Why Verizon locks bootloaders

Here’s a letter from Verizon where they discuss why they get OEMs to lock bootloaders on their phones:

It’s from 2012 but I imagine carriers still give similar arguments today. Really interesting to read the corporate line.

Seems to be:

• potential impact of untested software on their network
• avoid time spent on customer support from people with custom ROMs

The second one seems pretty bunk - I can’t imagine anyone who’s taken the time to put a custom ROM on their phone is then going to call Verizon for technical support. It’s also not difficult to find out what the build is from Android settings.

The first argument seems more defensible. I’m not sure what these potential impacts would be exactly, but the argument ‘we don’t let unvetted software access our infrastructure’ is pretty sensible from an operations point of view. But, how much damage can a phone do to a network? It seems like it’s a flaw in the protocol if rogue phones could take down a network, and one that could be exploited in other ways, not just by phones running custom software.

Even if there’s a valid reason, that doesn’t warrant stopping people from doing whatever they want with a device they’ve bought. There could a mechanism such that unlocking the bootloader then disables access to networks that choose to disallow it. But you could still use your phone with wireless connectivity, or with a network that allows it.

I can see some slight justification for the second - not that I’d particularly want to defend it. If, for instance, you were getting dropped calls with your custom ROM it might be far from obvious whether the problem is with the hardware, the software or the network, and so you might call your carrier. Their first line support won’t be trained in custom ROMs and will launch into their standard script, starting with “Try turning it off and then on again”. Trying to tell L1 support that you actually know a lot more than they do is frustrating for both parties!

As a supporter of free and open source software, I think we should be able to install whatever software we want on the devices we own. However, I also concede that we can’t expect the same level of support from manufacturers and network operators when doing so. So I wonder if @neil’s suggestion would be a good option for the first problem - except that I fear that given an option, all network operators would render alternative ROMs incompatible with their services…

Partly related: when interviewing Prof. Ross Anderson for the podcast on software obsolescence, he insisted that we need to demand manufacturers such as Google to support their devices for way longer, 10 years rather than 2 years

After the interview, he also shared that he thinks alternative ROMs aren’t a real solution because they’re way too complicated for most people to install - which is a fair point (partly due to the locked bootloader, but not only). This said, ROMs show that it’s possible for volunteers to maintain a version of an operating system, which means that manufacturers have no excuse for not doing so themselves!

We shouldn’t seek a single solution,

a) Android OEM should extend software support life (legislation, OEM effort)
b) Android OEM should offer boot loader unlock option ( comminity)
c) Apple should support 3rd party hardware support repair. (legislation, OEM effort)
d) Any OEM should supply service manual and source code. (legislation, OEM effort)

All of them are helpful to save the planet.

Frankly I have been tired with hearing that the custom rom is complicated, I heard so many things. Opening up your iPhone are complicated. Using Linux is complicated .We have been told so. Really ?

Ugo, why we have to listen on Custom Rom from ignorant academics and politician only ? Please ask Professor Ross Anderson to give me his opensource friendly google phone.

I don’t want to give exclusive authority to the OEM to control the device’s life. I want to see the 3rd party and free and opensource community initiative as well as Regulations and the OEM’s commitment.

My Oneplus One has got an official Lineage OS 15.1 now, and I have got a brand new OEM battery from Replacebase (I have opened a trade account, I can get parts at trade price, contact me if anybody want to buy from them) I will prove there is a way to use my smartphone over 5 years very comfortably.

Using custom Rom is 100 % your responsibility, I love to take care of my stuff with 100% responsibility. Take onewership Back. I know that some of you don’t want to take responsibly but a) and b) is not incompatible, interact each other to extend the device lives.

Over 85% smartphone (well, cellphone ) in the US is sold via network carriers, Vested interests has been established.among carriers and some OEMs. They want to keep this successful business models in the same of vested interest.

Huaway terminates the bootloader request very recently.
https://www.xda-developers.com/huawei-stop-providing-bootloader-unlock-codes/

Now Huawei won’t user allow to unlock bootloarder, Yes, it is still very today’s topic, This is the significant environmental news, even the most of people do not understand the meaming of this.

Huawei want to joint the vested interest group in the US? Be more attractive to the US network carriers, I wonder.

I have discussed this issue partially at Fixfest last year.
http://pads.fixfest.org:2017/p/fixfest2017-extending-phone-life

Yes that’s probably unfortunately true…

On reflection I’m not so sure it’s a legitimate argument from the carriers to say it might affect their infrastructure. It would be like an ISP saying you can only run Windows if you want to use their infrastructure. Good job we don’t have our PCs tied to ISPs like our phones are tied to carriers!

I would disagree with Ross Anderson that the focus should solely be on pushing for extended manufacturer support (if I understood his argument correctly). That feels like the equivalent of relying on Microsoft to ensure PC hardware is supported for a long time and saying we shouldn’t bother with a free and open alternative. I don’t want to rely on any single organisation, especially a profit-driven one. I agree with Toshi it should be a combination of both prongs.

Agreed custom ROMs are complicated to install, but I’d say for the same reasons that Linux is perceived as complicated to install - 99% of devices are preinstalled with an OS so we don’t have to think about it. Installing a stock ROM would be just as complicated, but you don’t need to do it because it’s preinstalled. Installing Windows from scratch takes roughly the same effort as installing Linux from scratch.

The problem is there’s little effort from vendors to make it easy to install something else, and they actually throw in hurdles like locked bootloaders (or SecureBoot on PCs, which I see as roughly equivalent to locked bootloaders on phones) and it is intentionally made difficult. I think as well as supporting their own software vendors should also be pushed to remove the hurdles to installing other operating systems.

Google (Nexus, Pixel) and Oneplus are extremely custom rom friendly in terms of unlocking boot loader. You don’t have to contact to the smartphone manufacturer to do that, JUST DO IT WITHOUT ANY INTERACTION with your Vendor (or Authorization form the manufacturer) YES This IS YOUR PHONE.

Niel, Secure boot is an excellent example, I have related this topic with UEFI /recureboot at mailing list. but nobody shows the interest (or do not understand the implication)

Back to my topic.

a) Android OEM should extend software support life (legislation, OEM effort) group A
b) Android OEM should offer boot loader unlock option (community) group B

People (environmental group, including Restart Project, Academics etc) are ignorant about the solution B, and pushing the solution A only and the tech Geek hobbyist enjoy the solution B without understanding the environmental benefit . This is the situation. We really have to make efforts to bridge group A and group B.

You (group A) don’t have to learn how to install custom rom by yourself, ask millions of custom rom users (group B) to do that for you, group A people need to have your own hands on experiences with your newly reborn device with the latest custom rom as the Group B people have been enjoyed. This also help to push the solution A. AS YOU FULLY UNDERSTAND THE NATURE OF SOFTWARE PLANNED OBSOLESCENCE, as your own actual experience

People (group A) would start to think "I am not sure about custom rom but I want to keep the option to install the community developed the latest operation system in the future". In this way, the perception would change, it is too silly not to use the solution B in order to pursue the solution A. I want to see the both solutions, and I cannot wait for another years to see the solution A as so many mobile have been dumped just now.

I am not happy to hear the cliche " iPhone is better than Pixel (Android) " commented by Prof Ross Anderson, Ugo et al, not because I don’t appreciate Apple great software support, but because YOU SIMPLY ACCEPT THE CURRENT SYSTEM, WE HAVE NO ALTERNATIVE, YOU SHOULD FOLLOW THE RULE THEY CREATED. WE ARE TOO POWERLESS TO USE THEIR SOLUTIONS.

Also they are saying iPhone £1000 with 5 years (without apple care, no so easy battery replacement ) is better than Google Pixel £800 with 3 years ! Is this a just rich people middle class green consumerism ? Academics can claim their top end devices as an expense, but don’t forget we are also dealing with people who don’t have a credit card at Restart parties.

As Robin has been using Nexus 5 with Lineage OS since last Christmas with my sacrifice of my Restart Christmas Party evening. I sent Robin to the real review of Nexus 5 as below.

He quickly replied to me with an investment (!) for his brand new 2013 phone !

Brilliant! You gave me superb advice. It’s all dolled-up with smart new black battery cover from California (for some reason) about £2 and tempered glass screen cover about the same price. Spares on eBay cheap - on/off switch under £2, shell under £7. It’s 100% usable and great fun. Sincere thanks again. R

I really do hope some of you actually start to experience the solution b (even to promote the solution b) I know a couple of Restarters have been use the Custom Rom for their daily driver, I believe that they are more than happy to assist you.

happy Hacking

Absolutely, @RestarToshi, and that’s @neil’s point too: no single solution is enough, and the freedom to install the software we want on a device we own is crucial. It would be even if Google supported their devices for much longer. We need to push manufacturers to extend support and reduce barriers to installing free alternatives.

I suggest we have a skillshare dedicated to go through all steps to move to Lineage OS, fully hands-on. It needs to be a longer skillshare, as I know it takes a while to get everything sorted. Shall we? It’d be great to get Toshi and others (@sami and @benski for instance, and others too) to share their skills on this.

I’ve recently inherited a phone fully supported by Lineage OS, plus we have a compatible tablet at the office, and we could experiment with a Fairphone 2 as well. Who’s up for it?

One other point regarding the “if you use a custom ROM you could interfere with our network” argument…

AFAIK all modern phones have a separate “baseband processor” which is what actually does all the GSM, 4G etc. stuff and it runs its own firmware.

Do custom ROMs re-flash the baseband f/w?
I very much doubt it, because usually that’s what FCC (or TÜV SÜD or whoever) certifies to approve the device for connection to the network.
Android (or whatever) running on the host processor doesn’t initiate calls, transfer data etc. over the network directly, it sends requests to the baseband processor to do those things.
So, unless the baseband firmware is badly specified or implemented, there’s no way that the phone can do any evil stuff on the network.

Of course, as we know from previous incidents, the baseband f/w is often flaky and it has been used more than once as a viable attack vector against the host processor, so I’m sure that there are plenty of hacks the other way that can be used by the host processor to force the baseband firmware do bad things on the network.
but that’s the fault of badly designed/implemented/tested f/w on the baseband processor.

To give an analogy with a previous generation of devices:
telephone modems were required by PTTs to only allow a certain rate of (re-)dialling to prevent war dialling and other evil things that would hurt the phone network, so the host computer couldn’t dial above a certain rate of calls/minute no matter how hard it tried:
it would get an error back if it tried; a modem wouldn’t be type-approved if it didn’t conform to that specification, among many others.
Baseband processors & f/w should be similarly robustly specified & tested to prevent even a completely rogue host processor from damaging the GSM/4G/whatever network.

This is partly true. The baseband is unlikely to be reflashed as part of a custom ROM as in most countries it needs to be approved for it to be legal for the phone to be switched on. Depending on how robust a network is, it can also be affected by issues higher in the stack of the mobile equipment, especially if it were to interact with a network functionality (e.g., SMS, MMS, etc.). However network operators to tend to find it difficult to relinquish any power they still have.

I imagine quite a few people of the >50 people on this forum do not know the meanings of the following words:
• bootloader
• OEM
• Custom ROM

Also voting for a skillshare on this topic - and perhaps some revisions to this Wiki page with more definitions in plain language of key terms.

Some quick definitions:

The software that loads before anything else, and which then loads the operating system.

Stands for Original Equipment Manufacturer. The company that made the device, which may different from the company branding and selling it.

ROM stands for Read Only Memory, though on phones it is a misnomer as it refers to Flash which can be rewritten under certain conditions. The operating system of the phone is stored in Flash and can be reprogrammed. When it does not come from the manufacturer, it is ‘custom’. So a custom ROM is the binary of an operating system created by a third party and ready to be flashed into a phone. (Better get a custom ROM specifically created for the exact phone model you are trying to reflash, otherwise you will likely ‘brick’ the phone. Explanation of ‘bricking’ is left as an exercise.)

http://pads.fixfest.org:2017/p/fixfest2017-extending-phone-life

I agree, I don’t use the term Custom Rom for my presentation on Extending Mobile Phone life with Open-source Android OS Jargon free is better.

I also would like to insist that non-tech users do not have to understand in details. There are many ways to spread the beautiful solutions. Some elderly no- tech users just simply use LinuxMint without any problem, Robin may not be very technical but since he has used LineageOS from last Christmas, he steady HAS learnt his Android OS in his way.

Installation is only a part of the game, using everyday and familiarising (i.e. user experience) is also very (the most) important part.

Not everybody needs to learn how to install Custom Rom, but you need to know which smartphone you need to choose to extend the device life much longer with Custom Rom. This is the very very important part.

It is better to separate completely 2 groups.

A) People who want to learn the installation etc. (hobbyist etc)
B) People who want to use the custom Rom for their daily drive. (The majority of Eco users )

As far as I know, the group A) of intermediate (?) users would mess up their mobile phones (brick the phone etc) and Group B users are scared with this lol . However, It is impossible for Group B to brick the phone !!!

I believe that increasing the user base of B is far more important. The sharing user experience session would be far more important as we have been talking without actually using it.

Sounds good, I have a tablet that is supported and I’m planning to put Lineage on. I’ve got two old phones in a drawer that I put CyanogenMod (ancestor of Lineage) on in the past, happy for them to be sacrificial devices we could do a reinstall on. They’re pretty old but I guess that could make them interesting examples. I’d love to do my current phone but the bootloader is un-unlockable!!

I’d be really interested in helping with / observing this process!

My current OnePlus One still runs CyanogenMod, but when I looked into getting it onto Lineage, the instructions looked super daunting and significantly beyond my technical understanding (especially given I’d still want to use Google Play services and all that jazz).

It seems that you have implied you are not able to use "Google Play services and other services with Custom Rom? Well how inconvenient it would be! Who said so ? But fortunately this is wrong. (You can say a small number of application such as banking application won’t work)

Intentionally or not, you actually promote FUD against custom Rom, based upon the misunderstanding. I used to see the same problem with Linux a couple of years ago at Restart Project, so it is understandable.

This is why the non-technical users have to focus upon the user experiences and understand about Custom Rom correctly through your own user experiences. You don’t have to be technical to contribute technical community projects.

A 80 years old lady just use a Custom Rom everyday without understanding anything. Probably she cannot tell between iOS and Andoid as this is her first tablet.

Well, just make a full backup and bring it to the next Laytonstone Restart party, I can install Lineage 15.1 OS to your OPO if you likely. if interested please let me know in advance, as I have to bring my heavy notebook. (I actually won’t delete your personal data (photos, document music etc during the installation)

P.S. I personally would like to install Lineage OS 15.1 to my OPO sometime later. As the latest version (15.1 Android 8) released a couple of month ago, it would be better to wait for a half year or so to get more mature stable version.

P.P.S. We really really need a job management system with an open session acceptance, which means I can offer an open session for other people who would be interested in Custom Rom (installation) Then I can do with a repair work and skillshare (on the job training) session at one time. It would be great as i don’t have a lot of free time to share my experiences.

Ahh, sorry if that’s the impression I gave Toshi! I was trying to say that the process of installing Lineage looks more complicated if one wants to use Google Play services and so on.

I’m sure that once Lineage is installed, it’s super simple to use. It’s just the installation part that’s daunting. So, thanks for the offer! Next time I’m in London and there’s a Leytonstone party, I’ll come along for sure

Good to know that the latest version is so young too. That’s a pro tip right there!

Actually installing Google Play service (OpenGapps) is the easiest part during the whole the installation. (10 minutes work)

Actually Lineage OS 15.1 for OPO is more than 3 months old, more than 10 weekly releases. I think it is OK. But I am super conservative about any brand new releases (both hardware and software) for other people. I have observed that so many people just play with a brand new buggy stuff (UEFI, Windows10, brand new Smartphone etc etc) and suffered from buggy first release. If you want to help your mum (i.e. non technical people) you really need to be conservative. Otherwise you will be blamed anything you have done lol.

I have observed that so many people just play with a brand new buggy stuff (UEFI, Windows10, brand new smartphone etc etc) and suffered from buggy first release.

Well, if you have mastered to install Linux OS to the computers, it would be easy to to understand the Custom Rom installation process. If you never ever install any OS by yourself, any OS installation, including Android Custom Rom installation would be difficult.

So everybody has to master OS installation? Well it would be great, but I don’t think so, as people have their own preference/agenda/interest etc. But please do not speculate simply you have no experiences, which just close the doors.

I personally never ever expected to replace Smartphone display rather pleasantly (with powerful hair dryer lol) But Restart parties help me to keep opening the door to perform this kind of stuff confidently.

Apologies, the “quote” above is a bit weird - I just clicked Reply to @ugo 's post, should I have done something different?

If Joe/Joanne the consumer on the Clapton Omnibus is going to expect 10 years software support for their phone, that’s going to increase the cost of the device considerably - 2yrs is a long time these days, ten years is a bit unimaginable, TBH, unless the thing is totally open source and you get community support. But given the speed of change in hardware (5G is coming!), and the absolute need not to let Harry/Henrietta Hacker get into the low level network protocol I don’t see how that is possible, unless perhaps we all move contra-trend onto dumbphones.

Showing my age - I did like my Nokia 6310 as a phone (still have it in a box somewhere), but TBH don’t want to go back to playing snakes! Even those fondly-remembered dumbphones had to be type-approved (software and hardware) before they could be sold/used. Look at those attempts to create a “future-proof” modular phone that “can be upgraded” - the software and hardware are so inextricably linked (to reduce size and manufacturing cost while increasing functionality/battery life) that unless progress stops dead it’s not possible to constrain one without the other.

Legislation (perhaps not necessarily on duration of support directly but on requirement for recycling) seems to me like the only way to force manufacturers to in the end ensure longevity, but in the shorter term the significant increase in cost isn’t going to be popular with anyone except the few with an eye to the longer term.

Here’s the experience of Martin Sauter, someone who has mastered installing Linux on many types of computers, installing LineageOS on a Samsung Galaxy S9.