News Archive (1999-2012) | 2013-current at LinuxGizmos | Current Tech News Portal |    About   

Google dings carriers, phone makers over Android lockdowns

Dec 22, 2010 — by LinuxDevices Staff — from the LinuxDevices Archive — views

A Google Android engineer publicly defended the relative ease with which Android phones can be rooted, arguing that the loopholes used by modders do not reflect flawed Android security defenses. Besides, carriers and handset makers who lock down their devices are begging for rooting exploits, writes Nick Kralevich in his blog post.

Google's Android team has made it clear this week in a blog post that it would prefer carriers and handset makers provide unlocking mechanisms for Android smartphones. This would enable application developers to tweak the operating system without circumventing Android's security, argues Google.

Android, which is aggressively challenging Apple's iPhone in the U.S., is by nature open source. However, wireless carriers and handset makers "lock down" the devices to prevent tech-savvy folks from accessing with the software that is hand-picked for their specific phones.

Such moves provided fodder for Apple CEO Steve Jobs, who in October openly questioned the open source promise of Android. Jobs argued that third-party companies can leverage the platform as they see fit, but then close it down to others to protect their products from consumers.

In truth, some developers deliberately exploit the device to gain root access, prompting claims that the platform is insecure.

When Engadget reported that the Nexus S (pictured) — which launched Dec. 16 unlocked or with a two-year contract from T-Mobile — had been rooted, a commenter claimed in a not-so-delicate manner that this happened because Android's security was inadequate.

Nick Kralevich, an engineer on the Android Security team, took exception to the claim in a blog post Dec. 20. He noted that Google-branded Android phones, such as the Nexus One and Nexus S, are designed to allow developers to customize the operating system.

Kralevich explained that all Android apps adhere to strict permissions and are "sandboxed" from each other to prevent any bugs from infesting other apps. Despite Google's efforts at protecting its platform and consumers from malcontents, there are those who conduct rooting attacks by exploiting a security hole on the device.

Kralevich argues that carriers such as Verizon Wireless and AT&T, and handset makers such as Motorola and HTC are partly to blame because they don't readily allow benevolent developers to unlock devices for customization. This leads to tension between the rooting and security communities.

"We can only hope that carriers and manufacturers will recognize this, and not force users to choose between device openness and security," writes Kralevich. "It's possible to design unlocking techniques that protect the integrity of the mobile network, the rights of content providers, and the rights of application developers, while at the same time giving users choice."

For a technical overview of the rooting issue, see this Ars Technica story.

Clint Boulton is a writer for our sister publication eWEEK.


This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.



Comments are closed.