As for me, I already swore off Samdung for their whole Samsung account bs and apps they bundle and won't let me remove (or disable).
In ye olden times I had such a horrible time with my cheapo Samsung when trying to upgrade it from Android 1.5 to 2.1 that I swore it'd be my last Samsung, and it was, for well over a decade. During that time I went through some iPhones and a handful of the most popular alternative Android brands.
Since the thread is about Android I'll focus on that. Every manufacturer was hamstrung by one or more of the following issues:
- Subpar hardware
- Difficult and slow RMA process where your device flies around the globe for repairs
- Software bloat, just like Samsung, but from a country I trust even less (China vs SK)
- Very infrequent updates (if you are lucky enough to get them at all), especially once a newer model is out
Now since this thread is about bootloaders this is probably a hot take, but I spend enough of my time troubleshooting stuff at work, so when I use my phone I want it to "just work" and not have to play some stupid anti integrity protection cat and mouse game to access my bank's app. So the last two are not solved with an open bootloader.
Samsung on the other hand has in recent years given me the "just works" experience on decent hardware, paired with frequent updates. And while their authorized repair shop might not be in my city, it is at least in my country and just a train ride away.
That being said, the nerd in me is disappointed in this move, and the recent EU ruling that forces manufacturers to actually support the stuff they sell for a reasonable time even after it's off the shelves might change things for the better w.r.t. other manufacturers.
I don't love their phones, though my wife has one. However, again on the service front, when my samsung S7 had a problem they fixed it pretty quickly. When my iPhone 5 came with the wifi not working it took weeks to convince Apple that it was actually broken and get a replacement.
All anecdotal of course, and probably varies a lot by location and over time.
Acquired from yard sales and then subject to duty cycles of 5-10 loads a day.
Somewhat relevant, I have 3 relatives/colleagues still sporting iPhone 8’s/8 Pluses. The only issue is that some newer apps are slow. Told them to grab iPhone SE 3rd gens before they’re discontinued; one of them has it sitting unopened in the box, waiting for their 8 to die.
they also have service centers pretty much everywhere in the world, so I can always get my phone fixed (for a reasonable price, as a result of their ubiquity) if and when I inevitably break it
would I also prefer the option to unlock my bootloader? yes. if I'm honest with myself, is it a deal-breaker? sadly, no, I no longer use custom ROMs
https://m.gsmarena.com/samsung_galaxy_a15-12637.php Last year, but they removed 3.5mm this year
That I know, in Latin America, they don't have all that anymore. And there is only one left with 3.5mm.
AFAIR, the Samsung Galaxy Note9 was the last device that deserved to be called general-purpose pocket computer. EMR stylus, 3.5 mm audio, mSD card slot, USB-C 3.1, good CPU, adequate memory for the time (8 GB), good cameras. If you're willing to forgive the non-removable battery, the only suck was the screen if you were sensitive to PWM, especially with regards to lower flicker frequencies.
Alas, seven years ago Samsung got the itch and divorced from good pocket computer design. The Note9 seems almost like an accident, given Samsung's market policies of today.
> samsung is the only smartphone manufacturer that still makes phones (though not many) with all the features I want
Samsung has been doing this for a while now.
Which are the devices/vendors that still allow / encourage this?
Even Graphene OS reported that they're in talks with some vendor... Have there been any updates towards that?
The main reason i used to root devices are:
* Get longer support/OS updates than what the vendor provided
* System level adblock using adaway
* Titanium backup
These days firefox/brave browser gets me half way through adblocking and i lost interest in the ad filled apps..
Syncing gets me good level of syncing for backup on my NAS etc .
I hate it when the bad guys do this to my phone
From a security/privacy perspective the fairphone is on the worse side of options unfortunately.
That's not a security feature though... We established that. Fair enough on the other points.
However, you need some form of code execution beforehand already for this attack, and more importantly it doesn't affect any of the deterministic guarantees of MTE. And those are the main appeal to GrapheneOS in the first place, preventing things like use-after-free by tagging the memory such that it simply can't be accessed anymore. So it's very much a security feature.
It literally was. MTE is a padlock with 16 combinations.
Compared to Pixel phones this is without a doubt true, but how does it compare against your average mid-range Android device? Do those typically have any of the features you mentioned?
Until Graphene works out the deal with the OEM that they are talking to, Pixel is pretty much the only secure phone that allows installing alternative firmware.
https://github.com/melontini/bootloader-unlock-wall-of-shame...
The procedure explicitly hands over the responsibility of OS-integrity to the end-user, it's not Samsung's responsibility after that and the user needs to confirm that.
It's much more likely that the cost/benefit profile to develop/maintain/support that feature and its related unlock-process is simply not sufficient, all while several of the biggest customers explicitly require unlock to NOT be supported.
It should be simple, but since some carriers required BL-unlock to not be supported at all, many carriers required the availability of a list of all devices being unlocked and all required unlock to be irreversible, there are quite a few considerations to keep this working securely whenever something is touched in the trust-chain of a device.
I hate to say it in this case because I was advocating for BL-unlock for YEARS, but if there's no sufficient commercial demand and no "higher motivation" to justify it, it's a security-risk that's easy to avoid and easy to descope...
Any opinions? Samsung was a candidate for their somewhat unified ecosystem. Maybe even apple.
FYI Pixels still allow flashing custom ROMs, they've just slightly inconvenienced developers.
The future I'm seeing is one in which custom ROMs still exist as hobby projects, but aren't suitable for use in "production".
The future is as bleak for the custom ROMs as is their past. They are aftermarket modifications of the phone software, entirely dependent on the manufacturers and Google, and these release new things yearly.
Pixels are a good choice I think because they come with the least amount of bloat, and with Android, the connection to Google is always there anyways.
You get no ecosystem benefits though, it's really just plain Android.
So it's basically:
Pixel with GrapheneOS > iPhone >> Google Pixel with PixelOS
I wouldn't recommend anything else. Theoretically Fairphone + e/OS may have been an option, but the security is crap.
I guess there is Sony, you could even install Sailfish OS, no experience though.
Without supported Consumer Hardware available on the market in sufficient volume, even less end-users will use an alternative OS, which will affect quality and size of the alternative OS-market and fragment the remaining users even more.
This will put the future of the entire alternative-OS ecosystem firmly back into the hands of Google. If they start further restricting BL-unlock on the Pixel-series to e.g. only Google Developer Account-Holders, the whole ecosystem will finally close down.
It’s really funny that Apple’s finally allowing carefully controlled access outside of their own fences and slowly adding more APIs and expansion (hell, Apple are the only platform now with third party APIs for RCS in the EU) while Google’s spun an about face and will get away with it.
All the stuff Apple now slowly starts to allow on iOS due to EU's Digital Markets Act is still just scratching the surface of what Android already supports.
> hell, Apple are the only platform now with third party APIs for RCS in the EU
They provide third party API's to use APPLE's RCS-Service. The alternative would have been to support registering alternative RCS-services as default on the OS (and then, allow the user to choose a service).
> while Google’s spun an about face and will get away with it
Android already allows to install and configure alternative applications for RCS, in fact Samsung uses their own RCS Messaging service on its devices.
No? They’ve switched to Google Messages, and most/all carriers have switched to Google Jibe RCS (again, Google forcing its services into operator hands), which basically forces SafetyNet attestation to use.
> again, Google forcing its services into operator hands
Frankly no. Carriers tried to make RCS work and failed for many years. I was involved in so many meetings, individual projects, interoperability testfests, just to make all the crazy "flavors" of RCS required from different operators work with each other. Each of the large carriers thought he could do RCS better than the next one, destroying simplicity, reliability, interoperability.
Many of them rolled out their own RCS-service initially, with flaky UX and ridiculous limitations making it weaker than WhatsApp at that time.
Google didn't start this mess, and didn't force itself into this matter. But yes, they ended it by acquiring Jibe and unifying the platform.
RCS messaging is carrier-controlled and configured via carrier bundles in iOS. Apple doesn't run a "RCS service". TelephonyMessageKit [0] in iOS 26+ exposes a standard interface to the carrier SMS, MMS, and RCS services, as applicable, allowing for 3rd party applications to send and receive carrier standards-based messages.
In 3GPP standards, RCS is just another service using the IP Multimedia Subsystem (IMS) framework. Carriers can either run their own RCS service in their IMS core or use a 3rd party service (as many do with Google's Jibe).
[0]: https://developer.apple.com/documentation/telephonymessaging...
You know, like Apple...
> [A] is first and foremost a [B] company. They're going to do whatever makes them the most profit.
This is the definition of any commercial business.
Many NPOs are corporations/companies legally, but their founding structure isn't to maximize shareholder profits/value. Beyond this, most businesses have two operating models, one is for maximum stock price, which increases the value, but that remains static without trade and/or to provide dividends from profits, which tends to keep stock values more level. With the latter, a business might not be chasing a 20% growth every year, but a healthy margin and predictable dividends to shareholders.
IANAL, this is not legal advice... but if you start a company, and want to emphasize values beyond pure growth/value, then what I would do is definitely talk to a good corporate attorney and tune the founding charter documents to that effect.
My point is that someone at Samsung made an active choice to remove unlocking, presumably thinking that choice would bring some benefit to Samsung's business. I'm curious as to what they believe that benefit to be.
Next step will be to try PostmarketOS and see how that goes
[1] https://us.community.samsung.com/t5/Galaxy-S22/One-UI-7-0-Up...
https://x.com/kobe_koto/status/1949154478298456531
Absolutely hilarious.
Then make a request that takes 2 weeks to go through. and enter the or whatever (this was like 2016 or something).
Whole process was clearly designed to make you give up.
Their phones where junk then though and i just got something else in the end. They're a lot better now so actually unlocking it is probably worth something now.
The only reason one would unlock a bootloader is to root the system partition. It is impossible to protect data on rooted phones and makes data exfiltration attacks significantly easier to do.
This is a huge problem for banking and music apps that absolutely rely on this capability. Samsung is, by far, the biggest seller of Android phones in the US. (I think Xiaomi is the biggest globally), so they are under much more pressure to clamp down on this.
That said, rooting Samsung devices has been a worthless pursuit for a long time. Doing so irreversibly (via eFuse) disables KNOX, which prevents DeX and Samsung Health from working. It also trips SafetyNet, which disables a whole suite of key apps (banking apps and Apple Music don't work; not sure about Spotify). There's a Magisk module that uses well-known device IDs to work around these, but these only work temporaily. Many people have also reported issues with the camera (a popular reason for buying Samsungs in the first place), and you no longer get OTA updates. I believe you also get degraded camera performance if you flash another ROM since the device module is closed-source and relies on One UI to work. This is before considering that stock ROMs have gotten really good over the years (especially Samsung's), and many of the reasons why we had to root have mostly gone away.
You can work around this by buying a Pixel for now, but I think we're a few years away from bootloader unlocking going away entirely.
That said, I stll root Android devices that will only serve a single-purpose, like my BOOX eBook readers that I use Firefox on. This lets me run AFWall so that I can block network traffic for everything except Firefox (and a few other apps). However, I won't be logging into my Google account on them, and they aren't ever going to run banking apps or anything like that.
What makes securing rooted phones different from securing rooted PCs?
It is, and always was a flimsy excuse to the strip user of control over his own device.
"Secure Boot" isn't actually there to protect the device from an attacker. It's there to "protect" the device from its own user. It's used to "secure" DRM schemes and App Store revenue streams.
1. Basically all the serious DRMs (eg. widevine L1) rely on the content being encrypted all the way to the display itself. The OS, secure boot or not, never sees the content in cleartext, because decryption happens in a secure enclave and is immediately encrypted to the display using HDCP.
2. The "app store revenue stream" excuse doesn't really make sense, because you can easily install third party apps on Android, even though nearly all phones have locked bootloaders.
The name "TrustZone" is rather ironic. It's most commonly used to run DRM code the user should never ever trust.
In the EU, banking apps no longer do. They require a trusted companion device for 2FA, e.g. a smartphone app or a dedicated chip-and-pin device. This is enforced by the PSD2 directive [1], which has been in effect since 2019.
In contrast to that, you’re always allowed to do banking on an iOS/Android banking app. Banks seem to trust the integrity of the OS enough that they allow the app to be its own second factor.
[1]: https://en.wikipedia.org/wiki/Payment_Services_Directive
Grug pay Grog many shiny rock for make magic rock work, or Grog use key and magic rock stop working.
In the case of banking, unlocking the bootloader usually requires a full device reset and leaves a very obvious message when you boot up the phone—you can't grab someone's locked device, root it, and grab their financial data just like that.
As for music apps and other apps that download copyrighted content to the user's device, leaving the moral aspects of stripping the user of control of files on their own device aside, preventing their use on rooted devices just loses them users since
- Those are by no means essential apps
- If you know how to root your phone, you probably know how how to pirate media as well
- People can just use computers to exfiltrate copyrighted media instead since most of those apps have PC versions
It "doesn't make total sense", it never has. It's just a kneejerk reaction that conveniently aligns with stripping the user of control.
- If you're capable of rooting a device then you're capable of understanding the risks which come with doing so.
- The number of users who root their devices will always be so comparitively tiny that the increased risk of data exfil is incredibly small. Also, similarly to above, if you're technical enough to root your device then you're probably not regularly putting yourself at risk by downloading shady apps etc. anyway.
- Rather than decreasing security, rooting allows you to enhance the security of your device by installing lower-level tools and, most importantly, removing all the bloatware crap which comes on most phones. This reduces the surface area of attack.
Let's be honest and admit that the only reason to prevent users from rooting their phones is to protect companies' profits by ensuring users can't fight back against the blatant tracking, data mining, and analytics capture which is so valuable to companies.
I'm with you on the general sentiment, but how do the companies that block rooting benefit from any of the nefarious activities you mentioned? Those are executed by different organizations, typically.
> the only reason to prevent users from rooting their phones is to protect companies' profits by ensuring users can't fight back against the blatant tracking, data mining, and analytics capture
You contradict yourself, if the number of users which will root their devices is tiny, the lost profits from tracking, data mining, analytics is tiny as well.
For removing bloatware from the user partition you don't need to root, adb or the universal android debloater will do.
Do you mean the new One UI update that made the notification pull down split into left and right swipes instead swipe down and then swipe down again? Because if that's what you mean, you can configure it to be the way it used to be again.
Little pencil button, then panel settings and choose together instead of separate.
I assure you that Samsung doesn't care to remove your... flashlight.
This likely just got removed from a fat finger/phone being on in your pocket/etc.
Seriously Samsung, go and screw yourselves.
The reason I insist on rooting in the first place is because unlike iOS which has a true full backup that you can trigger from your Mac (and restore afterwards), Android decidedly does not, and a bunch of apps don't do any kind of cloud sync.
IMO there is kinda only one option... an iPad.
It's an order of magnitude better than anything else out there. And that's coming from someone who doesn't really like Apple products.
Given that your major reason for rooting is something that... Apple solves for. Maybe there is another option?
And on top of that, there's no way to migrate the data from a bunch of these apps from the Google walled garden to the Apple walled garden, not to mention purchased licenses.
I don't know if any US carriers offer them, but last time I was shopping, models with North American radios could be bought online.
My main complaints about Xperia phones:
- They don't support re-locking the bootloader at all, let alone with custom keys. This could be problematic for folks who depend on mobile banking apps that require full Google Play Integrity (SafetyNet) attestation, or risky for folks who leave their phone unattended around potential adversaries.
- Their wonderful Xperia Compact line, comprising smaller versions of their flagship phones, seems to have been abandoned. Even their most recent "compact" models were bulky compared to their predecessors.
stavros•11h ago
baq•9h ago
charcircuit•7h ago
baq•2h ago
Phones are electrowaste. Recyclability of electronics is... not good.
rickdeckard•7h ago
As much as I hate it, the strongest incentive would maybe be to legally define vendors who supply hardware with a non-interchangable OS-ecosystem as service-providers and put restrictions on the price they can charge for the hardware to render the service (like i.e. a cable-modem from an ISP).
This could force the large players to decide between high-margin hardware or high-margin OS-ecosystem instead of aiming for both.
Come to think of it, these market-dynamics would be interesting to observe...
jjbinx007•9h ago
Rather than see it go to landfill I donated it to a friend who's happy to use it but what an absolute waste.
Bought a Pixel purely because they are committed to updating their phones for a long time.
stavros•8h ago
Has this been your experience as well, or have your phones been OK with responsiveness? Seven years is a long time, I imagine the phone must have been unusable by then.
asimovfan•7h ago
catlikesshrimp•5h ago
jjbinx007•4h ago
The Pixel is slower than the Xiaomi in benchmarks but I can barely tell any difference in day to day usage.
Maybe if I went back to the Huawei it would feel slow but honestly I would still be using it if it had been updated. Unless the new OS slowed it down.
charcircuit•7h ago
account01011100•7h ago
charcircuit•7h ago
stavros•7h ago
charcircuit•7h ago
gkbrk•7h ago
It's also anti-consumer that CPU vendors don't let customers who own the CPU perform whatever updates they want because they don't give out signing keys.
charcircuit•7h ago
g-b-r•6h ago
EvanAnderson•6h ago
As it stands, besides preventing the user from making modifications to CPU functionality, the user is also forced to "trust" updates that might be created for specific anti-consumer purposes (say, compelled by government security services).
cesarb•5h ago
That would be less of an issue if the updates were auditable (that is, security researchers could read and study them), even if users weren't able to modify them. Unfortunately, other than some early CPU designs, AFAIK microcode updates are always encrypted. I suspect that their reason is to protect "trade secrets" on details of their CPU design.
cesarb•5h ago
> You can physically do it with a microcode update.
Do these ARM CPUs even have microcode? Unlike on x86 CPUs where there are some very complex instructions which have to be microcoded, on ARM all instructions are simple enough that their decoding into micro-operations can be completely hard-coded in the decoder logic.
charcircuit•4h ago
cesarb•2h ago
Do you know of any ARM cores used on smarphones which actually have updatable microcode? I've never heard of any. All errata fixes I've seen are of the "set this bit in a specific register" kind.
blueflow•6h ago
... with your property, with is a violation of your rights in most western jurisdictions.
e2le•6h ago
wiseowise•12m ago