Android Security Updates: An Important Element of Device Hygiene That Device Makers Often Miss

Consumers store more personal data on smartphones than any other device. But many are unaware of how risky this can be. Few consumers in our research mention regular security updates as a highly desirable feature. This may be because consumers assume that their smartphones will be updated, or that they don’t understand the implications of poor security. Or maybe it’s because attacks are relatively rare. But they can be highly disruptive when they do occur. Google is issuing regular Android security bulletins covering the security updates, which provides fixes for possible security issues affecting devices running on Android. Hence, updating devices regularly is one of the important ways to keep devices secure.

Most of these vulnerabilities range from remote code execution, denial of service, and disclosing information. For example, Google has confirmed that it is fixing 193 Android security vulnerabilities with its Android 10 release through a default Android 10 patch. In the September Android security bulletin, Google has fixed more than 50 Android vulnerabilities, which included two critical ones while 12 were categorized under “high-severity”. As per Google, one of the critical vulnerabilities included in the media framework component that could enable a remote attacker using a special file to execute arbitrary code within the context of privileged process.This is just one example of how issuing regular security updates can help end consumers mitigating security-related risks on their Android devices.

Google is addressing security and privacy-related risks through various other steps. Some of the initiatives include Project Treble and strengthening device partner agreements with mandated security updates, the most recent being Project Mainline. Project Mainline aims to bring more security updates to users faster than ever before. Google is working closely with device manufacturers to ensure smooth execution of Project Mainline. Currently, very few device makers are doing a good job on issuing regular security updates even though Android partners are notified of all security vulnerability issues at least a month before publication.

As per our recent whitepaper titled Software and Security Updates: The Missing Link for Smartphones, among the top 10 smartphone makers, Nokia issues regular monthly security patches across its entire portfolio. Nokia is closely followed by Lenovo, which issues monthly security patches to most of its active models. Other leading brands including Xiaomi, Huawei, OPPO, Samsung, and Vivo, tend to issue security updates only quarterly. If we analyze further by price tier, the trend is similar to that of operating system updates. The sub-US$200 segment has the fewest security updates, while premium smartphones fare better in getting regular updates.

Exhibit 1: Security Patch Frequency Share for Top 10 Manufacturers

Security Patch Frequency Share for Top 10 ManufacturersSource: Counterpoint Research White Paper: “Software and Security Updates:  The Missing Link for Smartphones”

To conclude, we believe that while issuing regular software and security updates are important, notifying users is also equally important. This should be undertaken widely – for example, on websites, and via social media. Consumers are tending to keep their smartphones for longer. And they tend to spend a little more when they do buy a new device. The average time consumers keep a flagship smartphone before buying a new device has been gradually extending. In markets as diverse as China, Europe, and the US, it is now approaching 30 months. Clearly, keeping the software and security up to date is important to ensure consumers continue to enjoy good performance and security throughout their ownership


Tarun is a Research Director with Counterpoint Technology Market Research, based out of Gurgaon (near New Delhi). Tarun has 10 years of work experience with a key focus on the evolving mobile device ecosystem with specialties in Emerging Markets. He understands specific mobile industry nuances, helping clients to navigate through the rapidly changing technological trends. As a Telecom Analyst he has been quoted extensively by the leading media platforms. Tarun holds a Post Graduate Diploma in Management, specializing in International Business from the Amity International Business School and is a graduate in Physical Sciences from Jammu University, Jammu in the northern Indian state of Jammu & Kashmir.

Term of Use and Privacy Policy

Counterpoint Technology Market Research Limited


In order to access Counterpoint Technology Market Research Limited (Company or We hereafter) Web sites, you may be asked to complete a registration form. You are required to provide contact information which is used to enhance the user experience and determine whether you are a paid subscriber or not.
Personal Information When you register on we ask you for personal information. We use this information to provide you with the best advice and highest-quality service as well as with offers that we think are relevant to you. We may also contact you regarding a Web site problem or other customer service-related issues. We do not sell, share or rent personal information about you collected on Company Web sites.

How to unsubscribe and Termination

You may request to terminate your account or unsubscribe to any email subscriptions or mailing lists at any time. In accessing and using this Website, User agrees to comply with all applicable laws and agrees not to take any action that would compromise the security or viability of this Website. The Company may terminate User’s access to this Website at any time for any reason. The terms hereunder regarding Accuracy of Information and Third Party Rights shall survive termination.

Website Content and Copyright

This Website is the property of Counterpoint and is protected by international copyright law and conventions. We grant users the right to access and use the Website, so long as such use is for internal information purposes, and User does not alter, copy, disseminate, redistribute or republish any content or feature of this Website. User acknowledges that access to and use of this Website is subject to these TERMS OF USE and any expanded access or use must be approved in writing by the Company.
– Passwords are for user’s individual use
– Passwords may not be shared with others
– Users may not store documents in shared folders.
– Users may not redistribute documents to non-users unless otherwise stated in their contract terms.

Changes or Updates to the Website

The Company reserves the right to change, update or discontinue any aspect of this Website at any time without notice. Your continued use of the Website after any such change constitutes your agreement to these TERMS OF USE, as modified.
Accuracy of Information: While the information contained on this Website has been obtained from sources believed to be reliable, We disclaims all warranties as to the accuracy, completeness or adequacy of such information. User assumes sole responsibility for the use it makes of this Website to achieve his/her intended results.

Third Party Links: This Website may contain links to other third party websites, which are provided as additional resources for the convenience of Users. We do not endorse, sponsor or accept any responsibility for these third party websites, User agrees to direct any concerns relating to these third party websites to the relevant website administrator.

Cookies and Tracking

We may monitor how you use our Web sites. It is used solely for purposes of enabling us to provide you with a personalized Web site experience.
This data may also be used in the aggregate, to identify appropriate product offerings and subscription plans.
Cookies may be set in order to identify you and determine your access privileges. Cookies are simply identifiers. You have the ability to delete cookie files from your hard disk drive.