Google extends Linux kernel support to keep Android devices secure for longer

Android, like many other operating systems, uses the open-source Linux kernel. There are several different types of Linux kernel releases, but the type that’s most important to Android is the long-term support (LTS) one, as they’re updated regularly with important bug fixes and security patches. Starting in 2017, the support lifetime of LTS releases of Linux was extended from two years to six years, but early last year, this extension was reversed. Fortunately, Google has announced that moving forward, they’ll support their own LTS kernel releases for four years. Here’s why that’s important for the security of Android devices.

The Linux kernel found on most Android devices is derived from one of Google’s Android Common Kernel (ACK) branches. These ACK branches are created from the Android mainline kernel branch whenever a new LTS release is declared upstream. For example, the android15-6.6 ACK branch was created shortly after version 6.6 was declared as the latest LTS version, with the “android15” in the name referencing the Android release that the kernel is associated with (in this case, Android 15.)

Google lists three reasons for why it maintains its own fork of each Linux kernel LTS release. First, Google’s forks can contain backports and cherry-picks of upstream functionality needed for Android features. Second, they can ship features that are ready for Android devices even when they’re still under development upstream. Lastly, they can include certain vendor or OEM features that are useful for other Android partners.

After their creation, ACKs continue to be updated by Google to receive bug fixes for Android-specific code as well as LTS merges from the upstream kernel branches. The vulnerabilities impacting the Linux kernel that are disclosed in the monthly Android Security Bulletin, such those listed in the July 2024 bulletin, are addressed by these updates.

However, it’s not always possible to identify when a bug fix is a security fix, because a patch fixing a bug could actually also be closing a security hole that the submitter either wasn’t aware of or chose not to disclose was there. Google tries to identify these cases when they happen, but it’s impossible to catch them all, leading to situations where fixes have landed on upstream Linux months before they made their way to Android devices. This is why Google pushes Android OEMs to regularly perform LTS updates so they don’t get caught flat-footed by a surprise security vulnerability disclosure.

Clearly, Linux kernel LTS releases are incredibly important to the security of Android devices, as they help Google and OEMs address security vulnerabilities both known and unknown. The longer the support lifetime of a Linux kernel LTS release, the longer Google and, subsequently, OEMs can keep their devices up-to-date with security fixes.

Unfortunately, while that longer support lifetime is good for Google and OEMs, it puts a massive strain on the developers and maintainers of the Linux kernel, many of whom are unpaid volunteers. Plus, if you exclude Android and embedded devices, there aren’t that many devices running older Linux versions.

Essentially, the Linux maintainers decided that six-year support lifetimes for LTS kernel releases didn’t make sense for them anymore, so they decided to drop that window down to two years again. This change was made public in early 2023, leaving many observers to wonder what it would mean for the Android world. Some believed it would force OEMs to finally start performing major kernel version upgrades to stay up-to-date, while others believed that Google or silicon vendors would extend LTS on their own.

The latter is what Google is doing. On their developer page for the ACK, Google wrote that “beginning with kernel 6.6, the support lifetime for the stable kernels is 4 years.” This is preceded by a statement that says that “ACKs might be supported for longer than the corresponding upstream stable kernel at kernel.org. In this case, Google provides extended support until the end-of-life (EOL) date shown in this section.” When a kernel is EOLed, they are obviously no longer supported by Google, but more importantly, the “devices running them are considered to be vulnerable.”

The previous six-year Linux LTS lifecycle allowed Android OEMs to launch devices one, two, or even three years into the lifecycle and still enjoy a few years of upstream support.

However, since Google is only supporting new ACK branches for four years, OEMs can no longer do that. That’s why, starting with Android 15, devices are only allowed to launch with either android14-6.1 or android15-6.6, i.e. the two most recent kernel versions. The former will be supported until July 2029 while the latter until July 2028, so devices can launch with them this year and still receive three to five years of support before they need to upgrade their kernel.

Going forward, Google says that there will only be one new ACK branch for each kernel release, hence why there isn’t an android15-6.1 branch. This simplifies things a bit, but ultimately, OEMs will eventually need to start doing major kernel version upgrades if they’re going to commit to longer and longer phone update policies.