Hi, I am looking at Android security at the moment and particularly at the possibility to exploit Linux kernel bugs to gain root access. I am wondering how the software update process (and particularly the kernel updates) works on the phones. There are several versions of Android (1.5, 1.6, ..., 2.2) and several version of the Linux kernel (2.6.27,..., 2.6.32) - Is there any link (for all constructors) between the Android version number and the Linux kernel version number ?- - Once a flaw is detected in the Linux kernel and a patch for that flaw is integrated in the Linux kernel, how is this patch sent to the phones (if it is at all) ? - Is the end user notified that he should install this new update ? - Are the software updates signed in any way to protect the user against "false" updates ? - Is this update process the same for all phone vendors (HTC,Samsung,...)? That is a lot of questions but I couldn't find any good documentation on these points on the Internet. Any help is very welcome !