Vendor customisations are not open source. No, each vendor can do what they like and they only have to release the source to their kernel. The rest of the system is not for prying eyes.
Neugebauer says "It's fair to say that it's not Android itself that prevents you from having root access, merely that consumer devices never actually have root access enabled by default. The lack of root is very much a warranty thing.
"There's also a distinction between having root on an operating system and having the ability to install a new operating system. The latter is done by unlocking the phone's bootloader."
Of course, given that there are talented hackers aplenty in the open source domain, there are ways of gaining administrative access on Android devices and then doing what one wishes. This understandably voids any manufacturer's guarantee.
There are exceptions to this rule - root access can be obtained on Google's own Nexus devices using the official Android SDK. And recently HTC announced that it would allow users to unlock the bootloader on all its Android devices.
Google Play is the market provided for Android devices that are registered to Google; here one cannot obtain the source for any application, not easily anyway, even if the maker has no objection to the user doing so. Google does not provide any indication as to the licence of an application.
Additionally, Google's software development kit is not open source. This means that one needs a proprietary application to produce an application for an Android device.
Hence with all the talk of being open, Android, looked at as a whole, is curiously complicated when it comes to implementation of what are considered normal policies for open source applications. Google makes its own rules.