Kernel vulnerability is a technical problem faced by all Android devices. At present, although a large number of kernel vulnerabilities have been made public, there remain numerous Android devices which cannot be updated in time. Shadow industries can utilize these vulnerabilities to break through nearly all security protection mechanisms installed in the devices such as encryption, fingerprint, and data compartmentalization. Since mobile phone manufacturers cannot concentrate their effort to find and repair kernel vulnerabilities as third-party manufacturers specialising in security do, it is difficult to solve this problem by only relying on mobile phone manufacturers. In addition, as the Android supply chain is very long, it is often too late when the kernel patch is able to reach user equipment after passing a series of audits. Therefore, the manufacturers specialising in security need to collaborate with other manufacturers along the supply chain.
However, it is difficult for the security manufacturers to obtain device source code, and to provide customization on thousands of devices on the market. Therefore, there is an acute need for a flexible mechanism to allow the security manufacturers to insert repair logics independent of the platforms. In addition, flexibility means risk, so a restraint mechanism to limit the repair capability of the security manufacturers is needed to prevent arbitrarily tampering with the kernel logic, or even a back door insertion.