As for me, I already swore off Samdung for their whole Samsung account bs and apps they bundle and won't let me remove (or disable).
In ye olden times I had such a horrible time with my cheapo Samsung when trying to upgrade it from Android 1.5 to 2.1 that I swore it'd be my last Samsung, and it was, for well over a decade. During that time I went through some iPhones and a handful of the most popular alternative Android brands.
Since the thread is about Android I'll focus on that. Every manufacturer was hamstrung by one or more of the following issues:
- Subpar hardware
- Difficult and slow RMA process where your device flies around the globe for repairs
- Software bloat, just like Samsung, but from a country I trust even less (China vs SK)
- Very infrequent updates (if you are lucky enough to get them at all), especially once a newer model is out
Now since this thread is about bootloaders this is probably a hot take, but I spend enough of my time troubleshooting stuff at work, so when I use my phone I want it to "just work" and not have to play some stupid anti integrity protection cat and mouse game to access my bank's app. So the last two are not solved with an open bootloader.
Samsung on the other hand has in recent years given me the "just works" experience on decent hardware, paired with frequent updates. And while their authorized repair shop might not be in my city, it is at least in my country and just a train ride away.
That being said, the nerd in me is disappointed in this move, and the recent EU ruling that forces manufacturers to actually support the stuff they sell for a reasonable time even after it's off the shelves might change things for the better w.r.t. other manufacturers.
I don't love their phones, though my wife has one. However, again on the service front, when my samsung S7 had a problem they fixed it pretty quickly. When my iPhone 5 came with the wifi not working it took weeks to convince Apple that it was actually broken and get a replacement.
All anecdotal of course, and probably varies a lot by location and over time.
Acquired from yard sales and then subject to duty cycles of 5-10 loads a day.
Somewhat relevant, I have 3 relatives/colleagues still sporting iPhone 8’s/8 Pluses. The only issue is that some newer apps are slow. Told them to grab iPhone SE 3rd gens before they’re discontinued; one of them has it sitting unopened in the box, waiting for their 8 to die.
whirlpool tumble driers are notorious in the UK for catching fire
https://inews.co.uk/news/business/peterborough-fire-hotpoint...
> At a parliamentary hearing in July, the US appliance company told MPs the numbers were higher than feared, after 1.7 million products were modified following the scandal.
> Whirlpool said that its machines could be linked to 750 fires in the last 11 years, or one every five days.
the grenfell disaster was also started by a whirlpool fridge
and their factory in peterborough also caught fire
they also have service centers pretty much everywhere in the world, so I can always get my phone fixed (for a reasonable price, as a result of their ubiquity) if and when I inevitably break it
would I also prefer the option to unlock my bootloader? yes. if I'm honest with myself, is it a deal-breaker? sadly, no, I no longer use custom ROMs
https://m.gsmarena.com/samsung_galaxy_a15-12637.php Last year, but they removed 3.5mm this year
That I know, in Latin America, they don't have all that anymore. And there is only one left with 3.5mm.
you do give up a lot camera-wise, though
AFAIR, the Samsung Galaxy Note9 was the last device that deserved to be called general-purpose pocket computer. EMR stylus, 3.5 mm audio, mSD card slot, USB-C 3.1, good CPU, adequate memory for the time (8 GB), good cameras. If you're willing to forgive the non-removable battery, the only suck was the screen if you were sensitive to PWM, especially with regards to lower flicker frequencies.
Alas, seven years ago Samsung got the itch and divorced from good pocket computer design. The Note9 seems almost like an accident, given Samsung's market policies of today.
> samsung is the only smartphone manufacturer that still makes phones (though not many) with all the features I want
That stopped from S21 on.
> side-mounted fingerprint reader
It is in the screen since S10?
> headphone jack
Not since S20.
Just speaking of the Galaxys of course.
Samsung has been doing this for a while now.
Which are the devices/vendors that still allow / encourage this?
Even Graphene OS reported that they're in talks with some vendor... Have there been any updates towards that?
The main reason i used to root devices are:
* Get longer support/OS updates than what the vendor provided
* System level adblock using adaway
* Titanium backup
These days firefox/brave browser gets me half way through adblocking and i lost interest in the ad filled apps..
Syncing gets me good level of syncing for backup on my NAS etc .
I hate it when the bad guys do this to my phone
Also if you live in a truly democratic country you don't even need to set the PIN code - your rights are protected by the law.
Every mobile phone already is one.
The problem is not the tracking inherent in the design of mobile telephony networks, which you can circumvent by using burner phones. The problem is for example abuse of tools such as cellebrite to gain warrantless access to your phone at various opportunities.
This is also why proper baseband isolation is important. Baseband firmware is unaudited and likely to have government backdoors.
If the government wants to surveil me, they'll have to put in some actual effort instead of just taking opportunities.
> but includes security backports from GrapheneOS and CalyxOS
It has a small portion of the GrapheneOS features, similar to DivestOS before it. However, it's not preserving or restoring the standard security reduced by LineageOS as much as DivestOS did. DivestOS was not a strict upgrade over AOSP either.
CalyxOS isn't a hardened OS in the same space as GrapheneOS. It doesn't have similar exploit protections or privacy features. That's a misconception about it. They also haven't provided the June 2025 patches yet.
https://eylenburg.github.io/android_comparison.htm
> but surely more secure than LineageOS
This doesn't imply it's as secure as AOSP though despite having additional security features. Starting from LineageOS as the baseline and adding more problematic changes makes it much messier than it just being AOSP with added security features. Android 16 is required for full Android privacy/security patches and the current privacy/security improvements. Soon there will be Android 16 QPR1.
From a security/privacy perspective the fairphone is on the worse side of options unfortunately.
That's not a security feature though... We established that. Fair enough on the other points.
However, you need some form of code execution beforehand already for this attack, and more importantly it doesn't affect any of the deterministic guarantees of MTE. And those are the main appeal to GrapheneOS in the first place, preventing things like use-after-free by tagging the memory such that it simply can't be accessed anymore. So it's very much a security feature.
It literally was. MTE is a padlock with 16 combinations.
[0] https://github.com/GrapheneOS/hardened_malloc/blob/7481c8857...
Only having 16 possible tags doesn't impact the deterministic protections we provide. One of the tag values is reserved for free data, internal metadata, etc. and can also be used as a form of 16 byte guard page. For heap allocation, we also dynamically omit the most recent adjacent non-free tags and the previous non-free tag for the current slot. There are 15 possible random values but 3 are dynamically omitted.
An attack often needs to use multiple invalid memory accesses where each one would have a 1/15 chance of success from probabilistic MTE alone. MTE gets combined with other probabilistic memory allocator protections. Our main memory allocator also has slot randomization and quarantine randomization.
A future revision of MTE could be easily be increased to 8 bits and it paves the path to having much larger memory tagging in the future too.
Compared to Pixel phones this is without a doubt true, but how does it compare against your average mid-range Android device? Do those typically have any of the features you mentioned?
- Memory tagging is still pixel exclusive for now, but it's part of ARMv9 so it should be available on more devices in the future unless they disable it
- Most devices now have a secure element, though the exact capabilities vary
- Baseband isolation - no idea really, most chipsets should support IOMMU (or SMMU as ARM calls it) but is not very obvious if that's setup sanely or even used at all on your average device. So I'm guessing most devices are about the same.
- Security patches certain vendors are much better (like Samsung, for their non-budget devices anyway) but a lot do much the same. It shouldn't generally be worse because of Google's requirements.
- Verified boot is pretty standard
Until Graphene works out the deal with the OEM that they are talking to, Pixel is pretty much the only secure phone that allows installing alternative firmware.
I'd likely buy that.
https://grapheneos.org/faq#future-devices
We're working with a major Android OEM and it's going well so far. It's still in an early phase where they've assigned a small amount of resources to it to determine everything which needs to be done and then make the case for a much larger investment of resources. We expect that to happen and for it to go well.
https://github.com/melontini/bootloader-unlock-wall-of-shame...
No, that's exactly the sort of tactic you'd expect from them.
This proves there is no technical difficulty to provide unlock bootloader
And it's also partially false, as Gemini works just fine after unlocking/relocking, and all the advanced features (full performance of the cameras, NPU access, secure element) work even on non-Google OS. Things that do not work (mostly wallet) are valid issue, but then again, they work just fine after flashing OEM firmware And relocking The bootloader.
So I can only guess the quality of the contribution is similar with other phone brands.
It's a big inconvenience but not a showstopper for them. Pixels are still viable.
The only blocker with pixels would be if they stopped allowing OEM unlocking or relocking (which is a must).
GNU/Linux phones (Librem 5 and Pinephone).
The startup we were working with before went bankrupt. In June, we started working with a major Android OEM which has provided resources for identifying everything which will need to be done to meet our requirements and provide official GrapheneOS support. They believe they can meet all our official requirements without much trouble and they're going to determine how much resources they want to put into it soon. We don't yet know how many resources are going to go into it.
> The main reason i used to root devices are
Note using GrapheneOS does not involve rooting.
> System level adblock using adaway
You can use RethinkDNS for filtering combined with still using a WireGuard VPN or multiple chained WireGuard VPNs. Android has a perfectly good API for this.
> Titanium backup
GrapheneOS has a built-in encrypted backup system we plan to significantly improve upon. The basics are there already.
The procedure explicitly hands over the responsibility of OS-integrity to the end-user, it's not Samsung's responsibility after that and the user needs to confirm that.
It's much more likely that the cost/benefit profile to develop/maintain/support that feature and its related unlock-process is simply not sufficient, all while several of the biggest customers explicitly require unlock to NOT be supported.
It should be simple, but since some carriers required BL-unlock to not be supported at all, many carriers required the availability of a list of all devices being unlocked and all required unlock to be irreversible, there are quite a few considerations to keep this working securely whenever something is touched in the trust-chain of a device.
I hate to say it in this case because I was advocating for BL-unlock for YEARS, but if there's no sufficient commercial demand and no "higher motivation" to justify it, it's a security-risk that's easy to avoid and easy to descope...
- don't provide the features for which you require a locked bootloader
- and don't do anything with the rest of the features
And anyhow, I'm almost sure that this is AOSP code (with a quick search I didn't manage to find it).
And, I don't know any carriers that require a locked bootloader outside of the US, and Samsung already only sold models without bootloader unlocking in the US.
Bootloader-unlock describes a feature which supports a controlled break of the trust-chain of the device, so telling the bootloader that it should continue executing the bootshell even if the signature check has failed.
In this state the OS should continue to boot despite of this state, and applications should gracefully handle such a condition.
The crucial parts of this are also not part of AOSP, it relies heavily on the chipset manufacturer and the OS-implementation of the device-vendor.
Any opinions? Samsung was a candidate for their somewhat unified ecosystem. Maybe even apple.
FYI Pixels still allow flashing custom ROMs, they've just slightly inconvenienced developers.
The future I'm seeing is one in which custom ROMs still exist as hobby projects, but aren't suitable for use in "production".
The future is as bleak for the custom ROMs as is their past. They are aftermarket modifications of the phone software, entirely dependent on the manufacturers and Google, and these release new things yearly.
Pixels are a good choice I think because they come with the least amount of bloat, and with Android, the connection to Google is always there anyways.
You get no ecosystem benefits though, it's really just plain Android.
But the sad reality hit when there were all kinds of hurdles around getting 5G/4G working in Australia. Was not going to risk ~$900 dollars on a phone that could end up being a paperweight and returned it.
It's a sad state and makes me miss the good old days.
So it's basically:
Pixel with GrapheneOS > iPhone >> Google Pixel with PixelOS
I wouldn't recommend anything else. Theoretically Fairphone + e/OS may have been an option, but the security is crap.
I guess there is Sony, you could even install Sailfish OS, no experience though.
Lack of current privacy/security patches and the current privacy protections in Android means having very poor privacy too. There's no equivalent to the privacy protections added by GrapheneOS either including ones also offered by iOS now such as iOS having a more basic equivalent to the GrapheneOS Contact Scopes feature since iOS 18 and iOS having better storage/media control than Android similar to Storage Scopes in GrapheneOS.
> I guess there is Sony, you could even install Sailfish OS, no experience though.
SailfishOS is much less private/secure than AOSP and is largely closed source. It's the opposite of a more open OS.
Without supported Consumer Hardware available on the market in sufficient volume, even less end-users will use an alternative OS, which will affect quality and size of the alternative OS-market and fragment the remaining users even more.
This will put the future of the entire alternative-OS ecosystem firmly back into the hands of Google. If they start further restricting BL-unlock on the Pixel-series to e.g. only Google Developer Account-Holders, the whole ecosystem will finally close down.
It’s really funny that Apple’s finally allowing carefully controlled access outside of their own fences and slowly adding more APIs and expansion (hell, Apple are the only platform now with third party APIs for RCS in the EU) while Google’s spun an about face and will get away with it.
All the stuff Apple now slowly starts to allow on iOS due to EU's Digital Markets Act is still just scratching the surface of what Android already supports.
> hell, Apple are the only platform now with third party APIs for RCS in the EU
They provide third party API's to use APPLE's RCS-Service. The alternative would have been to support registering alternative RCS-services as default on the OS (and then, allow the user to choose a service).
> while Google’s spun an about face and will get away with it
Android already allows to install and configure alternative applications for RCS, in fact Samsung uses their own RCS Messaging service on its devices.
No? They’ve switched to Google Messages, and most/all carriers have switched to Google Jibe RCS (again, Google forcing its services into operator hands), which basically forces SafetyNet attestation to use.
> again, Google forcing its services into operator hands
Frankly no. Carriers tried to make RCS work and failed for many years. I was involved in so many meetings, individual projects, interoperability testfests, just to make all the crazy "flavors" of RCS required from different operators work with each other. Each of the large carriers thought he could do RCS better than the next one, destroying simplicity, reliability, interoperability.
Many of them rolled out their own RCS-service initially, with flaky UX and ridiculous limitations making it weaker than WhatsApp at that time.
Google didn't start this mess, and didn't force itself into this matter. But yes, they ended it by acquiring Jibe and unifying the platform.
RCS messaging is carrier-controlled and configured via carrier bundles in iOS. Apple doesn't run a "RCS service". TelephonyMessageKit [0] in iOS 26+ exposes a standard interface to the carrier SMS, MMS, and RCS services, as applicable, allowing for 3rd party applications to send and receive carrier standards-based messages.
In 3GPP standards, RCS is just another service using the IP Multimedia Subsystem (IMS) framework. Carriers can either run their own RCS service in their IMS core or use a 3rd party service (as many do with Google's Jibe).
[0]: https://developer.apple.com/documentation/telephonymessaging...
You know, like Apple...
> [A] is first and foremost a [B] company. They're going to do whatever makes them the most profit.
This is the definition of any commercial business.
Many NPOs are corporations/companies legally, but their founding structure isn't to maximize shareholder profits/value. Beyond this, most businesses have two operating models, one is for maximum stock price, which increases the value, but that remains static without trade and/or to provide dividends from profits, which tends to keep stock values more level. With the latter, a business might not be chasing a 20% growth every year, but a healthy margin and predictable dividends to shareholders.
IANAL, this is not legal advice... but if you start a company, and want to emphasize values beyond pure growth/value, then what I would do is definitely talk to a good corporate attorney and tune the founding charter documents to that effect.
Less sardonically: I am a Linux Person but couldn't imagine really using one of those things today. It would probably kneecap my whole life in subtle ways; in the US using android already does.
My point is that someone at Samsung made an active choice to remove unlocking, presumably thinking that choice would bring some benefit to Samsung's business. I'm curious as to what they believe that benefit to be.
Next step will be to try PostmarketOS and see how that goes
[1] https://us.community.samsung.com/t5/Galaxy-S22/One-UI-7-0-Up...
https://x.com/kobe_koto/status/1949154478298456531
Absolutely hilarious.
With the time difference I had to do it at 3am or something ridiculous like that.
They have effectively disabled bootloader unlocking. They can kindly fuck off.
Compared to my previous Xiaomi, which required an account of a certain age and active phone use. But after that the unlocking just worked.
I had to do something similar with my old HTC m7, but nowhere this.... ridiculous.
Then make a request that takes 2 weeks to go through. and enter the or whatever (this was like 2016 or something).
Whole process was clearly designed to make you give up.
Their phones where junk then though and i just got something else in the end. They're a lot better now so actually unlocking it is probably worth something now.
The modern Redmi Note series is usually a generation behind on performance now, but I keep buying them as they're still faster than I need and there's always still a decent phone less than £150. Only complaint is with the camera, which never seems to get any better even when they claim to have upgraded it.
I've bought all my subsequent ones (Note 5, Note 8, Note 11, Note 12Pro) in either HK or UK so they all came with the Global ROM, and I've not felt the need to unlock any of them, so not tried to process since. But it definitely used to be pretty easy.
I suspect the reason for the weird process is legal to ensure that phones in China don't get unlocked in order to circumvent content controls.
The only reason one would unlock a bootloader is to root the system partition. It is impossible to protect data on rooted phones and makes data exfiltration attacks significantly easier to do.
This is a huge problem for banking and music apps that absolutely rely on this capability. Samsung is, by far, the biggest seller of Android phones in the US. (I think Xiaomi is the biggest globally), so they are under much more pressure to clamp down on this.
That said, rooting Samsung devices has been a worthless pursuit for a long time. Doing so irreversibly (via eFuse) disables KNOX, which prevents DeX and Samsung Health from working. It also trips SafetyNet, which disables a whole suite of key apps (banking apps and Apple Music don't work; not sure about Spotify). There's a Magisk module that uses well-known device IDs to work around these, but these only work temporaily. Many people have also reported issues with the camera (a popular reason for buying Samsungs in the first place), and you no longer get OTA updates. I believe you also get degraded camera performance if you flash another ROM since the device module is closed-source and relies on One UI to work. This is before considering that stock ROMs have gotten really good over the years (especially Samsung's), and many of the reasons why we had to root have mostly gone away.
You can work around this by buying a Pixel for now, but I think we're a few years away from bootloader unlocking going away entirely.
That said, I stll root Android devices that will only serve a single-purpose, like my BOOX eBook readers that I use Firefox on. This lets me run AFWall so that I can block network traffic for everything except Firefox (and a few other apps). However, I won't be logging into my Google account on them, and they aren't ever going to run banking apps or anything like that.
What makes securing rooted phones different from securing rooted PCs?
It is, and always was a flimsy excuse to the strip user of control over his own device.
"Secure Boot" isn't actually there to protect the device from an attacker. It's there to "protect" the device from its own user. It's used to "secure" DRM schemes and App Store revenue streams.
1. Basically all the serious DRMs (eg. widevine L1) rely on the content being encrypted all the way to the display itself. The OS, secure boot or not, never sees the content in cleartext, because decryption happens in a secure enclave and is immediately encrypted to the display using HDCP.
2. The "app store revenue stream" excuse doesn't really make sense, because you can easily install third party apps on Android, even though nearly all phones have locked bootloaders.
The name "TrustZone" is rather ironic. It's most commonly used to run DRM code the user should never ever trust.
In the EU, banking apps no longer do. They require a trusted companion device for 2FA, e.g. a smartphone app or a dedicated chip-and-pin device. This is enforced by the PSD2 directive [1], which has been in effect since 2019.
In contrast to that, you’re always allowed to do banking on an iOS/Android banking app. Banks seem to trust the integrity of the OS enough that they allow the app to be its own second factor.
[1]: https://en.wikipedia.org/wiki/Payment_Services_Directive
Grug pay Grog many shiny rock for make magic rock work, or Grog use key and magic rock stop working.
It is impossible to protect [the owner from accessing] data on rooted phones
In the case of banking, unlocking the bootloader usually requires a full device reset and leaves a very obvious message when you boot up the phone—you can't grab someone's locked device, root it, and grab their financial data just like that.
As for music apps and other apps that download copyrighted content to the user's device, leaving the moral aspects of stripping the user of control of files on their own device aside, preventing their use on rooted devices just loses them users since
- Those are by no means essential apps
- If you know how to root your phone, you probably know how how to pirate media as well
- People can just use computers to exfiltrate copyrighted media instead since most of those apps have PC versions
It "doesn't make total sense", it never has. It's just a kneejerk reaction that conveniently aligns with stripping the user of control.
Imagine claims like "the XYZ bank app mangled my input and now my money is gone". I'm certain that people have sued for less. How can the bank argue in court that this wasn't their fault? What if the plaintiff demonstrates some actual glaring app misbehavior in court, but the root cause is in a broken third party Android build?
In my experience, because a company does that kind of "risk management" does not mean, at all, that it is a useful thing to do.
- If you're capable of rooting a device then you're capable of understanding the risks which come with doing so.
- The number of users who root their devices will always be so comparitively tiny that the increased risk of data exfil is incredibly small. Also, similarly to above, if you're technical enough to root your device then you're probably not regularly putting yourself at risk by downloading shady apps etc. anyway.
- Rather than decreasing security, rooting allows you to enhance the security of your device by installing lower-level tools and, most importantly, removing all the bloatware crap which comes on most phones. This reduces the surface area of attack.
Let's be honest and admit that the only reason to prevent users from rooting their phones is to protect companies' profits by ensuring users can't fight back against the blatant tracking, data mining, and analytics capture which is so valuable to companies.
I'm with you on the general sentiment, but how do the companies that block rooting benefit from any of the nefarious activities you mentioned? Those are executed by different organizations, typically.
> the only reason to prevent users from rooting their phones is to protect companies' profits by ensuring users can't fight back against the blatant tracking, data mining, and analytics capture
You contradict yourself, if the number of users which will root their devices is tiny, the lost profits from tracking, data mining, analytics is tiny as well.
There's also the argument that if tiny percent can do it, could it start to catch on and slowly grow to a larger percent?
More so in an economic environment where spending $2,000 on a new phone every year is decreasing in popularity, especially when the differences between model X and model X+1 have to squinted at ever harder to determine.
Spend an hour in xdaforums and you'll see how untrue that is.
Many people root just to get YouTube Revanced or something like that. Meanwhile, you have launchers masquerading as a stock launcher that will happily steal refresh tokens for your Google account.
For removing bloatware from the user partition you don't need to root, adb or the universal android debloater will do.
What are you smoking?
The only reason I've ever unlocked a bootloader has been to replace the OS with a different one. And it had nothing to do with rooting. I have no interest in having a rooted phone on my person at all times. But I have full interest in having GrapheneOS protecting me, among many other things, from opportunistic government spying.
It is so silly though. Someone who knows how to root a phone can probably also figure out how to download songs from Spotify (librespot wink wink.)
This couldn't be more wrong. You need to unlock the bootloader if you want to install an alternative OS. Which is a completely valid use-case.
This is a huge problem for banking and music apps that absolutely rely on this capability
I had submitted a vulnerability report, because the option to require a password could be turned off without a password, and their response was that it works as expected, because they only require a PIN and providing a password is optional. That isn't to say that I have the option to make my account require passwords, it's that providing a password isn't needed, but I have the option of providing one anyway.
With only the PIN requirement, and four attempts before a lockout, a security vulnerability in the OS immediately becomes a 1 in 250 chance they'll have full access to may bank account, if I have a truly random PIN, or a 1 in 5 chance, if I have one of the four most common PINs and it always tries those. All that without having to wait to capture me logging in.
Also, Google explicitly states that the phones storage should not be used for sensitive data.
Do you mean the new One UI update that made the notification pull down split into left and right swipes instead swipe down and then swipe down again? Because if that's what you mean, you can configure it to be the way it used to be again.
Little pencil button, then panel settings and choose together instead of separate.
I think they have like a one time pop up to explain which is easy to miss.
I assure you that Samsung doesn't care to remove your... flashlight.
This likely just got removed from a fat finger/phone being on in your pocket/etc.
Seriously Samsung, go and screw yourselves.
The reason I insist on rooting in the first place is because unlike iOS which has a true full backup that you can trigger from your Mac (and restore afterwards), Android decidedly does not, and a bunch of apps don't do any kind of cloud sync.
IMO there is kinda only one option... an iPad.
It's an order of magnitude better than anything else out there. And that's coming from someone who doesn't really like Apple products.
Given that your major reason for rooting is something that... Apple solves for. Maybe there is another option?
And on top of that, there's no way to migrate the data from a bunch of these apps from the Google walled garden to the Apple walled garden, not to mention purchased licenses.
With Samsung there are established networks on how to get spare parts and they have a proven track record of delivering updates on time.
Lenovo's offerings are a disaster performance-wise.
The lenovo 12.7 pro 2025 has D8300 cpu, which is on par with QC 8g2. Oppo Pad flagship using 8 elite CPU, and you still think they have trouble with performance ?
What a fucking nonsense.
I don't know if any US carrier offers them, but last time I was shopping, models with North American radios could be bought online.
My main complaints about Xperia phones:
- They don't support re-locking the bootloader at all, let alone with custom keys. This could be problematic for folks who depend on mobile banking apps that require full Google Play Integrity (SafetyNet) attestation, or risky for folks who leave their phone unattended around potential adversaries. To be fair, almost all smartphones have this problem.
- Their wonderful Xperia Compact line, comprising smaller versions of their flagship phones, seems to have been abandoned. Even their most recent "compact" models were bulky compared to their predecessors.
I tried to find which phones support alternative OSes, without Google control and telemetry, but it turned out that alternative OSes (LineageOS, PostmarketOS, Graphenos) support mostly support outdated models and it makes no sense to buy them. There is also "Google Pixel", but the prices start at around $600 which is 3 times more than a reasonable price for a phone.
So now I am wondering if it is possible to extract the ROM from a reasonably priced Samsung phone, remove the components I don't like and write it back.
And before anyone asks me if I really need to unlock my phone... It's the principle of it, if I bought it, I own it and I should be able to run what I want on it. I will not buy a phone from a company that denies me that right.
That said, I do use root for a few things:
- AFWall+ (previously I used netguard but can't run multiple VPN on android so I couldn't have that running together with tailscale)
- Neo-backup. Some messaging apps believe that keeping chat history is not important. Or they believe that it's fine that the only way to transfer chat history is to upload it to Google cloud without encrypting it. I hate losing my chat history and I do not want it uploaded somewhere without encrypting it so I need a backup solution. Enters neobackup
- Sometimes, it is useful to be able to spoof one's GPS without the app being the wiser from a privacy perspective.
- A very stupid banking app I have prevent screenshots but then doesn't allow me to download a proof of transfer. So I use root to remove the restriction against screenshots
Yes. I was buying Samsung devices for years because of size (A5, A7, S10e) and ability to unlock bootloader for Lineage OS. Time to look elsewhere.
It was already bad with Huawei stopping their unlock program and Google cracking down more on rooting by introducing strong integrity with their new Play Integrity API (which was an upgrade from the older SafetyNet API), basically meaning there is hardware security called the TEE (ARM TrustZone for most phones if you're interested in reading more) built into the ARM processor which "snitches? (lack of better word)" on you if the firmware booted no longer matches the manufacturer signed firmware, and causes you to fail strong integrity which means apps like bank apps can choose to deny you service (Google Wallet does this for NFC payments). There are workarounds which the custom ROM/root community still uses which mainly relies on older leaked cryptographic signing keys from the TEE being used which bypass the phone's TEE and sign the "integrity verdict" in user land to say "all is good" to Google, but Google can easily tell if these keys have been compromised since they track usage, and the storage of these keys just keeps getting better, getting as close to impossible as you can in a modern phone since to extract it would require you to quite literally de-lid the ARM chip and hope you don't break anything in the process while somehow extracting the key, in other words not feasible.
This is all great when it comes to security which Google and all manufacturers have been pushing on, but it comes at a serious cost of ownership, you cannot tell me we truly own our phones when we have literal hardware protection that, quoted right from wikipedia: "code integrity prevents code in the TEE from being replaced or modified by unauthorized entities, which *may also be the computer owner itself*". I don't know about you but a chip (and Google) that dictates what I can and cannot do with my phone doesn't sound like ownership to me.
All these recent changes and events sounds to me that Google is actively pushing and "encouraging" phone manufacturers to disable bootloader unlocking, we're constantly seeing manufacturers which were once before root and unlock friendly randomly changing their mind and quietly removing or severely limiting that feature in the background (Huawei, Xiaomi, now Samsung, etc). You have to remember these manufacturers won't back down from what Google tells them to do if it's for "security" since they're all in each other's pockets so they won't pushback without a good reason.
And if you want to use the typical excuse "allowing bootloader unlocking is unsafe", we've already proved it can work quite well while maintaining security as demonstrated by UEFI's Secure Boot which allows you to enroll custom boot keys (should you wish), while keeping some popular default keys such as Microsoft for Windows, and allowing you to lock the entire firmware config behind a password (which is stored in a security chip in modern motherboards so you can't use the old trick of removing the CMOS battery). That's more security than any regular citizen might need.
This TEE thing is all about control. Google and manufacturers don't like people installing custom firmware or rooting because then they can't keep you in their ecosystem to keep taking your data and hoping you eventually buy something from them. Some app developers also think this locking down of phones is great in order to protect their app against abuse than actually investing in good backend security which I just find to be hilarious.
I hope some laws get passed to protect us from the 1984 book that society is starting to become thanks to the government and corporate conglomerates themselves, although I sadly find that to be unlikely.
stavros•6mo ago
baq•6mo ago
charcircuit•6mo ago
baq•6mo ago
Phones are electrowaste. Recyclability of electronics is... not good.
rickdeckard•6mo ago
As much as I hate it, the strongest incentive would maybe be to legally define vendors who supply hardware with a non-interchangable OS-ecosystem as service-providers and put restrictions on the price they can charge for the hardware to render the service (like i.e. a cable-modem from an ISP).
This could force the large players to decide between high-margin hardware or high-margin OS-ecosystem instead of aiming for both.
Come to think of it, these market-dynamics would be interesting to observe...
jjbinx007•6mo ago
Rather than see it go to landfill I donated it to a friend who's happy to use it but what an absolute waste.
Bought a Pixel purely because they are committed to updating their phones for a long time.
stavros•6mo ago
Has this been your experience as well, or have your phones been OK with responsiveness? Seven years is a long time, I imagine the phone must have been unusable by then.
asimovfan•6mo ago
catlikesshrimp•6mo ago
jjbinx007•6mo ago
The Pixel is slower than the Xiaomi in benchmarks but I can barely tell any difference in day to day usage.
Maybe if I went back to the Huawei it would feel slow but honestly I would still be using it if it had been updated. Unless the new OS slowed it down.
charcircuit•6mo ago
account01011100•6mo ago
charcircuit•6mo ago
stavros•6mo ago
charcircuit•6mo ago
gkbrk•6mo ago
It's also anti-consumer that CPU vendors don't let customers who own the CPU perform whatever updates they want because they don't give out signing keys.
charcircuit•6mo ago
g-b-r•6mo ago
EvanAnderson•6mo ago
As it stands, besides preventing the user from making modifications to CPU functionality, the user is also forced to "trust" updates that might be created for specific anti-consumer purposes (say, compelled by government security services).
cesarb•6mo ago
That would be less of an issue if the updates were auditable (that is, security researchers could read and study them), even if users weren't able to modify them. Unfortunately, other than some early CPU designs, AFAIK microcode updates are always encrypted. I suspect that their reason is to protect "trade secrets" on details of their CPU design.
cesarb•6mo ago
> You can physically do it with a microcode update.
Do these ARM CPUs even have microcode? Unlike on x86 CPUs where there are some very complex instructions which have to be microcoded, on ARM all instructions are simple enough that their decoding into micro-operations can be completely hard-coded in the decoder logic.
charcircuit•6mo ago
cesarb•6mo ago
Do you know of any ARM cores used on smarphones which actually have updatable microcode? I've never heard of any. All errata fixes I've seen are of the "set this bit in a specific register" kind.
charcircuit•6mo ago
blueflow•6mo ago
... with your property, with is a violation of your rights in most western jurisdictions.
e2le•6mo ago
wiseowise•6mo ago