Just to add to this dated thread -- Google releases monthly security patches but there's a much more complicated and inconsistent path those patches need to go through before they 'might' be released to Android device users -- basically it's a matter where Google releases security patches on a monthly basis, then the phone manufacturers review and curate them, then the carriers do the same, and then only if we're lucky we might have them pushed out to our Android devices. So there there is no brief explanation, there are too many players involved in the process and too many variables.
This is a nice summary on the what happens before we 'might' see an OTA patch get to our device:
https://www.xda-developers.com/how-android-security-patch-updates-work/
The Android platform is a very different one compared to Apple. With Android, there's the base Android operating system and there's a countless number of different manufacturers who use it on a wide range of different hardware configurations. With Apple, it maintains tight control over both the operating system development and the hardware manufacturing process. So the former is a matter of an OS that runs on varying hardware, while the latter is a matter where the OS is optimized to run on specific hardware. Android is more open but less structured, Apple is more proprietary but more curated -- two different business models that essentially result in the same thing -- any typical smartphone has the same general appearance with a touch screen and we tap on icons to do stuff.
Facebook
Twitter
Instagram