With each Google I/O conference comes the unveiling of the search giant's plans for its mobile operating system. And while Material design has made Android look the part, a number of skeletons that need dealing with.
The longest-standing, and I would argue the most-pressing, is fixing Android's all-or-nothing approach to app permissions.
It's high time that Android provided the ability for users to approve permissions on a granular basis, and for apps to gracefully degrade their experiences when the permissions they seek are not granted.
Naturally enough, with another I/O approaching, the rumours have reappeared that this will be the year that Google sorts out permissions once and for all -- especially after its false start in 2013.
But there is a good reason to believe this is the year that Google fixes its permissions issue, and it is the focus that the new Android release is expected put on Android in the enterprise.
It's not too hard to imagine certain professions where an app needlessly wanting to access and store the location of its users is not acceptable, nor would be allowing an app to rummage through an address book.
While sandboxing apps as Knox does can go someway to resolving the issue, it still leaves the non-work profile in the same stranded place it currently resides in.
There is one subject that continues to loom over Android, and is security. Now if the internet is to be believed, Android has big, scary security problems that will likely result in disease, pestilence, and asteroids heading towards our fine planet, as well as fragmentation, and it needs to be addressed immediately. As is usually the case, reality is far less hyperbolic.
It's true that OpenSSL is an utter piece of mouldy swiss cheese, and with each new exploit, it is easy to ask how many Android handsets will be vulnerable thanks to its notoriously slow update process. However, with the unifying force of Google Play Services and its ability to update in the background without carrier intrusion, the problem with waiting for a updates to a core security library have been fixed.
Make no mistake though, there are big problems, such as WebView remaining vulnerable in any device running Android Jelly Bean or earlier. With its now decoupled WebView app, Google has the pieces in place to see that this sort of neglect should not happen again.
As time goes by, and carriers and handset makers continue to drag their feet, it must be tempting to gut the core of Android, shift it over to the rapidly-updated Google Play Services framework, and remake Android as only a shell, a kernel, and collection of driver APIs. While it would kill the open source nature of Android by moving it to the proprietary Play Services, a similar approach has worked for Windows PCs for years and users would enjoy seeing timely updates to Android.
Another area where Android could use a centralised push is in the area of payments. After being ahead of the curve with Google Wallet, Apple Pay has clearly overtaken the alternative Android offerings, especially in terms of mindshare.
It is unlikely, but a quick nudge from Mountain View to open access beyond the US market, and perhaps Apple Pay and NFC payments will no longer be regarded as synonyms.
Whatever happens at Google I/O this week, the big Android visual refresh was unleashed last year, and the near future will be about focusing on the loose threads that remain -- as it should be, Android could use it.
ZDNet's Monday Morning Opener is our opening salvo for the week in tech. As a global site, this editorial publishes on Monday at 8am AEST in Sydney, Australia, which is 6pm Eastern Time on Sunday in the US. It is written by a member of ZDNet's global editorial board, which is comprised of our lead editors across Asia, Australia, Europe, and the US.
Previously on Monday Morning Opener: