I'm not sure i follow, you can upstream any security feature to AOSP, CopperheadOS dev has upstreamed lots of stuff to improve security overall which is good.
Google can do whatever they want but most of it is happening in house sadly, they could probably pay grsecurity devs to implement security features for Android & ChromeOS if they wanted to.
That last part is exactly my point. They're making billions on Android but will barely patch it. They just dont care at all since the money will go into their pockets anyway. Instead, all these small players have to show up working nearly for free swimming upstream with their enhancements making almost nothing.
Well it's already pretty hard to exploit Android, the kernel is the weak point at the moment.
I've studied the grsecurity code a lot and if you can exploit that stuff you can get high paying jobs for either red team or blue ;)
Making it harder and driving up the cost to use/write exploits and ofcourse making everyone more secure is the end goal for the sec team :D
