Slide show

There's reason to be skeptical of Samsung's new 'commitment' to monthly security updates

There's reason to be skeptical of Samsung's new 'commitment' to monthly security updates

A generic form response from Samsung's 'security team' does not mean what you think it means.

Building on the frustration of the U.S. unlocked Galaxy S7 still not having Nougat while other models are updated, a story is swirling this week about Samsung Mobile Security saying in an email that it will "commit" to updates every month for unlocked phones. As great as it would be, there's plenty of reason to be skeptical about the possibilities of Samsung flipping the switch to a full-on commitment to release these updates monthly — even for a single device in a single country.

Going back as far as August 2015, Samsung has made a commitment to streamlining the security patch update process, going so far as to list devices that would receive the updates and start surfacing the patch level in its software. We were rightfully excited back in 2015 — then everyone forgot about it as things got back to normal and various phones and tablets skipped patches for months at a time.

Samsung's simple Mobile Security website, which has been around since shortly after that 2015 announcement, lists the same information it always has. You'll find the latest security patch information — including March 2017 patches — plus a list of devices slated to get updates and what specifically was fixed in each update. The wording is explicit, and has been there for well over a year now (emphasis mine):

In order to meet your expectations and continue to keep our products secure, Samsung will release monthly and quarterly security updates on selected Samsung devices listed below. Monthly and quarterly security updates will include patches for Android OS related security issues released by Google, as well as, patches for Samsung-specific security issues.

The list of devices includes the Galaxy S7 series, Galaxy S6 series, Galaxy S5 series, Galaxy Note 5 and more. Unfortunately for all of us, things aren't that easy, and there is always a disclaimer letting Samsung off the hook (again, emphasis mine):

Please note that in some cases regular OS upgrades may cause delays to planned security updates. However, users can be rest assured the OS upgrades will include all up-to-date security patches when delivered. While we are doing our best to deliver the security patches as soon as possible to all applicable models, delivery time of security patches may vary depending on the regions and models.

The disclaimer has to be there for multiple reasons, not the least of which being the logistical hurdles that keep Samsung from actually fulfilling the promise of keeping so many phones updated month after month. It seems downright improbable at this point that Samsung could update a single phone — like the U.S. unlocked Galaxy S7 — every single month, let alone the full cadre of models listed above that it already says it will update monthly.

Samsung has 'committed' to monthly security patches since August 2015.

Considering that update schedules for Samsung phones have varied dramatically by model, but also region, country and carrier (or lack thereof), it would be a substantial change in protocol for Samsung to start painting with such a broad brush as to fully commit, without reservation, to monthly security patches for a set number of phones, whether they're unlocked or carrier branded. It would be cause for celebration, in fact; not something to keep internal and choose not to make a triumphant announcement about.

Samsung may have recently placed a renewed sense of importance on monthly updates internally — and Nougat's new seamless updates may make the monthly cadence easier for normal users to handle. But none of that means we should all of a sudden expect to see security patches every single month, as Samsung has been unable to do so with a single model to date despite making it a point of emphasis.

Until the wording on its official pages changes, and we start seeing patches arrive month after month on Samsung phones — from much-maligned U.S. unlocked Galaxy S7 to any other new phone — there's reason to be skeptical that anything has changed since August 2015.

No comments: