the number of security updates for AOSP is being cut by Google in order to make custom ROMs less secure
Please don’t spread misinformation. Google didn’t cut security updates. You can still get monthly security updates on Custom ROMs.
Also it’s just on certified devices
Starting next year, Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices. source
This is probably where they got the 3 month number. It is fuckery and they are making the lives of custom rom developers more difficult than they need to be.
Over the last few years, AOSP has been shifting to a quarterly release cadence, meaning that new features and bug fixes are released every three months. link
They’re not releasing the list of vulnerabilities each month but instead doing it quarterly, so how are custom ROM devs supposed to patch vulnerabilities if google isn’t reporting them to manufacturers and developers like they’ve done for over a decade now?
Given how large and complex the Android operating system and its underlying components are, it’s not unusual to see a dozen or more vulnerabilities documented in a bulletin. However, the July 2025 bulletin broke this decade-long trend: out of the 120 bulletins published up to that point, it was the first ever to not list a single vulnerability.
Instead of bundling all available security patches into the next ASB, Google now prioritizes shipping only “high-risk” vulnerabilities in its monthly releases. The majority of security fixes, meanwhile, will be shipped in quarterly ASBs.
it’s not misinformation, you weird little google fanboy.
Also it’s just on certified devices
which is every single major western brand that operates outside of china, and even some that are for that market specifically. you would know that if you had, I don’t know, actually looked at the list of certified devices on google’s own website.
Please don’t spread misinformation. Google didn’t cut security updates. You can still get monthly security updates on Custom ROMs.
Also it’s just on certified devices
https://discuss.grapheneos.org/d/27068-grapheneos-security-preview-releases
This is probably where they got the 3 month number. It is fuckery and they are making the lives of custom rom developers more difficult than they need to be.
Here is a good information from LineageOS;
misinformation and grapheneos, again?
https://www.androidauthority.com/android-risk-based-security-updates-3597466/
They’re not releasing the list of vulnerabilities each month but instead doing it quarterly, so how are custom ROM devs supposed to patch vulnerabilities if google isn’t reporting them to manufacturers and developers like they’ve done for over a decade now?
“Android Security Bulletins will still be released, and picked to all supported LineageOS versions monthly.” LineageOS
Wow you’re completely full of shit aren’t you
what do you mean?
You are a slave
it’s not misinformation, you weird little google fanboy.
which is every single major western brand that operates outside of china, and even some that are for that market specifically. you would know that if you had, I don’t know, actually looked at the list of certified devices on google’s own website.
https://www.android.com/certified/partners/
Let me clarify myself.
I hate Google
I don’t even have a Google account I did 100% De-Google
I even think of blocking google.com (but it would also block ReCaptcha)
and you confuse by devices they don’t mean “the device itself” they mean device with their stock rom
here is a screenshot that show if you get a certificed device and flash a custom ROM