In brief: Google has struggled with Android update fragmentatio5n for years, and it's finally addressing the security side of the issue now. According to reports, a new Android contract requires phone makers who use the OS to roll out regular security updates for at least the first two years of a popular phone's lifespan.

Android is a pretty popular mobile operating system, but Google always struggles to get the latest versions of the OS to its partner's devices in a timely manner. Samsung, for example, often takes months to release the newest Android updates to its users.

Android's smaller security updates are in a similar boat, but according to The Verge, that may change soon. The outlet obtained a contract that reportedly requires Google's Android device partners to provide "at least four" security updates within one year of a popular phone's launch. That criteria covers any device launched after January 31, 2018 with more than 100,000 customers.

In other words, most modern Android smartphones launched this year will be subject to Google's new security update rules. This is excellent news for consumers, as it should better protect them against the newest flaws, bugs, and exploits, but it will likely be quite a headache for device makers who are generally quite slow about pushing security updates out.

At any rate, for now, these requirements apparently only apply to 75 percent of a company's "security mandatory models." However, beginning on January 31 next year, The Verge says all security mandatory phones will have to follow these rules.

Google's new requirements don't stop there, though. If the company identifies a mobile security flaw, the new Android licensing agreement requires device makers to patch it within 90 days.

So, what happens if a company fails to follow Google's rules? In short, nothing good. The Verge claims Google can withhold Android approval for said company's new phones, which would be a pretty major problem for some of the bigger phone manufacturers out there.

It's worth noting that these rules don't apply in perpetuity; security updates are only mandatory for two years. That's still a fairly long time, but it lets manufacturers off the hook for particularly old devices.

Only time will tell if Google's latest anti-fragmentation steps will work, but it definitely seems like the tech giant is taking the issue more seriously than it has in the past.