The fact that Huawei is abandoning all Google Android phones from the P20/Pro or earlier by stopping monthly Google Android security updates shows what it thinks of Google Android – and its users!
Huawei users have contacted GadgetGuy saying that the last Google Android security updates were 1/8/2019. Our requests for clarification from Huawei have gone unanswered.
It seems now that the company will only roll out monthly Google Android security updates for Australian handsets including 2019 P30/Pro and Mate 30/Pro. Its 2018 series including the Mate20/Pro/RS are soon to get the chop.
It has introduced a new non-mandatory ‘quarterly’ update for other recent models (mainly its Lite versions and 2018/2019 Nova and Y-series). But is mysteriously missing the popular 2017 Mate 10/Pro and P10/Pro.
Of course, that also excludes its non-Google Android phones like the Mate 30/Pro and the P40/Pro that run Huawei’s EMUI 10. These have no Google Services, apps, Google Play access or Google Security.
You can check the full list here.
Are security updates important?
Android has about 85% of the smartphone market, and it is the biggest target. Cybercriminals look to exploit both known vulnerabilities and zero-day exploits.
If you don’t patch regularly, you are vulnerable to exploits discovered after the last security patch. That could be as simple as an automated bot roving the internet that tests your older phone and whammo – it can steal your contacts, data, photos, access the mic or track you.
Yes – security patches are vital for safe use of our most personal device.
GadgetGuy’s take – sorry Huawei – not nearly good enough not to provide Google Android security updates
How long do you expect to get a security update? The most common answer is at least four-to-five years.
And it seems users are not remotely worried about operating system updates (from Android 8 to 9 to 10, etc.) if the security patches keep coming.
Here are the significant players’ security patch policies
Google supplies monthly security updates to Huawei (and any other Google Android phone maker). After a cursory test, the updates go to Telco carriers that may overlay their network software then send it as an over-the-air-update.
Huawei is supposedly a premium handset maker. It rolls the security patches into its EMUI update that may also correct bugs or add new features. It has now shown that it is not interested in supporting handsets over two years old.
Compare that to
Samsung is still updating phones going back to the March 2016 Galaxy S7 as well as updating its UI or OS for any CVE vulnerabilities.
Nokia uses pure Android and guarantees two years of OS upgrades and three years of security patches.
Google Pixel is still rolling out updates for the original as well as its Nexus range.
Motorola uses pure Android and supports its Moto e5-series, g-6 series, Z2-series and all its 2018/19/20 phones with security patches.
LG ‘Product, Security Response Team, will periodically (usually monthly) publish bulletins and updates about security issues in LG handset.’
Even OPPO (and we presume its siblings realme and vivo) have stepped up. It now has an OPPO Security Response Centre dedicated to protecting the security of OPPO’s users, products and services, promoting cooperation and communications among security experts. It says that monthly Google Security patches are vital on flagships – Reno, Find X/X2/Pro and quarterly updates for the rest (A-series). But then we expect no more from a mass-market phone.
OPPO has also recently partnered with HackerOne to enhance the security of its phones. HackerOne’ pen-tests’ each model trying to find a way in and operates a bug bounty program.
We did not canvas the lower cost providers like Alcatel, Mintt, Aspera, but we can tell you that at best these get quarterly security updates for the model year.
And if you have a MediaTek based smartphone, you will need the March 2020 security update to patch a vulnerability affecting that processor brand.