The news of the Stagefright exploit appears to have precipitated a much needed update commitment from Google and various Android OEMs. After Samsung announced its new Android security update process and Google revealed the details of a new Nexus update policy, LG is following suit and promising similar monthly security patch updates.
Although it hasn't been officially announced by the company, the news comes from a couple of reliable sources. First, speaking at the security conference Black Hat 2015, Googler Adrian Ludwig revealed that LG has made the same commitment to send the monthly security patches that it receives from Google to end users. This, supposedly, should last for three years after a handset is announced, the same as Nexus phones. And second, an LG spokesperson told Wired the following statement:
“LG will be providing security updates on a monthly basis which carriers will then be able to make available to customers immediately. We believe these important steps will demonstrate to LG customers that security is our highest priority.”
This makes me really happy as an LG user. Having started with the G2, then G3, and now G4, I know the company isn't that swift at releasing software updates to its flagships (not to talk of its lower-end devices), even if it's started to get better at it. So whenever I heard of a new vulnerability or exploit, I always assumed that it'd be months before I got it on my phone. This won't be the case anymore, and while the details of the commitment aren't clear (only flagships or all devices? How long after a phone's release will the patches be sent for? Will carriers be ready to handle these frequent updates?) and there's still no news of a commitment to software OTA updates, I'm at least reassured by the fact that the company doesn't plan on leaving users waiting for months before getting critical security fixes.