[HN Gopher] Bootloader Unlock Wall of Shame
___________________________________________________________________
Bootloader Unlock Wall of Shame
Author : thunderbong
Score : 130 points
Date : 2025-12-04 15:57 UTC (7 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| Lord-Jobo wrote:
| Insane how bad this has gotten. So few options left to truly own
| your smartphone
| Kim_Bruning wrote:
| Room for new competitors!
| pixl97 wrote:
| "The market will fix itself!"
|
| Narrator: "In fact the market did not fix itself"
| kachapopopow wrote:
| if the market is not solving the problem then the natural
| conclusion is that it is not a problem that needs solving,
| pretty sad about it that not that many people care about
| these things.
|
| The opposite is pretty much true when it comes to security
| I am generally forced to use an apple device since I can be
| relatively sure that my keys will be safe (not including
| state sponsored actors, at that point I would have bigger
| problems).
|
| Now something for the market to actually solve would be
| poor hardware security in general making locked bootloaders
| serve no purpose, having strong built-in security at the
| SOC would diminish the advantages gained with locked down
| systems and would allow us to have BYOK without
| compromising on the general populations security.
| clot27 wrote:
| market is stupid concept.
| kalterdev wrote:
| It's very common for dictators to call people stupid as
| an excuse for their power abuse.
| ixwt wrote:
| Narrator's Narrator: "The overwhelming majority of
| consumers don't care about the bootloader, so the market
| forces do not have an incentive to keep it unlocked. This
| leads to the market not 'fixing itselt'. "
| throwaway48476 wrote:
| People are not and cannot be rational actors in the
| market owing to imperfect knowledge. Externalities are
| common.
| goku12 wrote:
| This isn't the 'market not fixing itself'. This is the
| 'market being actively manipulated and enshittified'.
| Don't forget that it's much easier to leave the boot-
| loader unlockable or even unlockable by just the owner,
| than it is to keep it locked and under control of a
| remote corporation. They went out of their way to
| enshittify it.
| jajuuka wrote:
| This isn't true. It's far more secure to lock the boot
| loader and block root than it is to leave them open. This
| is a basic security measure from the OEM. They didn't
| just wake up yesterday and go "let's mess with those
| nerds."
| pessimizer wrote:
| Somebody said "easier" and you said "more secure." Then,
| your argument that it was more secure (which nobody was
| discussing) is that it is "basic." Then you added an
| irrelevant strawman with a slur in it against the person
| you were arguing with.
|
| Yes, it is more secure against the user. That is not a
| desirable characteristic for the user, it is a desirable
| characteristic for the controller of the operating
| system.
| phendrenad2 wrote:
| I can buy a smartphone or tablet that's 100% unlockable and
| has all the bells and whistles right now, and get it
| delivered in 24 hours, and not pay significantly more than
| average.
|
| I think the market is working just fine. (To which people
| usually say "for now". Well yeah, the sun hasn't gone
| supernova... for now)
| bigyabai wrote:
| Yes, and heroin users can go buy fruits and veggies if
| they want to improve their health outlook. The fact that
| better alternatives exist does not mean the market will
| reward them, which is the point the parent is making.
| preisschild wrote:
| GrapheneOS is working with an OEM that wants to support this
| (+ the added security requirements for GOS)
| ysnp wrote:
| It's interesting because the OEM is quite likely to be in
| the 'Avoid at all costs!' bucket based on current
| information.
| charcircuit wrote:
| Being able to install a new os is orthogonal to owning a
| device. It's an additional feature that most users won't use.
| woodrowbarlow wrote:
| the "ownership" framing is because bootloader locks allow
| vendors to unilaterally make decisions about how your device
| operates _after_ you purchase the device.
| goku12 wrote:
| Being able to install a new OS is not an 'additional
| feature'. It's the downgrade of a capability that's inherent
| to the device. It's the same as making a carseat heating a
| subscriptions service. Whether the users use it or not is
| entirely irrelevant.
| charcircuit wrote:
| >that's inherent to the device
|
| It's not inherit to the device. Accepting updates signed by
| a specific key is inherit to the device.
| nkrisc wrote:
| When my mother was shopping for a new smartphone she definitely
| was not considering whether or not she could install a
| different OS on it.
| lawlessone wrote:
| cool, When i was shopping for a new car i wasn't considering
| if it was a 4x4 because i live in a city with a mild climate
| stronglikedan wrote:
| I hope you at least considered whether it was AWD cuz that
| shit is the bee's knees regardless of climate!
| goku12 wrote:
| Your mother's unwillingness to install a different OS doesn't
| mean that everyone else who wants it should be denied too.
|
| I'm genuinely curious. What's your motivation in making up
| such a pointless argument/justification?
| goku12 wrote:
| We really need to make this into a website for 'hostile
| smartphones' or a 'list of smartphones to avoid', and
| popularize it among the normal folks. This is relevant to them
| even if they don't unlock the phones themselves. They could pay
| someone to unlock it and upgrade it - but only if the phone can
| be unlocked.
|
| The manufacturers will do something about it when their hostile
| behaviour starts to affect their bottom line. They have been
| ripping us off for far too long.
| jajuuka wrote:
| I think this is living in fantasy land. Normal people aren't
| hyper concerned about boot loaders, sideloading or custom
| ROM's. There was an uptick many years past simply because
| this offered new functionality, but anymore there really
| isn't any reason to outside of small things like removing the
| Google Search bar from the home screen. But the amount of
| effort versus the result does not balance out.
|
| Normal people just want to buy a phone and use it and they
| can do that today. They don't want the added complications.
| There is a reason Amazon is so popular and massive. The goal
| should be to add simplicity and not add complexity if want
| something to be popular.
| walterbell wrote:
| Only two options (Google Pixel and Nothing Phone) for relocking
| Android with custom keys?
| https://github.com/chenxiaolong/avbroot/issues/299
| kachapopopow wrote:
| unfortunately you lose access to pretty much ever banking app
| :/
| unnervingduck wrote:
| The experience varies by country, here in Finland I haven't
| had a single banking app complain about an unlocked
| bootloader or a custom OS.
| pxeboot wrote:
| I use GraphaneOS and have had zero issues with the ~10
| bank/brokerage apps I use.
| Fuzzwah wrote:
| Can you use NFC payment?
| pxeboot wrote:
| Not with Google Wallet.
| embedding-shape wrote:
| ... What are you using instead and is it as easily
| triggerable by some shortcut?
| Youden wrote:
| FWIW, I use Fidesmo. Oversimplified, it allows you to
| copy your credit card's NFC chip into an accessory you
| wear. I use a ring but there are other options like
| bracelets or watch bands. No batteries, no devices, no
| wireless connectivity. It works anywhere an NFC card
| works, which here in Switzerland is more or less
| everywhere.
|
| It requires that the card issuer support Fidesmo though.
| Many here do but I'm not sure what it's like elsewhere.
| codedokode wrote:
| Aren't card chips supposed to not give away private keys?
| Or you can take anyone's card and copy it, put it back
| and walk away?
| xorcist wrote:
| That's not how those NFC cards work. They are payment
| middlemen. They are full cards on their own and just pass
| on every charge to your other card. Just like Google Pay.
| pxeboot wrote:
| I personally use my smart watch for NFC payments. I find
| it far more convenient then paying with my phone.
| embedding-shape wrote:
| > I personally use my smart watch for NFC payments
|
| But not Google Wallet, and with GrapheneOS as the
| connected device?
| pxeboot wrote:
| Yes, I have a Garmin watch paired with GrapheneOS.
| chenxiaolong wrote:
| NFC payments via Google Wallet running on my Pixel Watch
| 3 connected to a phone running GrapheneOS works just
| fine. I use this regularly. (It doesn't require Google
| Wallet to be installed on the phone.)
|
| At least one of my cards required Google Play Services to
| have the location permission when initially adding the
| card though.
| ThePowerOfFuet wrote:
| I pull out a contactless card. No battery life worries,
| and much more compact.
| Pfhortune wrote:
| This is a popular thing to say, but is an
| oversimplification...
|
| Call it anec-data but all my banking apps work in GrapheneOS,
| and I have several installed. There is one that reduces
| functionality if SafetyNet fails (have to do the 2fa flow
| every time I restart the app, can't set as a trusted device
| and notifications don't work) but it still works to access my
| account.
|
| That said... I haven't tried to use NFC payments and do carry
| around a secondary iPhone 15 as my "business phone" these
| days that pretty much just has payment/banking apps on it,
| just in case one bank or another decides to suddenly nuke
| their app on my main phone...
| plorg wrote:
| After I got the screen replaced on my previous phone the
| fingerprint reader didn't show up, and I didn't bother to
| try fixing it. I hadn't specifically requested a new panel
| _with fingerprint reader_ , but supposedly it could be
| enabled, if available, through tools Google provides for
| Pixels with their Tensor chips. Apps that would otherwise
| use the biometric authentication can fall back to a pin or
| pattern, but all of my banking or work benefit-related apps
| will not save credentials in that case, so I have to rely
| on my password manager which _will_ use the PIN /pattern
| for authentication.
|
| I replaced that phone with a new one and didn't bother
| setting up the fingerprints. It doesn't seem to bother me
| too much and maybe there's some small security benefit to
| not having the biometric authentication enabled.
| hollow-moe wrote:
| My bank doesn't even allow me to have USB debugging enabled
| jamesbelchamber wrote:
| I haven't come across a banking app in the UK that doesn't
| work with GrapheneOS. HSBC insists you use the AOSP or Google
| keyboards but otherwise no issues.
| reorder9695 wrote:
| Santander at least used to not work, I haven't tried it
| with the new app they launched. The old app certainly
| wouldn't work and I was told by customer service there was
| no way to access it on a phone with an unlocked bootloader.
| ThePowerOfFuet wrote:
| You are supposed to (and GrapheneOS prompts you to)
| relock the bootloader immediately after installation of
| the new OS.
| Youden wrote:
| Not necessarily, I have quite a few that work.
|
| It's crowdsourced and therefore incomplete but
| https://plexus.techlore.tech/ has reports of compatability
| with the complete absence of Google Services or a replacement
| like MicroG.
|
| Here in Switzerland my experience is that the big banks like
| UBS and the cantonal banks tend to work, while the smaller
| things like McDonald's and my credit card providers tend to
| break because they have nonsense Play Integrity requirements.
| crapple8430 wrote:
| There are different levels of anti-user checks. Some only
| detect unlocked bootloader and/or root. Others use the play
| integrity anti-feature provided by Google. GrapheneOS tells
| you when apps request play integrity checks, and you'll see
| that a lot of apps do these requests constantly, even if they
| don't actually block you for using an unlocked or non-vendor
| system (custom key but otherwise locked and not rooted like
| GOS).
|
| We really need a more foolproof technical solution for this
| if general purpose computing on the mobile phone is to be
| preserved. Perhaps some type of a remote control scheme to
| operate on a "slave" device. Failing that, if I do need one
| of such apps needing "strong" integrity, I'd probably look
| into getting an iPhone for those.
| ThePowerOfFuet wrote:
| Every banking app works perfectly for me on GrapheneOS.
| codedokode wrote:
| Good riddance, no more spying, no more ads in notifications
| (in my country you can use banks via browser. Also, instant
| transfers by phone number are free).
| dataflow wrote:
| > As a rule, almost all carrier locked devices do not allow the
| bootloader to be unlocked. This usually makes sense, as it would
| allow you to completely bypass the contract.
|
| I don't understand how this works, why/how are a carrier lock and
| a device lock related? Shouldn't one be a lock on the baseband
| chip and the other on the main firmware?
| nar001 wrote:
| I wonder if it might be about things like tethering, I remember
| for a while US carriers (AT&T I think?) used to lock it under a
| specific plan, but unlocking the bootloader/rooting let you
| bypass this limit
| indrora wrote:
| On a lot of prepaid devices such as those from Kyocera for
| companies like Boost, the limitations are almost all in
| software configuration, because that's cheap and easy to do
| rather than rolling your own baseband configuration.
|
| For years, carrier lock on iOS devices was simply a software
| switch. In a lot of devices, still, if you have an unlocked
| boot loader you can run patched baseband firmware that doesn't
| care that it hasn't been told the magic numbers to unlock
| itself.
| kotaKat wrote:
| If you can unlock the bootloader you can generally also reflash
| the firmware at will on the baseband, so you can replace it or
| modify it to remove any subsidy/carrier locking on the baseband
| side.
|
| Unlocking the bootloader will also of course let you eliminate
| the carrier's bloatware that they get paid to install and load
| onto it, including the things that they shoved all the way into
| the Android "non-disableable" list.
|
| Tracfone called this "cellphone trafficking" all the way since
| the 90s when people would buy their loss leaders, flash 'em,
| and flip 'em to third world markets for top dollar.
|
| https://stopcellphonetrafficking.com/
| throwaway48476 wrote:
| The carrier gives you a subsidized price on the phone and then
| you pay for it as part of the service bill. If you can unlock
| it you could switch to a cheaper carrier. None of this should
| be allowed of course. Phones should always be unlockable.
| clot27 wrote:
| fuck iqoo
| preisschild wrote:
| Wall of Fame (allows re-locking the bootloader with custom key):
| https://github.com/chenxiaolong/avbroot/issues/299
| silvestreh wrote:
| Apparently the average consumer couldn't care less, given that
| Apple and Samsung are among the worst options for unlocking, and
| still the best-selling ones.
| kace91 wrote:
| Wait, the xiaomi one is weird.
|
| You have to pass an actual, 'notoriously difficult' test?
|
| What are they testing?
___________________________________________________________________
(page generated 2025-12-04 23:01 UTC)