pindrop-logo-2.svg
Search
Close this search box.
Search
Close this search box.

Written by: Mike Yang

As Google begins rolling out the next version of Android, called Nougat, to users this week, the company already is planning a new strategy for providing updates to the operating system more frequently.
Traditionally, Google has updated Android essentially once a year, putting a new major release about every 12 months. But as the mobile device has become many users’ main computing and communications platform, that shift has necessitated more frequent major updates. So Google officials are planning to push out updates more often than once a year.
“We’re moving Nougat into a new regular maintenance schedule over the coming quarters. In fact, we’ve already started work on the first Nougat maintenance release, that will bring continued refinements and polish, and we’re planning to bring that to you this fall as a developer preview,” Dave Burke, vice president of engineering at Google, said in a post.

“We’re moving Nougat into a new regular maintenance schedule over the coming quarters.”

Google has been pushing security updates for Android on a monthly basis for about a year now, much more frequently than Apple patched iOS. Those releases typically include a large number of patches, and it appears that those updates will remain separate from the maintenance releases that Burke referenced. However, because of the way that the Android ecosystem works, the security updates, as well as the maintenance releases, are up to the carriers to send out. Google pushes out the updates to Nexus owners right away, but users of other Android devices have to wait for carriers to decide when/if to push out updates.
In terms of security, Nougat will bring with it some new protections. One key change is to the memory system, where Google has decided to mark some memory as read-only, a way to mitigate memory corruption attacks.
“This feature segments kernel memory into logical sections and sets restrictive page access permissions on each section. Code is marked as read only + execute. Data sections are marked as no-execute and further segmented into read-only and read-write sections. This feature is enabled with config option CONFIG_DEBUG_RODATA,” Jeff Vander Stoep of the Android security team, said.
Nougat also has additional sandbox protection, requiring all Android devices to use the built-in seccomp sandbox tool.

More
Blogs