https://x.com/kobe_koto/status/1949154478298456531
Absolutely hilarious.
Then make a request that takes 2 weeks to go through. and enter the or whatever (this was like 2016 or something).
Whole process was clearly designed to make you give up.
Their phones where junk then though and i just got something else in the end. They're a lot better now so actually unlocking it is probably worth something now.
I've bought all my subsequent ones (Note 5, Note 8, Note 11, Note 12Pro) in either HK or UK so they all came with the Global ROM, and I've not felt the need to unlock any of them, so not tried to process since. But it definitely used to be pretty easy.
I suspect the reason for the weird process is legal to ensure that phones in China don't get unlocked in order to circumvent content controls.
Samsung has been doing this for a while now.
Which are the devices/vendors that still allow / encourage this?
Even Graphene OS reported that they're in talks with some vendor... Have there been any updates towards that?
The main reason i used to root devices are:
* Get longer support/OS updates than what the vendor provided
* System level adblock using adaway
* Titanium backup
These days firefox/brave browser gets me half way through adblocking and i lost interest in the ad filled apps..
Syncing gets me good level of syncing for backup on my NAS etc .
https://github.com/melontini/bootloader-unlock-wall-of-shame...
This proves there is no technical difficulty to provide unlock bootloader
And it's also partially false, as Gemini works just fine after unlocking/relocking, and all the advanced features (full performance of the cameras, NPU access, secure element) work even on non-Google OS. Things that do not work (mostly wallet) are valid issue, but then again, they work just fine after flashing OEM firmware And relocking The bootloader.
So I can only guess the quality of the contribution is similar with other phone brands.
Until Graphene works out the deal with the OEM that they are talking to, Pixel is pretty much the only secure phone that allows installing alternative firmware.
It's a big inconvenience but not a showstopper for them. Pixels are still viable.
The only blocker with pixels would be if they stopped allowing OEM unlocking or relocking (which is a must).
The startup we were working with before went bankrupt. In June, we started working with a major Android OEM which has provided resources for identifying everything which will need to be done to meet our requirements and provide official GrapheneOS support. They believe they can meet all our official requirements without much trouble and they're going to determine how much resources they want to put into it soon. We don't yet know how many resources are going to go into it.
> The main reason i used to root devices are
Note using GrapheneOS does not involve rooting.
> System level adblock using adaway
You can use RethinkDNS for filtering combined with still using a WireGuard VPN or multiple chained WireGuard VPNs. Android has a perfectly good API for this.
> Titanium backup
GrapheneOS has a built-in encrypted backup system we plan to significantly improve upon. The basics are there already.
GNU/Linux phones (Librem 5 and Pinephone).
Without supported Consumer Hardware available on the market in sufficient volume, even less end-users will use an alternative OS, which will affect quality and size of the alternative OS-market and fragment the remaining users even more.
This will put the future of the entire alternative-OS ecosystem firmly back into the hands of Google. If they start further restricting BL-unlock on the Pixel-series to e.g. only Google Developer Account-Holders, the whole ecosystem will finally close down.
It’s really funny that Apple’s finally allowing carefully controlled access outside of their own fences and slowly adding more APIs and expansion (hell, Apple are the only platform now with third party APIs for RCS in the EU) while Google’s spun an about face and will get away with it.
All the stuff Apple now slowly starts to allow on iOS due to EU's Digital Markets Act is still just scratching the surface of what Android already supports.
> hell, Apple are the only platform now with third party APIs for RCS in the EU
They provide third party API's to use APPLE's RCS-Service. The alternative would have been to support registering alternative RCS-services as default on the OS (and then, allow the user to choose a service).
> while Google’s spun an about face and will get away with it
Android already allows to install and configure alternative applications for RCS, in fact Samsung uses their own RCS Messaging service on its devices.
The only reason one would unlock a bootloader is to root the system partition. It is impossible to protect data on rooted phones and makes data exfiltration attacks significantly easier to do.
This is a huge problem for banking and music apps that absolutely rely on this capability. Samsung is, by far, the biggest seller of Android phones in the US. (I think Xiaomi is the biggest globally), so they are under much more pressure to clamp down on this.
That said, rooting Samsung devices has been a worthless pursuit for a long time. Doing so irreversibly (via eFuse) disables KNOX, which prevents DeX and Samsung Health from working. It also trips SafetyNet, which disables a whole suite of key apps (banking apps and Apple Music don't work; not sure about Spotify). There's a Magisk module that uses well-known device IDs to work around these, but these only work temporaily. Many people have also reported issues with the camera (a popular reason for buying Samsungs in the first place), and you no longer get OTA updates. I believe you also get degraded camera performance if you flash another ROM since the device module is closed-source and relies on One UI to work. This is before considering that stock ROMs have gotten really good over the years (especially Samsung's), and many of the reasons why we had to root have mostly gone away.
You can work around this by buying a Pixel for now, but I think we're a few years away from bootloader unlocking going away entirely.
That said, I stll root Android devices that will only serve a single-purpose, like my BOOX eBook readers that I use Firefox on. This lets me run AFWall so that I can block network traffic for everything except Firefox (and a few other apps). However, I won't be logging into my Google account on them, and they aren't ever going to run banking apps or anything like that.
- If you're capable of rooting a device then you're capable of understanding the risks which come with doing so.
- The number of users who root their devices will always be so comparitively tiny that the increased risk of data exfil is incredibly small. Also, similarly to above, if you're technical enough to root your device then you're probably not regularly putting yourself at risk by downloading shady apps etc. anyway.
- Rather than decreasing security, rooting allows you to enhance the security of your device by installing lower-level tools and, most importantly, removing all the bloatware crap which comes on most phones. This reduces the surface area of attack.
Let's be honest and admit that the only reason to prevent users from rooting their phones is to protect companies' profits by ensuring users can't fight back against the blatant tracking, data mining, and analytics capture which is so valuable to companies.
> the only reason to prevent users from rooting their phones is to protect companies' profits by ensuring users can't fight back against the blatant tracking, data mining, and analytics capture
You contradict yourself, if the number of users which will root their devices is tiny, the lost profits from tracking, data mining, analytics is tiny as well.
I'm with you on the general sentiment, but how do the companies that block rooting benefit from any of the nefarious activities you mentioned? Those are executed by different organizations, typically.
Spend an hour in xdaforums and you'll see how untrue that is.
Many people root just to get YouTube Revanced or something like that. Meanwhile, you have launchers masquerading as a stock launcher that will happily steal refresh tokens for your Google account.
In the case of banking, unlocking the bootloader usually requires a full device reset and leaves a very obvious message when you boot up the phone—you can't grab someone's locked device, root it, and grab their financial data just like that.
As for music apps and other apps that download copyrighted content to the user's device, leaving the moral aspects of stripping the user of control of files on their own device aside, preventing their use on rooted devices just loses them users since
- Those are by no means essential apps
- If you know how to root your phone, you probably know how how to pirate media as well
- People can just use computers to exfiltrate copyrighted media instead since most of those apps have PC versions
It "doesn't make total sense", it never has. It's just a kneejerk reaction that conveniently aligns with stripping the user of control.
What are you smoking?
The only reason I've ever unlocked a bootloader has been to replace the OS with a different one. And it had nothing to do with rooting. I have no interest in having a rooted phone on my person at all times. But I have full interest in having GrapheneOS protecting me, among many other things, from opportunistic government spying.
This is a huge problem for banking and music apps that absolutely rely on this capability
I had submitted a vulnerability report, because the option to require a password could be turned off without a password, and their response was that it works as expected, because they only require a PIN and providing a password is optional. That isn't to say that I have the option to make my account require passwords, it's that providing a password isn't needed, but I have the option of providing one anyway.
With only the PIN requirement, and four attempts before a lockout, a security vulnerability in the OS immediately becomes a 1 in 250 chance they'll have full access to may bank account, if I have a truly random PIN, or a 1 in 5 chance, if I have one of the four most common PINs and it always tries those. All that without having to wait to capture me logging in.
Also, Google explicitly states that the phones storage should not be used for sensitive data.
What makes securing rooted phones different from securing rooted PCs?
It is impossible to protect [the owner from accessing] data on rooted phones
Grug pay Grog many shiny rock for make magic rock work, or Grog use key and magic rock stop working.
It is, and always was a flimsy excuse to the strip user of control over his own device.
"Secure Boot" isn't actually there to protect the device from an attacker. It's there to "protect" the device from its own user. It's used to "secure" DRM schemes and App Store revenue streams.
This couldn't be more wrong. You need to unlock the bootloader if you want to install an alternative OS. Which is a completely valid use-case.
It is so silly though. Someone who knows how to root a phone can probably also figure out how to download songs from Spotify (librespot wink wink.)
For removing bloatware from the user partition you don't need to root, adb or the universal android debloater will do.
Rather than see it go to landfill I donated it to a friend who's happy to use it but what an absolute waste.
Bought a Pixel purely because they are committed to updating their phones for a long time.
Has this been your experience as well, or have your phones been OK with responsiveness? Seven years is a long time, I imagine the phone must have been unusable by then.
As much as I hate it, the strongest incentive would maybe be to legally define vendors who supply hardware with a non-interchangable OS-ecosystem as service-providers and put restrictions on the price they can charge for the hardware to render the service (like i.e. a cable-modem from an ISP).
This could force the large players to decide between high-margin hardware or high-margin OS-ecosystem instead of aiming for both.
Come to think of it, these market-dynamics would be interesting to observe...
Any opinions? Samsung was a candidate for their somewhat unified ecosystem. Maybe even apple.
You get no ecosystem benefits though, it's really just plain Android.
But the sad reality hit when there were all kinds of hurdles around getting 5G/4G working in Australia. Was not going to risk ~$900 dollars on a phone that could end up being a paperweight and returned it.
It's a sad state and makes me miss the good old days.
FYI Pixels still allow flashing custom ROMs, they've just slightly inconvenienced developers.
The future I'm seeing is one in which custom ROMs still exist as hobby projects, but aren't suitable for use in "production".
So it's basically:
Pixel with GrapheneOS > iPhone >> Google Pixel with PixelOS
I wouldn't recommend anything else. Theoretically Fairphone + e/OS may have been an option, but the security is crap.
I guess there is Sony, you could even install Sailfish OS, no experience though.
Lack of current privacy/security patches and the current privacy protections in Android means having very poor privacy too. There's no equivalent to the privacy protections added by GrapheneOS either including ones also offered by iOS now such as iOS having a more basic equivalent to the GrapheneOS Contact Scopes feature since iOS 18 and iOS having better storage/media control than Android similar to Storage Scopes in GrapheneOS.
> I guess there is Sony, you could even install Sailfish OS, no experience though.
SailfishOS is much less private/secure than AOSP and is largely closed source. It's the opposite of a more open OS.
I don't know if any US carrier offers them, but last time I was shopping, models with North American radios could be bought online.
My main complaints about Xperia phones:
- They don't support re-locking the bootloader at all, let alone with custom keys. This could be problematic for folks who depend on mobile banking apps that require full Google Play Integrity (SafetyNet) attestation, or risky for folks who leave their phone unattended around potential adversaries. To be fair, almost all smartphones have this problem.
- Their wonderful Xperia Compact line, comprising smaller versions of their flagship phones, seems to have been abandoned. Even their most recent "compact" models were bulky compared to their predecessors.
As for me, I already swore off Samdung for their whole Samsung account bs and apps they bundle and won't let me remove (or disable).
In ye olden times I had such a horrible time with my cheapo Samsung when trying to upgrade it from Android 1.5 to 2.1 that I swore it'd be my last Samsung, and it was, for well over a decade. During that time I went through some iPhones and a handful of the most popular alternative Android brands.
Since the thread is about Android I'll focus on that. Every manufacturer was hamstrung by one or more of the following issues:
- Subpar hardware
- Difficult and slow RMA process where your device flies around the globe for repairs
- Software bloat, just like Samsung, but from a country I trust even less (China vs SK)
- Very infrequent updates (if you are lucky enough to get them at all), especially once a newer model is out
Now since this thread is about bootloaders this is probably a hot take, but I spend enough of my time troubleshooting stuff at work, so when I use my phone I want it to "just work" and not have to play some stupid anti integrity protection cat and mouse game to access my bank's app. So the last two are not solved with an open bootloader.
Samsung on the other hand has in recent years given me the "just works" experience on decent hardware, paired with frequent updates. And while their authorized repair shop might not be in my city, it is at least in my country and just a train ride away.
That being said, the nerd in me is disappointed in this move, and the recent EU ruling that forces manufacturers to actually support the stuff they sell for a reasonable time even after it's off the shelves might change things for the better w.r.t. other manufacturers.
I don't love their phones, though my wife has one. However, again on the service front, when my samsung S7 had a problem they fixed it pretty quickly. When my iPhone 5 came with the wifi not working it took weeks to convince Apple that it was actually broken and get a replacement.
All anecdotal of course, and probably varies a lot by location and over time.
they also have service centers pretty much everywhere in the world, so I can always get my phone fixed (for a reasonable price, as a result of their ubiquity) if and when I inevitably break it
would I also prefer the option to unlock my bootloader? yes. if I'm honest with myself, is it a deal-breaker? sadly, no, I no longer use custom ROMs
> samsung is the only smartphone manufacturer that still makes phones (though not many) with all the features I want
That stopped from S21 on.
> side-mounted fingerprint reader
It is in the screen since S10?
> headphone jack
Not since S20.
Just speaking of the Galaxys of course.
I tried to find which phones support alternative OSes, without Google control and telemetry, but it turned out that alternative OSes (LineageOS, PostmarketOS, Graphenos) support mostly support outdated models and it makes no sense to buy them. There is also "Google Pixel", but the prices start at around $600 which is 3 times more than a reasonable price for a phone.
So now I am wondering if it is possible to extract the ROM from a reasonably priced Samsung phone, remove the components I don't like and write it back.
[1] https://us.community.samsung.com/t5/Galaxy-S22/One-UI-7-0-Up...
Next step will be to try PostmarketOS and see how that goes
And before anyone asks me if I really need to unlock my phone... It's the principle of it, if I bought it, I own it and I should be able to run what I want on it. I will not buy a phone from a company that denies me that right.
That said, I do use root for a few things:
- AFWall+ (previously I used netguard but can't run multiple VPN on android so I couldn't have that running together with tailscale)
- Neo-backup. Some messaging apps believe that keeping chat history is not important. Or they believe that it's fine that the only way to transfer chat history is to upload it to Google cloud without encrypting it. I hate losing my chat history and I do not want it uploaded somewhere without encrypting it so I need a backup solution. Enters neobackup
- Sometimes, it is useful to be able to spoof one's GPS without the app being the wiser from a privacy perspective.
- A very stupid banking app I have prevent screenshots but then doesn't allow me to download a proof of transfer. So I use root to remove the restriction against screenshots
Yes. I was buying Samsung devices for years because of size (A5, A7, S10e) and ability to unlock bootloader for Lineage OS. Time to look elsewhere.
Seriously Samsung, go and screw yourselves.
The reason I insist on rooting in the first place is because unlike iOS which has a true full backup that you can trigger from your Mac (and restore afterwards), Android decidedly does not, and a bunch of apps don't do any kind of cloud sync.
IMO there is kinda only one option... an iPad.
It's an order of magnitude better than anything else out there. And that's coming from someone who doesn't really like Apple products.
Given that your major reason for rooting is something that... Apple solves for. Maybe there is another option?
And on top of that, there's no way to migrate the data from a bunch of these apps from the Google walled garden to the Apple walled garden, not to mention purchased licenses.
With Samsung there are established networks on how to get spare parts and they have a proven track record of delivering updates on time.
Lenovo's offerings are a disaster performance-wise.
Do you mean the new One UI update that made the notification pull down split into left and right swipes instead swipe down and then swipe down again? Because if that's what you mean, you can configure it to be the way it used to be again.
Little pencil button, then panel settings and choose together instead of separate.
I assure you that Samsung doesn't care to remove your... flashlight.
This likely just got removed from a fat finger/phone being on in your pocket/etc.
It was already bad with Huawei stopping their unlock program and Google cracking down more on rooting by introducing strong integrity with their new Play Integrity API (which was an upgrade from the older SafetyNet API), basically meaning there is hardware security called the TEE (ARM TrustZone for most phones if you're interested in reading more) built into the ARM processor which "snitches? (lack of better word)" on you if the firmware booted no longer matches the manufacturer signed firmware, and causes you to fail strong integrity which means apps like bank apps can choose to deny you service (Google Wallet does this for NFC payments). There are workarounds which the custom ROM/root community still uses which mainly relies on older leaked cryptographic signing keys from the TEE being used which bypass the phone's TEE and sign the "integrity verdict" in user land to say "all is good" to Google, but Google can easily tell if these keys have been compromised since they track usage, and the storage of these keys just keeps getting better, getting as close to impossible as you can in a modern phone since to extract it would require you to quite literally de-lid the ARM chip and hope you don't break anything in the process while somehow extracting the key, in other words not feasible.
This is all great when it comes to security which Google and all manufacturers have been pushing on, but it comes at a serious cost of ownership, you cannot tell me we truly own our phones when we have literal hardware protection that, quoted right from wikipedia: "code integrity prevents code in the TEE from being replaced or modified by unauthorized entities, which *may also be the computer owner itself*". I don't know about you but a chip (and Google) that dictates what I can and cannot do with my phone doesn't sound like ownership to me.
All these recent changes and events sounds to me that Google is actively pushing and "encouraging" phone manufacturers to disable bootloader unlocking, we're constantly seeing manufacturers which were once before root and unlock friendly randomly changing their mind and quietly removing or severely limiting that feature in the background (Huawei, Xiaomi, now Samsung, etc). You have to remember these manufacturers won't back down from what Google tells them to do if it's for "security" since they're all in each other's pockets so they won't pushback without a good reason.
And if you want to use the typical excuse "allowing bootloader unlocking is unsafe", we've already proved it can work quite well while maintaining security as demonstrated by UEFI's Secure Boot which allows you to enroll custom boot keys (should you wish), while keeping some popular default keys such as Microsoft for Windows, and allowing you to lock the entire firmware config behind a password (which is stored in a security chip in modern motherboards so you can't use the old trick of removing the CMOS battery). That's more security than any regular citizen might need.
This TEE thing is all about control. Google and manufacturers don't like people installing custom firmware or rooting because then they can't keep you in their ecosystem to keep taking your data and hoping you eventually buy something from them. Some app developers also think this locking down of phones is great in order to protect their app against abuse than actually investing in good backend security which I just find to be hilarious.
I hope some laws get passed to protect us from the 1984 book that society is starting to become thanks to the government and corporate conglomerates themselves, although I sadly find that to be unlikely.
The procedure explicitly hands over the responsibility of OS-integrity to the end-user, it's not Samsung's responsibility after that and the user needs to confirm that.
It's much more likely that the cost/benefit profile to develop/maintain/support that feature and its related unlock-process is simply not sufficient, all while several of the biggest customers explicitly require unlock to NOT be supported.