The slow rate of Android updates has always been a pain point for users, but a number of recent security scares have finally pushed several Android heavyweights to make some changes to the process. Google, Samsung, and LG have all pledged to start pushing out updates about once per month to patch security holes. There aren’t a lot of specifics right now, but this process surely won’t be free of complications.

The temptation seems to be to blame this entirely on the most recent security issue, a widespread bug in the Stagefright media handler component of Android. The vulnerability could allow a device to be exploited remotely via an MMS, provided an attacker finds a way to circumvent Android’s security measures. However, more frequent updates for certain devices have been rumored for months now, and you can’t just decide to make a change like this over the course of a few days. The Stagefright bug might just been a good opportunity to make the announcement.

So why are Android updates so troublesome in the first place? Google releases the open source Android code to the Android Open Source Project (AOSP), though it usually gives OEM partners like Samsung and LG a heads-up when something important (like the Stagefright patch) is in the works. It’s up to device makers to take new Android code and send it out to users. Sometimes that’s a major version bump for Android, and sometimes it’s simply a few bug fixes. OEMs are also responsible for correcting bugs in their customized software layers, which adds development time. The US carriers are also hands-on with update testing, and that slows things down even more.

Google’s Nexus devices get updates first because the updates are developed and tested on them. When a patch is ready, it’s deployed. Nexus users already get a lot of updates — there have even been times when they’ve come almost monthly with no carriers to get in the way. This program would mean much more frequent updates for Samsung and LG phones, though. Users should expect to see these updates for about three years from a device’s release. However, I bet the monthly schedule will slow down a bit as a device gets older and becomes less of a priority.

Both Google and Samsung have made official announcements of monthly security updates. As for LG, Googler Adrian Ludwig has said at the Black Hat security conference that LG is on board as well. So Google will develop updates and test them on Nexus devices, then Samsung and LG will implement the necessary security patches on their devices as soon as they’re ready. They will still have to rely on carriers in the US to send to updates out as an OTA, but the carriers are allegedly willing to fast track these updates (we’ll see if that holds up).

This is all good news, but there are a great many Android OEMs that haven’t committed to this process. Smaller, less profitable device makers probably don’t have the resources to do monthly security updates at all. This could end up another distinction that separates “premium” phones from budget ones. If you want frequent security updates, it might cost you.