(Editor's note: This story has been updated to include a comment from BlackBerry PR. Changes are marked in bold and strike-through text.)
Last week, BlackBerry published a provocative blog post to detail the timing of its monthly Android security software updates for the PRIV smartphone and rank them against rival Android OEMs (or original equipment manufacturers, for ye hardware layman). The company called out its competitors for relatively slow updates … sort of. BlackBerry didn't cite any specific OEM names, but instead it referred to its Android maker rivals as "OEM 1" or "OEM 2."
BlackBerry ranked itself alongside nine Android OEMs, and it topped its own list. It's unclear, however, whether the numerals used to identify the OEMs represent their rank in the Android market, or if they're random. The world's leading Android OEMs today are Samsung, Huawei, Lenovo and Motorola Mobility (Lenovo owns Motorola), and Xiaomi, according to IDC, so it's likely that these four OEMs are among the list of suspects. LG and HTC were also probably included.
Why didn't BlackBerry identify the competition?
I reached out to the company's PR team but haven't received a response. Here's what BlackBerry PR had to say: "We don't think it's necessary to pick at competitors — although probably not hard to see who’s on the list."
Speedy Android updates as a competitive advantage in enterprise
Google issued its first monthly Android security update in September, following the identification of the high-profile Stagefright bug. Since then, the majority of leading Android OEMs have made some commitment to release these regular security updates in a timely manner, including Huawei, LG, Motorola and Samsung — though an HTC executive called promises to deliver monthly security updates "unrealistic" shortly after the Stagefright scare.
Last summer, when BlackBerry began promoting its first Android smartphone, the PRIV, it took to the blogosphere with a series of posts meant to detail the phone's security focus. One post was dedicated to Android security updates, and it explained how it implemented a three-tier system designed to roll out Google's monthly security updates, and any other BlackBerry specific software tweaks, as quickly as possible.
BlackBerry clearly made Android security updates a priority with the PRIV, and assuming its breakdown of rival OEM update timeframes is accurate, it's not exactly surprising BlackBerry is the leader. The data points, and the dedicated blog post, are notable because they show BlackBerry's attempt to make the speed of Android security rollouts a key differentiator in the enterprise.
Do rapid Android security updates really matter?
BlackBerry says it released the last four Google security updates, beginning in December, within 24 hours of receiving them. The first three other Android OEMs released the patches within a month, which in most cases would be considered a reasonable amount of time, because Google provides OEMs with a list of vulnerabilities a month before it publicly discloses them. And in the past, it often took OEMs much longer to release significant Android updates.
Of course, Stagefright was out in the wild before Google ever issued an official warning, and the less time the Bad Guys have to exploit unpatched flaws, the better. BlackBerry seems to lead the pack by a significant margin when it comes to rapid Androids updates, and security-conscious organizations and individuals should take note.