It was only after the Stagefright vulnerability was discovered last year that Google and many of its partner OEMs committed to monthly security updates for Android devices. Malware and vulnerabilities have long been an issue on Android so there’s definitely a need for timely security updates. It has been four months since Google started releasing these updates and there’s just one OEM that’s actually releasing said updates on time.
BlackBerry became an Android OEM with the Priv, its first Android-powered smartphone, and since BB has always used security as a premise to sell its devices the company has paid attention to rolling out the latest security updates for the Priv.
The company pats itself on the back for timely vulnerability patching in a post on the official BlackBerry blog. Google releases a list of security vulnerabilities on Android every month and OEMs need to release the patches timely to reduce risk of exploitation.
The table ranks patching efficieny of different Android OEMs and lists the time between the list’s release and the actual patching exercise. BlackBerry is at the top of the list as its the first OEM to deliver patches in line with Google’s public disclosure. Other OEMs can sometimes take weeks or even months to do the same.
One could argue that BlackBerry only has one Android-powered device in the field while other OEMs like Samsung, for example, has hundreds but I think many would agree that OEMs have to step up their patching pace to ensure that users don’t remain at risk once the vulnerabilities have been made public.