Treble: Fast Software Updates by Creating an Equilibrium in an Active Software Ecosystem of Globally Distributed Stakeholders

This paper presents our experience with Treble, a two-year initiative to build the modular base in Android, a Java-based mobile platform running on the Linux kernel. Our Treble architecture splits the hardware independent core framework written in Java from the hardware dependent vendor implementations (e.g., user space device drivers, vendor native libraries, and kernel written in C/C++). Cross-layer communications between them are done via versioned, stable inter-process communication interfaces whose backward compatibility is tested by using two API compliance suites. Based on this architecture, we repackage the key Android software components that suffered from crucial post-launch security bugs as separate images. That not only enables separate ownerships but also independent updates of each image by interested ecosystem entities. We discuss our experience of delivering Treble architectural changes to silicon vendors and device makers using a yearly release model. Our experiments and industry rollouts support our hypothesis that giving more freedom to all ecosystem entities and creating an equilibrium are a transformation necessary to further scale the world largest open source ecosystem with over two billion active devices.

[1]  Wenzhi Chen,et al.  A Lightweight Virtualization Solution for Android Devices , 2015, IEEE Transactions on Computers.

[2]  Gernot Heiser,et al.  From L3 to seL4 what have we learnt in 20 years of L4 microkernels? , 2013, SOSP.

[3]  Matthew Smith,et al.  SoK: Lessons Learned from Android Security Research for Appified Software Platforms , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[4]  William K. Robertson,et al.  PatchDroid: scalable third-party security patches for Android devices , 2013, ACSAC.

[5]  Tom Mens,et al.  A State-of-the-Art Survey on Software Merging , 2002, IEEE Trans. Software Eng..

[6]  M. Frans Kaashoek,et al.  Ksplice: automatic rebootless kernel updates , 2009, EuroSys '09.

[7]  Nan Zhang,et al.  The Peril of Fragmentation: Security Hazards in Android Device Driver Customizations , 2014, 2014 IEEE Symposium on Security and Privacy.

[8]  Marco Weiss,et al.  Open-source Projects , 2007 .

[9]  Alessandra Gorla,et al.  What did Really Change with the New Release of the App? , 2018, 2018 IEEE/ACM 15th International Conference on Mining Software Repositories (MSR).

[10]  Erik Derr,et al.  Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android , 2017, CCS.

[11]  Miryung Kim,et al.  An Empirical Study of API Stability and Adoption in the Android Ecosystem , 2013, 2013 IEEE International Conference on Software Maintenance.

[12]  Jacques Klein,et al.  CiD: automating the detection of API-related compatibility issues in Android apps , 2018, ISSTA.

[13]  Sarah Nadi,et al.  The Android Update Problem: An Empirical Study , 2018, 2018 IEEE/ACM 15th International Conference on Mining Software Repositories (MSR).

[14]  Jeremy Andrus,et al.  Cells: a virtual mobile smartphone architecture , 2011, SOSP '11.

[15]  Sang-Bum Suh,et al.  Xen on ARM: System Virtualization Using Xen Hypervisor for ARM-Based Secure Mobile Phones , 2008, 2008 5th IEEE Consumer Communications and Networking Conference.

[16]  Yajin Zhou,et al.  The impact of vendor customizations on android security , 2013, CCS.

[17]  Dilma Da Silva,et al.  Providing Dynamic Update in an Operating System , 2005, USENIX Annual Technical Conference, General Track.

[18]  Jason Nieh,et al.  KVM/ARM: the design and implementation of the linux ARM hypervisor , 2014, ASPLOS.

[19]  吉田 則裕,et al.  Android Open Source Projectを対象としたパッチレビュー活動の調査 , 2012 .

[20]  Jeremy Andrus,et al.  Cider: native execution of iOS apps on android , 2014, ASPLOS.