Samsung has increasingly leaned on extended software updates as a selling point, and that now includes security patches. The company has committed to providing regular security updates for "at least" four years after a phone or tablet's initial release. Before now, Samsung only promised two years of security fixes on a regular schedule. You'd get a third year at a reduced, quarterly pace if your device was previously receiving monthly updates (such as a Galaxy S flagship), but those products that were already on a slower schedule would be left without any regular patches after that second year.
The four-year promise covers devices going forward, of course, but also extends to hardware released since 2019, such as the Galaxy S10 series and older Galaxy Tabs. Importantly, Samsung isn't just reserving the policy for high-end models — even an entry-level phone like the Galaxy A10e will get those extended updates.
The improvement is helped in part by Qualcomm and Google teaming up to enable four years of updates for Snapdragon phones, although that mainly applies to new devices. Samsung is extending that window for not-quite-recent offerings, and Qualcomm clearly doesn't have any say over products using Samsung's Exynos chips.
It's not a flawless update strategy. Samsung still relegates some of its lower-end products to quarterly security upgrades, and that could be an issue if there's a non-critical exploit circulating before the next update is due. Still, this is a rare move in the Android world, where it's still fairly common to lose security fixes after two or three years. You can buy a new Galaxy knowing it'll likely be protected against known exploits through most or all of its typical lifespan. For that matter, this helps the broader mobile community. Fewer vulnerable phones reduces the chances of botnets and other large-scale attacks having any success.