Skip to main content

Access Denied: why Android’s broken promise of unlocked bootloaders needs to be fixed

Access Denied: why Android’s broken promise of unlocked bootloaders needs to be fixed


As Google’s dream of ‘openness’ malfunctions, the case for hackable devices is stronger than ever

Share this story

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

Galaxy Nexus bootloader
Galaxy Nexus bootloader

Remember when mobile hardware manufacturers like HTC and Motorola promised to help customers unlock the bootloaders on their Android devices, paving the way to the promised land of rooting, mods, and custom firmware? Here’s a quick update: it's not going so well.

In the past year, we’ve seen HTC, Motorola, Sony, and others come out in support of unlocking, setting up special websites dedicated to safely open devices for custom ROMs and other “unofficial” uses. But those efforts have been sabotaged at nearly every turn as one flagship phone after another is sealed shut under the mandates of major carriers like Verizon and AT&T.

For the Android development community, the situation has been vexing, to say the least: major devices like the Samsung Galaxy S III and HTC One X are still being put under lock and key while carrier PR offers vague objections painted with misleading terminology like “customer experience.” But while we may never know what’s really behind the decision to keep everyone in the sandbox, the need for hackable mobile hardware is becoming clearer than ever before. With Android 4.2 and Google’s Nexus 4 just around the bend, users are now left to ponder what the future of the platform holds if shadowy carrier politics continue to compromise the ability of OEMs — and thereby, customers — to fully control their own hardware.

Everybody's Problem

Some readers may be thinking, “this doesn’t affect me; bootloaders are the playthings of hackers and tinkerers, hardly among the concerns of the average user.” But with the rise of professional-grade aftermarket firmware like CyanogenMod and the failure of OEMs to provide long-term device support, rooting and unlocking — as Doctor Strangelove would say — “is not only possible, it is essential.”

Ice Cream Sandwich still only accounts for just over a quarter of all Android devices

It’s a situation you’re probably familiar with by now: hardware makers, many of them lacking the brand power to stand against the carriers’ agendas, have fallen tragically short of their promises to push out software updates on reasonable timescales, as originally proposed last May with Google’s ill-fated Android Update Alliance. With Android 4.2 on the way, the Ice Cream Sandwich update (which turned a full year old this month) still only accounts for just over a quarter of currently activated Android devices. And thanks to carrier rules and the incessant need of manufacturers to re-skin the OS to their specifications, Android users have repeatedly found that even devices that have been promised updates won’t be getting them after all.


Perhaps in response, custom firmware has seen a spike in popularity. In May, the team behind CyanogenMod reported that their firmware had been installed 2 million times across more than 750 different devices. “It seems that aftermarket firmware is used mainly for extension of the life of a phone,” members of CyanogenMod’s dev team told The Verge when asked about the recent trends. “Second to that, it appears to be a feature thing.”

"Aftermarket firmware is used mainly for extension of the life of a phone.”

It’s not hard to understand why: for consumers, more options for keeping older devices “fresh” means less need to buy newer ones. A 2011 study found that a vast majority of Americans replace their phones every two years, very much consistent with what carrier contracts offer. Keeping phones longer than that, in addition to being easier on the wallet, could also mean a significant reduction in e-waste — in 2010 alone, mobile devices turned into 19,500 tons of waste, only 11 percent of which was recycled.

Considering their success with the two-year contract model, it’s not surprising that major carriers are still fighting manufacturers tooth-and-nail to keep them from putting unlocked devices in customers’ hands. Samsung's Galaxy S III was one recent victim of the complex and infuriating relationship: back in July, the device was confirmed locked by Verizon, which echoed an incredibly vague statement that claimed unlocked bootloaders “could prevent Verizon Wireless from providing the same level of customer experience and support.”

A Verizon spokesperson told The Verge that the company’s statement refers specifically to issues of “customer service.” But the objection then makes even less sense considering that manufacturers already void warranties as a condition of merely sending unlock tokens — not to mention warn in apocalyptic cadence about the potential risks of opening device bootloaders in the first place.


Let’s not forget that like many others, the Verizon Galaxy S III was promptly unlocked and rooted by the Android dev community after a bounty was posted to the XDA Developers forum. This is what makes the carrier's objection to "official" unlocking so bizarre: in the exchange, the manufacturer, and by extension the carrier, would get a list of devices that have voided their warranties, making it easy to see who qualifies for service and who doesn't.

But by blocking the manufacturer unlocks, carriers limit developers to using their own methods, and determining which devices are eligible for service becomes anybody's guess. A Verizon spokesperson would not comment on why the company insists on this arrangement when the manufacturer’s warranty would effectively guarantee them a means of denying service to unlocked devices.

Arrested Development

But for all the resistance, there have been some odd instances of compromise. One trend that seems to be gaining traction among OEMs involves releasing a separate, unsubsidized "Developer Edition" featuring an unlockable bootloader and no difference in hardware. Motorola has been especially noted for embracing this strategy — its new RAZR line offers Developer Editions for every device in the series. Samsung has also followed suit with its Galaxy S III.

“Developer phones are actually a very good target to develop for.”

Some developers see it as a step in the right direction. “Developer phones are actually a very good target to develop for,” members of the CyanogenMod team said in an email. “It gives us insight into technology and hardware being used in other phones, allowing for us to develop for those phones as well.”

But in the immediate sense, a separate developer phone doesn’t seem to solve the problem for the average user, since the audience they're ostensibly targeting — other people willing to shell out $600 on an unsubsidized device — virtually doesn't exist, at least not in the US. To wit, any custom firmware that might be developed for these devices will be useless to the masses, most of whom will buy the plain-jane locked version from their respective carriers.

This won’t necessarily repel developers, however. In the end, given an unlocked bootloader, “the willingness of a developer to work on a device is really the only driving factor” in whether or not custom firmware is built, CyanogenMod’s developers say. “Each maintainer has their own reasoning for working on a certain device.”

A Tale of Two Androids

Android’s promise of “openness” has always been a precarious one. As it stands, getting an Android device is almost always a gamble — apart from gauging the interest of the developer community, there is virtually no telling whether the device you buy will ever get unlocked, either officially or unofficially. With its Nexus program, Google seems to be fighting for a better platform where carriers and OEMs dance to the tune of truly open, longer-lasting hardware. But that song is still a quiet one compared to the overwhelming cacophony of devices being sold locked up and loaded with bloatware. Even Motorola, despite being owned by Google, admits it is powerless to offer alternatives — and to make matters worse, seals its bootloaders with strong encryption that hackers have found to be virtually impenetrable.

Going forward, the division between Android’s “open” ideal and the carriers’ authoritarian prospects will be more pronounced than ever before. To say it’s an uphill battle would be an understatement: Google has clearly defied the latter strategy with the $300 off-contract Nexus 4, and it paid the price. But the balance will ultimately depend on whether or not regular customers — not just power users — demand more from their devices.