

Why Google should make Android root access an official feature - 11031a
http://www.extremetech.com/computing/123793-why-google-should-make-android-root-access-an-official-feature

======
thought_alarm
Samsung: Here's our new line of cell phones we would love for you to carry.

AT&T: Looks nice. We'd like this one to look more iPhone-like.

Samsung: No problem. Our designers are very talented. One new feature of these
devices is root access for any advanced users who want to customize their
phones.

AT&T: We don't think that's a good idea.

Samsung: You got it. Root access is gone.

~~~
unkoman
That's a very america-centric view of things. Europeans who buy phones for a
couple of 100 euros instead of investing in a life long relationship with a
provider sees things differently.

~~~
thought_alarm
Cell phone manufacturers make the exact same concessions to European carriers
as they do for American carriers.

------
untog
_There’s no point in denying the fact that users want root access on their
phones._

Power users do. Most do not. That alone is the reason Google will never make
it a priority.

~~~
ajross
This argument is a tautology. "Power users" are just a synonym for people who
want stuff not in the default. To the extent that the default installation
lacks desired features (wifi hotspots are a good example) we are all "power
users".

But yes: gaming, browsing and texting don't require it. And a big portion of
the user base never leaves that box.

~~~
shabble
The issue is more about where on the functionality vs usability/support costs
graph you draw the line. If there's a desirable feature that also has
significant drawbacks (maybe accidentally racking up heavy data charges
because you unintentionally created a public unsecured WiFi WAP, or shitty
battery life, or something) then it might get the chop just because it costs
(too much) money to support, rather than because the general public don't want
or need it.

I think the most practical solution, given that people are always going to
want to push the limits of the devices, is to permit, but disclaim
responsibility/liability where possible. "By accessing the root features of
this phone, you're no longer eligible for $x direct support, and you're aware
of $bignum ways in which this could be a Bad Idea"

The problem with that is too many people are going to put on their disclaimer-
blinders, and click straight through anything that isn't Making Their Damn
Internet/Facebook/Game Work, and call you anyway when it screws up. Maybe a
certain barrier to entry does have some merit after all...

~~~
ajross
I'm sorry, but the "expensive support" argument is a red herring. Is there any
example anywhere of an otherwise-successful product (in any realm) whose
profitability was impacted by users hacking/modifying/diddling the hardware?

Carriers and platform vendors (but not, in general, hardware manufacturers)
don't want users running unauthorized code because they don't want to lose
access to revenue streams therein; and by extension that they fear the loss of
control means they will lose access to any future revenue streams.

~~~
bmj
I wonder how Apple did this math? I look at this way: Microsoft pushed tier-1
support, at least, to the resellers, right? I buy a Windows laptop and do Bad
Things via the admin account, what do I do? Go back to where I bought it, or I
call the Geek Squad.

In the case of Apple products, I'd take my shiny laptop back to the Apple
store, and they'll deal with it (generally). So is that support cost baked
into the already-high cost of Apple hardware+software?

That said, your argument is probably a good one, too--the carriers and
platform vendors really do like lock-in, so they would likely do whatever they
could to turn off root access.

~~~
ajross
Apple is a content provider. They get a cut of iTunes downloads. So they
aren't a pure hardware manufacturer. Samsung frankly doesn't care if you root
their phones once they leave the factory, but Apple loses money when you
jailbreak an iPhone and start dropping torrent-sourced videos on it.

------
sp332
This is interesting, since CyanogenMod devs recently removed default "root"
access. You can still enable it if you want, but if you don't really need it,
it's a gratuitous security hole. Discussion:
<https://news.ycombinator.com/item?id=3716104>

------
shabble
I might be missing something (I haven't developed for android or rooted my
phone), but isn't this essentially what HTC permits with their 'unlock your
bootloader' tool (<http://www.htcdev.com/bootloader/>)?

Or does Android require some additional breaking in order to achieve the
equivalent of init=/bin/sh?

------
jerrya
I don't use root for much, but there are several programs that I find
indispensable that require them, including TitaniumBackup, and Virtual Button
Bar.

I would like to to see Android get a well known, official way to get root, a
way to install authorized root/setuid programs, AND a multiuser model of
operation.

------
zyb09
well it's kind of an official feature on Nexus phones, there's a script to
unlock it on the phone, you just gotta execute it. So what more exactly do you
want? Besides that I don't even know why a normal user would want root access,
even I only use it on a dev phone to quickly flash another ROM to test my App
in different Android OS versions. For people wanting to get rid of branding
etc., they should just stop buying carrier customized crap. You can get
vanilla devices at Amazon, or just get an iPhone or Nexus, it's not that hard.
If they aren't capable of doing some basic research before purchasing a
product, I don't think giving them root access to their phone would end well.

~~~
hammersend
"Besides that I don't even know why a normal user would want root access"

When I mention wi-fi tethering and explain how it works people's eyes light
straight up whether they are a "normal" user or not. Some phones come with
that feature enabled out of the box but most require root.

~~~
eli
You don't need root for Wi-Fi tethering on Android... unless your carrier has
disabled that feature. In which case they seem unlikely candidates for
allowing unlocked phones let alone root access.

------
leeoniya
i rooted my EVO 4G the day it came out and agree that root should not be
gained only via exploit.

however, i'm not sure i see how giving a choice of easy root to the end user
would de-incentivize the development of malicious exploits which seek to gain
it through other non-interactive means which bypass the officially provided
method - there will always be incentive to do this, though i agree than it may
take much more dedication and time to develop since there is not a huge
community after it. on the flip side of the coin, these 0-day exploits likely
would not be publicly disclosed as they are today for the sake of giving
freedom to the end users.

~~~
mmastrac
If you rooted your EVO on day 0, then you probably used some of my Unrevoked
work. :)

I can say with absolute certainty that we've held previously back active,
root-level exploits in the OS or supporting Android libraries that we've found
to a later date, solely to ensure that users continue to have access to root.

~~~
leeoniya
yes it was unrevoked :) then unrevoked4ever for s-off.

holding back exploits is always a two edged sword in the walled garden created
by carrier subsidies. it's a never-ending balancing act of security concerns
and device freedom. capitalism will never provide us with both - a stallman-
level open ecosystem and the low prices we pay to be bent over backwards by
vendor lock-in.

------
wutbrodo
I'd imagine the main issue is that they'd have to say goodbye to any content
deals they may want to make. As I understand it, lack of limitations on the
method of access is usually what studios et al hate about these deals, and for
Google to officially support it would piss off a looot of potential partners.

------
nextparadigms
It shouldn't be rooted by default, but something like what CyanogenMod 9
promises: the ability to turn it on and off in settings. It can be off by
default.

------
muckmot
i also imagine it to be quite difficult to garner industry support to develop
apps on a (default) rooted phone

~~~
mmastrac
Why is that? You don't need root to pirate games. The only thing it does is
_marginally_ improve security for apps like Netflix.

It wouldn't have to be rooted by default. The ideal solution would be a USB
tether + dev tool connection required to turn this on, so unsuspecting users
aren't compromised by malicious apps.

~~~
eli
So... a Nexus One or G1, basically.

~~~
mmastrac
Ideally root would be separate from bootloading unlocking.

~~~
eli
Is that not already the case? Perhaps you're right. Seems like splitting hairs
though.

