Android, developed by Google, is one of the most popular mobile operating systems worldwide, powering millions of devices. What you might not realize is that there are different tiers of Android OS that are available for millions of devices. We will explore the three primary Android OS types: Oxygen, Go, and Standard. Understanding these variants will help you watch for any changes in your acquisition processes and data specific to each device type.

Oxygen OS: Oxygen OS is a custom Android operating system developed by OnePlus, a prominent smartphone manufacturer. Initially exclusive to OnePlus devices, Oxygen OS has gained popularity for its clean, near-stock Android experience coupled with additional features and customizations. Key features of Oxygen OS include:

• Enhanced Customization: Oxygen OS provides extensive customization options, allowing users to personalize their device’s appearance, icons, wallpapers, and accent colors. It offers a range of themes and styles to suit individual preferences.
• Gestures and Navigation: Oxygen OS introduces intuitive gesture-based navigation, providing an alternative to traditional button-based navigation. Users can swipe, slide, and perform gestures to navigate through the interface, enhancing convenience and usability.
• Performance Optimization: Performance Optimization: Oxygen OS emphasizes performance optimization, offering features like RAM management, app prioritization, and gaming modes. These optimizations aim to deliver a smooth and responsive user experience, especially on OnePlus devices.

Android Go: Android Go, officially known as Android (Go edition), is a lightweight version of the Android operating system designed for entry-level devices with limited hardware resources. It offers a streamlined and optimized experience for devices with low RAM and storage capacity. Key features of Android Go include:

• Reduced Resource Consumption: Android Go is optimized to consume fewer system resources, allowing devices with limited RAM (typically 1GB or less) to run smoothly. Lightweight versions of Google apps, such as Gmail Go and YouTube Go, are available to minimize resource usage.
• Data Management: Android Go includes built-in data-saving features to help users manage internet usage efficiently. It provides data usage tracking, the ability to set data limits, and optimized versions of popular apps that use less data.
• Enhanced Security: Android Go benefits from Google’s security enhancements, including Google Play Protect, which scans apps for potential threats and provides regular security updates to ensure device safety.

Standard Android, also known as stock Android or pure Android, is the unmodified version of the Android operating system developed by Google. It offers a clean, minimalistic user interface and lacks the manufacturer-specific customizations found in other Android variants. Key features of standard Android include:

• Minimalistic User Interface: Standard Android provides a clean, intuitive user interface with a focus on simplicity and ease of use. It offers the core Android experience without additional manufacturer overlays or modifications.
• Quick Updates: Like the original Android version, standard Android typically receives updates directly from Google, ensuring timely security patches and new feature releases. This is advantageous for users who prioritize the latest Android updates.
• Native Google Apps: Standard Android comes preloaded with essential Google apps and services, such as Google Maps, Gmail, Google Photos, and Google Assistant. These apps seamlessly integrate with the operating system, providing a consistent user experience.

Now that we see some of the differences between device types in relation to their operating system, you can see some adjustments can be made for their forensic impact.

All the different Android versions can still acquire through traditional ADB backup methods that are typical of most forensic tools in the DFIR market. Some tools will use an ADB downgrade method that can work with all three OS types to acquire data from supported apps without full root-level access. Note that without using a downgrade method or a root acquisition access, to the App data with any flavor of Android will be limited.

With some of the changes in security with the various device types, limited root, and full file system acquisitions can happen. Each device should be checked on a supported model list prior to processing to confirm the Android OS version on the device. Because of the simplified system, different root attempts done with Android Go can cause the device to have a loss of data with root attempts. However, one of the biggest advantages of working with Android is having so many different acquisition options available, including ADB, rooting, chip dumps, and other physical imaging.

With Android offering various OS types to cater to different user needs and device specifications, it is critical to remember during an investigation to check which flavor of Android you are dealing with.