Comment by saidinesh5
9 days ago
Pixel stopped providing device trees, kernel history,
Samsung has been doing this for a while now.
Which are the devices/vendors that still allow / encourage this?
Even Graphene OS reported that they're in talks with some vendor... Have there been any updates towards that?
The main reason i used to root devices are:
* Get longer support/OS updates than what the vendor provided
* System level adblock using adaway
* Titanium backup
These days firefox/brave browser gets me half way through adblocking and i lost interest in the ad filled apps..
Syncing gets me good level of syncing for backup on my NAS etc .
Here's an updated list of relatively popular phone manufactures and their bootloader unlocking potential.
https://github.com/melontini/bootloader-unlock-wall-of-shame...
Surprise that Oppo is in avoid list, while oneplus is in safe list. Both of them are from same company.
This proves there is no technical difficulty to provide unlock bootloader
Was anyone else shocked to see Microsoft in the top tier of their list of unlock-friendly phone manufacturers?
Given that they're a monopolist?
No, that's exactly the sort of tactic you'd expect from them.
I mean for the Microsoft Android phones it kinda makes sense, since they're not exactly shipping Android by choice. They'd much rather you use the Windows Phones which this says ARE locked down.
5 replies →
They mix up Google-vendor (pixels are absolutely the best and most unlocking-friendly hardware at this point), with Google Play Services services/limitations (ie dominant player in android ecosystem) AND Google, the dominant contributor to AOSP project.
And it's also partially false, as Gemini works just fine after unlocking/relocking, and all the advanced features (full performance of the cameras, NPU access, secure element) work even on non-Google OS. Things that do not work (mostly wallet) are valid issue, but then again, they work just fine after flashing OEM firmware And relocking The bootloader.
So I can only guess the quality of the contribution is similar with other phone brands.
Fairphone does!
https://www.fairphone.com/en/bootloader-unlocking-code-for-f...
Unfortunately, it's hard to make Fairphone secure. No separate secure element (so much easier to do brute force PIN attacks) and always lags in monthly security bulletin patches and major OS releases (remember that the monthly patches typically only address high/critical vulnerabilities, for the rest you need OS updates, QPRs, etc.).
Until Graphene works out the deal with the OEM that they are talking to, Pixel is pretty much the only secure phone that allows installing alternative firmware.
Does that mean Graphene plans to support phones from other manufacturers than Google?
2 replies →
Do anyone know why GrapheneOS doesn't support fairphone?
As someone else mentioned, GOS requires that the bootloader properly support relocking with a custom key. Additionally, GOS has a rule that any device supported must keep up with all security and quarterly patches in a timely manner, and none of the Fairphone devices do.
No secure element, no memory tagging support, no proper cellular baseband isolation, no verified boot, taking months to ship security updates .. the list is long.
From a security/privacy perspective the fairphone is on the worse side of options unfortunately.
12 replies →
I can't find the link, but a couple days ago, they said in a thread here it was due to their lack of support of some important security features, and remarked that it didn't look like they were even interested in supporting them.
9 replies →
As others have said they have some security concerns (I don't know enough about that stuff to know how justified or surmountable those concerns are). However with the big manufacturers all locking down their devices more than ever I wonder will they have much of a choice in the end. We're going to need a manufacturer (or preferably several) to actively stand behind the possibility to use custom ROMs, and at the moment Fairphone seem like the only one who might do that.
The curious thing is that being GrapheneOS open source, I would think that somebody could potentially create a ROM for them, even if it is not as secure as GrapheneOS would like. However, absolutely nobody has done it yet...
2 replies →
So, notice Graphene OS was able to port Android 16 on all the supported devices (from Pixel 6 up) basically within a week without device trees already, without the early (OEM) access to the release.
It's a big inconvenience but not a showstopper for them. Pixels are still viable.
The only blocker with pixels would be if they stopped allowing OEM unlocking or relocking (which is a must).
> Even Graphene OS reported that they're in talks with some vendor... Have there been any updates towards that?
The startup we were working with before went bankrupt. In June, we started working with a major Android OEM which has provided resources for identifying everything which will need to be done to meet our requirements and provide official GrapheneOS support. They believe they can meet all our official requirements without much trouble and they're going to determine how much resources they want to put into it soon. We don't yet know how many resources are going to go into it.
> The main reason i used to root devices are
Note using GrapheneOS does not involve rooting.
> System level adblock using adaway
You can use RethinkDNS for filtering combined with still using a WireGuard VPN or multiple chained WireGuard VPNs. Android has a perfectly good API for this.
> Titanium backup
GrapheneOS has a built-in encrypted backup system we plan to significantly improve upon. The basics are there already.
> Which are the devices/vendors that still allow / encourage this?
GNU/Linux phones (Librem 5 and Pinephone).
You can block ads without root by using Adguard DNS.
You can use AdGuard to block in-app ads on Android as an FYI
You mean w/ DNS? or an app?
It sets up a VPN and routes your Android traffic through it. But because of battery optimizations etc.. it has been a little flaky for me
Besides the VPN route you can set a Private DNS Server eg: dns.adguard-dns.com
You can use nextdns for DNS adblocking.