I think it would be hard to argue with the statement that when it comes to mobile (phone) security, Apple has it all over Google.
For the most part, other than for the Google branded phones, that is because they have to work through the handset manufacturers and wireless carriers.
Apparently, not any more.
For new phones running Android Q, currently in beta, Google will directly install updates for 14 modules of the Android OS – Without the user even having to reboot. This is moving Android (very slowly) in the direction of a micro kernel operating system like Minix 3.0 (full disclosure – my brother’s team wrote Minix 3.0).
The 14 modules are:
Captive portal login
Media framework components
Network permission configuration
Time zone data
If one of these modules is updated, they stop the service, update it and restart it. Transparently to the user. And dealing out both the handset manufacturer and the carrier.
But only for phones that come with Android Q out of the box – not those that get it via an upgrade (probably due the the license agreement between Google and the handset vendor).
Handset manufacturers CAN opt out of this, called project Mainline, but why would they?
Android Q comes with 50 security enhancement in addition to this including TLS V3, MAC address randomization, increased control over location data and better user control over what apps have what permissions.
For users, they should be looking for phones that ship with Android Q out of the box and where handset manufacturers are supporting project Mainline.
For users, whether Q comes out of the box or via an upgrade, you still get the new security features. If you are a security conscious Android user, you should definitely look for Q on your next phone.