Subject: Google Refuses to Enforce GPLv2 on Android: Transsion & Xiaomi Shipping Hidden Modules

[isus]

Dear Linux Kernel Community, Linus, and Greg,
I am writing to bring to your immediate attention a systemic failure
in how GPLv2 compliance is handled within the Android ecosystem,
sanctioned directly by Google.
During firmware analysis of recent MediaTek-based Android devices from
Transsion Holdings (TECNO) and Xiaomi, I discovered blatant GPLv2
violations. These OEMs are bypassing their license obligations by:
Withholding Kernel Modules: Shipping proprietary, unreleased kernel
modules (.ko) that are dynamically linked to the Linux kernel, hiding
their source code entirely.
Withholding Firmware & Flashing Utilities: Refusing to provide
complete stock firmware images and the technical tools (flashing
utilities) required to actually build, install, and run a
custom-compiled kernel on the hardware.
Under GPLv2 Clause 3, the "complete source code" must include all
modules and the scripts used to control compilation and installation.
Without the entire kernel tree (including every module) and the
official flashing tools, the released code is incomplete and
non-compliant.
When I formally escalated this with absolute technical proof to the
Android Partner Compliance team via the Google Issue Tracker (Issue
521450636), Google officially refused to enforce the license. They
stated that these violations are handled exclusively through
"confidential partner channels" and closed the ticket as "Won't Fix
(Infeasible)".
You can view the unedited screenshot of Google's official refusal here:
https://drive.google.com/file/d/1i8P8K3A4K6zjpsNYQhc-P5OUAzI5PUE1/view?usp=drivesdk
By doing this, Google is effectively shielding violating OEMs from
public accountability. Independent developers have zero leverage here.
This is a structural policy failure. I am sharing this publicly
because we need to stop chasing individual OEMs. We must pressure
Google to integrate mandatory, automated open-source compliance checks
directly into their GMS (Google Mobile Services) and MADA
certification pipelines. Certification must be made conditional upon
the public release of the entire kernel source tree, including all
modules, as well as the full set of official stock firmware images and
flashing utilities.
I have full firmware dumps, binary analysis logs, and communication
histories ready. I am also routing this to the Software Freedom
Conservancy compliance team.
Best regards,
isus203
Twitter: @isus203