1 page.title=Frequently Asked Questions 2 @jd:body 3 4 <!-- 5 Copyright 2010 The Android Open Source Project 6 7 Licensed under the Apache License, Version 2.0 (the "License"); 8 you may not use this file except in compliance with the License. 9 You may obtain a copy of the License at 10 11 http://www.apache.org/licenses/LICENSE-2.0 12 13 Unless required by applicable law or agreed to in writing, software 14 distributed under the License is distributed on an "AS IS" BASIS, 15 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 See the License for the specific language governing permissions and 17 limitations under the License. 18 --> 19 <div id="qv-wrapper"> 20 <div id="qv"> 21 <h2>In this document</h2> 22 <ol id="auto-toc"> 23 </ol> 24 </div> 25 </div> 26 27 <a name="top"></a> 28 <h2 id="open-source">Open Source</h2> 29 <h3 id="what-is-the-android-open-source-project">What is the Android Open Source Project?</h3> 30 <p>We use the phrase "Android Open Source Project" or "AOSP" to refer to the 31 people, the processes, and the source code that make up Android.</p> 32 <p>The people oversee the project and develop the actual source code. The 33 processes refer to the tools and procedures we use to manage the development 34 of the software. The net result is the source code you can use to build 35 mobile phones and other devices.</p> 36 <h3 id="why-did-we-open-the-android-source-code">Why did we open the Android source code?</h3> 37 <p>Google started the Android project in response to our own experiences 38 launching mobile apps. We wanted to make sure there would always be an 39 open platform available for carriers, OEMs, and developers to use to make 40 their innovative ideas a reality. We also wanted to make sure there was no 41 central point of failure, so no single industry player could restrict or control 42 the innovations of any other. The single most important goal of the Android 43 Open Source Project (AOSP) is to make sure that the open-source Android 44 software is implemented as widely and compatibly as possible, to everyone's 45 benefit.</p> 46 <h3 id="what-kind-of-open-source-project-is-android">What kind of open-source project is Android?</h3> 47 <p>Google oversees the development of the core Android open-source platform 48 and works to create robust developer and user communities. For the most part, 49 the Android source code is licensed under the permissive Apache Software 50 License 2.0, rather than a "copyleft" license. The main reason for this is 51 because our most important goal is widespread adoption of the software, and 52 we believe that the ASL2.0 license best achieves that goal.</p> 53 <p>You can find more information on this topic on our <a href="{@docRoot}source/licenses.html">Licenses</a> page.</p> 54 <h3 id="why-is-google-in-charge-of-android">Why is Google in charge of Android?</h3> 55 <p>Launching a software platform is complex. Openness is vital to the 56 long-term success of a platform, since openness is required to attract 57 investment from developers and ensure a level playing field. However, the 58 platform itself must also be a compelling product to users.</p> 59 <p>That's why Google has committed the professional engineering resources 60 necessary to ensure that Android is a fully competitive software platform. 61 Google treats the Android project as a full-scale product development 62 operation and strikes the business deals necessary to make sure great 63 devices running Android actually make it to market.</p> 64 <p>By making sure Android is a success with users, we help ensure the 65 vitality of Android as a platform and as an open-source project. After all, 66 who wants the source code to an unsuccessful product?</p> 67 <p>Google's goal is to ensure a successful ecosystem around Android. Of course, no 68 one is required to participate. We opened the Android source code 69 so anyone can modify and distribute the software to meet their own needs.</p> 70 <h3 id="what-is-googles-overall-strategy-for-android-product-development">What is Google's overall strategy for Android product development?</h3> 71 <p>We aim to release great devices into a competitive marketplace. We 72 then incorporate the innovations and enhancements we made into the core 73 platform as the next version.</p> 74 <p>In practice, this means the Android engineering team typically focuses 75 on a small number of "flagship" devices and develops the next version of 76 the Android software to support those product launches. These flagship 77 devices absorb much of the product risk and blaze a trail for the broad OEM 78 community, who follow up with many more devices that take advantage of the 79 new features. In this way, we make sure the Android platform evolves 80 according to the actual needs of real-world devices.</p> 81 <h3 id="how-is-the-android-software-developed">How is the Android software developed?</h3> 82 <p>Each platform version of Android (such as 1.5, 1.6, and so on) has a 83 corresponding branch in the open-source tree. At any given moment, the most 84 recent such branch will be considered the "current stable" branch version. 85 This current stable branch is the one that manufacturers port to their 86 devices. This branch is kept suitable for release at all times.</p> 87 <p>Simultaneously, there is also a "current experimental" branch, which is 88 where speculative contributions, such as large next-generation features, are 89 developed. Bug fixes and other contributions can be included in the current 90 stable branch from the experimental branch as appropriate.</p> 91 <p>Finally, Google works on the next version of the Android platform in tandem 92 with developing a flagship device. This branch pulls in changes from the 93 experimental and stable branches as appropriate.</p> 94 <p>You can find more information on this topic at our <a href="{@docRoot}source/code-lines.html">Codelines, 95 Branches and Releases</a> page.</p> 96 <h3 id="why-are-parts-of-android-developed-in-private">Why are parts of Android developed in private?</h3> 97 <p>It typically takes more than a year to bring a device to market. And, of course, 98 device manufacturers want to ship the latest software they can. Developers, 99 meanwhile, don't want to constantly track new versions of the 100 platform when writing apps. Both groups experience a tension between 101 shipping products and not wanting to fall behind.</p> 102 <p>To address this, some parts of the next version of Android including the 103 core platform APIs are developed in a private branch. These APIs constitute 104 the next version of Android. Our aim is to focus attention on the current 105 stable version of the Android source code while we create the next version 106 of the platform. This allows developers 107 and OEMs to use a single version without tracking unfinished 108 future work just to keep up. Other parts of the Android system that aren't 109 related to application compatibility are developed in the open, however. 110 It's our intention to move more of these parts to open development over 111 time.</p> 112 <h3 id="when-are-source-code-releases-made">When are source code releases made?</h3> 113 <p>When they are ready. Releasing the source code is a fairly complex process. 114 Some parts of Android are developed in the open, 115 so that source code is always available. Other parts are developed first in 116 a private tree, and that source code is released when the next platform 117 version is ready.</p> 118 <p>In some releases, core platform APIs will be ready far enough in advance 119 that we can push the source code out for an early look prior to the 120 device's release; however in other releases, this isn't possible. In all cases, we 121 release the platform source when we feel the version has stabilized enough, 122 and when the development process permits.</p> 123 <h3 id="what-is-involved-in-releasing-the-source-code-for-a-new-android-version">What is involved in releasing the source code for a new Android version?</h3> 124 <p>Releasing the source code for a new version of the Android platform is a 125 significant process. First, the software gets built into a system image for 126 a device and put through various forms of certification, including 127 government regulatory certification for the regions the phones will be 128 deployed. It also goes through operator testing. This is an important phase 129 of the process, since it helps shake out a lot of software bugs.</p></p> 130 <p>Once the release is approved by the regulators and operators, the 131 manufacturer begins mass producing devices, and we turn to releasing the 132 source code.</p> 133 <p>Simultaneous to mass production, the Google team kicks off several efforts 134 to prepare the open source release. These efforts include making final API changes, 135 updating documentation (to reflect any modifications that were made during 136 qualification testing, for example), preparing an SDK for the new version, 137 and launching the platform compatibility information.</p> 138 <p>Also included is a final legal sign-off to release the code into open 139 source. Just as open source contributors are required to sign a Contributors 140 License Agreement attesting to their intellectual property ownership of their 141 contribution, Google too must verify it is clear to make contributions.</p> 142 <p>From the time mass production begins, the software release process 143 usually takes around a month. This often places source code releases 144 around the same time the devices reach users.</p> 145 <h3 id="how-does-the-aosp-relate-to-the-android-compatibility-program">How does the AOSP relate to the Android Compatibility Program?</h3> 146 <p>The Android Open Source Project maintains the Android software, and 147 develops new versions. Since it's open-source, this software can be used for 148 any purpose, including to develop devices that are not compatible with other 149 devices based on the same source.</p> 150 <p>The function of the Android Compatibility Program is to define a baseline 151 implementation of Android that is compatible with third-party apps written 152 by developers. Devices that are "Android compatible" may participate in the 153 Android ecosystem, including Google Play; devices that don't meet the 154 compatibility requirements exist outside that ecosystem.</p> 155 <p>In other words, the Android Compatibility Program is how we separate 156 "Android-compatible devices" from devices that merely run derivatives of the 157 source code. We welcome all uses of the Android source code, but only 158 Android-compatible devices -- as defined and tested by the Android 159 Compatibility Program -- may participate in the Android ecosystem.</p> 160 <h3 id="how-can-i-contribute-to-android">How can I contribute to Android?</h3> 161 <p>There are a number of ways you can contribute to Android. You can report 162 bugs, write apps for Android, or contribute source code to the Android 163 Open Source Project.</p> 164 <p>There are some limits to the kinds of code contributions we are willing or 165 able to accept. For instance, someone might want to contribute an 166 alternative application API, such as a full C++-based environment. We would 167 decline that contribution, since Android encourages applications to be run 168 in the Dalvik VM. Similarly, we won't accept contributions such as GPL 169 or LGPL libraries that are incompatible with our licensing goals.</p> 170 <p>We encourage those interested in contributing source code to contact us 171 via the channels listed on the <a href="{@docRoot}source/community/index.html"> 172 Android Community</a> page prior to beginning any work. You can find more 173 information on this topic from the <a href="{@docRoot}source/contributing.html"> 174 Contributing</a> page.</p> 175 <h3 id="how-do-i-become-an-android-committer">How do I become an Android committer?</h3> 176 <p>The Android Open Source Project doesn't really have a notion of a 177 "committer". All contributions -- including those authored by Google 178 employees -- go through a web-based system known as "gerrit" that's part of 179 the Android engineering process. This system works in tandem with the git 180 source code management system to cleanly manage source code 181 contributions.</p> 182 <p>Once submitted, changes need to be accepted by a designated Approver. 183 Approvers are typically Google employees, but the same approvers are 184 responsible for all submissions, regardless of origin.</p> 185 <p>You can find more information on this topic at the <a href="submit-patches.html">Submitting Patches</a> page.</p> 186 <a href="#top">Back to top</a> 187 <h2 id="compatibility">Compatibility</h2> 188 <h3 id="what-does-compatibility-mean">What does "compatibility" mean?</h3> 189 <p>We define an "Android-compatible device" as one that can run any 190 application written by third-party developers using the Android SDK and NDK. 191 We use this as a filter to separate devices that can participate in the 192 Android app ecosystem and those that cannot. Devices that are properly 193 compatible can seek approval to use the Android trademark. Devices that are 194 not compatible are merely derived from the Android source code and may not 195 use the Android trademark.</p> 196 <p>In other words, compatibility is a prerequisite to participate in the 197 Android apps ecosystem. Anyone is welcome to use the Android source code. 198 But if the device isn't compatible, it's not considered part of the Android 199 ecosystem.</p> 200 <h3 id="what-is-the-role-of-google-play-in-compatibility">What is the role of Google Play in compatibility?</h3> 201 <p>Devices that are Android compatible may seek to license the Google Play 202 client software. This allows them to become part of the Android app 203 ecosystem, enabling their users to download developers' apps from a catalog 204 shared by all compatible devices. This option isn't available to devices 205 that aren't compatible.</p> 206 <h3 id="what-kinds-of-devices-can-be-android-compatible">What kinds of devices can be Android compatible?</h3> 207 <p>The Android software can be ported to many different kinds of devices, 208 including some on which third-party apps won't run properly. The 209 <a href="{@docRoot}compatibility/index.html">Android Compatibility Definition 210 Document</a> (CDD) spells out the specific device configurations that will be 211 considered compatible.</p> 212 <p>For example, though the Android source code could be ported to run on a 213 phone that doesn't have a camera, the CDD requires all phones to have a camera. 214 This allows developers to rely on a consistent set of capabilities when writing their apps.</p> 215 <p>The CDD will evolve over time to reflect market realities. For instance, 216 version 1.6 of the CDD supports only cell phones. But the 2.1 CDD allows devices 217 to omit telephony hardware, enabling non-phone devices such as tablet-style music 218 players to be compatible. As we make these changes, we will also 219 augment Google Play to allow developers to retain control over where 220 their apps are available. To continue the telephony example, an app that 221 manages SMS text messages would not be useful on a media player, so Google 222 Play allows the developer to restrict that app exclusively to phone 223 devices.</p> 224 <h3 id="if-my-device-is-compatible-does-it-automatically-have-access-to-google-play-and-branding">If my device is compatible, does it automatically have access to Google Play and branding?</h3> 225 <p>Google Play is a service operated by Google. Achieving compatibility is 226 a prerequisite for obtaining access to the Google Play software and branding. 227 Device manufacturers should contact <a 228 href="mailto:android-partnerships (a] google.com">android-partnerships (a] google.com</a> 229 to obtain access to Google Play.</p> 230 <h3 id="if-i-am-not-a-manufacturer-how-can-i-get-google-play">If I am not a manufacturer, how can I get Google Play?</h3> 231 <p>Google Play is only licensed to handset manufacturers shipping devices. 232 For questions about specific cases, contact <a 233 href="mailto:android-partnerships (a] google.com">android-partnerships (a] google.com</a>.</p> 234 <h3 id="how-can-i-get-access-to-the-google-apps-for-android-such-as-maps">How can I get access to the Google apps for Android, such as Maps?</h3> 235 <p>The Google apps for Android, such as YouTube, Google Maps, 236 Gmail, and more, are Google properties that are not part of Android and 237 are licensed separately. Contact <a 238 href="mailto:android-partnerships (a] google.com">android-partnerships (a] google.com</a> 239 for inquiries related to those apps.</p> 240 <h3 id="is-compatibility-mandatory">Is compatibility mandatory?</h3> 241 <p>No. The Android Compatibility Program is optional. Since the Android source 242 code is open, anyone can use it to build any kind of device. However, if manufacturers 243 wish to use the Android name with their products, or want access to Google Play, 244 they must first demonstrate their devices are compatible.</p> 245 <h3 id="how-much-does-compatibility-certification-cost">How much does compatibility certification cost?</h3> 246 <p>There is no cost to obtain Android compatibility for a device. The 247 Compatibility Test Suite is open-source and available to anyone for device testing.</p> 248 <h3 id="how-long-does-compatibility-take">How long does compatibility take?</h3> 249 <p>The process is automated. The Compatibility Test Suite generates a report 250 that can be provided to Google to verify compatibility. Eventually we intend 251 to provide self-service tools to upload these reports to a public database.</p> 252 <h3 id="who-determines-what-will-be-part-of-the-compatibility-definition">Who determines what will be part of the compatibility definition?</h3> 253 <p>Since Google is responsible for the overall direction of Android as a 254 platform and product, Google maintains the Compatibility Definition Document 255 for each release. We draft the CDD for a new Android version in consultation 256 with various OEMs who provide input on its contents.</p> 257 <h3 id="how-long-will-each-android-version-be-supported-for-new-devices">How long will each Android version be supported for new devices?</h3> 258 <p>Since Android's code is open-source, we can't prevent someone from using an 259 old version to launch a device. Instead, Google chooses not to license the 260 Google Play client software for use on versions that are considered 261 obsolete. This allows anyone to continue to ship old versions of Android, 262 but those devices won't use the Android name and will exist outside the 263 Android apps ecosystem, just as if they were non-compatible.</p> 264 <h3 id="can-a-device-have-a-different-user-interface-and-still-be-compatible">Can a device have a different user interface and still be compatible?</h3> 265 <p>The Android Compatibility Program determines whether a device can run 266 third-party applications. The user interface components shipped with a 267 device (such as home screen, dialer, color scheme, and so on) do not 268 generally have much effect on third-party apps. As such, device builders are 269 free to customize the user interface as much as they like. The Compatibility 270 Definition Document does restrict the degree to which OEMs may alter the 271 system user interface for areas that do impact third-party apps.</p> 272 <h3 id="when-are-compatibility-definitions-released-for-new-android-versions">When are compatibility definitions released for new Android versions?</h3> 273 <p>Our goal is to release new versions of Android Compatibility Definition 274 Documents (CDDs) once the corresponding Android platform version has 275 converged enough to permit it. While we can't release a final draft of a CDD 276 for an Android software version before the first flagship device ships with 277 that software, final CDDs will always be released after the first device. 278 However, wherever practical we will make draft versions of CDDs available.</p> 279 <h3 id="how-are-device-manufacturers-compatibility-claims-validated">How are device manufacturers' compatibility claims validated?</h3> 280 <p>There is no validation process for Android device compatibility. However, 281 if the device is to include Google Play, Google will typically validate 282 the device for compatibility before agreeing to license the Google Play client 283 software.</p> 284 <h3 id="what-happens-if-a-device-that-claims-compatibility-is-later-found-to-have-compatibility-problems">What happens if a device that claims compatibility is later found to have compatibility problems?</h3> 285 <p>Typically, Google's relationships with Google Play licensees allow us to 286 ask them to release updated system images that fix the problems.</p> 287 <a href="#top">Back to top</a> 288 <h2 id="compatibility-test-suite">Compatibility Test Suite</h2> 289 <h3 id="what-is-the-purpose-of-the-cts">What is the purpose of the CTS?</h3> 290 <p>The Compatibility Test Suite is a tool used by device manufacturers to help 291 ensure their devices are compatible, and to report test results for 292 validations. The CTS is intended to be run frequently by OEMs throughout the 293 engineering process to catch compatibility issues early.</p> 294 <h3 id="what-kinds-of-things-does-the-cts-test">What kinds of things does the CTS test?</h3> 295 <p>The CTS currently tests that all of the supported Android strong-typed APIs 296 are present and behave correctly. It also tests other non-API system 297 behaviors such as application lifecycle and performance. We plan to add 298 support in future CTS versions to test "soft" APIs such as Intents as 299 well.</p> 300 <h3 id="will-the-cts-reports-be-made-public">Will the CTS reports be made public?</h3> 301 <p>Yes. While not currently implemented, Google intends to provide web-based 302 self-service tools for OEMs to publish CTS reports so that they can be 303 viewed by anyone. CTS reports can be shared as widely as manufacturers 304 prefer.</p> 305 <h3 id="how-is-the-cts-licensed">How is the CTS licensed?</h3> 306 <p>The CTS is licensed under the same Apache Software License 2.0 that the 307 bulk of Android uses.</p> 308 <h3 id="does-the-cts-accept-contributions">Does the CTS accept contributions?</h3> 309 <p>Yes please! The Android Open Source Project accepts contributions to 310 improve the CTS in the same way as for any other component. In fact, 311 improving the coverage and quality of the CTS test cases is one of the best 312 ways to help out Android.</p> 313 <h3 id="can-anyone-use-the-cts-on-existing-devices">Can anyone use the CTS on existing devices?</h3> 314 <p>The Compatibility Definition Document requires that compatible devices 315 implement the 'adb' debugging utility. This means that any compatible device 316 -- including ones available at retail -- must be able to run the CTS 317 tests.</p> 318 319 <a href="#top">Back to top</a> 320 <h2>Security</h2> 321 <h3 id="secure">Is Android secure?</h3> 322 323 <p>The security and privacy of our users' data is of primary importance to the 324 Android Open Source Project. We are dedicated to building and maintaining one 325 of the most secure mobile platforms available while still fulfilling our goal 326 of opening the mobile device space to innovation and competition.</p> 327 328 <p>See the <a href="{@docRoot}devices/tech/security/index.html">Android Security 329 Overview</a> for a comprehensive description of the Android security model and processes.</p> 330 331 <p>Application developers play an important part in the security of Android. 332 The Android Platform provides developers with a rich <a 333 href="http://developer.android.com/training/articles/security-tips.html">security model</a> 334 that allows them to request capabilities, or access, from users 335 and define new capabilities other applications can request. 336 The Android user can choose to grant or deny an application's request for 337 certain capabilities on the handset.</p> 338 339 <p>We have made great efforts to secure the Android platform, but it is 340 inevitable that security bugs will be found in any system of this complexity. 341 Therefore, the Android team works hard to find new bugs internally and responds 342 quickly and professionally to vulnerability reports from external researchers. 343 </p> 344 345 346 <h3 id="issue">I think I found a security flaw. How do I report it?</h3> 347 348 <p>You can reach the Android security team at <a 349 href="mailto:security (a] android.com">security (a] android.com</a>. If you like, you 350 can protect your message using our <a 351 href="http://developer.android.com/security_at_android_dot_com.txt">PGP 352 key</a>.</p> 353 354 <p>We appreciate researchers practicing responsible disclosure by emailing us 355 a detailed summary of the issue and keeping the issue confidential while 356 users are at risk. In return, we will make sure to keep the researcher informed 357 of our progress in issuing a fix. </p> 358 359 360 <h3 id="informed">How can I stay informed about Android security?</h3> 361 362 <p>For general discussion of Android platform security, or how to use 363 security features in your Android application, please subscribe to <a 364 href="http://groups.google.com/group/android-security-discuss">android-security-discuss</a>. 365 </p> 366 367 368 <h3 id="use">How do I securely use my Android phone?</h3> 369 370 <p>Android was designed so you can safely use your phone without making 371 any changes to the device or installing any special software. Android applications 372 run in an Application Sandbox that limits access to sensitive information or data 373 with the users permission.</p> 374 375 <p>To fully benefit from the security protections in Android, it is important that 376 users download and install software only from known sources.</p> 377 378 <p>As an open platform, Android allows users to visit any website and load 379 software from any developer onto a device. As with a home PC, users must be 380 aware of who is providing the software they are downloading and must decide 381 whether they want to grant the application the capabilities it requests. 382 This decision can be informed by the user's judgment of the software 383 developer's trustworthiness, and where the software came from.</p> 384 385 386 <h3 id="malware">I think I found malicious software being 387 distributed for Android. How can I help?</h3> 388 389 <p>Like any other platform, it will be possible for unethical developers 390 to create malicious software, known as <a 391 href="http://en.wikipedia.org/wiki/Malware">malware</a>, for Android. If you 392 think somebody is trying to spread malware, please let us know at <a 393 href="mailto:security (a] android.com">security (a] android.com</a>. Please include as 394 much detail about the application as possible, with the location it is 395 being distributed from and why you suspect it of being malicious software.</p> 396 397 <p>The term <i>malicious software</i> is subjective, and we cannot make an 398 exhaustive definition. Some examples of what the Android security team believes 399 to be malicious software is any application that: 400 <ul> 401 <li>uses a bug or security vulnerability to gain permissions that have not 402 been granted by the user.</li> 403 <li>shows the user unsolicited messages (especially messages urging the 404 user to buy something).</li> 405 <li>resists (or attempts to resist) the user's effort to uninstall it.</li> 406 <li>attempts to automatically spread itself to other devices.</li> 407 <li>hides its files and/or processes.</li> 408 <li>discloses the user's private information to a third party, without the 409 user's knowledge and consent.</li> 410 <li>destroys the user's data (or the device itself) without the user's 411 knowledge and consent.</li> 412 <li>impersonates the user (such as by sending email or buying things from a 413 web store) without the user's knowledge and consent.</li> 414 <li>otherwise degrades the user's experience with the device.</li> 415 </ul> 416 </p> 417 418 <h3 id="fixes">How do Android-powered devices receive security 419 fixes?</h3> 420 421 <p>The manufacturer of each device is responsible for distributing software 422 upgrades for it, including security fixes. Many devices will update themselves 423 automatically with software downloaded "over the air" (OTA), while some devices 424 require the user to upgrade them manually.</p> 425 426 <p>Google provides software updates for a number of Android devices, including 427 the <a href="http://www.google.com/nexus">Nexus</a> 428 series of devices, using an OTA update. These updates may include 429 security fixes as well as new features.</p> 430 431 <h3 id="directfix">Can I get a fix directly from the 432 Android Platform Project?</h3> 433 434 <p>Android is a mobile platform that is released as open source and 435 available for free use by anybody. This means that there are many 436 Android-based products available to consumers, and most of them are created 437 without the knowledge or participation of the Android Open Source Project. Like 438 the maintainers of other open source projects, we cannot build and release 439 patches for the entire ecosystem of products using Android. Instead, we will 440 work diligently to find and fix flaws as quickly as possible and to distribute 441 those fixes to the manufacturers of the products through the open source project.</p> 442 443 <p>If you are making an Android-powered device and would like to know how you can 444 properly support your customers by keeping abreast of software updates, please 445 contact us at <a 446 href="mailto:info (a] openhandsetalliance.com">info (a] openhandsetalliance.com</a>.</p> 447 <a href="#top">Back to top</a> 448
