Android Internals & Custom ROM Development

iGates is a Tel Aviv-based software house with over 15 years of specialization in Android Internals and Custom ROM development. We work at the operating-system level — kernel customization, HAL development, AOSP framework modifications, SELinux policy hardening, and OTA infrastructure — for cybersecurity platforms, industrial devices, OEM products, and defense-grade systems. Flagship reference: iGates was the R&D partner behind the Consensio Cyber Security platform.

What is Android Internals development?

Android Internals is the discipline of working at the operating-system level of Android — as opposed to developing an application that runs on top of it. Instead of using the Android SDK to write Kotlin running above the framework, an Android Internals engineer writes the framework itself, the HAL for dedicated hardware, customizes the kernel, defines custom SELinux policy, and delivers a complete AOSP build optimized for the hardware and product needs.

This is a rare discipline. In Israel, only a small number of companies can take a project like this from feasibility through shipped product with long-term security-update maintenance. iGates is one of them.

Android Internals services at iGates

  • Custom ROM development from scratch on AOSP
  • Hardware bring-up: adaptation to new hardware, drivers, Device Tree, and bootloader
  • HAL development for unsupported camera, sensors, radio, and secure elements
  • Kernel customization: real-time tuning, custom LSM modules, and kernel hardening
  • SELinux policy engineering and defense-grade hardening
  • Framework modifications: System Server, custom permissions, behavior changes, and system-surface UI
  • Verified Boot and secure boot chain: signing infrastructure and key management
  • OTA infrastructure: signed updates, rollback, A/B partition management, and long-term security maintenance
  • System apps: replacement launchers, custom settings, and kiosk-mode enforcement
  • CI/CD for AOSP builds, regression testing, and fleet deployment

Our Android Internals tech stack

Languages: C, C++ (11/17/20), Java, Kotlin, Assembly (ARM, x86)
AOSP versions: Android 14, 15, 16, and LTS branches
Kernel: Linux mainline + Android patches, binder, ashmem, low memory killer, and wakelocks
HAL: AIDL, legacy HIDL, and Treble-compliant design
SELinux: targeted policy, mac_permissions.xml, and policy compilation pipeline
Bootloader: U-Boot, Little Kernel, EDK2 / Tianocore for ARM
SoCs: Qualcomm Snapdragon, MediaTek, Samsung Exynos, NXP i.MX, and Rockchip
Security: OP-TEE, Verified Boot, AVB, and hardware-backed keystore

Case studies

Consensio Cyber Security — Security platform on custom AOSP. iGates was the R&D partner behind Consensio's solution: deep Android Internals integration, custom kernel work, defense-grade SELinux hardening, and framework modifications inside a complete security product.

Additional industrial and defense projects — embedded and cyber work we are not free to discuss publicly due to classification, NDA, or client policy. We can discuss them under NDA in an initial conversation.

Industries and use cases we serve

  • Cybersecurity: secure phones, secure communications, encrypted messaging platforms, secure MDM
  • Defense: field devices, secure handhelds, radios with Android UI
  • Industrial: POS terminals, scanners, field systems, industrial equipment with Android UI
  • Healthcare: medical devices with compliance requirements
  • Finance: payment terminals, ATMs, and secure kiosks
  • OEM: hardware manufacturers seeking branded Android
  • IoT with Android UI: industrial controllers, smart-home hubs, and measurement equipment

iGates' Custom ROM development process

  1. Feasibility Study (3-4 weeks): chipset, kernel base, vendor BSP, and compliance constraints.
  2. AOSP Base Selection: Android version, LTS branch, and vendor base.
  3. Hardware Bring-up: bootloader, Device Tree, kernel boot, and peripheral drivers.
  4. HAL Development for hardware components not supported in standard AOSP.
  5. Customization Layer: system server, framework, system apps, UI, behavior, and permissions.
  6. Security Hardening: SELinux, Verified Boot, signature chain, and key management.
  7. OTA Infrastructure: signed updates, A/B partitions, rollback, and fleet management.
  8. CI/CD: AOSP build automation, automated regression tests, and signed artifact pipeline.
  9. Launch + Long-term Support: Android Security Bulletins, kernel CVE patches, and version upgrades.

What we do not do

  • Build Custom ROM when MDM is sufficient — we recommend MDM when it is the right answer
  • Android jailbreak or bypassing organizational security
  • Custom ROM on personal consumer devices
  • Custom ROM without a long-term maintenance process

Planning a platform that sits inside Android rather than on top of it — a cybersecurity product, industrial device, secure enterprise platform, or OEM customization? The first step is a 3-4 week feasibility study that tells you exactly what is possible, at what cost, and on what timeline. Reach out for a no-commitment technical review.

For a deeper read, see our article: Android Internals & Custom ROM. Related services include Embedded Linux and kernel development, Android application development, Industrial IoT development, Software development, and iGates services.

Full AOSP architecture

Custom ROM architecture

Mapping AOSP, kernel, HAL, framework, and system-app layers for maintainable long-term Custom ROM delivery.

Hardware, HAL, and Treble

HAL and hardware bring-up

HAL development, driver adaptation, and hardware bring-up for dedicated devices, including Treble-compliant partitioning and Device Tree.

Security and maintenance

Defense-grade hardening

SELinux policy engineering, Verified Boot, signed OTA updates, and long-term security-update maintenance.

Frequently asked questions

What kinds of Android Internals projects do you take on?

We work on Android-based cybersecurity platforms, industrial devices with kiosk-mode requirements, OEM customizations, defense systems with classification requirements, and medical or financial devices with compliance needs. The basic criterion: the product must intervene inside the operating system, not just use it.

Do you work with client-supplied hardware, or do you provide hardware too?

We are a software company, not a hardware manufacturer. But we have deep experience with common SoCs such as Qualcomm Snapdragon, MediaTek, Samsung Exynos, NXP i.MX, and Rockchip, and we help clients select appropriate hardware during feasibility.

How long does the first Custom ROM build take?

A POC on existing reference hardware usually takes 3-4 months. A production-grade ROM with OTA, signed builds, and full security hardening takes 8-14 months. A full security platform with defense-grade hardening and multi-year support can take 18+ months.

Do you provide long-term maintenance?

Yes. We track Google's monthly Android Security Bulletins, stay current on kernel CVEs, perform merges with vendor BSPs, and build pipelines that produce signed OTA updates. A ROM without a maintenance process ages within months.

Which Android versions do you support?

We work with Android 14, 15, and 16. For projects requiring long-term support, we recommend LTS branches. For legacy projects already running on older versions, we also help with structured upgrade paths.

Do you sign an NDA before an initial conversation?

Yes. Android Internals projects often touch sensitive information — IP, hardware roadmaps, and security architecture. We are accustomed to signing NDAs before an introductory call, including mutual NDAs when required.

See more