Newest Google Android Cell Phone Contains Unexpected 'Feature' (New America) [LWN.net]

The New America Foundation has posted a somewhat sensationalist article on the G2 Android phone. "Specifically, one of the microchips embedded into the G2 prevents device owners from making permanent changes that allow custom modifications to the the Android operating system. This is the same Android that purposefully opened up its source code under the Apache License, allowing anyone to use, modify, and redistribute the operating system code even if they choose not to contribute back to the development community." The primary source appears to be this XDA forum; it looks like the G2 has either a mechanism to rewrite the root partition or some sort of union mount that causes post-boot changes to be lost. Either way, it's not a hacker-friendly device.

to post comments

Newest Google Android Cell Phone Contains Unexpected 'Feature' (New America)

Posted Oct 6, 2010 14:49 UTC (Wed) by rvfh (guest, #31018) [Link] (10 responses)

> (...) the new Google Android hardware rootkit acts just like a virus -- overriding users preferences to change settings and software to conform to the desires of a third party. (...) We are seeking further clarification as to the legality of this malicious software.

This guy needs to stop paraphrasing Steve Ballmer.

Come on, telecom operators just want to make sure they know what connects to their network so it does not take it down. Rooting your computer has little chance of harming anybody but yourself, whereas a rooted phone could do a lot more damage. Think of a phone not respecting frequency and/or time slices. It's not you local router's wifi connection!

Taking down the cell network

Posted Oct 6, 2010 14:53 UTC (Wed) by corbet (editor, #1) [Link] (9 responses)

Umm...we're talking about the application processor here, not the baseband processor. A rooted G2 is not going to "take down" the cell network. The article is over the top, but the problem (a user-hostile device) is real.

Taking down the cell network

Posted Oct 6, 2010 16:51 UTC (Wed) by AlexHudson (guest, #41828) [Link] (7 responses)

It sometimes surprises me the extent to which people will support corporate controls like this.

No-one would support an ISP putting limits on which devices and OSes connected to their network - people scream when they start blocking port 25 or rate-limiting bittorrent - yet there are similarly "valid" reasons for ISPs to want to do that.

Having some kind of licensing system for radio devices makes (a small amount of) sense, but locking down mobiles to the extent talked about in the article is pretty vile.

Taking down the cell network

Posted Oct 6, 2010 18:20 UTC (Wed) by rvfh (guest, #31018) [Link] (5 responses)

> It sometimes surprises me the extent to which people will support corporate controls like this.

I hope you're not referring to me post here, or you'll have to explain where I said I supported it. Quite the contrary.

But I can see some reasons why the operator want to lock the phones on their network. Tethering is one of them...

Taking down the cell network

Posted Oct 6, 2010 18:58 UTC (Wed) by josh (subscriber, #17465) [Link] (4 responses)

Mobile carriers shouldn't care about tethering; they should care about *traffic*. If I use more bandwidth than the carrier can provide me without impacting other people, it doesn't matter whether I used that bandwidth from my laptop or my smartphone.

Taking down the cell network

Posted Oct 6, 2010 22:19 UTC (Wed) by drag (guest, #31333) [Link] (3 responses)

If they metered bandwidth then it would be different. They would encourage usage and put a lot of effort into improving performance and making things faster since the more information you transfer the more money they make.

But they burned some bridges in the past with the outragous data fees so most people are scared away from metered internet.

Taking down the cell network

Posted Oct 7, 2010 16:09 UTC (Thu) by nye (guest, #51576) [Link] (2 responses)

I think that's mostly a US thing. Here in the UK it doesn't seem to be possible to get unmetered internet usage on a mobile phone, at least not without paying truly staggering fees.

(Obviously most of the carriers *claim* that their data plan is unlimited, but usually that means up to 512MB/month, maybe 1GB if you're lucky. T-Mobile are ahead of the pack in that their smallprint notes that your limit is 3GB if you have an Android phone, and that's a large enough limit that I really don't have to worry about going over it.)

Taking down the cell network

Posted Oct 7, 2010 18:56 UTC (Thu) by joey (guest, #328) [Link]

This is true in the US too AFAIK. Very buried in the fine print.

Taking down the cell network

Posted Oct 10, 2010 8:52 UTC (Sun) by efexis (guest, #26355) [Link]

Vodafone have a 5G option, currently at £15/month

Taking down the cell network

Posted Oct 6, 2010 20:09 UTC (Wed) by job (guest, #670) [Link]

No one would accept a mobile phone operator deciding which phone you could use either, with a few exceptions.

In most parts of the world the mobile networks accept any standard GSM terminals. Operators filtering on IMEI numbers would be no more accepted than operators filtrering on MAC in the IP world.

Customers in countries which are exceptions to this should wield their economic and political powers to remedy this. It is bad for customers and bad for economic development in the long run.

Taking down the cell network

Posted Oct 6, 2010 17:57 UTC (Wed) by SecretEuroPatentAgentMan (guest, #66656) [Link]

The distinction between application and baseband processor can be hazy these days as virtualization is used to make one physical processor appear as these two processors. The benefit stated in the trade press is cost saving though it reminds me a bit of the "Win modems" of yesteryear where the PC did the DSP work.

I don't know what solution is used in this particular cell phone but rooting a physical processor at the lowest level can be different from rooting the application processor.

A modern cell phone is loaded with more or less specific processors of various kinds handling baseband, Bluetooth, USB, sound, Zigbee, GPS, WLAN and who knows what more. This means virtualisation can be quite attractive. I guess that can make rooting harder. And it could impact the baseband functionality.

Newest Google Android Cell Phone Contains Unexpected 'Feature' (New America)

Posted Oct 6, 2010 17:58 UTC (Wed) by foom (subscriber, #14868) [Link] (13 responses)

Articles like this one really irritate me. We had the same thing when the Droid X came out. It's a load of crap: there's a new device, and the very first thing hackers tried to do didn't fully work. Whoop-de-do.

That doesn't mean it's impossible to hack, or that the hardware is more hacker-unfriendly than past devices, or that the "E-Fuse" in your Droid X is going to permanently render your device inoperable if you flash invalid firmware to it. (no, it's not: flash working firmware back to the device and it starts working again, *surprise*!)

Give it a week, and I bet they'll have the new system figured out. It'll probably turn out to be simply a recovery mechanism to keep your phone working without needing to send it in for repairs. I'm going to bet that the hackers simply aren't writing their bits to the correct place.

Newest Google Android Cell Phone Contains Unexpected 'Feature' (New America)

Posted Oct 6, 2010 20:36 UTC (Wed) by daniel (guest, #3181) [Link] (12 responses)

Give it a week, and I bet they'll have the new system figured out.

Google should not have stooped to this level in the first place. (Caveat: still waiting for confirmation that the report is accurate.)

Newest Google Android Cell Phone Contains Unexpected 'Feature' (New America)

Posted Oct 6, 2010 20:38 UTC (Wed) by corbet (editor, #1) [Link] (3 responses)

This won't be Google's doing; I doubt they were consulted one way or another. HTC will have implemented this feature with possible encouragement from the carriers.

Newest Google Android Cell Phone Contains Unexpected 'Feature' (New America)

Posted Oct 6, 2010 20:45 UTC (Wed) by daniel (guest, #3181) [Link]

I'm not sure if I subscribe to the "it was just the underlings" line of defense. After all, HTC is one of Google's handful of AAA manufacturers and supporters. I would find it hard to believe that no Google execs were consulted about HTC's plans in this regard.

Newest Google Android Cell Phone Contains Unexpected 'Feature' (New America)

Posted Oct 6, 2010 20:50 UTC (Wed) by foom (subscriber, #14868) [Link] (1 responses)

The problem is that there is no information whatsoever, at this point, that the feature is designed to make it hard to hack. All we know is that the new phone is different. It might not even be harder at all, it might simply just be different!

Newest Google Android Cell Phone Contains Unexpected 'Feature' (New America)

Posted Oct 6, 2010 23:55 UTC (Wed) by martinfick (subscriber, #4455) [Link]

Well, it's certainly harder than an ADP which is open and documented by HTC.

Newest Google Android Cell Phone Contains Unexpected 'Feature' (New America)

Posted Oct 7, 2010 16:13 UTC (Thu) by nye (guest, #51576) [Link] (7 responses)

Newest Google Android Cell Phone Contains Unexpected 'Feature' (New America)

Posted Oct 7, 2010 16:40 UTC (Thu) by daniel (guest, #3181) [Link] (2 responses)

This has nothing to do with Google. It's just yet another clueless story from a source who thinks that every Android phone is made by Google because they can't understand the idea of a free and open OS for smartphones.

It has everything to do with Google. The Google trademark is prominently emblazoned on the phone. I have one sitting beside me. This branding was clearly authorized and duly licensed. It has everything to do with perception of Google's true commitment, or lack of commitment, to open source and the developer community Google hopes will rocket this skinned version of Linux called Android to global domination.

The Meego folks must be having a great chuckle over this. Hi Arjan! Best of luck.

MeeGo

Posted Oct 7, 2010 16:42 UTC (Thu) by corbet (editor, #1) [Link]

I see no evidence to suggest that MeeGo handsets will be any less user-hostile. Most of them will probably be just as locked down. What one can hope for is that - as with the Android handsets - somebody will toss us a mostly-open device every now and then to play with.

Newest Google Android Cell Phone Contains Unexpected 'Feature' (New America)

Posted Oct 7, 2010 18:35 UTC (Thu) by SEJeff (guest, #51588) [Link]

Read the note about MeeGo in this blog post from a prominent member of the OSS security community:
http://danwalsh.livejournal.com/37782.html

Seems like more of the same if you ask me.

Is this a GPL violation?

Posted Oct 7, 2010 16:59 UTC (Thu) by daniel (guest, #3181) [Link] (3 responses)

Could someone please explain to me in words of one syllable why this is not a violation of the GPL v2? From the license:

The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.

That seems clear enough. Surely that would include the encryption key to sign the ROM image, without which modifications could hardly be made in the "preferred form".

Is this a GPL violation?

Posted Oct 7, 2010 18:07 UTC (Thu) by dlang (guest, #313) [Link] (2 responses)

GPLv2 talks about the software, you have the source code of the software as well as the binaries.

it doesn't say anything about the ability to run modified software on the original hardware (search for tivoization for more details)

this is one of the 'weaknesses' that GPLv3 was written to address, and one of the points where many people believe that the FSF is overreaching and are therefor not moving their software to GPLv3 from GPLv2

Is this a GPL violation?

Posted Oct 7, 2010 18:11 UTC (Thu) by Trelane (guest, #56877) [Link] (1 responses)

What's the point of having the source if you can't use it?

Is this a GPL violation?

Posted Oct 7, 2010 18:22 UTC (Thu) by dlang (guest, #313) [Link]

the disagreement and argument comes in over the definition of 'use'

you can use the source code in anything you want to write, that's not the same thing as saying that you can run any software you want to write on that particular piece of hardware.

many people (Linus included) see this as reasonable.

many other people (including RMS, and apparently you) don't.

personally, I do consider it reasonable. the hardware manufacturer is free to lock their hardware down. I am free to take the software and run it on different hardware. When there is competition (like in the Android phone market), I hope and expect that the drive over time will be to relax the lockdowns, or at least make it so that consumers can opt-out

remember that the same lockdown that prevents you from loading your own version of the software also helps protect the phone against rootkits. It's not the lockdown itself that's bad, the issue is over who controls the lockdown.

now, I also believe that I am free to modify hardware that I have purchased to disable any lockdown (and have done so on the several tivos that I own), I think the companies going after the modchip creators/sellers have no legitimate reason to do so, and I go out of my way to avoid buying from such companies.