Previously, Google would develop a patch and distribute it to its own Nexus phones after the discovery of security flaws.
But other manufacturers would wait until they wanted to update the software for different reasons before pushing out a fix, exposing most of the more than 1 billion Android users to potential hacks and scams until the fix.
Ludwig also said Google has made other security changes. In an interview, he told Reuters that earlier this year the team broke out incidence rates of malicious software by language. The rate of Russian-language Androids with potentially harmful programs had spiked suddenly to about 9 percent in late 2014, he said.
Google made its roughly weekly security scans of Russian phones more frequent and was able to reduce the problems to close to the global norm.
Ludwig said improvements to recent versions of Android would limit an attack's effectiveness in more than nine out of 10 phones, but Drake said an attacker could keep trying until the gambit worked. Drake said he would release code for the attack by Aug. 24, putting pressure on manufacturers to get their patches out before then.
Read MoreAndroid bot spotted urinating on Apple in Google Maps
Nexus phones are being updated with protection this week and the vast majority of major Android handset makers are following suit, Ludwig said.