Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
rickdeckard 8 hours ago

Less conspiratorial answer:

Bootloader unlock removal:

It's actually not happening all of a sudden. The dam-breaking moment is more that Samsung, the number #1 Android vendor, decided to stop supporting it.

The vendors stop maintaining bootloader-unlocking methods because the cost/benefit profile to develop/maintain/support that feature and its consequences is simply not sufficient, all while several of the biggest customers explicitly require unlock to NOT be supported.

Supporting this is not just about the unlock itself, it's about allowing this unlock (required as some carriers explicitly forbid this, so a unlock needs to be requested), then performing the procedure (using a shared secret between the device and the vendor) and then the OS continuing to boot in this untrusted state with all components gracefully handling this broken trust-chain.

The commercial incentive for this feature isn't there for a device-vendor, it actually never was. It was built, defended and fought for by passionate people (mostly within the R&D) of those companies. Companies which managed to implement it early (in times of higher product margins) were able to keep it longer, others simply couldn't get the budget to implement bootloader-unlock in the first place. Today, devices are shipped with commitments of several years of upgrades, without the vendor actually knowing yet how the OS-upgrade in 2 years will look like. Keeping his custom security-implementation is a risk-factor here

The 3rd party OS developer community was always small, and became even smaller in the past years. The footprint of alternative OS users was shrinking since Cyanogen (the leading "universal kernel" developers for Android and predecessor of LineageOS) dissolved (or tried to become a for-profit).

However, the events around Cyanogen were more of a public symptom, The main driver for people to stop using 3rd party OS's was:

1.) The increasing fragmentation of devices in the market: When the community started, the majority of the market was Samsung, Motorola, LG, Sony. Samsung was leading, but each of them had quite healthy parts of the Android market, competing with each other in an "almost-stalemate" situation. Today Samsung is leading with a huge margin, all others are basically fighting for scraps. So naturally, most of them try to go for the lowest common denominator and find a distribution channel.

2.) Android itself became more competitive: At the height of the OS community, people switched to alternative OS's to get a newer OS, new customization options and convenience features. Today, vanilla Android checks most of the convenience options already, sufficiently that most people don't want to bother researching alternative options, maintaining them, etc. Devices of major vendors are receiving upgrades for several years (back then it was ONE major-OS Upgrade, a YEAR after Google's release, if at all)

3.) Device-integrity became more important: At the height of the OS-community, there was no Device Integrity check by Google to give a flag on whether the device can be trusted or not, so all apps kept working (with minor exception of some streaming services restricting their service/resolution, as the DRM keystore became unavailable on unlock). Today, most banking and entertainment apps rely on those Google integrity checks to decide whether they should even start. This introduced another reason for users to consider their actual need for an alternative OS.

--

How to change that: If it's not possible to create a commercial incentive for the vendors, a regulatory incentive could be an option.

It's crazy to think how much computing power is just added to a drawer or landfill every day, just because there is no reason for the vendor to allow you to repurpose it.

I think this could be a path, to legally require device-vendors to provide a common SW-layer with respective documentation to utilize features of underlying hardware (optional without the shipped OS on top, disconnecting the device from the shipped ecosystem). This would prevent e-waste and put this old hardware to better use. A community OS could then be built on top of this common SW-layer and be maintained for a wider range of devices.

I would e.g. LOVE a "Browser on everything" OS which just provides a Browser OS for outdated hardware, but the only way this could work on scale would be if the device-vendor would be mandated to provide and document the lower layer...

Someone would have to make the economic case for such a regulation as well, i.e. demonstrate the benefit for society if that is in place. The chances for this are razor-thin, especially in today's public/political climate.

bjord 7 hours ago | parent | next [-]

sounds like Firefox OS would've been right up your alley(?)

rickdeckard 7 hours ago | parent [-]

Yeah well, not in the way it progressed after the carriers started to take control over it (I was actively involved in a Firefox device-project back then).

What I sketched out here with a "Browser on everything" OS would be a concept for a aftermarket OS, where the device-vendor is not required to have his OS support the unlocked HW (because he can't be forced to do that), but he will have to provide components and documentation up to a certain layer to make use of the hardware. This could then be the layer for a generic "Browser on everything" OS to work on.

frankzander 7 hours ago | parent | prev | next [-]

Very much thanks for this text. This makes much sense. I don't think regulation would help ... only ppl who show their raised middle finger to this vendors. I mean this scenario is the scenario ppl thought of when TPM came up ... a fcking closed up device and you are in the hands of the vendors.

rickdeckard 4 hours ago | parent [-]

People showing their middle finger won't be enough, because the vendors are torn between two groups of interests here:

1. Building a HW/SW product which works within controlled boundaries to provide warranty, support, repairs, future maintenance, Google-compliance, regulatory compliance,...

2. A subset of Customers wanting the HW to be separable from the SW, for product to be open in a way that they can use it differently than intended (potentially creating "Group#3", a HW/SW product with a different SW).

To create a product for Group#2, alot of the aspects of Group#1 still apply, but in a more-complicated, more-expensive manner. If there is a viable business-case for Group#2, it will be a separate more-expensive product with lower volume.

But in reality, the only way a vendor could meaningfully resolve the needs of Group#2 is if ALL his devices support this feature (including customers who don't want a unlockable "open" device now), allowing everyone to become member of Group#2 without having to buy a new separate product.

For this, the economic incentive doesn't exist.

Explicit example: The Fairphone is a great device, but it will never sell more volume than a Samsung Flagship, because it's a device satisfying the conscious needs of a niche of customers, without the chance of reaching comparable volume to compete in all other areas.

That's why the only chance I see is to create a regulatory incentive by making the requirements of Group#2 a part of Group#1, to have the "unconscious needs" of the majority also satisfied.

Because only THEN the mainstream-customer can be converted to *users* of this potential "Group#3" product, and market-forces have a chance to flow freely again, if you see what I mean...

freefaler 6 hours ago | parent | prev [-]

The government is also keen to have these devices controlled more tightly. Now with the help of the big companies so much data is on the device and in the cloud about you that policy enforcement, tax evasion or anything else that the people in the government deemed crucial for them is much more easily done.

Check how China controls the Uyghurs phones and will they be happy to have "unlocked bootloaders".

It's not profitable for the companies to lose total control of "your" device you "bough", nor for software developers who sell you the software to have "ReVanced" versions of their apps. Just a small minority of people who understand what is freedom and ownership are aware of the dangers of this.

Basically, not enough people care to have this as a priority and make it an election issue. And sadly we're walking into more and more control, ads, and enshitification. :(

rickdeckard 4 hours ago | parent [-]

> The government is also keen to have these devices controlled more tightly.

Not to oppose what you wrote, but let me try to give you a different view on the same picture to support a different conclusion:

In the eye of most governments these devices play such a minor role that they practically don't even exist.

What governments see is messaging services, finance services, digital marketplaces, and so on. It was and is their job to do that. They used to regulate telecom providers, financial institutions, marketplaces in the past, and they are now catching up realizing that the carrier is no longer the messaging provider, banks are not in control of all finance flows, marketplaces exist beyond the classical physical markets, etc.

If you look at detailed regulation and laws, Governments still have little interest in the explicit devices, they still look at those new variants of classical services and try to adapt to them.

But what the PROVIDERS of those services do, is creating pressure on the devices to help them reach lowest-effort compliance for their SERVICE-requirements (--> "let's make the end-user device bulletproof trusted, so we can offload our responsibilities to his device").

This is in most cases why the devices evolve the way they do. Because they are a merge of product and services (often from the same vendor), and the product is evolving to satisfy the needs for those services.

That's why fighting for "ownership of your device" is mostly futile, because the assumed opponent in this fight doesn't even feel addressed.

You need to bring the fight to their topics, to the topics relevant for governments:

On how a citizen ID should be verified, how financial services should be realized, how a competitive market should be ensured also on digital markets, etc.