41 votes

Right to root access

32 comments

  1. [5]
    Protected
    Link
    Doesn't mention things like safetynet/play integrity or other "trusted computing" stacks that make it so even if the hardware ultimately lets you install whatever you want, applications will...

    Doesn't mention things like safetynet/play integrity or other "trusted computing" stacks that make it so even if the hardware ultimately lets you install whatever you want, applications will refuse to run on any modified system. It's the most offensive fraud ever perpetrated against the tech industry's entire consumer base and I utterly despise everyone responsible.

    32 votes
    1. [2]
      lynxy
      Link Parent
      I agree. Google's walled garden is just as insidious as Apple's, despite Android having been marketed as the more open alternative to IOS for the longest time, and safetynet is just the tip of...

      I agree. Google's walled garden is just as insidious as Apple's, despite Android having been marketed as the more open alternative to IOS for the longest time, and safetynet is just the tip of that iceberg. The way Google has centralised a lot of important functionality in their Play Services back-end is definitely anti-competitive and anti-consumer. Excusing centralised notifications as a battery saving measure while operating one of the largest and most profitable data harvesting and selling operations in tech history is egregious.

      18 votes
      1. Akir
        Link Parent
        I can't help but think of Android as being something like Google's version of "Embrace, Extend, Extinguish." Sure, they're not really extinguishing Linux - that's probably not even a real...

        I can't help but think of Android as being something like Google's version of "Embrace, Extend, Extinguish." Sure, they're not really extinguishing Linux - that's probably not even a real possibility. And to be fair, Google isn't the only company doing things like this. It seems in the past decade or so every major company that deals with FOSS has been attempting to reign in control over the platform. Most notably Red Hat had not too long ago closed off access to RHEL and before that they handicapped CentOS. The corporate world is basically trying to have it's cake and eat it to: they start with FOSS, make their own version of it, take advantage of the well meaning people who contribute code, but over time take more and more steps to ensure they have control over what you do with the software.

        When it comes to Android, sure, there is AOSP, but practically nothing comes shipping with AOSP. The manufacturers pay Google for their semi-proprietary version of Android. A huge variety of apps will not work with AOSP because everyone uses Google's services, and most of the "stock" apps are actually Google versions that are almost entirely closed-source proprietary versions. If you want RCS on your phone, the only way to do so is to pay Google for it because it's not a part of AOSP and they're not going to let you in on that game without them. And Android is not the only way they do this, of course. Notably they exert control over the web as a development platform via Chrome.

        2 votes
    2. [2]
      pallas
      Link Parent
      An insidious problem with that, too, is that the applications will often not be honest about refusing to run; instead, they'll claim network problems, or temporary failures, or just not work, and...

      applications will refuse to run on any modified system.

      An insidious problem with that, too, is that the applications will often not be honest about refusing to run; instead, they'll claim network problems, or temporary failures, or just not work, and sometimes will do so inconsistently. I had to stop using GrapheneOS when FreeNow suddenly just stopped actually calling taxis, while I was trying to get to the airport in a city where taxis simply can't be hailed without a smartphone in practice.

      That standard corporate security practice often involves lying now is quite disappointing.

      4 votes
      1. Protected
        Link Parent
        As a current user of GrapheneOS, I'm not sure I approve of their stance here. After all, they do not allow root and provide basic integrity compliance, which feels like they're playing a game...

        As a current user of GrapheneOS, I'm not sure I approve of their stance here. After all, they do not allow root and provide basic integrity compliance, which feels like they're playing a game they're bound to lose in the end. Since they have no full integrity compliance, you could get the exact same result and support root with all its benefits by magisking your way around the whole thing. Integrity checks above basic will fail in both cases, but at least I could install an effective adblocker. You can have security while still allowing users to control their own devices.

        1 vote
  2. [2]
    lynxy
    (edited )
    Link
    Not my blog, but a post I found while venting my frustrations about the way the ability to unlock the bootloader of an Android device has been slowly stripped away in the past few years by a...

    Not my blog, but a post I found while venting my frustrations about the way the ability to unlock the bootloader of an Android device has been slowly stripped away in the past few years by a number of manufacturers.

    I fully agree with this viewpoint- and I don't much care for the exploitative arguments against it. I'm absolutely exhausted by what feels like an unwinnable battle against big-tech to simply use a device I have purchased and own how I would like to use it.

    16 votes
    1. SteeeveTheSteve
      Link Parent
      This just reminds me of John Deere who believes you have an implied license, for the life of the tractor, to use it and you don't own the software so you can't mess with it. Who has read the the...

      a device I have purchased and own

      This just reminds me of John Deere who believes you have an implied license, for the life of the tractor, to use it and you don't own the software so you can't mess with it.

      Who has read the the agreements when you get a new phone, is that in there yet? lol

      1 vote
  3. Tiraon
    Link
    This ties back to the high levels of computer illiteracy among general population. In a world where even something as utterly trivial as installing Linux(or Windows for that matter) at a desktop...

    This ties back to the high levels of computer illiteracy among general population.

    In a world where even something as utterly trivial as installing Linux(or Windows for that matter) at a desktop pc is seen as some kind of black magic that normal person can never understand it is incredibly easy to add a vast range of restrictions on a hw you bought.

    Manufactures limit access and add inconveniences because they can. There is no effective legislation against it and most people lack the perspective to know why they should care which vastly limits the options of even those that do care.

    Smartphones are not even the worst, though they are probably the most important and ones that massively helped normalize this.

    15 votes
  4. [17]
    skybrian
    Link
    If this is what you care about, buy a device that can do that. Lots of people don’t care, because they wouldn’t know what to do with root access.

    If this is what you care about, buy a device that can do that. Lots of people don’t care, because they wouldn’t know what to do with root access.

    4 votes
    1. [12]
      lynxy
      Link Parent
      The point is that the number of options for devices that are still unlockable / rootable is getting pretty damned small. Oppo have been complicating the process. Asus have disabled their tool and...

      The point is that the number of options for devices that are still unlockable / rootable is getting pretty damned small. Oppo have been complicating the process. Asus have disabled their tool and backend. Xiaomi have introduced restrictions. Nubia devices require leaked EDL files, or some alternative exploit. Samsung devices can only be unlocked in certain countries.

      It's easy to say "just buy a device that supports it" when it's not a problem that effects you. When you don't know the extent of the problem.

      13 votes
      1. [11]
        skybrian
        Link Parent
        Yes, I don’t know the extent of the problem, in part because I don’t know what you’re trying to do. If you’re looking for a phone, a Google phone should be easiest, and I found an article about...

        Yes, I don’t know the extent of the problem, in part because I don’t know what you’re trying to do.

        If you’re looking for a phone, a Google phone should be easiest, and I found an article about other options with a brief search. But maybe there’s a reason none of those are suitable?

        Going beyond phones, depending on what you’re doing, a Raspberry PI, a Chromebook, or one of the many single-board computers you can get from Adafruit might be better. Making recommendations would easier for a specific project.

        2 votes
        1. [10]
          trim
          Link Parent
          If GrapheneOS folks are to be believed (and I don't have the technical knowledge to refute it) then the Pixel phones are the only ones where the bootloader can be unlocked, an alternate OS...

          If GrapheneOS folks are to be believed (and I don't have the technical knowledge to refute it) then the Pixel phones are the only ones where the bootloader can be unlocked, an alternate OS installed, and then re-locked without harming the security posture of the device.

          I hate that I have to go to Google for my hardware for this reason, but at least I can run an Android free from the data collection proclivities of Goo "don't be evil" gle.

          10 votes
          1. [6]
            arch
            Link Parent
            While it doesn't hard the security of the device, it does lock you out of a significant number of features. The most obvious is that tap to pay (namely Google Wallet) will not work, I haven't...

            While it doesn't hard the security of the device, it does lock you out of a significant number of features. The most obvious is that tap to pay (namely Google Wallet) will not work, I haven't found a single software that will support it on GrapheneOS. There are a non-insignificant number of other issues that require a bunch of workaround. Android Auto took me hours to get working, Google Fit took me more time, Google Maps and properly location access was glitch for me until I got the location software stack configured in a specific way.

            Even if you want to go fully sans-Google there are certain pieces of software that rely on things like safetynet for which they have only been granted partial access by Google.

            3 votes
            1. trim
              Link Parent
              And I don't use those things. If I cared about them then I agree, my mobile life might be much more difficult. But it was all part of what I accepted as necessary. If I wanted all those Google...

              And I don't use those things. If I cared about them then I agree, my mobile life might be much more difficult.

              But it was all part of what I accepted as necessary.

              If I wanted all those Google services, I probably wouldn't bother with Graphene

              2 votes
            2. [4]
              fxgn
              Link Parent
              AFAIK there are alternative tap to pay apps that do work under GOS I think both of those should work just fine now with sandboxed Google Play. I'm not sure as I don't use those services, but I...

              The most obvious is that tap to pay (namely Google Wallet) will not work

              AFAIK there are alternative tap to pay apps that do work under GOS

              Android Auto took me hours to get working, Google Fit took me more time

              I think both of those should work just fine now with sandboxed Google Play. I'm not sure as I don't use those services, but I think I remember seeing something related in the changelog

              1. [2]
                trim
                Link Parent
                Yeah, auto is installable right from the Graphene app store and just works by all reports.

                Yeah, auto is installable right from the Graphene app store and just works by all reports.

                1. arch
                  Link Parent
                  It definitely takes a bit of configuration, especially on the permissions side and in the Sandboxed Google Apps section. It can apparently differ depending on the car/device you're connecting to....

                  It definitely takes a bit of configuration, especially on the permissions side and in the Sandboxed Google Apps section. It can apparently differ depending on the car/device you're connecting to. But yes, it does work. It just took me a few hours of messing with settings to get it working for the first time when I had a rental car with AA.

              2. arch
                Link Parent
                Would you have any info on one? I haven't been able to find one that works in the U.S.

                AFAIK there are alternative tap to pay apps that do work under GOS

                Would you have any info on one? I haven't been able to find one that works in the U.S.

          2. [2]
            fxgn
            Link Parent
            Keep in mind that this is something that should also be supported by the OS, not just the device. AFAIK, GrapheneOS is basically the only custom OS that can do that (except official Android...

            If GrapheneOS folks are to be believed (and I don't have the technical knowledge to refute it) then the Pixel phones are the only ones where the bootloader can be unlocked, an alternate OS installed, and then re-locked without harming the security posture of the device

            Keep in mind that this is something that should also be supported by the OS, not just the device. AFAIK, GrapheneOS is basically the only custom OS that can do that (except official Android builds, of course)

            2 votes
            1. trim
              Link Parent
              Yeah both things have to be capable, but in theory software is the thing under more control. Nothing stopping other ROM makers from enabling such. I remember dabbling with Cyanogen Mod and...

              Yeah both things have to be capable, but in theory software is the thing under more control. Nothing stopping other ROM makers from enabling such.

              I remember dabbling with Cyanogen Mod and Lineage, and all kinds of other hocus pocus ROMS on various phones over the years, and they all required ubl :(

              1 vote
          3. zod000
            Link Parent
            Pixels are not (or at least weren't) the only phones that could be relocked, but it is a very small number indeed on purpose because the OEMs that allowed unlocking were then using that to void...

            Pixels are not (or at least weren't) the only phones that could be relocked, but it is a very small number indeed on purpose because the OEMs that allowed unlocking were then using that to void your warranty (understandable though I detest it). Also, most alternative ROMs don't generally allow you to relock the bootloader anyway because they aren't made to be a signed unmutable release like GrapheneOS is. This isn't some sort of failing as much as GrapheneOS is geared towards privacy/security, not customability or any sort of ability to tinker with which was the initial drive of the custom ROMs.

            1 vote
    2. [4]
      onceuponaban
      Link Parent
      Funny you mention that. My experience looking for a tablet fitting that requirement yielded a result of "no such device at a price I can actually afford", with the closest being ironically enough...

      buy a device that can do that

      Funny you mention that. My experience looking for a tablet fitting that requirement yielded a result of "no such device at a price I can actually afford", with the closest being ironically enough Google hardware. Phones have the same issue, but for tablets it's even harder due to the market being more niche so there are fewer incentives to provide products that focus on aspects that most customers don't consider to be important. And, as you rightly pointed out, most people don't care about whether you can have root access to your tablet/smartphone, despite the fact that they should. That is exactly why this is a problem that needs to be addressed on a wider scale.

      7 votes
      1. [3]
        skybrian
        Link Parent
        I used to buy Android tablets, but after a while, there weren't any good ones, so I switched to an iPad mini and I'm happy with it. Sure, it's pretty closed, but that doesn't matter. I don't need...

        I used to buy Android tablets, but after a while, there weren't any good ones, so I switched to an iPad mini and I'm happy with it.

        Sure, it's pretty closed, but that doesn't matter. I don't need root on my tablet. I use it for things that everyone else does like web browsing, reading books, and watching music videos. (And also recording video.) I don't write custom software for it.

        As a technically sophisticated person who could sometimes use root access, if you start by asking "what programming tasks do I want to do" and then ask "what hardware should I use to do it," maybe a laptop is fine? Phones and tablets are pretty terrible for programming. Also, the web is pretty good for deploying software for other people to use.

        2 votes
        1. [2]
          onceuponaban
          Link Parent
          The point of having root/bootloader access isn't programming. It's a matter of having control over the device you bought, and being able to continue using the hardware once the manufacturer stops...

          The point of having root/bootloader access isn't programming. It's a matter of having control over the device you bought, and being able to continue using the hardware once the manufacturer stops maintaining its software, which is something that should be expected of any modern computer no matter the form factor. What phone/tablet companies established as the norm instead is actively preventing the device's owner from running arbitrary software outside of what the manufacturer intended. Meaning that once they inevitably stop providing software updates to the device (which almost always happen within 5 years, far too soon to justify it as the device being obsolete), it eventually becomes e-waste even if the hardware itself is perfectly capable of keeping up with modern software, which is utterly irresponsible. Whatever the average user might or might not want to do with root access is secondary to the much more important issue of denying the user's ownership of their own hardware that locking out root/bootloader access represents. I'm not saying I need root access to my device to accomplish the tasks I intend to do on it, I'm saying disabling root access shouldn't be something the manufacturer is allowed to do in the first place. Because if they do, then what I bought isn't a computer, it's a time-delayed paperweight. A horribly wasteful paperweight. That is why root/bootloader access does matter even if the average user doesn't "need" it.

          7 votes
          1. skybrian
            Link Parent
            This is assuming that a community gathers to support the device. Sometimes that happens, but often it's only partial support (some device drivers aren't there), so you need to shop carefully to...

            This is assuming that a community gathers to support the device. Sometimes that happens, but often it's only partial support (some device drivers aren't there), so you need to shop carefully to get something fully supported.

            Which is to say, I think it would be good thing if more devices had unlocked bootloaders, but I think a lot of devices would still be paperweights once they're not officially supported anymore.

            2 votes
  5. [7]
    FlippantGod
    Link
    The author carved out specific exclusions for certain critical devices, e.g. some medical equipment. It seems unlikely greater access (or even auditing as it were) to the non-critical devices...

    The author carved out specific exclusions for certain critical devices, e.g. some medical equipment.

    It seems unlikely greater access (or even auditing as it were) to the non-critical devices would ever be considered. Medical equipment manufacturers would all to easily present a sufficiently confusing case about the supposed risks and dangers, considering the current situation where most things I feel patently obviously should be accessible are not.

    I'm more hopeful for some success in the repair rights.

    2 votes
    1. [6]
      vord
      Link Parent
      There is no need for exclusions. Truely critical equipment comes with support contracts and it's easy enough to say 'rooting voids your contract'. I want my car's infotainment system rootable. I'd...

      There is no need for exclusions. Truely critical equipment comes with support contracts and it's easy enough to say 'rooting voids your contract'.

      I want my car's infotainment system rootable. I'd like to tap into that free 4g internet connection and fix some truely braindead UI decisions.

      13 votes
      1. [5]
        FlippantGod
        Link Parent
        Hm, but I think "rooting voids your contract" would also need to be contested, similar to "removing this sticker voids your warranty". Rooting a phone for example should not preclude you from...

        Hm, but I think "rooting voids your contract" would also need to be contested, similar to "removing this sticker voids your warranty". Rooting a phone for example should not preclude you from receiving however many years of OS and security updates were promised. I don't want laws to try and get specific about what contracts can be voided by accessing which areas of your device.

        edit: or cellular service contracts for that matter. Every cell network operator agreeing that a rooted phone voids a cell service contract and is not allowed on carrier networks would, in a very warped sense, make a messy case in court that would probably stand seeing as what stands now. But it absolutely would be circumventing the spirit of opening hardware/software access, and just gross as well.

        3 votes
        1. [3]
          vord
          Link Parent
          I think there would definitely need exploration there. Device makers shouldn't be expected to provide technical support to somebody who bricks their phone with a bad self-made firmware. OTOH, you...

          I think there would definitely need exploration there. Device makers shouldn't be expected to provide technical support to somebody who bricks their phone with a bad self-made firmware.

          OTOH, you are correct that carriers shouldn't be able to ban anybody from using their services if they're not maliciously attacking the network.

          5 votes
          1. onceuponaban
            (edited )
            Link Parent
            There are two separate (though related) concerns here that are important to distinguish. While I do agree that a company can't be expected to compensate for issues from users deliberately using a...

            There are two separate (though related) concerns here that are important to distinguish. While I do agree that a company can't be expected to compensate for issues from users deliberately using a device in a way that wasn't intended, I also consider it morally reprehensible for a company to deliberately hamper what should be a basic feature of said device, and "installing software on your computer" is on that list, even if the computer in question is also supposed to be a phone.

            When buying a computer, I expect to have the freedom to choose what kind of software runs on it, not just what shipped with it. The manufacturer is well within their rights to only offer support for issues tied to their software, but they shouldn't get to decide whether I'm even allowed to run third party software of my choosing on the hardware I supposedly own. Phones and tablets (and any other consumer hardware that includes a computer) should be no different.

            Why can I pick up a random desktop computer from 2012 and still use it for basic office use using any modern software that is lightweight enough to run on it, but I'm completely unable to install an up to date ROM of my choosing on a 2018 smartphone that stopped receiving security updates in 2022? Its hardware is more than powerful enough to run modern software, ROMs even exist for other models of this same phone, but I happen to have a completely locked down model that removes the option to unlock the bootloader, so I'm stuck with a 3 years out of date OS on a computer that is constantly connected to the Internet and I'm expected to trust with phone calls.

            Note that I'm not phrasing it as a hypothetical, this is an issue I'm encountering right now (though this is actually about my mom and my grandma's phone, not mine, I just used the first person for simplicity). That is what people mean when they want phone manufacturers to allow third party ROMs. It's not about handling tech support/warranty for software they were not responsible for, it's about not actively preventing the user from running anything else.

            3 votes
          2. FlippantGod
            Link Parent
            Certainly. And while I don't personally expect technical support for those situations, seeing as I do have a grudge that you've given me the perfect opportunity to air, I will say that carriers...

            Certainly. And while I don't personally expect technical support for those situations, seeing as I do have a grudge that you've given me the perfect opportunity to air, I will say that carriers should provide technical support for their own bad firmware, and at bare minimum provide A/B images on devices whose hardware supports it!

            As it is, I mostly meant that updates and firmware should be provided for offline download like pc drivers and firmware images, not locked behind janky ota updates.

            2 votes
        2. onceuponaban
          Link Parent
          I can understand not wanting people who aren't appropriately trained mucking around with critical devices, but yeah, I don't see a way to approach it in a way that won't be abused. For instance,...

          I can understand not wanting people who aren't appropriately trained mucking around with critical devices, but yeah, I don't see a way to approach it in a way that won't be abused. For instance, tacking on an "except for medical devices" exception opens up this kind of abuse to things like prosthetics that are advanced enough to require software and electronics that people use to manage a health condition (blood sugar sensors to monitor diabetes come to mind). "Your phone became e-waste because the manufacturer isn't bothering with updates anymore and there's no way for motivated users to continue software support" is bad enough, but applying this logic to devices that people depend on for basic bodily autonomy or even survival would be downright horrifying. Surely we wouldn't let that happen... Right?

          3 votes