Android is developed by Google until the latest changes and updates are ready to be released, at which point the
source code is made available to the Android Open Source Project (AOSP), an open source initiative led by Google. The first source code release happened as part of the initial release in 2007. All releases are under the
Apache License. The AOSP code can be found with minimal modifications on select devices, mainly the former Nexus and current Android One series of devices. However, most original equipment manufacturers (OEMs) customize the source code to run on their hardware. Android's source code does not contain the
device drivers, often proprietary, that are needed for certain hardware components, and does not contain the source code of
Google Play Services, which many apps depend on. As a result, most Android devices, including Google's own, ship with a combination of
free and open source and
proprietary software, with the software required for accessing Google services falling into the latter category. In response to this, there are some projects that build complete operating systems based on AOSP as free software, the first being
CyanogenMod (see section
Open-source community below).
Update schedule Google provides annual Android releases, both for factory installation in new devices, and for
over-the-air updates to existing devices. The latest major release is
Android 16. The extensive variation of
hardware in Android devices has caused significant delays for software upgrades and
security patches. Each upgrade has had to be specifically tailored, a time- and resource-consuming process. Except for devices within the Google Nexus and Pixel brands, updates have often arrived months after the release of the new version, or not at all. Manufacturers often prioritize their newest devices and leave old ones behind. Additional delays can be introduced by wireless carriers who, after receiving updates from manufacturers, further customize Android to their needs and conduct extensive testing on their networks before sending out the upgrade. There are also situations in which upgrades are impossible due to a manufacturer not updating necessary
drivers. The lack of after-sale support from manufacturers and carriers has been widely criticized by consumer groups and the technology media. Some commentators have noted that the industry has a financial incentive not to upgrade their devices, as the lack of updates for existing devices fuels the purchase of newer ones, an attitude described as "insulting". In 2012, Google began de-coupling certain aspects of the operating system (particularly its central applications) so they could be updated through the
Google Play store independently of the OS. One of those components,
Google Play Services, is a
closed-source system-level process providing
APIs for Google services, installed automatically on nearly all devices running
Android 2.2 "Froyo" and higher. With these changes, Google can add new system functions and update apps without having to distribute an upgrade to the operating system itself. As a result,
Android 4.2 and 4.3 "Jelly Bean" contained relatively fewer user-facing changes, focusing more on minor changes and platform improvements.
HTC's then-executive Jason Mackenzie called monthly security updates "unrealistic" in 2015, and Google was trying to persuade carriers to exclude security patches from the full testing procedures. In May 2016,
Bloomberg Businessweek reported that Google was making efforts to keep Android more up-to-date, including accelerated rates of security updates, rolling out technological workarounds, reducing requirements for phone testing, and ranking phone makers in an attempt to "shame" them into better behavior. As stated by
Bloomberg: "As smartphones get more capable, complex and hackable, having the latest software work closely with the hardware is increasingly important". Hiroshi Lockheimer, the Android lead, admitted that "It's not an ideal situation", further commenting that the lack of updates is "the weakest link on security on Android". Wireless carriers were described in the report as the "most challenging discussions", due to their slow approval time while testing on their networks, despite some carriers, including
Verizon Wireless and
Sprint Corporation, already shortening their approval times. In a further effort for persuasion, Google shared a list of top phone makers measured by updated devices with its Android partners, and is considering making the list public. Mike Chan, co-founder of phone maker Nextbit and former Android developer, said that "The best way to solve this problem is a massive re-architecture of the operating system", "or Google could invest in training manufacturers and carriers 'to be good Android citizens. In May 2017, with the announcement of
Android 8.0, Google introduced Project Treble, a major re-architect of the Android OS framework designed to make it easier, faster, and less costly for manufacturers to update devices to newer versions of Android. Project Treble separates the vendor implementation (device-specific, lower-level software written by silicon manufacturers) from the Android OS framework via a new "vendor interface". In Android 7.0 and earlier, no formal vendor interface exists, so device makers must update large portions of the Android code to move a device to a newer version of the operating system. With Treble, the new stable vendor interface provides access to the hardware-specific parts of Android, enabling device makers to deliver new Android releases simply by updating the Android OS framework, "without any additional work required from the silicon manufacturers." In September 2017, Google's Project Treble team revealed that, as part of their efforts to improve the security lifecycle of Android devices, Google had managed to get the Linux Foundation to agree to extend the support lifecycle of the Linux Long-Term Support (LTS) kernel branch from the 2 years that it has historically lasted to 6 years for future versions of the LTS kernel, starting with Linux kernel 4.4. In May 2019, with the announcement of
Android 10, Google introduced Project Mainline to simplify and expedite delivery of updates to the Android ecosystem. Project Mainline enables updates to core OS components through the Google Play Store. As a result, important security and performance improvements that previously needed to be part of full OS updates can be downloaded and installed as easily as an app update. Google reported rolling out new amendments in Android 12 aimed at making the use of third-party application stores easier. This announcement rectified the concerns reported regarding the development of Android apps, including a fight over an alternative in-app payment system and difficulties faced by businesses moving online because of
COVID-19.
Linux kernel Android's
kernel is based on the
Linux kernel's
long-term support (LTS) branches. , Android (14) uses versions 6.1 or 5.15 (for "Feature kernels", can be older for "Launch kernels", e.g. android12-5.10, android11-5.4, depending on Android version down to e.g. android11-5.4, android-4.14-stable, android-4.9-q), and older Android versions, use version 5.15 or a number of older kernels. The actual kernel depends on the individual device. Android's variant of the Linux kernel has further architectural changes that are implemented by Google outside the typical Linux kernel development cycle, such as the inclusion of components like device trees, ashmem, ION, and different
out of memory (OOM) handling. Certain features that Google contributed back to the Linux kernel, notably a power management feature called "wakelocks", were initially rejected by
mainline kernel developers partly because they felt that Google did not show any intent to maintain its own code. Google announced in April 2010 that they would hire two employees to work with the Linux kernel community, but
Greg Kroah-Hartman, the current Linux kernel maintainer for the stable branch, said in December 2010 that he was concerned that Google was no longer trying to get their code changes included in mainstream Linux. with
Computerworld adding that "Let me make it simple for you, without Linux, there is no Android".
Ars Technica wrote that "Although Android is built on top of the Linux kernel, the platform has very little in common with the conventional desktop Linux stack". In December 2011, Greg Kroah-Hartman announced the start of Android Mainlining Project, which aims to put some Android
drivers, patches and features back into the Linux kernel, starting in Linux 3.3. Linux included the autosleep and wakelocks capabilities in the 3.5 kernel, after many previous attempts at a merger. The interfaces are the same but the upstream Linux implementation allows for two different suspend modes: to memory (the traditional suspend that Android uses), and to disk (hibernate, as it is known on the desktop). Google maintains a public code repository that contains their experimental work to
re-base Android off the latest stable Linux versions. Android is a
Linux distribution according to the
Linux Foundation, Google's open-source chief
Chris DiBona, and several journalists. Others, such as Google engineer Patrick Brady, say that Android is not Linux in the traditional
Unix-like Linux distribution sense; Android does not include the
GNU C Library (it uses
Bionic as an alternative C library) and some other components typically found in Linux distributions. With the release of
Android Oreo in 2017, Google began to require that devices shipped with new
SoCs had Linux kernel version 4.4 or newer, for security reasons. Existing devices upgraded to Oreo, and new products launched with older SoCs, were exempt from this rule.
Rooting The
flash storage on Android devices is split into several partitions, such as /system/ for the operating system itself, and /data/ for user data and application installations. In contrast to typical
desktop Linux distributions, Android device owners are not given
root access to the operating system and sensitive partitions such as /system/ are partially
read-only. However,
root access can be obtained by exploiting
security flaws in Android, which is used frequently by the
open-source community to enhance the capabilities and customizability of their devices, but also by malicious parties to install
viruses and
malware. Root access can also be obtained by
unlocking the bootloader which is available on most Android devices, for example on most
Google Pixel,
OnePlus and
Nothing models OEM Unlocking option in the developer settings allows the user to unlock the bootloader with
Fastboot, afterward, custom software may be installed. Some OEMs have their own methods. The unlocking process
resets the system to factory state, erasing all user data. Proprietary frameworks like
Samsung Knox limit or block attempts at rooting. Google's
Play Integrity API allows developers to check for any signs of tampering, although the fairness of the tests have been criticized.
Software stack On top of the Linux kernel, there are the
middleware,
libraries and
APIs written in
C, and
application software running on an
application framework which includes
Java-compatible libraries. Development of the Linux kernel continues independently of Android's other source code projects. Android uses
Android Runtime (ART) as its runtime environment (introduced in version 4.4), which uses
ahead-of-time (AOT) compilation to entirely compile the application bytecode into
machine code upon the installation of an application. In Android 4.4, ART was an experimental feature and not enabled by default; it became the only runtime option in the next major version of Android, 5.0. In versions no longer supported, until version 5.0 when ART took over, Android previously used
Dalvik as a
process virtual machine with
trace-based just-in-time (JIT) compilation to run Dalvik "dex-code" (Dalvik Executable), which is usually translated from the
Java bytecode. Following the trace-based JIT principle, in addition to
interpreting the majority of application code, Dalvik performs the compilation and
native execution of select frequently executed code segments ("traces") each time an application is launched. For its Java library, the Android platform uses a subset of the now discontinued
Apache Harmony project. Android's
standard C library,
Bionic, was developed by Google specifically for Android, as a derivation of the
BSD's standard C library code. Bionic itself has been designed with several major features specific to the Linux kernel. The main benefits of using Bionic instead of the
GNU C Library (glibc) or
uClibc are its smaller runtime footprint, and optimization for low-frequency CPUs. At the same time, Bionic is licensed under the terms of the
BSD licence, which Google finds more suitable for the Android's overall licensing model. A new Bluetooth stack, called Gabeldorsche, was developed to try to fix the bugs in the BlueDroid implementation. Android does not have a native
X Window System by default, nor does it support the full set of standard
GNU libraries. This made it difficult to port existing Linux applications or libraries to Android, Libraries written in C may also be used in applications by injection of a small
shim and usage of the
JNI. In current versions of Android, "
Toybox", a collection of command-line utilities (mostly for use by apps, as Android does not provide a
command-line interface by default), is used (since the release of Marshmallow) replacing a similar "Toolbox" collection found in previous Android versions. Android has another operating system, Trusty OS, within it, as a part of "Trusty" "software components supporting a Trusted Execution Environment (TEE) on mobile devices." "Trusty and the Trusty API are subject to change. [..] Applications for the Trusty OS can be written in C/C++ (C++ support is limited), and they have access to a small C library. [..] All Trusty applications are single-threaded; multithreading in Trusty userspace currently is unsupported. [..] Third-party application development is not supported in" the current version, and software running on the OS and processor for it, run the "
DRM framework for protected content. [..] There are many other uses for a TEE such as mobile payments, secure banking, full-disk encryption, multi-factor authentication, device reset protection, replay-protected persistent storage, wireless display ("cast") of protected content, secure PIN and fingerprint processing, and even malware detection."
Open-source community Android's
source code is released by Google under an
open-source license, and its open nature has encouraged a large community of developers and enthusiasts to use the open-source code as a foundation for community-driven projects, which deliver updates to older devices, add new features for advanced users or bring Android to devices originally shipped with other operating systems. These community-developed releases often bring new features and updates to devices faster than through the official manufacturer/carrier channels, with a comparable level of quality; provide continued support for older devices that no longer receive official updates; or bring Android to devices that were officially released running other operating systems, such as the
HP TouchPad. Community releases often come pre-
rooted and contain modifications not provided by the original vendor, such as the ability to
overclock or
over/undervolt the device's processor, or security enhancements beyond what is included in the stock OS.
CyanogenMod was the most widely used community firmware; after its abrupt discontinuation in 2016, a community
fork known as
LineageOS was established as a spiritual continuation of the project. Historically, device manufacturers and mobile carriers have typically been unsupportive of third-party
firmware development. Manufacturers express concern about improper functioning of devices running unofficial software and the support costs resulting from this. Moreover, modified firmware such as CyanogenMod sometimes offer features, such as
tethering, for which carriers would otherwise charge a premium. As a result, technical obstacles including locked
bootloaders and restricted access to root permissions are common in many devices. However, as community-developed software has grown more popular, and following a statement by the
Librarian of Congress in the
United States that permits the "
jailbreaking" of mobile devices, manufacturers and carriers have softened their position regarding third party development, with some, including
HTC,
Samsung and
Sony, providing support and encouraging development. As a result of this, over time the need to circumvent hardware restrictions to install unofficial firmware has lessened as an increasing number of devices are shipped with unlocked or unlockable bootloaders, similar to
Nexus series of phones, although usually requiring that users waive their devices' warranties to do so. Android was also ported by the community to
Apple's
iPhone,
iPad and
iPod touch devices as a consequence of porting the
Linux kernel on Apple devices. In 2010,
OpeniBoot and subsequently iDroid were released to allow dual booting
iOS and Android 2.3.3 'Gingerbread' on
jailbroken iPhone or iPod Touch devices, which was ultimately declared as discontinued in 2012. In 2020,
David Wang under his company Corellium released Project Sandcastle which made Android run on the
iPhone 7.
Device codenames Internally, Android identifies each supported device by its
device codename, a short string, which may or may not be similar to the model name used in marketing the device. For example, the device codename of the
Pixel smartphone is
sailfish. The device codename is usually not visible to the end user, but is important for determining compatibility with modified Android versions. It is sometimes also mentioned in articles discussing a device, because it allows to distinguish different hardware variants of a device, even if the manufacturer offers them under the same name. The device codename is available to running applications under android.os.Build.DEVICE. == Security and privacy ==