[HN Gopher] S.Korea fines Google $177M for blocking Android cust...
___________________________________________________________________
S.Korea fines Google $177M for blocking Android customisation
Author : quasisphere
Score : 243 points
Date : 2021-09-14 07:19 UTC (15 hours ago)
(HTM) web link (www.reuters.com)
(TXT) w3m dump (www.reuters.com)
| ocdtrekkie wrote:
| It's incredible how long the AFA has been known about and how
| blatantly illegal it is, yet not subject to any significant
| penalties.
|
| Law moves so freaking slow, this is about a 2013 complaint.
| Dealing with tech industry crooks requires faster movement than
| this.
| amelius wrote:
| Will they also fine Samsung for blocking the user's right to
| remove manufacturer-bundled cruftware?
| Sparkle-san wrote:
| Given that Samsung's revenue is about 12% of S. Korea's GDP,
| I'm guessing that they will not.
| rjzzleep wrote:
| Given that the head of Samsung was in prison for bribery of
| the president(of korea) and then got released on parole for
| using Covid vaccination as currency I'm guessing that they
| DEFINITELY will not.
|
| https://www.bloombergquint.com/business/samsung-s-lee-
| receiv...
| slownews45 wrote:
| The entire focus on anti-trust and moved to harm to other (big)
| businesses - no care about the consumer.
|
| The Anti-fragmentation agreement google makes these folks sign
| HELPS consumers. Going to be a crazy situation if that goes away,
| the app you buy on samsung won't work on HTC etc.
| danschumann wrote:
| This seems like an issue similar to right to repair... let
| hackers(in the traditional sense) have their place.
| ocdtrekkie wrote:
| It really isn't because the AFA doesn't impact hackers. It's
| about basically operating a cartel where a single company
| controls the products of a large number of other companies and
| illegally binds them for making their own business decisions.
|
| Google held/holds the ability to allow or disallow all product
| releases Android manufacturers release, including products
| which do not use Google Play Services.
|
| Tizen became critical to Samsung because Samsung couldn't
| release a smart fridge with Android in the background without
| Google's permission, even if they had no intent on it having a
| traditional app store... because it might constitute a fork of
| Android.
| pcr910303 wrote:
| I think the throwback on HN on this decision is due to the lack
| of details and context on the news?
|
| From what I've understood from the local news (I'm a South
| Korean), It's not about blocking handsets with forked Android
| (that already happens regularly AFAIK), but the requirement of
| shipping Google apps like Chrome and Google Assistant. The big
| elephant in the room here is Samsung phones, which do ship it's
| own custom browser Samsung Internet (BTW, with ad blocking
| capabilities!) and a separate virtual assistant, Bixby. That's
| the part where the KFTC decided was monopolistic.
|
| I don't have a personal opinion this, but seems that the comment
| threads are focusing on the wrong part. Manufacturers were always
| able to bundle up their fucked-up version of Android. They were
| always able to ship super-custom UIs. Google never prevented
| that... but they did force the UIs bloat by having two separate
| default apps.
| qutreM wrote:
| > Samsung Internet (BTW, with ad blocking capabilities!)
|
| which browser doesn't come with that capability available?
| lifthrasiir wrote:
| Also, it should be noted that Google didn't just disallow
| shipping Google apps to forked Android. Google disallowed
| shipping Google apps to _any devices from vendors that ship
| forked Android_ : if your smartwatch is using forked Android
| your ordinary smartphone also can't have Google apps even when
| it's using genuine Android. The KFTC made very clear that this
| is a nuclear all-or-nothing option to hardware vendors and thus
| constitutes an anti-trust action [1].
|
| [1]
| https://ftc.go.kr/www/selectReportUserView.do?key=10&rpttype...
| (in Korean)
| flerchin wrote:
| From what I can understand, AFA meant that a manufacturer could
| lose their license to Google Play Services on _all_ of their
| devices if they produced _any_ devices using an Android fork.
| This is a clear abuse of market power.
| [deleted]
| ApolloFortyNine wrote:
| Meanwhile the only real android competitor is manufactured by one
| company who doesn't allow even the end user to install apps not
| directly approved by Apple.
| anaganisk wrote:
| Do you really call iOS a competitor to android? Its like saying
| KIA is competitor to a Rolls Royce. Androids range from 50USD
| to anything else. Apple and Google makes phones but they're not
| competitors, their market segments, user base have different
| opinions on what they want and do.
| ApolloFortyNine wrote:
| A quick google search actually reveals Apple has 53% of the
| market in the U.S. [1]
|
| Also, to even compare that Android phones are 'cheaper' is
| rather bold, there's Samsung flip phones selling for $2000.
|
| [1] https://www.counterpointresearch.com/us-market-
| smartphone-sh...
| anaganisk wrote:
| US =/= World. And I said 50$ to anything, i never called
| them cheap.
| sangnoir wrote:
| You insinuated it by alluding to Kia vs. Rolls Royce,
| which is curious as Apple products are not luxury items,
| save perhaps the gold "watch edition" iWatch.
| anaganisk wrote:
| Kia has cheap to expensive cars and Rolls Royce has
| exclusively expensive cars. May be Rolls Royce was a
| stretch. But I definitely clarified it in that comment
| itself by saying 50-Anything. Apple may or may not be
| called luxury items. But they're viewed as premium items
| by general public around the world. People look towards
| iPhone in awe than a samsung galaxy s21 ultra.
| mdoms wrote:
| Yes iOS is quite obviously a competitor to Android.
| anaganisk wrote:
| Not even in nearest terms, Android users mostly dont want
| to use iOS. Neither do most of the iOS users want to use
| Android. Like I said, they both are different kind of
| things of the same technology. Apple is no where near
| Android in world level in-terms of competition either. Like
| I said Kia is not a competitor to Rolls Royce.
| ggktk wrote:
| I recently installed LineageOS on my phone, replacing the stock
| MIUI. I would probably return this phone if I had no other option
| than to use MIUI. I much prefer the "pure" Android experience.
|
| For many essential and security critical apps to work, like bank
| apps or the McDonald's app you need to hide the fact you're using
| a modified system, because of SafetyNet.
|
| This hiding/bypass works for now, because it tricks Google into
| thinking your device doesn't support hardware attestation, and
| fallbacking to Basic attestation, which is easier to bypass.
| Google can at any time flip the switch to require hardware
| attestation, and your apps will stop working, with no way around
| it, other than flashing back the stock ROM your device came with
| and locking the bootloader. At that point I will probably just
| buy a new phone.
| esperent wrote:
| I bought a Miui phone about a week ago. It's on miui 12.5 and
| it's the first time I've ever used this OS. I expected to hate
| it because of all the flack it gets. But honestly, it's fine.
| It's not that different from Android.
|
| I did have to uninstall a load of bloatware using ADB and I
| added a custom launcher (Niagara).
| izacus wrote:
| MIUI is Android though - and it passes strict Google CTS
| tests so it stays (reasonably) compatible with software.
| izacus wrote:
| Sure, but your LineageOS only works because Google is forcing
| manufacturers to pass CTS tests (which ensure that all Android
| devices are actually compatible with your apps).
|
| If that disappears, you'll end up with apps that only work on
| Samsung Androids and your LineageOS will stop being compatible.
| We're essentially going back to horrorshow of SymbianOS, where
| different Symbian devices weren't compatible between themselves
| because the OEMs kept fscking up.
|
| (Heck, in early Android versions Samsung tended to break core
| APIs all the time and caused a lot of churn on developer side
| to workaround their per-device fsckups. Having to import phones
| from half a world away so you could see why the video recorder
| hardcrashes when you call an API is NOT FUN.).
| [deleted]
| grishka wrote:
| I remember how people were complaining loudly about my app
| crashing on Meizu phones. Those never passed the CTS, but
| that didn't stop the manufacturer from preinstalling play
| services on them. So we had to buy one and I had to decompile
| the system framework to find a way to work around their
| shitty modifications to standard UI components to prevent the
| app from crashing. Fun stuff.
| NullPrefix wrote:
| >or the McDonald's app
|
| Excuse me? McDonald's app considers itself security critical
| now?
| HelixEndeavor wrote:
| Anything that deals with your financial information usually
| has security.
| [deleted]
| marcellus23 wrote:
| I mean, you put your credit card into it, so yeah?
| grishka wrote:
| You also put your credit card into your web browser, and it
| can even store your cards (without the cvc) to autofill
| them for you.
| kevingadd wrote:
| Yes, and this is a massive security vulnerability
| bee_rider wrote:
| The web browser is almost certainly security critical --
| although maybe it is treated as a special exception
| because of user expectations.
| grishka wrote:
| Yes, but _somehow_ , web browsers never check for "device
| integrity", and websites just blindly trust that the
| browser, or whatever it is on the other end, would do
| whatever it's told. They don't even have a reliable way
| of telling what kind of device or OS the user is
| accessing the website from. And everyone seems to be fine
| with that.
|
| And that's how it should be with apps, too. And people
| need to be educated to never, ever be so trustful. You
| lost your savings to a scammer? Well, you'll be more
| diligent next time.
| jmnicolas wrote:
| Probably because you can pay your meals with it.
| baybal2 wrote:
| At least one SafetyNet TZ applet has leaked few years ago
| causi wrote:
| I hate when a law or legal decision is aimed 45 degrees off like
| this. Letting manufacturers bundle their fucked-up version of
| Android is a bad thing. What we need is mandatory unlockable
| bootloaders so the _users_ can load whatever they want on their
| devices.
| [deleted]
| fsflover wrote:
| > unlockable bootloaders so the users can load whatever they
| want
|
| Here you go: https://puri.sm/products/librem-5.
| causi wrote:
| Give me a Librem 5 with an SoC that isn't hot garbage and I'd
| buy it immediately.
| p_j_w wrote:
| People already complain about the price of that thing.
| Include a better SoC and it's going to get more expensive.
| fsflover wrote:
| It's the most modern SoC that supports mainline Linux with
| FLOSS drivers.
| fsflover wrote:
| Do you mean that it heats up too much? I don't think this
| is accurate after latest updates. Also, suspend is not
| implemented yet. It will greatly increase the battery life
| and make it colder.
| brendoelfrendo wrote:
| "Hot garbage," in this case, is just a colloquialism that
| means "it stinks." Garbage smells; hot garbage smells
| worse. They're not literally referring to heat or
| temperature.
| HelixEndeavor wrote:
| We shouldn't have to sacrifice performance, quality, and
| reasonable price points in order to have the basic things
| we've had in the desktop world for decades.
| [deleted]
| hdjjhhvvhga wrote:
| We've only had them for historical reasons. If any of the
| big manufacturers had the option to invent a "personal
| computer" now, I'm 100% sure running arbitrary code
| wouldn't make it to the feature list.
| horsawlarway wrote:
| Honestly - I don't think it's just the big manufacturers.
|
| If HTML was invented in the current climate, I'm damn
| well convinced a simple <a href={external domain}> would
| be shot down for "security" reasons.
|
| We're seeing a real breakdown into walled ecosystems. My
| opinion is that most of the steps that direction are
| well-intentioned (Safety, Security, Consistency, etc).
| The end result is fucking hell, though, where the
| ecosystem owner profits massively and unfairly compared
| to all other entities.
| dleslie wrote:
| That's how IBM built the PC, loosely. They didn't imagine
| a market where there would be third party expansion
| cards, and they believed that users should come to them,
| and their partners, for software.
|
| Compaq blew that wide open, much to IBM corporate's
| dismay and IBM legal's glee.
| karteum wrote:
| What we need is control on the bootloader, with the ability to
| unlock, load our own keys, and relock.
|
| We also need to clean-up the mess with all those "partitions"
| (some of them with critical informations e.g. calibration,
| IMEI, etc) so that only one partition would have all those
| static information (reasonably protected against overwrite,
| e.g. colocated with bootloader and device-tree). We should be
| able to re-partition the storage (like we do on PC) without
| bricking the device...
| fsflover wrote:
| Librem 5 has its modem on a detachable M.2 card, sounds like
| what you describe.
| grishka wrote:
| Google phones allow re-locking the bootloader with your own
| key, except it still results in a warning during boot, and
| there's no way you're passing SafetyNet with this, at least
| not without hacks like Magisk. Also even when you unlock the
| bootloader, the TrustZone OS, which runs with hypervisor
| permissions and manages all the exciting things like DRM and
| SafetyNet itself, is still off limits for you.
| sangnoir wrote:
| > Google phones allow re-locking the bootloader with your
| own key, except it still results in a warning during boot
|
| The warning is a great thing for security: I'd appreciate
| it if my phone showed me that warning after I've
| surrendered it to the border control agent (alternatively,
| a sketchy repair shop), or bought it pre-owned, or if I
| "lost" it and gets returned to me.
| grishka wrote:
| Let's start with the fact that unlocking the bootloader
| wipes the entire /data partition to prevent this exact
| scenario from happening.
| feikname wrote:
| I wish I could have thought of that argument on a
| previous discussion about iPhone/ iPad jailbreak
| discussion thread
| mschuster91 wrote:
| There is a fix for SafetyNet - it forces the client-side
| library to assume that there is no hardware co-processor.
| grishka wrote:
| It's bound to break in the future. Google will stop, if
| didn't already, certifying devices that lack the TEE.
|
| The issue I'm pointing out is that this device integrity
| thing exists at all, and that Google ends up having more
| control over the device and its capabilities than its
| legitimate owner.
| HelixEndeavor wrote:
| While this all sounds great, I don't imagine legal regulation
| on how a device is partitioned would go as well as you
| think...
| snarf21 wrote:
| I know that a lot of us more tech inclined want this freedom.
| But grandma is never running toolchain on a computer to install
| custom software. What 99% of people want is cheap/free and they
| will give up privacy to get it. I see this as SK giving its
| citizens what they say they want. I wish that wasn't the case
| but it seems like that is the world we live in.
| kijin wrote:
| Ordinary citizens don't really care. This is SK giving
| Samsung what they want: an Android-fork OS for their
| smartwatches and other gadgets where the app store can be
| controlled by Samsung, not Google.
| turtlebits wrote:
| I think the issue is Google blocking customizations if they
| want the Google Play store on the device.
|
| I don't think there is anything stopping Samsung from using
| AOSP.
| ocdtrekkie wrote:
| You are incorrect. Google's AFA is viral in nature.
| Daring to ship a non-Google Android will cancel your
| ability to ship _any_ devices with Google Play.
| pessimizer wrote:
| > I know that a lot of us more tech inclined want this
| freedom. But grandma is never running toolchain on a computer
| to install custom software
|
| This is thought-terminating nonsense, constantly repeated.
| What my grandma wants is for me to pick what's best for her
| and install it. What she doesn't want is Google (or Samsung
| for that matter) keeping her grandson from doing what he
| thinks she'll like best.
|
| edit: and to be clear, that's what all of my computer-
| illiterate family members want, although not all of them from
| me (there are other grandchildren, uncles, etc.). The radical
| idea that people would rather have decisions made by the
| people that they love and trust rather than companies that
| actively and constantly prey upon them should be accepted
| without question.
| gjsman-1000 wrote:
| There will still need to be the option for a locked boot loader
| though.
|
| If I'm Snowden, knowing my boot loader could be unlocked and a
| key logger side loaded isn't reassuring.
| causi wrote:
| I'm not aware of any manufacturer who allows bootloader
| unlocking without also displaying a warning screen every time
| the phone boots up.
|
| Example: https://www.thecustomdroid.com/wp-
| content/uploads/2019/06/Ho...
| piaste wrote:
| My current phone (Xiaomi POCO F2 Pro) only displays a faint
| lock/unlock icon above the logo while booting. Easy to
| miss.
|
| But that's not really important, because unlocking the
| bootloader factory resets the device on every Android phone
| that I know of. AFAIK it's not possible to unlock a
| bootloader without the owner's knowledge.
| causi wrote:
| Even if it's easy to miss, a person like Snowden would be
| looking out for it.
| kop316 wrote:
| In all fairness, a locked bootloader won't help against
| exploits in the OS:
| https://news.ycombinator.com/item?id=28516095
|
| If I'm Snowden, I would be far more concerned about that.
| Youden wrote:
| Ironically, Google's own Pixel devices are basically the only
| ones on the market that allow locking the bootloader with
| your own key [0]. They even follow the recommended bootflow
| [1], displaying a warning screen with the hash of the
| installed ROM when you boot the phone.
|
| [0]: https://android.googlesource.com/platform/external/avb/+
| /mas...
|
| [1]: https://android.googlesource.com/platform/external/avb/+
| /mas...
| jefftk wrote:
| Why is this ironic?
| rav3ndust wrote:
| Probably because it effectively means that Google's own
| devices are the simplest to "deGoogle."
| 2Gkashmiri wrote:
| If such snowden like person wants to use such a device,
| wouldn't he be able to change to lineage os or whatever
| knowing full well he is now the master of the device or is
| there malware that persists still ?
| yoavm wrote:
| Someone could flash a hacked version of lineage when you're
| not looking.
| craftinator wrote:
| No, locked bootloader's are the stuff of nightmares. Much
| rather be able to scratch all memory on the device and
| reinstall.
|
| Perhaps what I mean is "locked bootloaders at POS". Selling
| them locked should be illegal, but locking them yourself with
| your own key should be trivial.
| hef19898 wrote:
| Fun fact, CalyxOs managed to lock the bootloader on my
| Pixel 2... Found out after trying to get stock android back
| on it. Now I am all set with CalyxOs, so I don't care. I do
| get an error message that my device is loading a different
| OS. Not sure how I can get rid of that...
| iszomer wrote:
| How about splitting the difference like locking the
| bootloader at point of sale with guaranteed period for
| updates? After the period has lapsed, allow users to unlock
| the bootloader to extend with custom software upgrades or,
| a subscription base to continue with original POS policy.
|
| This weirdly intersects for the Right to Repair movement,
| or for consumers whom would rather be conservative on new
| device purchases and software licenses.
| HelixEndeavor wrote:
| Reminds me of the idea I've been thinking about - kind of
| unrelated - but once a device is officially no longer
| supported by a company - particularly consoles and online
| games - they should make the source code available so
| people can continue from there on their own.
| mschuster91 wrote:
| Ideally, companies should be forced to deposit
| _everything_ needed for manufacturing a product - 3D
| designs, software toolchains, PCBs, BOMs, service tooling
| - at the national archives to be held in trust.
|
| Once the manufacturer ceases supporting a product,
| _everything_ becomes open source.
| ziml77 wrote:
| I've thought about that before too. As soon as something
| is no longer actively supported, it should become open
| for people to maintain themselves. Unfortunately, there's
| a lot of companies that would fight that with as much
| money as it takes, so it would never happen (at least not
| in the US)
| forgotmypw17 wrote:
| Who controls the OS controls the browser.
|
| Who controls the browser controls the platform.
|
| Nothing has changed since the mid-1990s.
| baybal2 wrote:
| Just for a note -- JY Lee just cane out from behind the bars a
| few weeks ago.
___________________________________________________________________
(page generated 2021-09-14 23:03 UTC)