The usual algorithm for the appearance of Google security update on Android devices is as follows. First, Google engineers correct the defects of the previous assembly and put the result in a new assembly, which is published on the official website of the company, then mobile device manufacturers integrate this assembly into their own line of devices and send firmware. The faster manufacturers respond to the new patch, the faster device owners will be safe.
Over the years, smartphone manufacturers began to take timely updates of their firmware more responsibly, and if in 2018, from the moment a security patch was published to integration on smartphones, an average of a month and a half passed, now this period has decreased to a month or less.
SRLabs analyzed the integration of security updates and concluded that the most irresponsible manufacturers are OPPO and HTC. They can even afford to skip one to two Google security updates. The most responsible companies can be considered Nokia, Sony and, of course, Google, which generally do not delay the release of updates on their devices.