Google traded openness for increased threat protection in the first version of its Android Things OS, aiming to tackle the growing IoT security problem by sending patches directly to devices.

Android Things 1.0 comes nearly a year and a half after Google announced in December 2016 plans to extend its operating system to IoT devices. The new OS is intended to reach beyond Google’s OS initiatives with phones, TVs, cars and wearables, to even more devices, including smart speakers, smart displays and home appliances, among other things.

But where phone manufacturers using the Android OS are responsible for sending security and device updates themselves, Google said it’s planning to tackle IoT security itself, pushing free OS updates and security patches to Android Things devices for three years. These automatic updates will be enabled by default.

To help push universal updates, Google is relying on a closed approach that requires developers to use a designated selection of modules in their hardware. The modules come with the three-year security support service enabled.

“One of the core tenets of Android Things is powering devices that remain secure over time. Providing timely software updates over-the-air (OTA) is a fundamental part of that,” Google explained on its Android Developer’s blog.

Growing threat
Google’s security push comes as a growing number of cyberattacks target IoT devices left vulnerable by the lack of a harmonised global security framework.

In June 2017, consulting firm Altman Vilandrie & Company issued a report that found nearly half (48 per cent) of US companies with IoT networks experienced a security breach.

Various groups – including the Z-Wave Alliance, Internet of Things Cybersecurity Alliance and government agencies – have attempted to address the problem with independent security standards and bounty programs. But in September, the US Chamber of Commerce concluded global standards will be necessary to keep pace with emerging threats.