Google Extends Linux Kernel Support To Keep Android Devices Secure For Longer

Google plans to support its own long-term support (LTS) kernel releases for Android devices for four years, a move aimed at bolstering the security of the mobile operating system. This decision, reported by AndroidAuthority, comes in response to the Linux community's recent reduction of LTS support from six years to two years, a change that posed potential challenges for Android's security ecosystem.

The Android Common Kernel (ACK) branches, derived from upstream Linux LTS releases, form the basis of most Android devices' kernels. Google maintains these forks to incorporate Android-specific features and backport critical functionality. Regular updates to these kernels address vulnerabilities disclosed in monthly Android Security Bulletins. While the extended support period benefits Android users and manufacturers, it places significant demands on Linux kernel developers.

Not sure they understand what "long term" means

[RonVNX]

If they consider two years long-term, I'd hate to see what they consider short-term.

Re:Not sure they understand what "long term" means

[Osgeld]

its about 4 times longer than the average google project

Re:

[transwarp]

When they announced dropping to two years, the explanation was that Google had convinced the Linux kernel community to adopt the six year LTS model based on their needs, and none of the other commercial LTS players abandoned their existing approach and business model to hop on. And the LTS process didn't actually make the guarantees that other hardware producers needed. So for the most part, the only group benefiting from the community's work was Google.

Maybe if Red Hat, SuSE, and Canonical had decided t

Re:

[ChunderDownunder]

What it really says as an industry is that the big players can't play nicely with others. They would rather maintain their own downstream forks on paid long term support contracts than pool their resources into the Linux foundation's kernel.org tree for longer official updates. As a Debian user, well 2 years is plenty to migrate from one 'stable' release to the next.

Anyhow, what this article ignores is "android-mainline" - this is the bleeding edge kernel that Google uses internally - the idea that Qualcomm

Re: Not sure they understand what "long term" mean

[drinkypoo]

What it really says is that there is no reason for these companies with their own forks to bother mainlining anything because it's not going to get long term support anyway, so they won't save any money. We will get fewer mainlined features and drivers as a result.

exactly MAINLINE it

[johnjones]

submit the patches and keep doing the right thing, yes once its in linux mainline you could shock horror sell your SOC into different markets...

I've yet to come across a developer who does not want their name in the linux kernel

Re:

[AmiMoJo]

2 years between mandatory upgrades is way too short for me. For personal stuff I don't want to be doing major OS updates on systems that are working and customized every couple of years. For work stuff I don't want to be maintaining things every couple of years, although that is becoming unavoidable due to software packages having severe vulnerabilities. But at least with a decent LTS OS, you can just update that package very easily.

Re:

[transwarp]

From what I read when they dropped to 2 years, these LTS branches aren't updated in a consistent manner by the various subsystem maintainers. Google just cares that security-relevant fixes are backported, and otherwise that it doesn't break out-of-tree or just rarely tested drivers. But actual LTS distros have more behavior to preserve, and probably care about a mostly different set of drivers than Android uses.

Re:

[AmiMoJo]

You get what you pay for. Even 2 years is asking a lot of maintainers who mostly do the work for free.

If there is demand then I'm sure one of the big Linux businesses like Red Hat or Oracle or Microsoft will employ people to maintain LTS kernels for longer, just like Google is going.

Re:

[NoWayNoShapeNoForm]

If they consider two years long-term, I'd hate to see what they consider short-term.

But you have seen it. Seen any of Google's NEW projects lately?

Wanna see those projects again?

Here and gone in the blink of an eye.

Wow, four years...

[bradley13]

Nowadays, computers (and phones are just small computers) can easily last a lot longer than four years. One phone I had retired from my pocket to be used ad a business phone, and lasted something around 10 years.Ultimately, bloat killed it, because Android and apps keep getting bigger.

At least security updates should be guaranteed for much longer, ideally for the physical life of the device, but at least for 10 or 20 years.

Re:

[Entrope]

The question is: who will provide that support for 10 or 20 years? It's neither practical nor fair to expect volunteer maintainers to support complex software for very long periods of time.

You probably don't want to roll that cost into the cost of the machine itself, much less rely on the OEM to provide that much support. (Who else remembers Gateway 2000? Mobile phones have a lot more defunct OEMs.) That means the end user would have to pay for the support, one way or another -- and companies like IBM (

Re:

[LazarusQLong]

I agree that 2 years and calling that "Long Term Support" sounds ridiculous, but I cannot see it being anywhere near practical for a phone to get updates 10 years out from the date it was discontinued to be reasonable... I mean, my iPhone X is about 7 years old now... I am feeling the pain as apps get more and more bloated... now if the authors of said apps could at least make sure the older versions were allowed to be played on the device, that would be nice, but they all are not doing this, forcing app u

Re:

[JBMcB]

I agree that 2 years and calling that "Long Term Support" sounds ridiculous, but I cannot see it being anywhere near practical for a phone to get updates 10 years out from the date it was discontinued to be reasonable... I mean, my iPhone X is about 7 years old now...

Not app related, but the 5s came out in 2013 and got a security update last year. All you can expect the OS provider to do is make sure their platform is secure after that amount of time. The app developers are a whole other ball of wax.

Re:

[LazarusQLong]

yeah, true, each app developer is going to do their own thing and for their own reasons.

Re: Wow, four years...

[nasch]

Fine for businesses. Individuals generally don't care about depreciation schedules.

Android is heading in bad direction

[Uldis Segliņš]

Google should release the interdependency of hardware and software. Like we have for PCs. It would be a nightmare if only MSI gave support for a box with it's logo. 2 years and buy a new PC or be forgotten in hackerland. No image for this model, get lost. Specifications for boot order and major parts defined. And no Google nor Samsung has to drag along a longton of software stack. But no, then we would be able to get googlefree on all phones, we can't allow such freedom!

Re:

[bill_mcgonigle]

Buy a phone LineageOS supports and donate to the project.

  That's not Ideal but it's closer to what you want.

Track record lately:

[Kelxin]

Google search has gone to shit. They abandoned their AR glasses before they even went full public. Several of their pixel phones have been left in a mess with last minute updates before being left to rot in a mess. Google Fi is getting worse and worse lately with even all international data being down a couple days ago. They abandoned and sold off their domain registration branch. Google docs is still meh. They turned their LTS kernel into a KLTS (kinda long term). So what has Google ACTUALLY done right / g

Re:

[willoughby]

I just finished a book, "Epic Fails", by Salvador Jiménez Murguía, published in 2018. An entertaining read about such failures as the Microsoft Zune, new Coke, the mullet. etc..

One of the things that surprised me was that they mentioned only one Google product (Google Wave). I mean, regarding Google failures, how could you stop at just one?

Not a bad article

[John.Banister]

The AI who wrote the summary could use more training.

I would pay for it

[schwit1]

Lots of people would pay a few bucks a month to keep the OS updated long term.

Re:

[WindBourne]

I would have. Not any more. I switched to iPhone. More upfront, but at least they keep things secured for a LONG LONG TIME.

6 years LTS were too much work

[Samare]

Google and the other big ones make billions but didn't contribute to those 6 years of support.
By reducing LTS to 2 years, they forced Google to finally pay for it instead of getting a free ride.

too late

[WindBourne]

Before Pechei, Google did a decent job on long-term. Then Pechei cut it way back on pixels, as well as warranty. Now, they are claiming that they will be a secure for a tad longer, while ignoring that Apple has 8-10+ years?
Yeah. No. I am still learning iphone, but I will NEVER go back to a GD pixel while Pechei is there, or anybody that is just as evil.

Really?

[iluvcrap2000]

I got a HTC One a decade ago and it only had ONE Update. Was a a Piece of Shit. Unsupported! Garbage. now they offer 4 Years! My Freinds iphone 6Splus is STILL Working, From 2015! has 6 (SIX) generations of updates. STILL WORKS after Two battery replacements! That's almost 9 YEARS. Spending money on Android is like flushing money down the toilet.

Re:

[tbords]

I got a HTC One a decade ago and it only had ONE Update. Was a a Piece of Shit. Unsupported! Garbage. now they offer 4 Years! My Freinds iphone 6Splus is STILL Working, From 2015! has 6 (SIX) generations of updates. STILL WORKS after Two battery replacements! That's almost 9 YEARS. Spending money on Android is like flushing money down the toilet.

I currently have a Pixel 3a which runs either Ubuntu Touch or Droidian (depending on my mood). Before I swapped the OS, it was running Android 12 or 13. Swapping it to Lineage or one of its derivatives, I could have it current. Sure, you won't get official support from the vendor for 10 years. You do have options though.