First of all, we need to establish the understanding that software update availability is determined by the OEMs (device manufacturers), not Rogers.
When the OEMs decide to provide a software update for a device, they inform the carriers of the availability and proposed schedule for testing, certification, and release.
Google provides monthly security update packages to their Android OEM partners (such as LG), but it is up to the OEMs to decide if/when they will spin new software for their in-market devices to integrate the security updates.
Carriers can and do push OEMs to provide security updates on a monthly cadence, but ultimately the OEMs make their decisions based on their own constraints/criteria. The reality is there are industry certifications (eg. PTCRB, GCF) required for devices offered by carriers, as well as for the software updates for these devices. These industry certifications come at a cost to the OEMs (unlike the certification testing done internally at Rogers). Monthly updates therefore require a monthly cost to the OEMs, on top of their own internal software-development costs. Larger OEMs who sell at high volumes may be able to absorb such costs, but smaller OEMs who sell at low volumes may decide that it is cost-prohibitive for them to provide monthly updates, and instead they provide quarterly updates or something like that. This is the case with many of the LG devices in question. The LG G7 One should not be on the list below, as it is not the same as the G7 (and did not come out 11 months ago, but rather 6 months ago). The G7 One has received regular monthly updates because it is an Android One device, and as such, LG is bound by certain rules pertaining to Google’s Android One program (including the requirement to provide monthly security updates); there was one month that LG had to skip for the G7 One because they ran into issues with the software for that month, and received permission from Google to skip that month in favour for the following month’s update. This is an example of how decisions on software frequency vary by OEM, and can vary even more within the OEM’s own lineup of devices. LG can decide that their flagship devices receive more frequent updates than their entry-level devices.
Sometimes you see that people contact the OEMs to ask why they haven’t received whatever updates for their devices, and the OEMs may tell them to contact the carrier they purchased from. As described above, at least in Canada and for Rogers, it is not up to the carrier, but it is also important to understand why such a query to the OEMs would generate such a generic response. Queries made to the OEMs are likely landing at a generic customer service rep who would not necessarily know exactly what is going on in all the different regions where the device is sold. The device can be sold in varying regions globally, and within each region, there may also be variations such as whether the device is sold through a carrier, or in the open-market. Open market devices (eg. Sold by an OEM directly through a retailer), for example, would not require the OEM to go through industry certifications, and so the OEM may decide that they can afford to offer more frequent updates. Some carriers in other regions may not have requirements for industry certifications, and again, that may allow OEMs to provide more frequent updates. This type of detail is not necessarily available to the general-inquiries customer service rep, so their generic responses are somewhat expected.
A final note on these monthly security updates – Google is basically/usually the only OEM to provide the month’s security updates at the beginning of the month (i.e. April update at the beginning of April); as Google is the author of these updates, they have a time-to-market advantage and they make good use of it. Google makes the security updates available to the OEMs, but then the OEMs have to build those updates into their software for each device. As you know, many OEMs have their own ‘flavour’ of Android (eg. Samsung’s TouchWiz/One UI, LG’s own UI, Huawei’s EMUI, etc), so it may take them some development time to integrate and QA their software updates after Google provides the security patches. Some OEMs who opt for using vanilla Android OS will have a much easier time updating the software, and therefore a quicker time-to-market.
In summary – Rogers requests and urges OEMs to provide monthly security updates, but OEMs make their own business decisions to determine what software updates are provided, and how frequently they provide them for the carrier devices.