| ▲ | Bootloader Unlock Wall of Shame(github.com) |
| 105 points by thunderbong 4 hours ago | 45 comments |
| |
|
| ▲ | walterbell 3 hours ago | parent | next [-] |
| Only two options (Google Pixel and Nothing Phone) for relocking Android with custom keys? https://github.com/chenxiaolong/avbroot/issues/299 |
| |
| ▲ | kachapopopow 2 hours ago | parent [-] | | unfortunately you lose access to pretty much ever banking app :/ | | |
| ▲ | Pfhortune 2 hours ago | parent | next [-] | | This is a popular thing to say, but is an oversimplification... Call it anec-data but all my banking apps work in GrapheneOS, and I have several installed. There is one that reduces functionality if SafetyNet fails (have to do the 2fa flow every time I restart the app, can't set as a trusted device and notifications don't work) but it still works to access my account. That said... I haven't tried to use NFC payments and do carry around a secondary iPhone 15 as my "business phone" these days that pretty much just has payment/banking apps on it, just in case one bank or another decides to suddenly nuke their app on my main phone... | | |
| ▲ | plorg 2 hours ago | parent | next [-] | | After I got the screen replaced on my previous phone the fingerprint reader didn't show up, and I didn't bother to try fixing it. I hadn't specifically requested a new panel with fingerprint reader, but supposedly it could be enabled, if available, through tools Google provides for Pixels with their Tensor chips. Apps that would otherwise use the biometric authentication can fall back to a pin or pattern, but all of my banking or work benefit-related apps will not save credentials in that case, so I have to rely on my password manager which will use the PIN/pattern for authentication. I replaced that phone with a new one and didn't bother setting up the fingerprints. It doesn't seem to bother me too much and maybe there's some small security benefit to not having the biometric authentication enabled. | |
| ▲ | hollow-moe 34 minutes ago | parent | prev [-] | | My bank doesn't even allow me to have USB debugging enabled |
| |
| ▲ | crapple8430 an hour ago | parent | prev | next [-] | | There are different levels of anti-user checks. Some only detect unlocked bootloader and/or root. Others use the play integrity anti-feature provided by Google. GrapheneOS tells you when apps request play integrity checks, and you'll see that a lot of apps do these requests constantly, even if they don't actually block you for using an unlocked or non-vendor system (custom key but otherwise locked and not rooted like GOS). We really need a more foolproof technical solution for this if general purpose computing on the mobile phone is to be preserved. Perhaps some type of a remote control scheme to operate on a "slave" device. Failing that, if I do need one of such apps needing "strong" integrity, I'd probably look into getting an iPhone for those. | |
| ▲ | jamesbelchamber 2 hours ago | parent | prev | next [-] | | I haven't come across a banking app in the UK that doesn't work with GrapheneOS. HSBC insists you use the AOSP or Google keyboards but otherwise no issues. | |
| ▲ | pxeboot 2 hours ago | parent | prev | next [-] | | I use GraphaneOS and have had zero issues with the ~10 bank/brokerage apps I use. | | |
| ▲ | Fuzzwah 2 hours ago | parent [-] | | Can you use NFC payment? | | |
| ▲ | pxeboot 2 hours ago | parent [-] | | Not with Google Wallet. | | |
| ▲ | embedding-shape 2 hours ago | parent [-] | | ... What are you using instead and is it as easily triggerable by some shortcut? | | |
| ▲ | Youden 2 hours ago | parent | next [-] | | FWIW, I use Fidesmo. Oversimplified, it allows you to copy your credit card's NFC chip into an accessory you wear. I use a ring but there are other options like bracelets or watch bands. No batteries, no devices, no wireless connectivity. It works anywhere an NFC card works, which here in Switzerland is more or less everywhere. It requires that the card issuer support Fidesmo though. Many here do but I'm not sure what it's like elsewhere. | |
| ▲ | pxeboot an hour ago | parent | prev [-] | | I personally use my smart watch for NFC payments. I find it far more convenient then paying with my phone. | | |
| ▲ | embedding-shape an hour ago | parent [-] | | > I personally use my smart watch for NFC payments But not Google Wallet, and with GrapheneOS as the connected device? | | |
|
|
|
|
| |
| ▲ | unnervingduck 2 hours ago | parent | prev | next [-] | | The experience varies by country, here in Finland I haven't had a single banking app complain about an unlocked bootloader or a custom OS. | |
| ▲ | ThePowerOfFuet 5 minutes ago | parent | prev | next [-] | | Every banking app works perfectly for me on GrapheneOS. | |
| ▲ | Youden 2 hours ago | parent | prev [-] | | Not necessarily, I have quite a few that work. It's crowdsourced and therefore incomplete but https://plexus.techlore.tech/ has reports of compatability with the complete absence of Google Services or a replacement like MicroG. Here in Switzerland my experience is that the big banks like UBS and the cantonal banks tend to work, while the smaller things like McDonald's and my credit card providers tend to break because they have nonsense Play Integrity requirements. |
|
|
|
| ▲ | dataflow 2 hours ago | parent | prev | next [-] |
| > As a rule, almost all carrier locked devices do not allow the bootloader to be unlocked. This usually makes sense, as it would allow you to completely bypass the contract. I don't understand how this works, why/how are a carrier lock and a device lock related? Shouldn't one be a lock on the baseband chip and the other on the main firmware? |
| |
| ▲ | indrora 2 hours ago | parent | next [-] | | On a lot of prepaid devices such as those from Kyocera for companies like Boost, the limitations are almost all in software configuration, because that's cheap and easy to do rather than rolling your own baseband configuration. For years, carrier lock on iOS devices was simply a software switch. In a lot of devices, still, if you have an unlocked boot loader you can run patched baseband firmware that doesn't care that it hasn't been told the magic numbers to unlock itself. | |
| ▲ | nar001 2 hours ago | parent | prev | next [-] | | I wonder if it might be about things like tethering, I remember for a while US carriers (AT&T I think?) used to lock it under a specific plan, but unlocking the bootloader/rooting let you bypass this limit | |
| ▲ | throwaway48476 an hour ago | parent | prev | next [-] | | The carrier gives you a subsidized price on the phone and then you pay for it as part of the service bill. If you can unlock it you could switch to a cheaper carrier. None of this should be allowed of course. Phones should always be unlockable. | |
| ▲ | kotaKat an hour ago | parent | prev [-] | | If you can unlock the bootloader you can generally also reflash the firmware at will on the baseband, so you can replace it or modify it to remove any subsidy/carrier locking on the baseband side. Unlocking the bootloader will also of course let you eliminate the carrier’s bloatware that they get paid to install and load onto it, including the things that they shoved all the way into the Android “non-disableable” list. Tracfone called this “cellphone trafficking” all the way since the 90s when people would buy their loss leaders, flash ‘em, and flip ‘em to third world markets for top dollar. https://stopcellphonetrafficking.com/ |
|
|
| ▲ | Lord-Jobo 3 hours ago | parent | prev | next [-] |
| Insane how bad this has gotten. So few options left to truly own your smartphone |
| |
| ▲ | goku12 an hour ago | parent | next [-] | | We really need to make this into a website for 'hostile smartphones' or a 'list of smartphones to avoid', and popularize it among the normal folks. This is relevant to them even if they don't unlock the phones themselves. They could pay someone to unlock it and upgrade it - but only if the phone can be unlocked. The manufacturers will do something about it when their hostile behaviour starts to affect their bottom line. They have been ripping us off for far too long. | |
| ▲ | Kim_Bruning 3 hours ago | parent | prev | next [-] | | Room for new competitors! | | |
| ▲ | pixl97 3 hours ago | parent | next [-] | | "The market will fix itself!" Narrator: "In fact the market did not fix itself" | | |
| ▲ | phendrenad2 32 minutes ago | parent | next [-] | | I can buy a smartphone or tablet that's 100% unlockable and has all the bells and whistles right now, and get it delivered in 24 hours, and not pay significantly more than average. I think the market is working just fine. (To which people usually say "for now". Well yeah, the sun hasn't gone supernova... for now) | |
| ▲ | ixwt 2 hours ago | parent | prev | next [-] | | Narrator's Narrator: "The overwhelming majority of consumers don't care about the bootloader, so the market forces do not have an incentive to keep it unlocked. This leads to the market not 'fixing itselt'. " | | |
| ▲ | throwaway48476 an hour ago | parent | next [-] | | People are not and cannot be rational actors in the market owing to imperfect knowledge. Externalities are common. | |
| ▲ | goku12 an hour ago | parent | prev [-] | | This isn't the 'market not fixing itself'. This is the 'market being actively manipulated and enshittified'. Don't forget that it's much easier to leave the boot-loader unlockable or even unlockable by just the owner, than it is to keep it locked and under control of a remote corporation. They went out of their way to enshittify it. |
| |
| ▲ | kachapopopow 2 hours ago | parent | prev [-] | | if the market is not solving the problem then the natural conclusion is that it is not a problem that needs solving, pretty sad about it that not that many people care about these things. The opposite is pretty much true when it comes to security I am generally forced to use an apple device since I can be relatively sure that my keys will be safe (not including state sponsored actors, at that point I would have bigger problems). Now something for the market to actually solve would be poor hardware security in general making locked bootloaders serve no purpose, having strong built-in security at the SOC would diminish the advantages gained with locked down systems and would allow us to have BYOK without compromising on the general populations security. | | |
| |
| ▲ | preisschild 24 minutes ago | parent | prev [-] | | GrapheneOS is working with an OEM that wants to support this (+ the added security requirements for GOS) |
| |
| ▲ | charcircuit 2 hours ago | parent | prev | next [-] | | Being able to install a new os is orthogonal to owning a device. It's an additional feature that most users won't use. | | |
| ▲ | goku12 an hour ago | parent | next [-] | | Being able to install a new OS is not an 'additional feature'. It's the downgrade of a capability that's inherent to the device. It's the same as making a carseat heating a subscriptions service. Whether the users use it or not is entirely irrelevant. | | |
| ▲ | charcircuit an hour ago | parent [-] | | >that's inherent to the device It's not inherit to the device. Accepting updates signed by a specific key is inherit to the device. |
| |
| ▲ | woodrowbarlow 2 hours ago | parent | prev [-] | | the "ownership" framing is because bootloader locks allow vendors to unilaterally make decisions about how your device operates after you purchase the device. |
| |
| ▲ | nkrisc 2 hours ago | parent | prev [-] | | When my mother was shopping for a new smartphone she definitely was not considering whether or not she could install a different OS on it. | | |
| ▲ | goku12 an hour ago | parent | next [-] | | Your mother's unwillingness to install a different OS doesn't mean that everyone else who wants it should be denied too. I'm genuinely curious. What's your motivation in making up such a pointless argument/justification? | |
| ▲ | lawlessone 2 hours ago | parent | prev [-] | | cool, When i was shopping for a new car i wasn't considering if it was a 4x4 because i live in a city with a mild climate | | |
| ▲ | stronglikedan 2 hours ago | parent [-] | | I hope you at least considered whether it was AWD cuz that shit is the bee's knees regardless of climate! |
|
|
|
|
| ▲ | preisschild 27 minutes ago | parent | prev | next [-] |
| Wall of Fame (allows re-locking the bootloader with custom key): https://github.com/chenxiaolong/avbroot/issues/299 |
|
| ▲ | clot27 2 hours ago | parent | prev [-] |
| fuck iqoo |
