Can someone with more context explain what this means and maybe the background?
Android 16 QPR1 rolled out in binary-only form to phones that are blessed by Google over two months ago, and it's only just now that they bothered to actually release the source of their open-source operating system.
And it is very important to remember: being able to do this is the reason why companies have brainwashed the Internet into choosing the MIT license for everything.
With GPL-only code, the world would be much nicer for all of us.
Nobody needed to "brainwash" me into choosing the MIT license for my projects. I choose it because I disagree with the philosophy of the GPL, and think that true freedom requires the freedom for others to make their own licensing choices. You are quite welcome to disagree with that stance, but please cut out the inflammatory language. It's not charitable towards others and it isn't healthy for good discussion.
Some of the reason why the MIT license etc. is more popular surely has to do with the license text itself. I can understand the MIT license, and my corp lawyer can easily understand all the consequences of using something under MIT license. With the GPL, not so much. It's verbose and complex and has different versions.
Would it really be impossible to have a license with similar brevity as MIT but similar consequences as GPL?
Right, I think people misunderstand "free" when they are dominating versus "free" when they are the smaller player. One is a tool for domination and capture, the other is a tool for freedom ESPECIALLY against a bigger player.
Never attribute to malice that which can be explained by laziness.
Personally, I MIT/BSD my stuff because, well... it means I don't have to think about it ever again. If I do GPL, I have to make sure that I'm following the rules set out in that license and making sure others who have based their code on my project have done the same.
And that's, like, work, man, especially if you don't have a foundation and legal eagles on your side to double-check that everything's kosher.
Linux is an exception, not a rule, in how GPL is usually handled in FLOSS projects.
> it's only just now that they bothered to actually release the source of their open-source operating system.
Do you really need to have snark for an open source project?
Open-source projects maintained by individual developers working for free absolutely deserve more respect than that, but ones maintained by the most profitable company in the world [1] do not, especially when they go out of their way to change from doing the right thing to doing the wrong thing [2].
I thought we were talking about the Android project? /sarcasm
It's Google, I think they've sucked up enough of our digital lives and economy to handle a bit of snark.
Yes. Precisely because it's "open source", not "free".
Have they been in breach of GPL terms during the intervening two months?
Most of Android isn't GPL, so I would guess not.
This means the source code is finally being released for the quarterly release that came out in september. Roms like lineageos had to target QPR0 which came out back in June but can now bring up to this. Google used to release the source to AOSP right after the releases happened, now they don't.
Additional context per fediverse thread: The GPL code (i.e. kernel) was released on time, this is the AOSP userspace portions which Google isn't legally obligated to release (which doesn't make it not a dick move not to).
What was Googles "corporatespeak" reason for not releasing it right away?
There doesn't need to be "corporatespeak". They don't have to release it right away. They don't have to release it at all.
Another practical consequence is that GrapheneOS may finally be able to support Pixel 10 phones.
Yep! https://piunikaweb.com/2025/11/12/grapheneos-pixel-10-suppor...
Edit: never mind, this is just an article quoting the post at the top of this discussion.
it means custom roms maintainers like lineageos, can now work on adding android 16.1 builds
Here is a link to view it.
https://cs.android.com/android/platform/superproject/+/andro...
Since when did they stop using Gerrit? On mobile and it doesnāt appear to be that.
They still do. This is Android Code Search, which is a typical file tree and contents viewer.
They still use gerrit, that site is a code search UI that they have that is also a very nice way to navigate the code.
What's the current status of custom ROM development these days!! I hv been out of the sync for a while. It seems mostly dead except for few players like LOS, Graphene, Paranoid (prolly), I guess there are still some smaller enthusiasts, but they probably just kang old code and features rather than providing stable support.
Very happy with the quality of GrapheneOS and modern Google Pixel devices. Can recommend.
It is certainly not dead. The dead thing should be forced obsoletion and vendor lock-in. Dead is a subjective term.
GOS is not "paranoid", lol, it's just releasing the fastest asd adding cherry on top, and not bundling Google services (but allowing you to install them)
Ik GOS is not paranoid, "prolly" -> I wasn't sure whether Paranoid is still alive or not, it was there last year though
Paranoid Android (operating system): https://en.wikipedia.org/wiki/Paranoid_Android_(operating_sy...
Paranoid is another custom ROM - GP wasn't calling Graphene paranoid.
If you're wondering for a possible reason and whether google is just being "lazy", see [1].
Tl;Dr: google has certain commitments they need to make depending on when the source code is released. Expect more delays moving forward thanks to this law.
[1]: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ%3AJOL...
> certain commitments they need to make depending on when the source code is released
ā¦or when OS updates are released, see Annex II B 1.2 (6) (c) and (d) ("Smartphones" > "Design for reliability" > "Operating system updates")
So given that the updates were already released months ago, the release of the source code is irrelevant.
And what does 'released' mean in this context? GrapheneOS has very publicly stated that security patches are under embargo, and they already have patches for the March 2026 release. See [1]:
> 2025110800: All of the Android 16 security patches from the current December 2025, January 2026, February 2026 and March 2026 Android Security Bulletins are included in the 2025110801 security preview release. List of additional fixed CVEs:
So, have they been released? No. So the clock hasn't started ticking yet. This EU law made security worse for everyone as patches that are done today are not released for 4+ months.
Note: These are CLOSED source blobs GrapheneOS is shipping. If they were open source, the 4 months clock would trigger immediately but they are not allowed to do this themselves as they get the patches from an OEM partner. GrapheneOS shipping these CLOSED source blobs, that Google has NOT released does not trigger the timer.
I do accept that QPR1 was 'released' by Google on Pixel months ago, and therefore the timer started, however, Google will likely pick and chose what is best for OS updates/security patches. It explains why AOSP is now private/closed source and embargos are being used to get around the laws requirements.
[1]: https://grapheneos.org/releases#2025110800
From the EU law:
> (c) security updates or corrective updates mentioned under point (a) need to be available to the user at the latest 4 months after the public release of the source code of an update of the underlying operating system or, if the source code is not publicly released, after an update of the same operating system is released by the operating system provider or on any other product of the same brand;
> (d) functionality updates mentioned under point (a) need to be available to the user at the latest 6 months after the public release of the source code of an update of the underlying operating system or, if the source code is not publicly released, after an update of the same operating system is released by the operating system provider or on any other product of the same brand;
Doesn't the embargo concern the source code of the patches (and detailed information about the CVEs), not the release of the patched binaries?
Either way, I don't understand what point you're trying to make. Even after reading your other comments here in this subtree, I don't see anything in the regulation you linked that would have delayed the source code release of Android 16 QPR1, given that the QPR1 binaries had already been released.
You've explicitly quoted that source releases are not relevant:
> or, if the source code is not publicly released, after an update of the same operating system is released by the operating system provider
They have not released the source code, but they have released an update of their operating system on their reference Pixel hardware.
Therefore, all devices must update within 4 months of that Pixel release, regardless of source drops, per this law
>google has certain commitments
It reads to me like the opposite. Another case of manufacturers being unable to release updates in a prompt manner. Google delaying the release gives them more time to update.
What? Please explain what commitments exactly are causing Google to not release source code at the same time as the update. Until you do that, your statement is as valuable as writing 'Thanks, Obama!'
Yea, GP sounds like they want to drag "EU Bad" into this discussion.
I fail to see how this EU regulation promotes releasing software Closed Source and demotes releasing it Open Source.
> (c) security updates or corrective updates mentioned under point (a) need to be available to the user at the latest 4 months after the public release of the source code of an update of the underlying operating system or, if the source code is not publicly released, after an update of the same operating system is released by the operating system provider or on any other product of the same brand;
> (d) functionality updates mentioned under point (a) need to be available to the user at the latest 6 months after the public release of the source code of an update of the underlying operating system or, if the source code is not publicly released, after an update of the same operating system is released by the operating system provider or on any other product of the same brand;
So if Google releases an update for Pixel, the 'clock' starts ticking from that date, otherwise, it goes by when the source code is released. Google can pick and choose what works best for them and their partners according to these rules.
Hence why delaying the source code may be preferable. This is why security patches are being delayed as per GrapheneOS (under embargo)
For example: Google releases Android 20, under embargo to all OEMS, this is not released on Pixel, is entirely closed source (hence why AOSP is now private) and therefore doesn't trigger the law. Android 20 could be ready for months, but until it's released on Pixel or open source, those clauses are not triggered. This is already happening to security patches, see my comment above.
it has an integrated touch screen display with a viewable diagonal size of 10,16 centimetres (or 4,0 inches) or more, but less than 17,78 centimetres (or 7,0 inches);
I wonder if 3.99 inch and 7.01 inch smartphones will start appearing again.
That should be easy for foldables: an external sub 4" display and an over 7" main display.
> where the device has a foldable display or has more than one display, at least one of the displays falls into the size range in either opened or closed mode.
also this: does this mean that foldable phones with three 3.99" screens are excluded
[dead]
Get a daily email with the the top stories from Hacker News. No spam, unsubscribe at any time.