Get the top HN stories in your inbox every day.
kamranjon
josephcsible
Android 16 QPR1 rolled out in binary-only form to phones that are blessed by Google over two months ago, and it's only just now that they bothered to actually release the source of their open-source operating system.
o11c
And it is very important to remember: being able to do this is the reason why companies have brainwashed the Internet into choosing the MIT license for everything.
With GPL-only code, the world would be much nicer for all of us.
bigstrat2003
Nobody needed to "brainwash" me into choosing the MIT license for my projects. I choose it because I disagree with the philosophy of the GPL, and think that true freedom requires the freedom for others to make their own licensing choices. You are quite welcome to disagree with that stance, but please cut out the inflammatory language. It's not charitable towards others and it isn't healthy for good discussion.
semi-extrinsic
Some of the reason why the MIT license etc. is more popular surely has to do with the license text itself. I can understand the MIT license, and my corp lawyer can easily understand all the consequences of using something under MIT license. With the GPL, not so much. It's verbose and complex and has different versions.
Would it really be impossible to have a license with similar brevity as MIT but similar consequences as GPL?
utopiah
Right, I think people misunderstand "free" when they are dominating versus "free" when they are the smaller player. One is a tool for domination and capture, the other is a tool for freedom ESPECIALLY against a bigger player.
lenerdenator
Never attribute to malice that which can be explained by laziness.
Personally, I MIT/BSD my stuff because, well... it means I don't have to think about it ever again. If I do GPL, I have to make sure that I'm following the rules set out in that license and making sure others who have based their code on my project have done the same.
And that's, like, work, man, especially if you don't have a foundation and legal eagles on your side to double-check that everything's kosher.
Linux is an exception, not a rule, in how GPL is usually handled in FLOSS projects.
RicoElectrico
Why it seems that MPL is left out of the discussion? I find its clauses a reasonable middle ground.
ncruces
This is absurd.
Most of, if not all, code that was released today was written by Google. Then can release it, or not release it, regardless of license.
Android was never a community project with outside contributions. The license does not limit the original authors.
I'm not saying Google shouldn't have released them immediately. But GPL vs Apache vs MIT has absolutely nothing to do with it.
singpolyma3
Except Google also violates the GPL so that's not the only relevant factor.
bitpush
> it's only just now that they bothered to actually release the source of their open-source operating system.
Do you really need to have snark for an open source project?
josephcsible
Open-source projects maintained by individual developers working for free absolutely deserve more respect than that, but ones maintained by the most profitable company in the world [1] do not, especially when they go out of their way to change from doing the right thing to doing the wrong thing [2].
pseudosavant
I thought we were talking about the Android project? /sarcasm
ehnto
It's Google, I think they've sucked up enough of our digital lives and economy to handle a bit of snark.
MarsIronPI
Yes. Precisely because it's "open source", not "free".
wongogue
A project which uses and depends on a lot of other third-party OSS? Maybe.
estimator7292
Yes, open source requires snark just as much as tone policing
joecool1029
This means the source code is finally being released for the quarterly release that came out in september. Roms like lineageos had to target QPR0 which came out back in June but can now bring up to this. Google used to release the source to AOSP right after the releases happened, now they don't.
gpm
Additional context per fediverse thread: The GPL code (i.e. kernel) was released on time, this is the AOSP userspace portions which Google isn't legally obligated to release (which doesn't make it not a dick move not to).
berkes
What was Googles "corporatespeak" reason for not releasing it right away?
thevillagechief
There doesn't need to be "corporatespeak". They don't have to release it right away. They don't have to release it at all.
lawn
Another practical consequence is that GrapheneOS may finally be able to support Pixel 10 phones.
degamad
Yep! https://piunikaweb.com/2025/11/12/grapheneos-pixel-10-suppor...
Edit: never mind, this is just an article quoting the post at the top of this discussion.
rk06
it means custom roms maintainers like lineageos, can now work on adding android 16.1 builds
jeffbee
The largest and most widely used open source project in history is releasing one of their periodic updates, and lots of people with no industry (or life) experience are going to complain about it.
charcircuit
Here is a link to view it.
https://cs.android.com/android/platform/superproject/+/andro...
e40
Since when did they stop using Gerrit? On mobile and it doesn’t appear to be that.
tripdout
They still do. This is Android Code Search, which is a typical file tree and contents viewer.
zorgmonkey
They still use gerrit, that site is a code search UI that they have that is also a very nice way to navigate the code.
virajk_31
What's the current status of custom ROM development these days!! I hv been out of the sync for a while. It seems mostly dead except for few players like LOS, Graphene, Paranoid (prolly), I guess there are still some smaller enthusiasts, but they probably just kang old code and features rather than providing stable support.
preisschild
Very happy with the quality of GrapheneOS and modern Google Pixel devices. Can recommend.
a456463
It is certainly not dead. The dead thing should be forced obsoletion and vendor lock-in. Dead is a subjective term.
subscribed
GOS is not "paranoid", lol, it's just releasing the fastest asd adding cherry on top, and not bundling Google services (but allowing you to install them)
virajk_31
Ik GOS is not paranoid, "prolly" -> I wasn't sure whether Paranoid is still alive or not, it was there last year though
celsoazevedo
Paranoid Android (operating system): https://en.wikipedia.org/wiki/Paranoid_Android_(operating_sy...
13hunteo
Paranoid is another custom ROM - GP wasn't calling Graphene paranoid.
aboringusername
If you're wondering for a possible reason and whether google is just being "lazy", see [1].
Tl;Dr: google has certain commitments they need to make depending on when the source code is released. Expect more delays moving forward thanks to this law.
[1]: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ%3AJOL...
codethief
> certain commitments they need to make depending on when the source code is released
…or when OS updates are released, see Annex II B 1.2 (6) (c) and (d) ("Smartphones" > "Design for reliability" > "Operating system updates")
So given that the updates were already released months ago, the release of the source code is irrelevant.
aboringusername
And what does 'released' mean in this context? GrapheneOS has very publicly stated that security patches are under embargo, and they already have patches for the March 2026 release. See [1]:
> 2025110800: All of the Android 16 security patches from the current December 2025, January 2026, February 2026 and March 2026 Android Security Bulletins are included in the 2025110801 security preview release. List of additional fixed CVEs:
So, have they been released? No. So the clock hasn't started ticking yet. This EU law made security worse for everyone as patches that are done today are not released for 4+ months.
Note: These are CLOSED source blobs GrapheneOS is shipping. If they were open source, the 4 months clock would trigger immediately but they are not allowed to do this themselves as they get the patches from an OEM partner. GrapheneOS shipping these CLOSED source blobs, that Google has NOT released does not trigger the timer.
I do accept that QPR1 was 'released' by Google on Pixel months ago, and therefore the timer started, however, Google will likely pick and chose what is best for OS updates/security patches. It explains why AOSP is now private/closed source and embargos are being used to get around the laws requirements.
[1]: https://grapheneos.org/releases#2025110800
From the EU law:
> (c) security updates or corrective updates mentioned under point (a) need to be available to the user at the latest 4 months after the public release of the source code of an update of the underlying operating system or, if the source code is not publicly released, after an update of the same operating system is released by the operating system provider or on any other product of the same brand;
> (d) functionality updates mentioned under point (a) need to be available to the user at the latest 6 months after the public release of the source code of an update of the underlying operating system or, if the source code is not publicly released, after an update of the same operating system is released by the operating system provider or on any other product of the same brand;
codethief
Doesn't the embargo concern the source code of the patches (and detailed information about the CVEs), not the release of the patched binaries?
Either way, I don't understand what point you're trying to make. Even after reading your other comments here in this subtree, I don't see anything in the regulation you linked that would have delayed the source code release of Android 16 QPR1, given that the QPR1 binaries had already been released.
0zymandiass
You've explicitly quoted that source releases are not relevant:
> or, if the source code is not publicly released, after an update of the same operating system is released by the operating system provider
They have not released the source code, but they have released an update of their operating system on their reference Pixel hardware.
Therefore, all devices must update within 4 months of that Pixel release, regardless of source drops, per this law
charcircuit
>google has certain commitments
It reads to me like the opposite. Another case of manufacturers being unable to release updates in a prompt manner. Google delaying the release gives them more time to update.
phoronixrly
What? Please explain what commitments exactly are causing Google to not release source code at the same time as the update. Until you do that, your statement is as valuable as writing 'Thanks, Obama!'
berkes
Yea, GP sounds like they want to drag "EU Bad" into this discussion.
I fail to see how this EU regulation promotes releasing software Closed Source and demotes releasing it Open Source.
aboringusername
> (c) security updates or corrective updates mentioned under point (a) need to be available to the user at the latest 4 months after the public release of the source code of an update of the underlying operating system or, if the source code is not publicly released, after an update of the same operating system is released by the operating system provider or on any other product of the same brand;
> (d) functionality updates mentioned under point (a) need to be available to the user at the latest 6 months after the public release of the source code of an update of the underlying operating system or, if the source code is not publicly released, after an update of the same operating system is released by the operating system provider or on any other product of the same brand;
So if Google releases an update for Pixel, the 'clock' starts ticking from that date, otherwise, it goes by when the source code is released. Google can pick and choose what works best for them and their partners according to these rules.
Hence why delaying the source code may be preferable. This is why security patches are being delayed as per GrapheneOS (under embargo)
For example: Google releases Android 20, under embargo to all OEMS, this is not released on Pixel, is entirely closed source (hence why AOSP is now private) and therefore doesn't trigger the law. Android 20 could be ready for months, but until it's released on Pixel or open source, those clauses are not triggered. This is already happening to security patches, see my comment above.
userbinator
it has an integrated touch screen display with a viewable diagonal size of 10,16 centimetres (or 4,0 inches) or more, but less than 17,78 centimetres (or 7,0 inches);
I wonder if 3.99 inch and 7.01 inch smartphones will start appearing again.
pmontra
That should be easy for foldables: an external sub 4" display and an over 7" main display.
tensegrist
> where the device has a foldable display or has more than one display, at least one of the displays falls into the size range in either opened or closed mode.
also this: does this mean that foldable phones with three 3.99" screens are excluded
realusername
Parts of AOSP like the apps have been in limbo for way longer than that, maybe since Android 12.
xzjis
This has absolutely nothing to do with that law, and even Google doesn't dare use it as an excuse for its behavior (as they did with GDPR by deliberately creating user friction that the European regulation did not require, and even partially forbids).
In reality, it's a purely political decision to curb the development of third-party ROMs, because the AOSP source code exists with all the merges and is distributed to vendors (like Samsung). However, it's not necessarily just to target GrapheneOS and LineageOS; it might also be to target the Chinese market, particularly Huawei, which uses this source code for HarmonyOS.
aboringusername
It absolutely has everything to do with this new law. For the first time, depending on when Google releases source code, or releases a Pixel update, the timer (4 months for security, 6 months functionality) starts. This has never existed before in Android OS' history that updates are timed (in law) according to Pixel updates/software updates or open source releases. This law also applies to Apple but they will have no problems as they are compliant anyway as they control software/hardware entirely and it's closed source.
This is the entire reason AOSP went private/closed source, and why Google is delaying security patches as per GrapheneOS. The March 2026 patches are already released by GrapheneOS as closed source blobs. They are not allowed to release them as open source by embargo (essentially NDA). Why do you think Pixel hasn't shipped security patches earmarked for March 2026? There are some critical bugs those patches fix, why not release them today, right now or next month? Because if Pixel releases just a single patch, via a Pixel update or posts it on AOSP, the 4 month timer begins for every single OEM with a phone in the EU. By making the patches under embargo, Google gets to control exactly when the timer starts to coordinate with their OEMs. So the slowest OEM gets to control the entirety of Androids security model.
Ask yourself, why doesn't GrapheneOS just release their patches publicly/open source? Why have different 'security releases' with closed source blobs?
Because if they did:
1: They lose their partner OEM access to these patches
2: Every OEM would be required to release those same patches 4 months to the day GrapheneOS releases them.
codethief
> 2: Every OEM would be required to release those same patches 4 months to the day GrapheneOS releases them.
I don't think that's true since the regulation you linked says:
> (c) security updates or corrective updates mentioned under point (a) need to be available to the user at the latest 4 months after the public release of the source code of an update of the underlying operating system or, if the source code is not publicly released, after an update of the same operating system is released by the operating system provider or on any other product of the same brand;
(emphasis mine)
GrapheneOS is not the OS provider in this context, Google is.
zb3
> Because if Pixel releases just a single patch, via a Pixel update or posts it on AOSP, the 4 month timer begins for every single OEM with a phone in the EU.
And that's exactly what the law was about, this timer is a good thing. Now they should close the "artificial delay" loophole.
Klonoar
Isn’t Huawei moving away from Android as a base for Harmony?
zara762
[dead]
Get the top HN stories in your inbox every day.
Can someone with more context explain what this means and maybe the background?