Reliability and Recovery Design for OTA Software Updates in Automotive Embedded Systems

Over-the-air (OTA) software updates have become increasingly important in connected and software-intensive vehicles, enabling remote maintenance, security patching, feature updates, and post-deployment system optimization [1], [2], [8]. However, automotive OTA workflows face reliability challenges caused by intermittent connectivity, ignition-cycle interruptions, power-state transitions, limited embedded resources, and cybersecurity governance requirements [2], [6], [7], [8]. This paper presents a reliability-focused design for OTA software update systems in Android-based automotive embedded platforms, emphasizing staged orchestration, checkpoint-based recovery, artifact validation, and controlled failure handling [8], [10], [12], [13]. The proposed architecture incorporates checkpoint-based progress tracking, modular update delivery, cryptographic verification, and deterministic recovery workflows to reduce the risk of incomplete, inconsistent, or unverifiable software update states [3], [5], [8], [9]. The design specifically addresses interruptions such as network disruptions, process restarts, reboot events, and suspend/resume transitions that can disrupt long-running update workflows in embedded automotive environments [2], [8], [13], [14]. The framework provides a practical approach to constructing resilient OTA workflows by combining platform-level update support with application-layer recovery logic, while aligning the update process with expectations in automotive software update engineering, cybersecurity, and software update management [6], [7], [8].

Over-the-Air (OTA) Updates, Automotive Embedded Systems, Android Automotive, Software Update Reliability, Checkpoint-Based Recovery, Recovery Mechanisms, Connected Vehicles

[M. Shavit, A. Gryc, and R. Miucic, “Firmware Update Over The Air (FOTA) for Automotive Industry,” SAE Technical Paper 2007-01-3523, 2007, doi: 10.4271/2007-01-3523.

H. Dakroub and R. Cadena, “Analysis of Software Update in Connected Vehicles,” SAE Technical Paper 2014-01-0256, 2014, doi: 10.4271/2014-01-0256.

T. K. Kuppusamy, L. A. DeLong, and J. Cappos, “Uptane: Securing Software Updates for Automobiles,” ESCAR USA, 2016.

T. K. Kuppusamy, L. A. DeLong, and J. Cappos, “Securing Software Updates for Automotives Using Uptane,” USENIX ;login:, vol. 42, no. 2, 2017.

T. K. Kuppusamy, L. A. DeLong, and J. Cappos, “Uptane: Security and Customizability of Software Updates for Vehicles,” IEEE Vehicular Technology Magazine, 2018, doi: 10.1109/MVT.2017.2778751.

ISO/SAE 21434:2021, Road vehicles — Cybersecurity engineering, International Organization for Standardization, 2021.

UNECE, UN Regulation No. 156 — Software update and software update management system, United Nations Economic Commission for Europe, 2021.

ISO 24089:2023, Road vehicles — Software update engineering, International Organization for Standardization, 2023.

ITU-T, Secure Software Updates Over-the-Air for Connected Vehicles, Technical Paper FSTP.SS-OTA, International Telecommunication Union, 2021.

Android Open Source Project, “A/B System Updates,” Android Open Source Project documentation, accessed Dec. 2024.

Android Open Source Project, “Dynamic Partitions,” Android Open Source Project documentation, accessed Dec. 2024.

Android Developers, “PackageInstaller,” Android Developers API Reference, accessed Dec. 2024.

Android Developers, “WorkManager,” Android Developers documentation, accessed Dec. 2024.

Android Open Source Project, “Android Automotive Power Management,” Android Open Source Project documentation, accessed Dec. 2024.