Facing Stagefright, Google, Samsung, LG all commit to pushing monthly security patches for Android devices

Following the revelation of Android-focused malware Stagefright, Google is working to push monthly security fixes to its millions of mobile users worldwide. Samsung and LG have both committed to streamline that update process to push patches to their Android devices.

The complicated Android ecosystem, where mobile operators and handset makers serve as gatekeepers to software updates, has traditionally made it difficult for Google to push out any kind of update to all end users. Having Samsung and LG on board with the new monthly fix plan helps but doesn't entirely solve the problem. 

The newfound MMS-based attack put an estimated 950 million Android devices at risk, according to Joshua Drake, Zimperium VP of platform research and exploitation. The exploit has likely done no favors for the unsecure perception of Android in the enterprise, an image Google has been trying to shed.

The first of those patches went out Wednesday to Google devices to shore up the flaw that Stagefright exploited. While the blog post points to Google pushing over-the-air updates to only its own branded devices, statements from OEMs show they will try to institute those updates as soon as they can, carriers permitting.

In an email statement, Google did not make clear how all OEMs would handle the updates. However, Samsung and LG made their own statements that showed their intentions to set up systems to fix security flaws as soon as possible.

Samsung, whose devices make up 37.8 percent of the entire Android market share, fast tracked the Stagefright security updates to its Galaxy devices and will build on that incident to optimize future monthly processes.

In a similar move, LG will push the Stagefright updates to all of its in-market devices susceptible to the attack and set up its own monthly fixes for Android.

All said, much of the onus for providing security fixes will fall on the carriers for whom the OEMs supply phones. LG and Samsung said they are both working with carriers to push updates as quickly as possible.

If anything, Android's fractured OS ecosystem could use a bit of top-down unification. Whether that crystallizes around security, and whether Google and its OEM partners can figure out a way to seamlessly do it, remains to be seen.