A Google engineer on the Android security team has hit out at the practive of mobile carriers locking smartphone handset software so it cannot be modified.
Nick Kralevich, posting on the Android blog, cited the “Nexus S has been rooted” story on Engadget as an example of the misunderstanding about Google’s strategy regarding so-called ‘root’ access. Kralevich pointed out that on Google’s Nexus and Nexus S handsets, owners merely had to execute ‘fastoboot oem unlock’ to remove the software lock, allowing the handset operating systems to be modified and replaced.
“Legitimately gaining root access to your device is a far cry from most rooting exploits,” said Kralevich. “Traditional rooting attacks are typically performed by exploiting an unpatched security hole on the device. Rooting is not a feature of a device; rather, it is the active exploitation of a known security hole.”
However mobile carriers, responsible for setting the features of smartphones sold under subsidized contracts, as a general rule instruct handset manufacturers to disallow unlocking of the devices in the same way that Google’s Nexus handsets allow by default. In such a case the phones must actually be hacked, or ‘rooted’, in order to circumvent the software lock placed by the handset manufacturer so that users can modify their own Android operating system.
uch modification is often desirable for users who are often left waiting for the latest version of Android while the mobile networks produce their own customised and re-branded version of the operating system.
“Unfortunately, until carriers and manufacturers provide an easy method to legitimately unlock devices, there will be a natural tension between the rooting and security communities,” said Kralevich.
He went on to state that he hoped carriers and manufacturers would not “force users to choose between device openness and security”, adding that it was possible to protect mobile networks and content providers without such software locks.
Kralevich urged Android users to “demand no less”, suggesting that Android fans vote with their feet and choose unlockable handsets. To date those are limited to the Nexus and Nexus S.