Android updates, or “major operating system updates”, are released on an annual basis. This is when Android 12 is updated to Android 13, or One UI 3 to One UI 4, and so on. Generally, devices receive an additional year of security updates after receiving the latest operating system update. For instance, Samsung guarantees five years of security updates for its flagship models.
Google has recently extended its security update promise by five years, beginning with the Pixel 6 line. Other companies such as OnePlus, Xiaomi, Oppo and more offer three to four years of security patches depending on the type of phone. These capabilities reduce the chances of security vulnerabilities being successfully exploited on Android. Critical security vulnerabilities become public knowledge every few weeks or months, and once a system is no longer compatible, users who continue to use it become vulnerable to exploiting known vulnerabilities.
The security vulnerabilities documented in this security bulletin are necessary to declare the most recent security patch level on Android devices. You have likely received many of them over time, as cybercriminals are always trying to find new ways to bypass your phone's security. Additionally, mobile app security updates are released through official app markets such as Galaxy Store or Google Play Store. In this regard, the best iPhones and the best Android phones differ significantly, although the gap between them is narrowing.Most Android OEMs develop their own versions of the monthly security patches, and you can expect to receive them for several years.
See the Android and Google Play Protect mitigations section for more information on the Android security platform and Google Play Protect protections which improve the security of the Android platform. Security patches are common on smartphones, and there are simple ways to stay up-to-date with your phone. There is not much malware available for iOS yet, and the chances of being infected are lower than on an Android smartphone, even with an iPhone that is more than seven years old.Another issue with Android devices is that older versions of the Android operating system stay much longer than they should, as phone manufacturers often ship second-tier or inexpensive phones without the latest version of Android. Problems with the operating system, kernel patches and driver updates may not affect any particular device, but those that maintain the operating system code - i.e., Google - must fix them in the Android base.
Evaluating the limits of safe use of an Android phone can be more difficult since Android phones aren't as standardized as iPhones. For the portable devices listed below, Samsung publishes regular security updates that include patches for security issues related to WearOS published by Google and patches for security issues specific to Samsung.