Three years later, Google ends support for Pixel 3 with February patch

The February Android security patch has been released and is the first timely patch for the Pixel 6 and the last patch for the Pixel 3.

The Pixel 3 was released in October 2018 to lukewarm reviews thanks to the giant camera cutout on the XL model and the worrying lack of RAM across the lineup. Google only offers three years of major OS updates (even for the Pixel 6), so the phone’s last regular update was the October 2021 launch of Android 12. Promoting one of Android’s biggest launches as the final update is a little scary (there are bound to be some bugs), which is why Google promised a final final update before saying goodbye to the Pixel 3. The device received two more updates, one in January to fix that wild 911 bug.. and this is the latest update. Google hasn’t released any release notes for the latest Pixel 3 update.

Google is promoting the Pixel 6 update plan as “five years of Android security updates,”but it still only includes three years of major Android version updates. The Pixel 6 will become obsolete in October 2024, but it will receive security updates until October 2026. We’ve long seen Android companies blaming SoC vendors for short support times compared to six years of iPhone updates, but with Google Tensor, Google is now its own SoC vendor, so it could support the Pixel 6 longer if it wanted to.

The Tensor SoC for the Pixel 6 was created in collaboration with Samsung, marking a departure from Qualcomm-based Pixel 1-5 devices. Google’s vendor change and rough weekend schedule for the Pixel 6 resulted in a sloppy initial rollout, with the device missing the first few security patches while bugs are fixed. After receiving a big patch in mid-January, this is the first timely security patch.

In addition to passing the baton for Pixel devices, the security update fixes what sounds like a nasty remote escalation vulnerability, CVE-2021-39675. The bug is still undisclosed, but Google highlighted it in a security bulletin, calling it “a critical security vulnerability in a system component that could lead to remote privilege escalation without the need for additional execute privileges.”User interaction is not required for operation.”Google just updated Android 12 to fix this bug, either because it doesn’t affect older versions or because fixes for older versions are still in development.

The updates should be available to all users within the next few weeks, but if you know what you’re doing, you can apply them manually from the Google Developers site.