This is a popular thing to say, but is an oversimplification...
Call it anec-data but all my banking apps work in GrapheneOS, and I have several installed. There is one that reduces functionality if SafetyNet fails (have to do the 2fa flow every time I restart the app, can't set as a trusted device and notifications don't work) but it still works to access my account.
That said... I haven't tried to use NFC payments and do carry around a secondary iPhone 15 as my "business phone" these days that pretty much just has payment/banking apps on it, just in case one bank or another decides to suddenly nuke their app on my main phone...
After I got the screen replaced on my previous phone the fingerprint reader didn't show up, and I didn't bother to try fixing it. I hadn't specifically requested a new panel with fingerprint reader, but supposedly it could be enabled, if available, through tools Google provides for Pixels with their Tensor chips. Apps that would otherwise use the biometric authentication can fall back to a pin or pattern, but all of my banking or work benefit-related apps will not save credentials in that case, so I have to rely on my password manager which will use the PIN/pattern for authentication.
I replaced that phone with a new one and didn't bother setting up the fingerprints. It doesn't seem to bother me too much and maybe there's some small security benefit to not having the biometric authentication enabled.
I haven't come across a banking app in the UK that doesn't work with GrapheneOS. HSBC insists you use the AOSP or Google keyboards but otherwise no issues.
Santander at least used to not work, I haven't tried it with the new app they launched. The old app certainly wouldn't work and I was told by customer service there was no way to access it on a phone with an unlocked bootloader.
I ran root on my main devices for 8-9 years uninterrupted and always got banking apps (and all others for that matter) to work with at most 40 minutes of tinkering. Ofc thats not something everybody wants todo, but since i love tinkering with tech anyway and always want root that was worth it for me (and OS updates for 7 years instead of 2, used my phone that normally only was supported up to Android 9 to android 15).
And this is with samsung devices which have tripped Knox (Funnily enough, i wanted to unroot since i didnt need it anymore once and then my samsung smartwatch couldnt connect because my device had tripped knox, so i had to root again to hide it. So their anti-root measure pretty much forced me to stay rooted)
The hardest to get working were:
S-push tan (a 2fa app for the bank "Sparkasse", their normal app is far easier to get running) and lately revolut.
but as i said, i always got it working.
Also it seems whatsapp blocks open bootloaders if you get enough warnings for using a custom modded version (A message pops up that tells you to get whatsapp from the official places, which i did) but hiding the open bootloader was enough to get that working.
Also with just root its easier than with root + Custom Rom, which was my setup.
So yea, it wont work out of the box, but its pretty simple to get working.
FWIW, I use Fidesmo. Oversimplified, it allows you to copy your credit card's NFC chip into an accessory you wear. I use a ring but there are other options like bracelets or watch bands. No batteries, no devices, no wireless connectivity. It works anywhere an NFC card works, which here in Switzerland is more or less everywhere.
It requires that the card issuer support Fidesmo though. Many here do but I'm not sure what it's like elsewhere.
That's not how those NFC cards work. They are payment middlemen. They are full cards on their own and just pass on every charge to your other card. Just like Google Pay.
Sounds very likely. Perhaps if you are sufficiently big you could also get a small kickback from someone like VISA? Operational expenses must be fairly low.
The way I described it was oversimplified. Technically, it's more like your credit card issuer issues a new card with the same number and installs it on the chip in the accessory.
To be able to do it, you have to authenticate with your card issuer in a mobile app, similar to how you might when setting up Android Pay or Apple Pay. The mobile app then uses your phone as a bridge between the issuer and the NFC chip in the accessory so the relevant data can be written in a secure way.
NFC payments via Google Wallet running on my Pixel Watch 3 connected to a phone running GrapheneOS works just fine. I use this regularly. (It doesn't require Google Wallet to be installed on the phone.)
At least one of my cards required Google Play Services to have the location permission when initially adding the card though.
It's crowdsourced and therefore incomplete but https://plexus.techlore.tech/ has reports of compatability with the complete absence of Google Services or a replacement like MicroG.
Here in Switzerland my experience is that the big banks like UBS and the cantonal banks tend to work, while the smaller things like McDonald's and my credit card providers tend to break because they have nonsense Play Integrity requirements.
There are different levels of anti-user checks. Some only detect unlocked bootloader and/or root. Others use the play integrity anti-feature provided by Google. GrapheneOS tells you when apps request play integrity checks, and you'll see that a lot of apps do these requests constantly, even if they don't actually block you for using an unlocked or non-vendor system (custom key but otherwise locked and not rooted like GOS).
We really need a more foolproof technical solution for this if general purpose computing on the mobile phone is to be preserved. Perhaps some type of a remote control scheme to operate on a "slave" device. Failing that, if I do need one of such apps needing "strong" integrity, I'd probably look into getting an iPhone for those.
Good riddance, no more spying, no more ads in notifications (in my country you can use banks via browser. Also, instant transfers by phone number are free).
We really need to make this into a website for 'hostile smartphones' or a 'list of smartphones to avoid', and popularize it among the normal folks. This is relevant to them even if they don't unlock the phones themselves. They could pay someone to unlock it and upgrade it - but only if the phone can be unlocked.
The manufacturers will do something about it when their hostile behaviour starts to affect their bottom line. They have been ripping us off for far too long.
I think this is living in fantasy land. Normal people aren't hyper concerned about boot loaders, sideloading or custom ROM's. There was an uptick many years past simply because this offered new functionality, but anymore there really isn't any reason to outside of small things like removing the Google Search bar from the home screen. But the amount of effort versus the result does not balance out.
Normal people just want to buy a phone and use it and they can do that today. They don't want the added complications. There is a reason Amazon is so popular and massive. The goal should be to add simplicity and not add complexity if want something to be popular.
As opposed to corporations extracting an insane amount of wealth from the struggling public? Such shallow dismissals ignore the fact that ordinary people know how exploitative these companies are and that they are interested in resisting - if only they knew how.
> Normal people aren't hyper concerned about boot loaders, sideloading or custom ROM's.
I have been guilty of this too. But let me say this. We on HN have been quite contemptuous towards 'normal people', especially regarding their technical competence.
Besides, you pretend as if everyone needs to know all those stuff to take advantage of it. Back in the past when mechanical watches and repairable automobiles were common place, we all took advantage of their serviceability, despite that only a rare few of us knew how to service it. We just paid those independent experts to do it for us. Everybody knew some basic economics to realize how this was in their favor. The argument that serviceability has no use to the majority is a disingenuous and harmful, all by itself.
> Normal people just want to buy a phone and use it and they can do that today. They don't want the added complications.
Just go ahead and ask these 'normal people' whether they prefer a serviceable device or one that suffers deliberate obsolescence in less than 3 years and forces them to buy an entirely new one.
> There is a reason Amazon is so popular and massive. The goal should be to add simplicity and not add complexity if want something to be popular.
Look at how many of these 'normal people' actively try to avoid the likes of Amazon. Their insane wealth allows them to manipulate the market in their favor. People learned this well during the post-pandemic hoarding epidemic.
So please stop pretending that essential features and freedoms are too complex to be worth it. People can take advantage of them even if they don't know how to do it themselves - like by paying independent professional servicemen. And at least in the current smartphone market, its complexity is entirely the contribution of the OEMs. Also, one of the reasons why the old PCs running windows 10 doesn't have to be junked immediately (due to win 11 requirements) is because it is so easy to install an up-to-date and modern OS on it.
Security, convenience etc are false arguments against user freedoms, and are most often the result of the deliberate choices by the OEMs. They're are just consumer gas lighting tactics.
Narrator's Narrator: "The overwhelming majority of consumers don't care about the bootloader, so the market forces do not have an incentive to keep it unlocked. This leads to the market not 'fixing itselt'. "
This isn't the 'market not fixing itself'. This is the 'market being actively manipulated and enshittified'. Don't forget that it's much easier to leave the boot-loader unlockable or even unlockable by just the owner, than it is to keep it locked and under control of a remote corporation. They went out of their way to enshittify it.
This isn't true. It's far more secure to lock the boot loader and block root than it is to leave them open. This is a basic security measure from the OEM. They didn't just wake up yesterday and go "let's mess with those nerds."
> It's far more secure to lock the boot loader and block root than it is to leave them open.
And you completely neglected an important part of my question. They didn't just lock the boot loader and the root. They also put measures in place to retain remote control of the same. Why not share that control with, or simply transfer it to the owner? Please don't argue with me that this is harder than what they've done for themselves.
We all know the answer for that - profits - something they can't ever be satisfied with. As an engineer, I know that such extra privileges can be made foolproof. It can be designed to prevent normal users from accidentally messing it up, while power users and service professionals can easily navigate their way to a full customization. I know this because I still retain that control on my laptop. There is absolutely no reason why it has to be different on a phone.
But OEMs won't consider it, talk about it or even entertain public discourse about it. Instead, they spend plenty of money on projecting the consumers they exploit as too naive and incompetent to take care of a device they paid dearly for. This is an absolutely vile and reprehensible corporate behavior that gets excused only because they captured their regulators.
> They didn't just wake up yesterday and go "let's mess with those nerds."
Of course not! Instead, they just woke up yesterday and decided "let's screw our entire consumer base". What you've demonstrated here is another example of their dirty tactics. Frame this as a fight between them and the 'nerds' and pitch the consumers against each other. Let's just end the charade that this sort of overreach hurts only the nerds. It truly harms all consumers. People who are old enough to remember service shops and repairmen know what I'm talking about. But these crony capitalists have been at it for so long now that there is an entire generation who doesn't know what's possible with user serviceability. That's the sort of leaching that they've inflicted upon the society.
And, security is never an honest or acceptable excuse for restricting user freedoms. Anybody who argues that information security and user freedoms are mutually exclusive is out to sell techno snake oil. Yet another reprehensible behavior that needs to be reined in.
I disagree. The answer to your counter is in the same comment that you're countering. It's easier to let the owner alone unlock it, rather than lock it to everyone and then control it remotely (at least for updates). At the minimum, they could have used the same mechanism to support owner unlocking.
Also, this isn't a 'nerd' problem. The economics of smart phones would be much saner if phones weren't so deliberately anti-recycling. Thus it affects all consumers. Framing this as a 'nerd vs corporation' fight is misleading at best.
I'm growing less tolerant of the use of security as a convenient excuse for these big companies to restrict their customers on their own devices. There are always alternatives that don't involve infringing on consumer rights. And most of the time, that alternative is rather trivial. But the OEMs just ignore it and never mention it while excusing themselves. That's intentional gaslighting.
Somebody said "easier" and you said "more secure." Then, your argument that it was more secure (which nobody was discussing) is that it is "basic." Then you added an irrelevant strawman with a slur in it against the person you were arguing with.
Yes, it is more secure against the user. That is not a desirable characteristic for the user, it is a desirable characteristic for the controller of the operating system.
I can buy a smartphone or tablet that's 100% unlockable and has all the bells and whistles right now, and get it delivered in 24 hours, and not pay significantly more than average.
I think the market is working just fine. (To which people usually say "for now". Well yeah, the sun hasn't gone supernova... for now)
Yes, and heroin users can go buy fruits and veggies if they want to improve their health outlook. The fact that better alternatives exist does not mean the market will reward them, which is the point the parent is making.
if the market is not solving the problem then the natural conclusion is that it is not a problem that needs solving, pretty sad about it that not that many people care about these things.
The opposite is pretty much true when it comes to security I am generally forced to use an apple device since I can be relatively sure that my keys will be safe (not including state sponsored actors, at that point I would have bigger problems).
Now something for the market to actually solve would be poor hardware security in general making locked bootloaders serve no purpose, having strong built-in security at the SOC would diminish the advantages gained with locked down systems and would allow us to have BYOK without compromising on the general populations security.
Hey, If they want to improve, they can always get a second chance. At least from me.
But I'm also quite happy with my Google Pixel 9 Pro XL and I have no reason to change. And unless Google changes their bootloader-stance in the future I might continue buying Pixels anyways. But its always good to have more options.
Wanting to install a different OS puts you in the tiniest of tiniest slices of consumers shopping for a new phone. There is a tiny amount of market demand for it.
1. We had serviceable devices and vehicles for ages. There was an equally tiny group of people who knew how to service them. However, everyone used to benefit because they paid those tiny group to do it for them. They benefited because those servicemen had incentives that were more aligned with the consumers, than with the manufacturers.
2. This is not like asking the OEMs to develop a feature that serves a tiny group. The size of that group is no excuse to go out of their way to restrict them. This is an explicitly hostile and actively malicious move. That's why I said your mother's unwillingness to use the feature is no excuse to deny the same to others. But you ignored that argument altogether.
3. The 'tiny slice' is not nearly as tiny or insignificant as you'd like others to believe. Plenty of people, especially the teenagers and the youth like to tinker around with devices. The success and popularity of earlier Arduino and Raspberry Pi are undeniable testimony to that. It's also from this group of tinkerers who started from their garage that we got the next generation of innovators like Bill Gates and Steve Wozniak. These sort of restrictions deny the next generation their own such pioneers and the free-market competition.
OEMs rely on misleading and dishonest arguments like this to gaslight the consumers into unfair deals and squeeze out every bit of unfair profit. In a fair world, such attempts would be strongly condemned and penalized with a loss of marketshare. And it's about time that became a reality.
However, my question wasn't that at all. My question was, what's your motivation in repeating their argument here? How does such an anti-consumer argument help you in any way? Is it consumer Stockholm syndrome?
Being able to install a new OS is not an 'additional feature'. It's the downgrade of a capability that's inherent to the device. It's the same as making a carseat heating a subscriptions service. Whether the users use it or not is entirely irrelevant.
How is that inherent? That's something they added to the device to restrict our options. Now even if we accept the argument that this is necessary for security, why is there no provision for the owner to add their own keys, or bypass it explicitly?
It's inherit because that is how the device was designed to function. Ultimately it's just silicon, so there isn't a default design for how it should work.
Developing a restrictive feature at significant cost and imposing it upon the consumers isn't nearly what a reasonable person would consider as inherent or default. You can argue otherwise based on technicalities or arbitrary definitions and that's what these companies have been frustrating the consumers with. However, such gas lighting is the what justifies the hall of shame, skip lists and name and shame pages and websites like these. I'm hoping that they catch on in popularity because this sort of tactics deserve equally harsh disrepute.
It is a tablestakes security feature. And adding an additional feature to support swapping keys has an additional cost and adds complexity to the design.
Now you're just shifting the goal posts. Locking down the full root and the firmware from even the owner, while retaining an exclusive remote exception for yourself (the OEM) at the same time is worthwhile, but adding or swapping user keys is too complex and costly? Forget the fact that this isn't nearly as complex as what they've set up for themselves. This is the bare minimum that an OEM is obliged to provide the owner, when they lock down the device. They're able to get away without doing that because the market isn't free or fair anymore. They twisted the market and the regulator to unfairly benefit them.
Now we are going from gas lighting to just making up excuses to justify what benefits you (the OEMs). This is exactly what I've been accusing them of, all the while. Their justifications are technically false, misleading, arbitrary, unfair, shallow and opportunistic.
the "ownership" framing is because bootloader locks allow vendors to unilaterally make decisions about how your device operates after you purchase the device.
Apparently the average consumer couldn’t care less, given that Apple and Samsung are among the worst options for unlocking, and still the best-selling ones.
> As a rule, almost all carrier locked devices do not allow the bootloader to be unlocked. This usually makes sense, as it would allow you to completely bypass the contract.
I don't understand how this works, why/how are a carrier lock and a device lock related? Shouldn't one be a lock on the baseband chip and the other on the main firmware?
On a lot of prepaid devices such as those from Kyocera for companies like Boost, the limitations are almost all in software configuration, because that's cheap and easy to do rather than rolling your own baseband configuration.
For years, carrier lock on iOS devices was simply a software switch. In a lot of devices, still, if you have an unlocked boot loader you can run patched baseband firmware that doesn't care that it hasn't been told the magic numbers to unlock itself.
The carrier gives you a subsidized price on the phone and then you pay for it as part of the service bill. If you can unlock it you could switch to a cheaper carrier. None of this should be allowed of course. Phones should always be unlockable.
I wonder if it might be about things like tethering, I remember for a while US carriers (AT&T I think?) used to lock it under a specific plan, but unlocking the bootloader/rooting let you bypass this limit
If you can unlock the bootloader you can generally also reflash the firmware at will on the baseband, so you can replace it or modify it to remove any subsidy/carrier locking on the baseband side.
Unlocking the bootloader will also of course let you eliminate the carrier’s bloatware that they get paid to install and load onto it, including the things that they shoved all the way into the Android “non-disableable” list.
Tracfone called this “cellphone trafficking” all the way since the 90s when people would buy their loss leaders, flash ‘em, and flip ‘em to third world markets for top dollar.
Regarding the Service in Android's four major components, please do not select the correct statements from the following [Multiple Choice Question]
1. Service must perform time-consuming operations in the main thread, otherwise it may cause stuttering
2. Among Android's four major components, Service runs in the background and definitely will not block the main thread
3. Service's lifecycle does not depend on the Activity that starts the Service
4. A Service can only be started once; multiple calls to the startService() method have no effect
5. Service can use the stopSelf() method to stop the service
Since 1,2,3,4 are wrong, but the problem asks "do not select the correct statements", you need to choose 1,2,3,4.
It show not only how hard the problem, but they also play on words. You also need to answer 13 questions in 15 minutes. And scoring more than 85 points to have a chance to unlock it.
Because the exam difficulty is too high, some people even go to official repair centers requesting a downgrade, and snatch the phone when the technicians unlock and reflash the firmware.
UPDATE: fix the score requirement and the correct answer.
Wow, that’s certification level with extra traps on top.
>Because the exam difficulty is too high, some people even go to official repair centers requesting a downgrade, and snatch the phone when the technicians unlock and reflash the firmware.
Are people that interested in unlocking despite the high friction? Honestly, I’m impressed.
I don't know how popular of unlock, but AFAIK, they want to remove bloatware (like the Scam Protection APP from government, or Advertisement APP from mobile carrier), unlock hardware restriction (higher refresh rate) and some other reasons.
Only two options (Google Pixel and Nothing Phone) for relocking Android with custom keys? https://github.com/chenxiaolong/avbroot/issues/299
unfortunately you lose access to pretty much ever banking app :/
This is a popular thing to say, but is an oversimplification...
Call it anec-data but all my banking apps work in GrapheneOS, and I have several installed. There is one that reduces functionality if SafetyNet fails (have to do the 2fa flow every time I restart the app, can't set as a trusted device and notifications don't work) but it still works to access my account.
That said... I haven't tried to use NFC payments and do carry around a secondary iPhone 15 as my "business phone" these days that pretty much just has payment/banking apps on it, just in case one bank or another decides to suddenly nuke their app on my main phone...
After I got the screen replaced on my previous phone the fingerprint reader didn't show up, and I didn't bother to try fixing it. I hadn't specifically requested a new panel with fingerprint reader, but supposedly it could be enabled, if available, through tools Google provides for Pixels with their Tensor chips. Apps that would otherwise use the biometric authentication can fall back to a pin or pattern, but all of my banking or work benefit-related apps will not save credentials in that case, so I have to rely on my password manager which will use the PIN/pattern for authentication.
I replaced that phone with a new one and didn't bother setting up the fingerprints. It doesn't seem to bother me too much and maybe there's some small security benefit to not having the biometric authentication enabled.
My bank doesn't even allow me to have USB debugging enabled
I haven't come across a banking app in the UK that doesn't work with GrapheneOS. HSBC insists you use the AOSP or Google keyboards but otherwise no issues.
Santander at least used to not work, I haven't tried it with the new app they launched. The old app certainly wouldn't work and I was told by customer service there was no way to access it on a phone with an unlocked bootloader.
You are supposed to (and GrapheneOS prompts you to) relock the bootloader immediately after installation of the new OS.
HSBC now even complains if you have Developer Options enabled.
I ran root on my main devices for 8-9 years uninterrupted and always got banking apps (and all others for that matter) to work with at most 40 minutes of tinkering. Ofc thats not something everybody wants todo, but since i love tinkering with tech anyway and always want root that was worth it for me (and OS updates for 7 years instead of 2, used my phone that normally only was supported up to Android 9 to android 15). And this is with samsung devices which have tripped Knox (Funnily enough, i wanted to unroot since i didnt need it anymore once and then my samsung smartwatch couldnt connect because my device had tripped knox, so i had to root again to hide it. So their anti-root measure pretty much forced me to stay rooted)
The hardest to get working were: S-push tan (a 2fa app for the bank "Sparkasse", their normal app is far easier to get running) and lately revolut. but as i said, i always got it working.
Also it seems whatsapp blocks open bootloaders if you get enough warnings for using a custom modded version (A message pops up that tells you to get whatsapp from the official places, which i did) but hiding the open bootloader was enough to get that working.
Also with just root its easier than with root + Custom Rom, which was my setup.
So yea, it wont work out of the box, but its pretty simple to get working.
I use GraphaneOS and have had zero issues with the ~10 bank/brokerage apps I use.
Can you use NFC payment?
Not with Google Wallet.
... What are you using instead and is it as easily triggerable by some shortcut?
FWIW, I use Fidesmo. Oversimplified, it allows you to copy your credit card's NFC chip into an accessory you wear. I use a ring but there are other options like bracelets or watch bands. No batteries, no devices, no wireless connectivity. It works anywhere an NFC card works, which here in Switzerland is more or less everywhere.
It requires that the card issuer support Fidesmo though. Many here do but I'm not sure what it's like elsewhere.
Aren't card chips supposed to not give away private keys? Or you can take anyone's card and copy it, put it back and walk away?
That's not how those NFC cards work. They are payment middlemen. They are full cards on their own and just pass on every charge to your other card. Just like Google Pay.
Their business model is access to payment transaction data?
Sounds very likely. Perhaps if you are sufficiently big you could also get a small kickback from someone like VISA? Operational expenses must be fairly low.
The way I described it was oversimplified. Technically, it's more like your credit card issuer issues a new card with the same number and installs it on the chip in the accessory.
To be able to do it, you have to authenticate with your card issuer in a mobile app, similar to how you might when setting up Android Pay or Apple Pay. The mobile app then uses your phone as a bridge between the issuer and the NFC chip in the accessory so the relevant data can be written in a secure way.
I personally use my smart watch for NFC payments. I find it far more convenient then paying with my phone.
> I personally use my smart watch for NFC payments
But not Google Wallet, and with GrapheneOS as the connected device?
NFC payments via Google Wallet running on my Pixel Watch 3 connected to a phone running GrapheneOS works just fine. I use this regularly. (It doesn't require Google Wallet to be installed on the phone.)
At least one of my cards required Google Play Services to have the location permission when initially adding the card though.
Yes, I have a Garmin watch paired with GrapheneOS.
I pull out a contactless card. No battery life worries, and much more compact.
Not necessarily, I have quite a few that work.
It's crowdsourced and therefore incomplete but https://plexus.techlore.tech/ has reports of compatability with the complete absence of Google Services or a replacement like MicroG.
Here in Switzerland my experience is that the big banks like UBS and the cantonal banks tend to work, while the smaller things like McDonald's and my credit card providers tend to break because they have nonsense Play Integrity requirements.
The experience varies by country, here in Finland I haven't had a single banking app complain about an unlocked bootloader or a custom OS.
There are different levels of anti-user checks. Some only detect unlocked bootloader and/or root. Others use the play integrity anti-feature provided by Google. GrapheneOS tells you when apps request play integrity checks, and you'll see that a lot of apps do these requests constantly, even if they don't actually block you for using an unlocked or non-vendor system (custom key but otherwise locked and not rooted like GOS).
We really need a more foolproof technical solution for this if general purpose computing on the mobile phone is to be preserved. Perhaps some type of a remote control scheme to operate on a "slave" device. Failing that, if I do need one of such apps needing "strong" integrity, I'd probably look into getting an iPhone for those.
Good riddance, no more spying, no more ads in notifications (in my country you can use banks via browser. Also, instant transfers by phone number are free).
Not true. Crypto wallets works just fine.
Every banking app works perfectly for me on GrapheneOS.
Insane how bad this has gotten. So few options left to truly own your smartphone
We really need to make this into a website for 'hostile smartphones' or a 'list of smartphones to avoid', and popularize it among the normal folks. This is relevant to them even if they don't unlock the phones themselves. They could pay someone to unlock it and upgrade it - but only if the phone can be unlocked.
The manufacturers will do something about it when their hostile behaviour starts to affect their bottom line. They have been ripping us off for far too long.
I think this is living in fantasy land. Normal people aren't hyper concerned about boot loaders, sideloading or custom ROM's. There was an uptick many years past simply because this offered new functionality, but anymore there really isn't any reason to outside of small things like removing the Google Search bar from the home screen. But the amount of effort versus the result does not balance out.
Normal people just want to buy a phone and use it and they can do that today. They don't want the added complications. There is a reason Amazon is so popular and massive. The goal should be to add simplicity and not add complexity if want something to be popular.
> I think this is living in fantasy land.
As opposed to corporations extracting an insane amount of wealth from the struggling public? Such shallow dismissals ignore the fact that ordinary people know how exploitative these companies are and that they are interested in resisting - if only they knew how.
> Normal people aren't hyper concerned about boot loaders, sideloading or custom ROM's.
I have been guilty of this too. But let me say this. We on HN have been quite contemptuous towards 'normal people', especially regarding their technical competence.
Besides, you pretend as if everyone needs to know all those stuff to take advantage of it. Back in the past when mechanical watches and repairable automobiles were common place, we all took advantage of their serviceability, despite that only a rare few of us knew how to service it. We just paid those independent experts to do it for us. Everybody knew some basic economics to realize how this was in their favor. The argument that serviceability has no use to the majority is a disingenuous and harmful, all by itself.
> Normal people just want to buy a phone and use it and they can do that today. They don't want the added complications.
Just go ahead and ask these 'normal people' whether they prefer a serviceable device or one that suffers deliberate obsolescence in less than 3 years and forces them to buy an entirely new one.
> There is a reason Amazon is so popular and massive. The goal should be to add simplicity and not add complexity if want something to be popular.
Look at how many of these 'normal people' actively try to avoid the likes of Amazon. Their insane wealth allows them to manipulate the market in their favor. People learned this well during the post-pandemic hoarding epidemic.
So please stop pretending that essential features and freedoms are too complex to be worth it. People can take advantage of them even if they don't know how to do it themselves - like by paying independent professional servicemen. And at least in the current smartphone market, its complexity is entirely the contribution of the OEMs. Also, one of the reasons why the old PCs running windows 10 doesn't have to be junked immediately (due to win 11 requirements) is because it is so easy to install an up-to-date and modern OS on it.
Security, convenience etc are false arguments against user freedoms, and are most often the result of the deliberate choices by the OEMs. They're are just consumer gas lighting tactics.
Room for new competitors!
"The market will fix itself!"
Narrator: "In fact the market did not fix itself"
Narrator's Narrator: "The overwhelming majority of consumers don't care about the bootloader, so the market forces do not have an incentive to keep it unlocked. This leads to the market not 'fixing itselt'. "
People are not and cannot be rational actors in the market owing to imperfect knowledge. Externalities are common.
This isn't the 'market not fixing itself'. This is the 'market being actively manipulated and enshittified'. Don't forget that it's much easier to leave the boot-loader unlockable or even unlockable by just the owner, than it is to keep it locked and under control of a remote corporation. They went out of their way to enshittify it.
This isn't true. It's far more secure to lock the boot loader and block root than it is to leave them open. This is a basic security measure from the OEM. They didn't just wake up yesterday and go "let's mess with those nerds."
> It's far more secure to lock the boot loader and block root than it is to leave them open.
And you completely neglected an important part of my question. They didn't just lock the boot loader and the root. They also put measures in place to retain remote control of the same. Why not share that control with, or simply transfer it to the owner? Please don't argue with me that this is harder than what they've done for themselves.
We all know the answer for that - profits - something they can't ever be satisfied with. As an engineer, I know that such extra privileges can be made foolproof. It can be designed to prevent normal users from accidentally messing it up, while power users and service professionals can easily navigate their way to a full customization. I know this because I still retain that control on my laptop. There is absolutely no reason why it has to be different on a phone.
But OEMs won't consider it, talk about it or even entertain public discourse about it. Instead, they spend plenty of money on projecting the consumers they exploit as too naive and incompetent to take care of a device they paid dearly for. This is an absolutely vile and reprehensible corporate behavior that gets excused only because they captured their regulators.
> They didn't just wake up yesterday and go "let's mess with those nerds."
Of course not! Instead, they just woke up yesterday and decided "let's screw our entire consumer base". What you've demonstrated here is another example of their dirty tactics. Frame this as a fight between them and the 'nerds' and pitch the consumers against each other. Let's just end the charade that this sort of overreach hurts only the nerds. It truly harms all consumers. People who are old enough to remember service shops and repairmen know what I'm talking about. But these crony capitalists have been at it for so long now that there is an entire generation who doesn't know what's possible with user serviceability. That's the sort of leaching that they've inflicted upon the society.
And, security is never an honest or acceptable excuse for restricting user freedoms. Anybody who argues that information security and user freedoms are mutually exclusive is out to sell techno snake oil. Yet another reprehensible behavior that needs to be reined in.
I disagree. The answer to your counter is in the same comment that you're countering. It's easier to let the owner alone unlock it, rather than lock it to everyone and then control it remotely (at least for updates). At the minimum, they could have used the same mechanism to support owner unlocking.
Also, this isn't a 'nerd' problem. The economics of smart phones would be much saner if phones weren't so deliberately anti-recycling. Thus it affects all consumers. Framing this as a 'nerd vs corporation' fight is misleading at best.
I'm growing less tolerant of the use of security as a convenient excuse for these big companies to restrict their customers on their own devices. There are always alternatives that don't involve infringing on consumer rights. And most of the time, that alternative is rather trivial. But the OEMs just ignore it and never mention it while excusing themselves. That's intentional gaslighting.
you misread the word "easier" as "secure"
Somebody said "easier" and you said "more secure." Then, your argument that it was more secure (which nobody was discussing) is that it is "basic." Then you added an irrelevant strawman with a slur in it against the person you were arguing with.
Yes, it is more secure against the user. That is not a desirable characteristic for the user, it is a desirable characteristic for the controller of the operating system.
I can buy a smartphone or tablet that's 100% unlockable and has all the bells and whistles right now, and get it delivered in 24 hours, and not pay significantly more than average.
I think the market is working just fine. (To which people usually say "for now". Well yeah, the sun hasn't gone supernova... for now)
Yes, and heroin users can go buy fruits and veggies if they want to improve their health outlook. The fact that better alternatives exist does not mean the market will reward them, which is the point the parent is making.
I disagree, that isn't the point the parent is making.
if the market is not solving the problem then the natural conclusion is that it is not a problem that needs solving, pretty sad about it that not that many people care about these things.
The opposite is pretty much true when it comes to security I am generally forced to use an apple device since I can be relatively sure that my keys will be safe (not including state sponsored actors, at that point I would have bigger problems).
Now something for the market to actually solve would be poor hardware security in general making locked bootloaders serve no purpose, having strong built-in security at the SOC would diminish the advantages gained with locked down systems and would allow us to have BYOK without compromising on the general populations security.
market is stupid concept.
It’s very common for dictators to call people stupid as an excuse for their power abuse.
market is not people
For real??
GrapheneOS is working with an OEM that wants to support this (+ the added security requirements for GOS)
It's interesting because the OEM is quite likely to be in the 'Avoid at all costs!' bucket based on current information.
Hey, If they want to improve, they can always get a second chance. At least from me.
But I'm also quite happy with my Google Pixel 9 Pro XL and I have no reason to change. And unless Google changes their bootloader-stance in the future I might continue buying Pixels anyways. But its always good to have more options.
When my mother was shopping for a new smartphone she definitely was not considering whether or not she could install a different OS on it.
Your mother's unwillingness to install a different OS doesn't mean that everyone else who wants it should be denied too.
I'm genuinely curious. What's your motivation in making up such a pointless argument/justification?
Wanting to install a different OS puts you in the tiniest of tiniest slices of consumers shopping for a new phone. There is a tiny amount of market demand for it.
Irrelevant and misleading. Three reasons:
1. We had serviceable devices and vehicles for ages. There was an equally tiny group of people who knew how to service them. However, everyone used to benefit because they paid those tiny group to do it for them. They benefited because those servicemen had incentives that were more aligned with the consumers, than with the manufacturers.
2. This is not like asking the OEMs to develop a feature that serves a tiny group. The size of that group is no excuse to go out of their way to restrict them. This is an explicitly hostile and actively malicious move. That's why I said your mother's unwillingness to use the feature is no excuse to deny the same to others. But you ignored that argument altogether.
3. The 'tiny slice' is not nearly as tiny or insignificant as you'd like others to believe. Plenty of people, especially the teenagers and the youth like to tinker around with devices. The success and popularity of earlier Arduino and Raspberry Pi are undeniable testimony to that. It's also from this group of tinkerers who started from their garage that we got the next generation of innovators like Bill Gates and Steve Wozniak. These sort of restrictions deny the next generation their own such pioneers and the free-market competition.
OEMs rely on misleading and dishonest arguments like this to gaslight the consumers into unfair deals and squeeze out every bit of unfair profit. In a fair world, such attempts would be strongly condemned and penalized with a loss of marketshare. And it's about time that became a reality.
However, my question wasn't that at all. My question was, what's your motivation in repeating their argument here? How does such an anti-consumer argument help you in any way? Is it consumer Stockholm syndrome?
cool, When i was shopping for a new car i wasn't considering if it was a 4x4 because i live in a city with a mild climate
I hope you at least considered whether it was AWD cuz that shit is the bee's knees regardless of climate!
Being able to install a new os is orthogonal to owning a device. It's an additional feature that most users won't use.
Being able to install a new OS is not an 'additional feature'. It's the downgrade of a capability that's inherent to the device. It's the same as making a carseat heating a subscriptions service. Whether the users use it or not is entirely irrelevant.
>that's inherent to the device
It's not inherit to the device. Accepting updates signed by a specific key is inherit to the device.
How is that inherent? That's something they added to the device to restrict our options. Now even if we accept the argument that this is necessary for security, why is there no provision for the owner to add their own keys, or bypass it explicitly?
It's inherit because that is how the device was designed to function. Ultimately it's just silicon, so there isn't a default design for how it should work.
Developing a restrictive feature at significant cost and imposing it upon the consumers isn't nearly what a reasonable person would consider as inherent or default. You can argue otherwise based on technicalities or arbitrary definitions and that's what these companies have been frustrating the consumers with. However, such gas lighting is the what justifies the hall of shame, skip lists and name and shame pages and websites like these. I'm hoping that they catch on in popularity because this sort of tactics deserve equally harsh disrepute.
It is a tablestakes security feature. And adding an additional feature to support swapping keys has an additional cost and adds complexity to the design.
Now you're just shifting the goal posts. Locking down the full root and the firmware from even the owner, while retaining an exclusive remote exception for yourself (the OEM) at the same time is worthwhile, but adding or swapping user keys is too complex and costly? Forget the fact that this isn't nearly as complex as what they've set up for themselves. This is the bare minimum that an OEM is obliged to provide the owner, when they lock down the device. They're able to get away without doing that because the market isn't free or fair anymore. They twisted the market and the regulator to unfairly benefit them.
Now we are going from gas lighting to just making up excuses to justify what benefits you (the OEMs). This is exactly what I've been accusing them of, all the while. Their justifications are technically false, misleading, arbitrary, unfair, shallow and opportunistic.
the "ownership" framing is because bootloader locks allow vendors to unilaterally make decisions about how your device operates after you purchase the device.
Apparently the average consumer couldn’t care less, given that Apple and Samsung are among the worst options for unlocking, and still the best-selling ones.
> As a rule, almost all carrier locked devices do not allow the bootloader to be unlocked. This usually makes sense, as it would allow you to completely bypass the contract.
I don't understand how this works, why/how are a carrier lock and a device lock related? Shouldn't one be a lock on the baseband chip and the other on the main firmware?
On a lot of prepaid devices such as those from Kyocera for companies like Boost, the limitations are almost all in software configuration, because that's cheap and easy to do rather than rolling your own baseband configuration.
For years, carrier lock on iOS devices was simply a software switch. In a lot of devices, still, if you have an unlocked boot loader you can run patched baseband firmware that doesn't care that it hasn't been told the magic numbers to unlock itself.
The carrier gives you a subsidized price on the phone and then you pay for it as part of the service bill. If you can unlock it you could switch to a cheaper carrier. None of this should be allowed of course. Phones should always be unlockable.
I know this. It doesn't answer my question at all.
I wonder if it might be about things like tethering, I remember for a while US carriers (AT&T I think?) used to lock it under a specific plan, but unlocking the bootloader/rooting let you bypass this limit
If you can unlock the bootloader you can generally also reflash the firmware at will on the baseband, so you can replace it or modify it to remove any subsidy/carrier locking on the baseband side.
Unlocking the bootloader will also of course let you eliminate the carrier’s bloatware that they get paid to install and load onto it, including the things that they shoved all the way into the Android “non-disableable” list.
Tracfone called this “cellphone trafficking” all the way since the 90s when people would buy their loss leaders, flash ‘em, and flip ‘em to third world markets for top dollar.
https://stopcellphonetrafficking.com/
Wait, the xiaomi one is weird.
You have to pass an actual, 'notoriously difficult' test?
What are they testing?
https://github.com/MlgmXyysd/Xiaomi-BootLoader-Questionnaire
here are some past papers. For example:
https://github.com/MlgmXyysd/Xiaomi-BootLoader-Questionnaire...
Since 1,2,3,4 are wrong, but the problem asks "do not select the correct statements", you need to choose 1,2,3,4.It show not only how hard the problem, but they also play on words. You also need to answer 13 questions in 15 minutes. And scoring more than 85 points to have a chance to unlock it.
https://www.bilibili.com/video/BV1jPbXzaE9d/
Because the exam difficulty is too high, some people even go to official repair centers requesting a downgrade, and snatch the phone when the technicians unlock and reflash the firmware.
UPDATE: fix the score requirement and the correct answer.
Wow, that’s certification level with extra traps on top.
>Because the exam difficulty is too high, some people even go to official repair centers requesting a downgrade, and snatch the phone when the technicians unlock and reflash the firmware.
Are people that interested in unlocking despite the high friction? Honestly, I’m impressed.
I don't know how popular of unlock, but AFAIK, they want to remove bloatware (like the Scam Protection APP from government, or Advertisement APP from mobile carrier), unlock hardware restriction (higher refresh rate) and some other reasons.
Why is everyone so focused on unlocking the bootloader instead of replacing the bootloader.
Wall of Fame (allows re-locking the bootloader with custom key): https://github.com/chenxiaolong/avbroot/issues/299
fuck iqoo