Android Tackles Phone Makers Over Lockdowns

Clint Boulton eWEEK USA 2012. Ziff Davis Enterprise Inc. All Rights Reserved,

Google’s Android engineers claim handset makers that lock down their smartphones beg for rooting exploits

Google’s Android team is asking carriers and handset makers to provide unlocking mechanisms for Android smartphones so that application developers can tweak the operating system without circumventing Android’s security.

Android, which is aggressively challenging Apple’s iPhone, is by nature open source. However, wireless carriers and handset makers “lock down” the devices to prevent tech-savvy folks from modifying the software that companies hand-pick for their specific handsets.

Jobs Questions Open-Source Promise

Such moves have provided cannon fodder for Apple CEO Steve Jobs, who openly questioned the open-source promise of Android when third-party companies started shaping the platform as they saw fit and then closed it down to protect their products from consumers.

In truth, some developers deliberately exploit the device to gain root access (known as rooting), prompting claims that the platform is insecure.

When Engadget  reported that the Nexus S (which launched unlocked or with a two-year contract from T-Mobile) had been rooted, a commenter claimed, in a not-so-delicate manner, this happened because Android’s security was inadequate.

Nick Kralevich, an engineer on the Android Security team, took exception to the claim in his blog post. He noted that Google-branded Android phones such as the Nexus One and Nexus S are designed to allow developers to customise the operating system.

Kralevich explained that all Android apps adhere to strict permissions and are “sandboxed” from each other to prevent any bugs from infesting other apps.

Despite Google’s efforts at protecting its platform and consumers for malcontents, there are those who conduct rooting attacks by exploiting a security hole on the device.

All of this is quite the windup for Kralevich’s closing. He argues that carriers such as Verizon Wireless and AT&T and handset makers such as Motorola and HTC are partly to blame because they do not readily allow benevolent developers to unlock devices for customisation.

This leads to tension between the rooting and security communities.

“We can only hope that carriers and manufacturers will recognise this, and not force users to choose between device openness and security. It’s possible to design unlocking techniques that protect the integrity of the mobile network, the rights of content providers, and the rights of application developers, while at the same time giving users choice.”

Ars Technica offers the best technical write-up of the issue here.