Google to Provide 4-Year Support for LTS Kernels in Android, Impacting Security and Updates

TapTechNews July 8th news, just like many other operating systems, Android also uses the open-source Linux kernel. There are multiple release versions of the Linux kernel, but the most important one for Android is the Long-Term Support (LTS) version as it gets regular updates for critical bug fixes and security patches. In 2017, the support period of the Linux LTS version was extended from two years to six years, but this extension policy was cancelled early last year. However, now Google announces the good news that they will provide up to four years of support for the LTS kernel themselves. This is crucial for ensuring the security of Android devices.

According to AndroidAuthority, most of the Linux kernels used by Android devices come from Google's Android Common Kernel (ACK) branches, and these ACK branches are created from the Android mainline kernel branch when a new LTS version is released upstream. For example, after the kernel version 6.6 is declared as the latest LTS version, the ACK branch of android15-6.6 will soon emerge, where android15 in the name refers to the corresponding Android version (in this case, Android 15).

There are mainly three reasons why Google maintains its own set of LTS kernel branches. Firstly, Google can integrate features that have not been released upstream into the ACK branch through backporting or cherry-picking to meet the specific needs of Android. Secondly, Google can add some features that are being developed upstream into the ACK branch in advance so that they can be used in Android devices as soon as possible. Finally, Google can also add some features of the vendor or Original Equipment Manufacturer (OEM) for other Android partners to use.

After creation, Google will continue to update the ACK branch, including not only vulnerability fixes for the Android-specific code but also the LTS merge content of the upstream kernel branch. For example, the Linux kernel vulnerabilities disclosed in the Android security bulletin in July 2024 will be fixed through these updates.

However, it is not easy to distinguish vulnerability fixes from other bug fixes because the patch programs for fixing bugs may also accidentally block security loopholes that the submitter does not know or choose not to disclose. Google will try its best to identify this situation, but there will inevitably be omissions, resulting in the vulnerability fixes of the upstream Linux kernel being released a few months ahead of Android devices. Therefore, Google has been constantly urging Android manufacturers to update the LTS kernel regularly to avoid being caught off guard by accidentally disclosed security loopholes.

Obviously, the LTS version of the Linux kernel is crucial for the security of Android devices, which can help Google and manufacturers deal with known and unknown security loopholes. The longer the support period, the more timely Google and manufacturers can provide security updates for the devices.

Regrettably, although extending the support period is beneficial to Google and manufacturers, it brings great pressure to many developers and maintainers who contribute to the Linux kernel, many of whom are unpaid volunteers. In addition, except for Android and embedded devices, the number of devices running the old Linux version is not large either.

For the above reasons, Linux maintainers decided not to provide up to six years of support for the LTS kernel anymore but shorten the period back to two years. This news was announced in early 2023, causing many observers to worry about how the Android ecosystem w ill be affected. Some people think this will force manufacturers to start major kernel version upgrades to keep up to date, while others think Google or the chip manufacturers will extend the LTS support on their own.

Google made the latter choice. On the developer page of ACK, Google wrote: Starting from kernel 6.6, the support period of the stable kernel is 4 years. The previous sentence also mentioned that the support period of ACK may be longer than that of the corresponding upstream stable kernel on kernel.org. In this case, Google will provide extended support until the End-of-Support (EOL) date described in this section. After the kernel reaches the EOL date, not only will Google's official support stop, but more importantly, devices running this kernel will be regarded as having security loopholes.

However, since Google now only provides 4 years of support for new ACK branches, manufacturers can no longer do so. Therefore, starting from Android 15, devices can only be equipped with the two latest kernel versions, android14-6.1 or android15-6.6. The former will be supported until July 2029, and the latter will be supported until July 2028, which means that the devices released this year can still be supported in the next three to five years even if they use these kernel versions.

Looking to the future, Google says it will only provide one new ACK branch for each kernel version, which is also why the android15-6.1 branch has not been launched. This simplifies the process to some extent, but in the end, if manufacturers want to commit to a longer mobile phone update strategy, they need to start major kernel version upgrades.