Android (operating system) - Update Mechanisms and Fragmentation

Android Updates and Fragmentation Understanding the Update Landscape Android devices face a unique challenge in the smartphone ecosystem: they receive software updates much less reliably than their iOS counterparts. This problem, called fragmentation, affects both the timeline and availability of updates across the billions of Android devices worldwide. To understand why this happens and how Google has worked to fix it, we need to examine the roles of different companies involved in delivering Android updates. How Android Updates Are Delivered Google releases a major new Android version each year, beginning with Android M (2015). These major releases include new features, performance improvements, and security enhancements. Additionally, Google provides over-the-air (OTA) updates—automated updates that devices can download and install without user intervention. However, the path from Google to your device is not straightforward. Several companies are involved in getting an update to your phone: Google creates the Android framework and core OS, but has no direct control over most devices. Original Equipment Manufacturers (OEMs) like Samsung, OnePlus, and Motorola manufacture devices and customize Android with their own user interfaces and apps. Carriers (like Verizon or AT&T) further customize updates for their networks and run their own testing. This means that even after Google releases a major update, it can take months for your device to receive it—or you might never receive it at all. The Fragmentation Problem Fragmentation is the central challenge in Android updates. Different devices run different versions of Android simultaneously. While some Pixel phones (Google's own devices) receive updates within weeks of release, non-Pixel devices often wait months. Many older devices never receive updates at all. This happens for economic and technical reasons: OEM priorities: Manufacturers earn revenue from new device sales. They often prioritize updates for newer models while abandoning older ones, sometimes without delivering even basic security patches. Hardware diversity: Unlike iOS, which runs on only a few carefully controlled hardware configurations, Android runs on thousands of different devices with different processors, RAM configurations, and custom components. Each device requires specialized work to update. Carrier testing: Carriers add additional delays by inserting their own customizations and running extensive testing before releasing updates. The result is that many devices stop receiving security updates after just three years, leaving them vulnerable to known security threats. Project Treble: Separating Hardware from Software To address the fragmentation problem, Google introduced Project Treble with Android 8.0 (2017). This was a fundamental architectural change to how Android is structured. Before Treble (Android 7.0 and earlier), the Android operating system and device-specific low-level software (called the vendor implementation) were tightly intertwined. This meant that when Google released a new version of Android, manufacturers had to manually rework large portions of Android code to accommodate their specific hardware. This was time-consuming and expensive, discouraging manufacturers from updating older devices. Project Treble introduced a stable vendor interface—a clear boundary between the OS framework (which Google maintains) and the vendor implementation (which manufacturers maintain). With this separation: Device makers can now update the Android framework without requiring additional work from the silicon manufacturers Updates can be delivered more quickly because OEMs don't need to reintegrate their hardware layer with each new Android version Even older devices become candidates for OS updates, since the hardware layer remains compatible This architectural change dramatically reduced the technical complexity of delivering updates, though it didn't eliminate delays caused by OEM and carrier decisions. Project Mainline: Updating Core Components Independently While Project Treble addressed how updates are structured, Project Mainline (announced with Android 10, 2019) addressed how fast they can be delivered. Mainline allows Google to deliver updates to core OS components—such as system services and security modules—through the Google Play Store, just like regular app updates. This means critical security patches no longer need to wait for a full Android version update. Instead, improvements can be deployed independently and installed like any other app update. This has important implications for security. Devices that only receive infrequent major OS updates can still receive frequent security patches through Mainline components. This reduces the window of time that a device is vulnerable to known security threats. Decoupled System Components Since 2012, Google has been gradually decoupling core Google apps and services from the Android OS itself. Google Play Services is a key example—this service contains critical functionality like location services, authentication, and various Google APIs. Because it's decoupled from the OS, it can be updated independently through the Play Store, regardless of which Android version a device is running. This approach allows older devices to receive important updates even when they can no longer receive full OS updates. A device stuck on Android 10 can still receive updates to Google Play Services, Maps, Chrome, and other critical Google components. Security Update Practices Google committed to a monthly security patch policy beginning with Nexus devices in August 2015. These security patches address known vulnerabilities without requiring major OS updates. In 2020, Google extended this policy to all devices. However, like OS updates, security patches can be delayed or omitted by manufacturers and carriers. This means that having a newer Android version doesn't guarantee that you're receiving monthly security patches—OEMs and carriers may not prioritize pushing these updates to older devices. <extrainfo> Extended Kernel Support In September 2017, the Linux Foundation extended the Long-Term Support (LTS) kernel lifecycle from 2 years to 6 years, beginning with kernel 4.4. This provides manufacturers with longer-term support for the Linux kernel powering Android devices, though this is a background infrastructure improvement rather than something users directly interact with. </extrainfo> The Bottom Line: Why Updates Matter The update and fragmentation problem in Android is fundamentally about competing incentives. Google benefits from users running the latest, most secure version of Android. Manufacturers benefit from selling new devices and may see little profit in updating old ones. Carriers benefit from pushing their own customizations and controlling the update timeline. Project Treble and Project Mainline represent Google's technical solutions to make updates faster and easier. However, they don't solve the economic problem: manufacturers can still choose to prioritize new devices over old ones. As a result, many Android users operate with outdated software long after security threats have been discovered and patched.