As part of all the Android Q Beta 3 news yesterday, Google announced Project Mainline, its latest attempt to fix Android updates. Project Mainline will deliver “important code changes” to specific internal OS components directly from Google Play. That means a full system update from your device manufacturer will not be required to get (some of) the latest Android Open Source Project (AOSP) code. Furthermore, Project Mainline modules will be delivered like app updates — downloaded from Google Play in the background and loaded the next time your phone starts up.
Google plans to keep Project Mainline source code for the modules in AOSP and to fully open-source each update after release. Partners and the global developer community will be able to contribute improvements and bug fixes. In fact, Google senior director of engineering Anwar Ghuloum revealed today that for the initial set of Mainline components, its partners “contributed many changes and collaborated with us to ensure they ran well on their devices.”
For users, Project Mainline modules means faster delivery of the latest code. For device makers, carriers, and enterprises, it means being able to update key parts of the OS without a full system update. For app and game developers, Google hopes it will mean platform consistency in key areas.
Security, Privacy, and Consistency modules
Google releases major Android versions on an annual basis. With every new release, Android users hope their phones will get updated sooner than before, but the wait is excruciatingly long. Google has tried to both change the importance of the annual updates and speed up their arrival. Android ICS brought Google Play Services, which the company uses to push various features and improvements to Android devices without requiring a full operating system update. With Android Nougat, the company started releasing monthly security updates. With Android Oreo, Google introduced Project Treble, which modularized the mobile operating system so that it is easier to update.
Project Mainline builds on Project Treble so that core OS components can be updated and drive security fixes, privacy enhancements, and consistency improvements. These are the three areas where Google is hoping Project Mainline can move the needle. There are 13 initial components for Android Q:
- Security: Faster security fixes for critical security bugs. Modules include Media Codecs, Media Framework Components, DNS Resolver, and Conscrypt.
- Privacy: Better protect users’ data and increase privacy standards. Modules include Documents UI, Permission Controller, and ExtServices.
- Consistency: Address issues affecting device stability, compatibility, and developer consistency. Modules include Timezone data, ANGLE (developers opt-in), Module Metadata, Networking components, Captive Portal Login, and Network Permission Configuration.
ANGLE is a new OpenGL driver implementation Google first talked about in Android Q Beta 1. It is designed to help decrease device-specific issues encountered by game developers.
Leveraging APEX and Google Play
Ghuloum also shared today that Mainline components will be delivered as either APK or APEX files. Android Package (APK) is the package file format used by Android apps. Android Pony EXpress (APEX) is a new file format Google developed that is similar to APK, but is loaded much earlier in the booting process. Crucially, that means security and performance improvements that previously needed to be part of full OS updates can essentially be downloaded and installed as an app update.
Such a change potentially also introduces security risks. Ghuloum says Google built new failsafe mechanisms and enhanced test processes to ensure updates are delivered safely. And the company is also collaborating with its partners to ensure devices are thoroughly tested.
For the first year after Android Q launches, Google will be largely focused on using Project Mainline to deliver security fixes. Modules will be updated on a monthly cadence, just like existing monthly security updates. As for devices that can’t get Google Play updates (such as Fire OS and the many Android options in China), Google is still exploring its options.
Project Mainline will only be available on new Android Q devices due to kernel requirements. Phones upgraded to Android Q will not have Project Mainline; Google deemed it too risky to have device makers to update the kernel.
While this is certainly more detail, there are still more questions than answers surrounding Project Mainline. We’ll be watching closely as Android Q progresses.