Thursday, September 9, 2010

Why I’ll never buy motorola

Read this article about the latest generation of Android handsets from Motorola and why they are so hard (maybe impossible) to hack.

OK, THATS why I wont buy motorola headsets anymore. Moto is saying that if I purchase their phone that I can not then subsequently upgrade, modify or otherwise play with my phone. So you SOLD me a phone for $500, and I cant play with it? Ok, I only paid $200 cash and the rest is on my two year Verizon contract, but still, I AM paying for it. And about that two year contract…

I bought my Motorola Droid (which DOES take custom kernels) the first month it came out. I got it on a two year contract. One year later Motorola has end of lifed the phone and I can longer get support, maintenance or upgrades. Uhh, hello? You sold a phone on a two year contract and EOL’d it after one year? Ok, that’s not cool, but at least I know how you roll and I can act accordingly.

Enter the next generation Androids from Moto. So you buy one today on a two year contract, and in 12 months Moto stops support, THATS when Google comes out with Android 3.1 and it fixes some big bugs and has some great features. Tough. You can’t install unauthorized kernels so you don’t get the upgrade. You can only install OS upgrades (kernels) that come from Moto, and they EOL’d your handset.

Yeah, THATS why no more Moto for PaulC.

Its like buying a new Ford truck and saying “Hey, nice engine, but I want to put a Cummins in it.” and Ford saying “No, you spent $40k on that truck, but we say you can’t replace the engine.” I get that you can’t do that on a lease, but I am talking about a purchase. Or even closer to home, you buy a Dell and 12 months later Microsoft comes out with a security patch and you can’t install it because Dell has EOL’d your computer.

See this is why you don’t want your hardware manufacturer (Motorola) supplying your operating system (Google). Imagine if Motorola said “you can only install applications that we approve”. And really that's not such a stretch, I mean that's what they are saying with the signed kernel. Yeah, then you would have Apple.

At first I thought “this MUST be a Verizon thing.” But if that were the case, why doesn’t Verizon require Samsung, HTC, and others to use a signed kernel? Nope, this is all Motorola.

The Droid X has been rooted…

Reading that headline you might be thinking “Great PaulC, welcome to 2 weeks ago.” BUT, lemme ‘splain.

The new Droids have a new feature called “efuse” that is built into the CPU. Efuse is used to confirm that the kernel on the phone is valid, if its invalid the phone can be bricked. NOW, Motorola DOES use efuse for its latest Android handsets BUT they don’t use the brick feature, they just boot into safe mode. That means that if you install an unauthorized kernel, the phone won’t boot until you replace it with an authorized one.

As you can imagine the interwebs are all a twitter over this, and many pundits have opened up cans of false bravado by the case and said “Ahh, but this is just another small issue that our brave hackers will over come in our fight against tyranny!” And now that the new handsets have been rooted they point and say “SEE! We have overcome!”

Not so fast dingus malingus.

Yes, the new Android handsets from Motorola have been rooted, and that is AWESOME. It took hard work, intelligence, perseverance and a probably a fair amount of caffeine. Now users can install root applications on their phones. Want to wirelessly tether your laptop to your phone? Root your handset and install the software. Done. Right? hmmm…

The problem is that rooting does NOT let you install new kernels, efuse has NOT been defeated, just sidestepped. So if you want to install tethering and get rid of that horrid moto-blur crap and change the font, you can. BUT, if you want to install a new kernel, then you are screwed.

It has been said that efuse uses an encrypted boot loader. That means that motorola uses the private key at the factory to generate a fingerprint  for the kernel, and the CPU in your handset uses a public key to verify the fingerprint. Read that again. Yeah, your fucked.

Does that  mean that efuse will NEVER be defeated? Nope, but it means that we are still a long way off.

Read this article to find out why you care.