## Android Security Updates Shift to Risk-Based System
In the summer of 2025, a noticeable shift in Android security updates occurred – a month with no reported vulnerabilities followed by one with over a hundred.This wasn’t accidental, but a direct result of GoogleS reformed security patch distribution system, as detailed in a recent report.
Previously, Google released a monthly Android security bulletin listing dozens of security gaps, providing manufacturers roughly a month to adapt and prepare updates for their devices. While flagship models often received these monthly patches, many lower-priced devices experienced important delays, sometimes only receiving quarterly updates, compromising user security.
Google’s new “Risk-Based Update System” (RBUS) departs from this routine. The new system prioritizes immediate attention for only the most critical, actively exploited vulnerabilities – those classified as “high-risk.” Monthly bulletins will now focus solely on these urgent threats. Less time-critical patches will be bundled into comprehensive quarterly updates released in March, June, September, and December.
The aim of this change is to alleviate pressure on device manufacturers. A smaller monthly emergency package combined with predictable,larger quarterly updates should make it easier to ensure consistent update delivery across their entire device portfolio,ultimately benefiting users of non-premium devices.
However, experts, including those from the GraphenoS project, caution that the extended lead time for quarterly patches (several months compared to one) could potentially increase the risk of data leaks, giving attackers more time to develop malware if vulnerability details become public.
Furthermore, the quarterly release schedule means the source code for patches is no longer published monthly, potentially delaying security updates for alternative Android systems. Despite these concerns, Google views the change as a logical step towards more reliable updates for a wider range of Android devices, even if the frequency for most patches is now quarterly.
transparency: This article contains partner links.By clicking on it, you get directly to the provider. If you choose a purchase there,we will receive a small commission.Nothing changes for you at the price. Partner links have no influence on our reporting.
