Expert eyes on your Android platform.

Architecture reviews, security audits, and bring-up triage for teams shipping Android on custom hardware. We read the code your team does not have time to, and we write a report with prioritised findings and references you can act on.

Start a conversation How we engage

What we do

// aosp-consulting.md

Architecture reviews covering the full stack — bootloader, kernel, HAL, framework, and app layer — with prioritised findings, reproduction steps, and references to the AOSP commits and vendor docs behind each recommendation.

Security audits: SELinux policy reviews, verified-boot chain walkthroughs, keystore and attestation assessments, and third-party SDK triage — beyond what CTS and Play Protect check for.

Bring-up triage on stuck hardware — kernel, init sequence, HAL, or first-boot regressions — delivered as a short, targeted engagement rather than an open-ended retainer.

Due diligence for platform hiring and acquisitions: tech-screen support, codebase reads, and written opinions with references you can hand to stakeholders.

Who it's for

Honest scoping, up front

Good fit when

Your team owns an AOSP device and needs an outside read on architecture, security, or performance before a release.
You are about to ship and want a final pass from engineers who work at the platform layer every day.
A new SoC or BSP is blocking a release and you need focused triage, not more headcount.
You are evaluating a vendor, SDK, or codebase and want a defensible written opinion from platform engineers.

Not a fit when

You need a long-term embedded team — see Custom AOSP Development.
You want generic mobile-app advice with no platform or device angle — see Mobile App Development.
You are looking for broad platform opinions without a concrete product or device in mind. We charge for code-level reviews, not whiteboard conversations.

How we engage

Clear scope,
documented handoffs

Discovery call

A free 45-minute conversation. We read your architecture doc, your repo README, or the specific ticket you are stuck on. If it is not a fit, we say so and point you somewhere better.

Written scope

Within two to three business days: objectives, deliverables, hourly estimate, and a fixed ceiling. You approve, adjust, or walk away — no retainer pressure.

Execution with progress pings

We read, we test, we reproduce. You get substantive updates every two to three days — specific findings with line numbers, not weekly status theatre.

Report and handoff

A written report with prioritised findings, reproduction steps, and references to AOSP, CVE, and vendor documentation. One hour of follow-up Q&A included; remediation is optional and scoped separately.

Where it lands

Where this work lands

Pre-launch review

Before an AOSP device ships we read the security posture — SELinux policy, verified-boot chain, keystore, attestation — plus the OTA pipeline. You get a written report with prioritised findings and reproduction steps.

Stuck bring-up

When a new board or SoC is blocking a release, we do focused triage: kernel config, init, HAL, first-boot. Written findings with reproduction steps, not an open-ended retainer.

Fleet security audit

Device-owner posture, verified boot, attestation chain, and third-party SDK triage across a deployed fleet. Output is a remediation roadmap with priorities, not a compliance checklist.

Contact

Let's scope your project

Tell us what you're building and where you're stuck. We read every message, and we reply with an honest assessment — even when we think someone else is a better fit.

contact@actinis.io