? Samsung's pledging a full four years of support for security updates on its Galaxy-branded Android phones. Well, shiver me timbers: That sure is somethin'!

Samsung slapped the news down onto these here internerfs of ours Monday morning, and the glowing headlines predictably followed — with some stories going as far as to proclaim Samsung as the new undisputed "king of Android upgrades" or to declare that the company was now "beating Google at its own game."

Yeaaaaaaaah. That, my friends, is what we call an effective press release rollout.

Don't get me wrong: Samsung's newly stated commitment is excellent news, without a doubt, and it's hopefully a move that'll only spur more companies in the Android universe to follow suit (yay!). But there's also more to it than you see on the surface (aww!) — and the situation isn't nearly as black and white as some interpretations would leave you to believe (ohh...). So let's take a minute to explore the nuances of Samsung's shift and wrap our moist person-brains around what's actually happening here, shall we?

First, for context: For a while now, most Android device-makers have — at least in theory — agreed to provide a minimum of two years of operating system updates and security patches for their top-tier, flagship-level phones. Last year, Google bumped that up to a three-year guarantee for its own Pixel phones (insert suggestive eyebrow raise here), and Samsung soon offered a similar promise for some of its Galaxy devices (albeit without the same assurance of timeliness attached).

So now, what Samsung is doing is taking that a step further by saying it'll provide the Android security patches for an additional year beyond that three-year period — which, again, is fantastic. While full-fledged operating system upgrades absolutely do play a significant role in areas like performance, privacy, and security, the smaller security patches alone are still much better than nothing (obviously, right?!). And knowing you'll receive those for four years instead of three — or sometimes even less — is a valuable bit of assurance for anyone who hangs onto a phone even once it's reached, erm, elderly golden-ager status.

But — well, we've got those big buts to discuss. Shall we?

The first big but with Samsung's upgrade announcement

Okay, first: The question of when and how often a Samsung Android device will receive those security updates as part of this newly formalized plan is vexingly ambiguous. Some Samsung phones, y'see, are set to receive security updates monthly — at the same cadence those patches are released by Google and intended to be delivered. Others are down for only quarterly security patch rollouts. And others yet are one category lower, under a decidedly vague "regular updates" designation.

Samsung doesn't elaborate on what, exactly, "regular updates" entail — but it seems safe to say it's something less frequent than quarterly, since it's a separate category that's one notch down in the list. A "regular update" that's a step below quarterly could arrive only twice a year — or maybe even just once. It's up to interpretation, tellingly, but assuming it's a rate that's meaningfully less than four times a year seems like a reasonable conclusion to make, being that Samsung went out of the way to create that extra category for it.

Now, that's still better than nothing — right? Absotively! That's especially true in that fourth year, when most Android phones would be getting precisely bupkis. But, well, Samsung isn't only putting devices that are in their fourth year into that category.

For instance: According to the company's current device status breakdown, the top-of-the-line Galaxy Tab S4 — which launched in August of 2018 and cost a cool $649 to start (or $800, if you got its cheapest available option with the suggested keyboard attachment) — is already down to "regular" security update status, despite being less than three years old. The same is true for several midrange phone models from 2018.

The enterprise-aimed Galaxy A8, meanwhile, is already in the quarterly update category in its third year of life. The same is true for the top-tier Galaxy Tab S7 and S7+, which just came out this past September. Most of Samsung's midrange phones are also listed for quarterly security updates at best, no matter when they were released.

And when you're comparing that to Google's own Pixel update commitment, the comparison isn't quite as black and white as some folks around these interwebs have been making it out to be. Google currently sends security updates to all of its Pixel phones, including the $350 "a" models, on a monthly basis — as the updates are released — for three years. And it sends full operating system updates to all of those devices more or less instantly, too, for that same three-year period.

Samsung, as we just established, sends security patches every single month for some of its phones but then provides those updates only quarterly or "regularly" for others, with no explicit guarantee of when a phone might move from one state to the next — so while it does now continue those updates for four years instead of three, in some cases, you'll end up with much less frequent updates for a fair part or perhaps even all of that time. And despite the company's relative improvements over these past couple years, its reliability with actual operating system upgrades continues to be anything but optimal and significantly behind Google's standard. So you win some, you lose some, in other words; any advantage offered by the new fourth-year addition is offset by those hefty and underemphasized asterisks.

And all of that, m'dear, is but only our first big but.

The second big but with Samsung's upgrade announcement

Prepare yourself: This second big but is a juicy one, and it's largely being forgotten amidst this week's discussion. So here it is: Two months ago, Google and Qualcomm announced that the latest series of Qualcomm chips would support — wait for it — four years of security updates for Android phones. Yup. So what Samsung is doing isn't actually breaking new ground but rather following that earlier announcement with its own embrace of the same concept.

Now, let's not minimize the positive here: Any improvement is an improvement worth celebrating, especially when it comes to the oft-discouraging area of Android upgrades. But Samsung using this news to position itself as an industry-leading innovator is maybe just a teensy bit disingenuous. As is often the case here in these mossy mobile-tech waters of ours, a little context goes a long way in taking us beyond the press release headlines and letting us figure out what's actually going on.

Zooming out more broadly, it'll be interesting to see if and how Google evolves its own software support commitments when its next generation of new Pixel phones lands later this year. The joint announcement with Qualcomm suggests Google will at the very least honor that four-year period for security updates, like Samsung — only with the likely twist that all Pixel phones would receive the updates every single month, without any quarterly or "regular" downgrades in designation or any murkiness surrounding which tier any given device will fall into and for how long.

Beyond that, if Google's first homemade processors make their way into Pixel phones this fall, as expected, it's entirely possible even longer support life could become more feasible from Google's perspective — something I've been hoping to see for a while and that could eventually inspire even broader progress throughout the entire Android ecosystem.

The realm of Android upgrades has been overdue for improvement for far too long now, and with any luck, what we're seeing now is just the start — even if this week's news in and of itself might not be quite as earth-shattering as it seems on the surface.

Sign up for my weekly newsletter to get more practical tips, personal recommendations, and plain-English perspective on the news that matters.

AI Newsletter

Copyright © 2021 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon