Hacker News new | past | comments | ask | show | jobs | submit login
Samsung kills the cameras on the Galaxy Z Fold 3 if you unlock the bootloader (xda-developers.com)
358 points by Abishek_Muthian 60 days ago | hide | past | favorite | 195 comments

I can almost guarantee this is due to licensing issues with the camera firmware. Modern cameras aren't just hardware any more. They're a mix of hardware and advanced processing algorithms that really do make a huge difference in the final output. Those algorithms are often licensed from 3rd parties with specific licensing requirements.

Sony has been reasonably good about enabling open-source and fixing these things in the past, so I'd give them the benefit of the doubt that they'll try to find a way to enable the cameras on unlocked phones in the future.

> they'll try to find a way to enable the cameras on unlocked phones in the future.

In the meantime, I will only buy what ACTUALLY gives me control RIGHT NOW, namely, what is supported by LineageOS:


I feel LineageOS + F-Droid is often underrated when it comes to these discussions about alternate ecosystems. If we're ready to let go of name brands, then F-Droid has some very high quality apps[1] built with passion over profit.

But I agree that the initial friction to setup LineageOS on the device is far too high for a non-technical customer, Something which could be only resolved if a devices ships with LineageOS(I think even F(x)tec, Fairphone requires the user to flash LineageOS) but then again memories of that fateful tie-up with device manufacturer which ended CyanogenMod would be fresh within LineageOS team.

Now that's the catch-22, Alternate exists but not for everyone.

[1] https://github.com/SimpleMobileTools

I had run LineageOS for some time. It works, but FDroid is missing too many apps, even opensource like Signal. I have to update apks manually every few months.

Signal team fought a long war against any forks or unauthorised builds of Signal. There are (or were) FDroid repositories with Signal compatible builds, but Moxie stated that any such build will be considered malware. Signal team was making such builds increasingly difficult to produce.

Official F-Droid repo doesn't allow proprietary dependencies on which Signal depends for some messages (push?)

Signal is open-source in the "look at it, but don't even try to tun it" way. I'd rather support a protocol that supports federation and encourages alternative clients.

https://matrix.org is a good one

Not upvoting or downvoting, but Matrix is an experimental choice at this point. I have some hope for the near future, but so far Matrix protocol is far from an established standard.

> supports federation and encourages alternative clients

Currently, the only featureful matrix server (synapse) uses gigabytes of RAM just for a handful of users (see also progress on dendrite and conduit). As for supporting alternative clients, Matrix ecosystem has an overdependence on 3rd party web widgets (eg. Jitsi) for client features because they are not supported by the protocol itself yet, making it harder to implement a native client with good performance and all Element features.

As i'm writing this, i realize nheko client now supports WebRTC audio-video calls when a recent GStreamer is available, congratulations on that, and good luck for the multi-platform implementation!

> overdependence on 3rd party web widgets (eg. Jitsi)

Is there any other example than Jitsi? I thought that was the only third party integrated in the core, and even that can be self-hosted.

It may be the only one. I was simply aware of this example. My point is not that Jitsi cannot be selfhosted but that using it in your client means your client requires a full web rendering engine to provide that feature, making clients more resource-hungry. To be clear, i'm great it exists at all. It has provided useful services for tech conferences like FOSDEM. I'm just concerned with interoperability and the webification of everything.

Using HTTPS for transport as part of the matrix protocol is great for punching through firewalls, i'm just not convinced the rest of the web stack is well-suited to social networking usecases with a lot of information pouring in. Web engines and the DOM model were designed for static data, not for highly-dynamic information, although there's ongoing R&D around virtual DOMs to optimize those usecases.

Actually, Jitsi is the only one, but it used only in case of group calls, so I can't complain. 1:1 calls handled without any 3rdParty

You mean something like XMPP protocol, which is a widely-deployed IETF standard with robust free-software implementations?

Why doesn't Signal maintain an F-Droid compatible build? (if there's a dependency problem, then they should considering dropping it, release a Signal lite perhaps)

Making your own F-Droid repository was harder a few years back, and UX client-side was bad. Nowadays setting up a 3rd-party repo is as easy as scanning/approving a QRCode (for example for Newpipe repo).

Not that i approve Signal's attitude on this topic at all, but there are (were?) technical reasons for which they would do something else. Of course, F-Droid maintaining proper LibreSignal builds in their place alleviates the concern, and that's what Signal team famously opposed. For the uninformed, F-Droid has very serious review/build process for apps and i don't think malware was ever distributed on there (and antipatterns are listed in the UI client-side).

Probably the same reason they don't maintain a Flatpak, Snap, or any other package other than for Debian/Ubuntu for Signal-Desktop.

Which according to the GitHub discussion, the answer is: ????

> Signal team fought a long war against any forks or unauthorised builds of Signal.

Yeah, this is main reason why I avoid Signal together with Google Services usage.

Yes it's a shame that Signal is not on F-Droid, but there's a self updating apk available[1] for side-loading which doesn't use Google Push Notifications if not available and as for why it's not there on F-Droid here's their official response[1], Which IMO makes some reasonable (against forks using their servers) and unreasonable (against normalizing side-loading) justifications.

[1] https://community.signalusers.org/t/wiki-signal-android-app-...

> some reasonable (against forks using their servers) (...) justifications

How is that reasonable in a centralized client-server model? That's precisely what we find unreasonable with Twitter and others shutting down or making life hard for 3rd party clients. Why would it be more acceptable from a free-software service?

The network effect says a centralized protocol like Signal has "zero" value without reusing the same servers. All this because Signal maintainers have an ideological argument against decentralization, which received many great responses including this one from a Jabber/XMPP client developer: https://gultsch.de/objection.html

In all cases, Signal servers control who has an account, what permissions and what can be posted. You can't just extend the protocol to enrich your client by abusing Signal's servers, but you can make your client compatible with Signal protocol (interoperability). Preventing that is rather user-hostile.

You are asking some very pertinent questions.

The reason why I felt there's some reason to Signal's stand on forks was because forks not standing up Them having their own F-Droid repository is to the quality standards, not adhering to feature parity while consuming their resources might not go well with their funders.

Signal having its own repo on F-Droid is the viable solution for them but they don't seem have any intention of doing it.

I don't agree with Moxie's reasoning against federated technologies, TBH I prefer email over any real-time communication due to its federated nature.

> the quality standards (...) feature parity

F-Droid community was interested to package Signal but at the time upstream had a hard dependency on Google Play Services (which according to my/F-Droid quality standards is pretty bad), and made it clear they didn't want any unapproved builds using their servers. This would include reproducible builds from the same source code as is standard in F-Droid official repo. Still, such builds would hypothetically have the same quality standards and feature parity with upstream.

I agree, Even the standalone apk which can use web sockets for notifications still has Google Play Services and so the F-Droid repo should be a separate code base without GPS.

Btw it seems I had a brain fart when typing this -

>The reason why I felt there's some reason to Signal's stand on forks was because forks not standing up Them having their own F-Droid repository is to the quality standards...

The reason why I felt there's some reason to Signal's stand on forks was because forks not standing up to their quality standards...

> still has Google Play Services and so the F-Droid repo should be a separate code base without GPS

A simple/single F-Droid patch could be enough.. Such a simple change doesn't have to be a huge maintenance burden.

This exact issue years ago made me think less of (and stop using) Signal rather than F-Droid. You're better off with XMPP or Matrix, plus an ordinary SMS app.

One has to already bend heaven and earth to bring people who don't care about Privacy from WhatsApp, Messenger to Signal.

Only reason someone is able to do that now is because WhatsApp, Messenger gets into some legal trouble and the media advertises Signal.

Preaching about significance of interoperable protocol and suggesting apps which use them is beyond the capacity of even those media.

The solution is always the same, focus on a stellar UX.

Stellar UX are always welcomed, But the network effects of a chat application are too high of a variable for to just rely on stellar UX to be successful.

Case in point: There was a chat app called Hike[1] in India run by the son of the leading Telecom Billionaire. It had more features(free SMS, Stickers) and arguably better UX than WhatsApp according to its users(100M). But it could never gain over WhatsApp's initial market size in India(Why change what works?).

Final nail on the coffin for Hike was when WhatsApp was made available on the 4G feature phone released by a competing Telecom operator and loads of people got to experience WhatsApp on their first ever Internet enabled compute device.

[1] https://en.wikipedia.org/wiki/Hike_Messenger

That's a very good example of why net-neutrality and anti-monopoly principles are important. Thanks for bringing it up

Thanks, It's indeed a good example for how oligopoly in telecom stifle innovation and how not even well-funded startups can survive in it.

Monopoly or Duopoly is a straight death sentence to innovation.

> Monopoly or Duopoly

Yeah or any kind of cartel, really. It's hard enough for a small coop to fight economies of scale, but in many areas you're facing an actual mafia.

Somewhat off-topic, but what's the situation with DIY non-profit ISPs in India? If you're not familiar with the topic, you can look up NYCMesh (New York), Guifi (Spain), Freifunk (Germany), FFDN Federation (France) or Rhizomatica (Mexico). Another interesting development in the telecoms field is https://jmp.chat/ promoting and developing free-software for cellphone<->XMPP/SIP interoperability.

ISPs by itself are heavily scrutinized entities in India, Even Starlink hasn't able to get its license yet AFAIK. I've seen couple of small for-profit ISPs come up and disappear in the form of both non-innovative distributors of bigger ISP and innovative original technology ISPs like WiFi Dabba(YC)[1](Not disappeared, but changed USP from mobile Internet to home broadband & moved the HQ from B'lore to Delaware).

As for non-profit ISP, even if possible it definitely cannot be open i.e. without oversight as in the examples from other countries you've sighted. Closest I've come to community run networks I've seen are LoRA networks.

jmp looks great, Google Voice has been shutdown in India can I use jmp as a replacement?

Edit: I've submitted jmp to HN as I didn't see any large discussions on it.

[1] https://www.wifidabba.com/

> non-profit ISP (...) cannot be open i.e. without oversight

That's also the case here. In France you need to declare your ISP activity to the telecoms regulator and follow some regulations. In Germany too there are regulations, but Freifunk as an activist collective ignored them in order to protect their users' privacy, and went up to the supreme court and won their right to operate a privacy-friendly ISP.

> jmp looks great, Google Voice has been shutdown in India can I use jmp as a replacement?

JMP is great from what i heard. It may not be as featureful as Google Voice yet, but there's active development and the user support (i hang out in their channel despite not being a client) is the best i've seen across the entire telecoms industry, and by far. The maintainers are very happy to work on new features and open to suggestions, but due to being a very small organization they're prioritizing obviously new features requests on a "who would pay for that?" basis.

You may be interested to learn that stellar UX is an important point for the snikket.org family of XMPP clients, despite not being there yet. There's an upcoming UX study if you'd like to take part: https://snikket.org/blog/simply-secure-collaboration/

I definitively like that they care

If you install signal from the apk they(moxie, signal) provide it works without google play services and it will update itself automatically, just requiring you to click a confirmation every few weeks.

Calyxos ships with Signal installed. I think it's an install time option? And it updates in an identical fashion.

> it will update itself automatically

is it possible to disable the auto-update? i'd rather see signal stop working than auto-update behind my back.

By auto-update I mean it opens a prompt asking you to update. If you choose not to update it eventually stops working because they change the protocol periodically.

I use lineage, and the signal apk from the website, and signal nags me to upgrade -- that doesn't happen automatically as far as I can tell. I've disabled the "install unknown apps" permission, but I don't know precisely what "unknown" means in this context.

You need to manually update apps from Fdroid due to artificial limitations introduced by Google for third party app stores - only Google Play and possibly device vendor apps stores can update apps automatically on non-rooted device.

FDroid has Silence and Jami which is what I switched to after signal started collecting and permanently storing user data in the cloud.

Silence is great but needs more contributors. Advertise it to your privacy-friendly friends and Android devs you know :)

Anecdote i learned recently about Silence: it's maintained by a jurist who works for a pro-privacy non-profit in France (La Quadrature Du Net)

https://e.foundation sells devices with /e/ preinstalled

True I limited my comment to LineageOS as I've personally tried /e/OS only for a small period. Having it pre-burned on a device does alleviate a major problem, but is there any other reason to choose /e/ over LineageOS?

/e/ is actually LineageOS under the hood. Chose it cause i found one of the models they sell new for cheap, thought support for it might be better than a phone having one maintainer. The alternative of buying a two year old phone used, even if it has three maintainers for LineageOS did not look that appealing. /e/ offers a free account with email and stuff, based on NextCloud IIRC. You can get a paid account with more storage space to support them financially.

if you are "non-technical" user - yes. but if you can install LineageOS (or any other custom rom you prefer) - no.

Personally I refuse to buy any device that requires me to go crying to the manufacturer for an unlock key.

Google and OnePlus devices can be unlocked locally with no need to contact anyone and beg, so no one can refuse your unlock on a device you already paid for.

T-Mobile US's LG devices came with unlockable bootloaders as well, but that only helps if someone develops a ROM for it. Even then, more and more important functionality is getting locked behind closed doors. On my Stylo 5, it's not the camera, it's VoLTE. What good is it to run a custom ROM if I can't make and receive phone calls?

For me, personally, a major reason to unlock the bootloader is to install Magisk. Running an entire ROM is nice if you can find a trusted and supported one, but failing that, root access is the next best thing.

I've got background clipboard sync back in KDE Connect through a Magisk module. No need for an entire LineageOS ROM (would be nice if it were officially supported) if everything I want can be done another way.

VoLTE is incredibly fragile. You can often force enable it and it'll just work, but there's so much that can go wrong that I wouldn't risk it.

Just curious, is there any "trusted" custom ROMs? It seems that LineageOS is most reputed, but are they doing some good work about trustworthy like reproducible build, or just a reputation?. I was using random custom roms from xda until Jerry Bean era, but I'm now afraid to install entire OS.

Maybe GrapheneOS?

Looks great, thanks. It's good that it also support with Google Play Services for who needs, despite it's privacy oriented ROM.

Just nitpicking, but it's technically possible to install Google Play Services on any ROM, to my knowledge. What makes GrapheneOS apart is they apparently found a safe way to prevent it from gaining control of your entire phone.

I have an LG G8 from T-Mobile. It hasn't been updated since February. Rumor is they're rolling out android 11 in Q4 which is more than a year after 11 was released.

Contrast that with my wife's S10 that's got 11 around February.

At this point I have very little faith LG will follow through with updates for even the original two years let alone android 12.

Yikes. My Stylo 5 recently got an update, bringing its patch level to June 1, 2021 (still Android 10). I guess I should consider myself lucky. Considering that LG decided to quit the market, I'm not too hopeful, either.

I'm honestly considering going back to a flip phone once the Stylo becomes unusable. Sure, I'd end up losing some neat things, but the bargain we're being offered with smartphones is looking more Faustian every day.

LG has exited the phone business.


Yes but they promised they would keep premium phones updated for three years.

"The three OS update guarantee applies to LG premium phones released in 2019 and later (G series, V series, VELVET, Wing) while certain 2020 models such as LG Stylo and K series will receive two OS updates.*"


Who makes voice calls anymore?

Also, did TMUS just drop 3G voice / CSFB already?! o_0

Google devices cannot be unlocked locally. My USA spec Pixel 5, purchased unlocked from Best Buy, had to be connected to the internet - and I don't remember, but I may have also had to put a SIM card in - before it could be unlocked. Apparently a background service automatically checks with Google's servers whether the device is eligible for unlock (is it paid off or still under financing, and which carrier is it from?) and then automatically fetches the unlock code if Google decides to allow it. But the default state until that happens is locked with no possibility of unlocking.

So it's very unlikely that you'll be refused the unlock on a device you just purchased, and if you are then you can just return the device, but I don't like the internet requirement since that means Google's unlock code service and all the other Google applications on the phone sent out a bunch of information about my device to Google.

When I tried initially unlocking the option was grayed out and unusable. I had to find information about the internet connection requirement online.

I don't know whether OnePlus does something like that - my OnePlus 7 Pro was connected to the internet before I attempted to unlock it, but I'm receiving a OP 9 Pro today and would like to unlock it as soon as I get it without connecting to the internet or putting in a SIM card. Will see how that goes.

The OnePlus 9 Pro also required an internet connection, and I had to enable Google Play Services for the OEM unlock option to be enabled. I bought this phone unlocked directly from OnePlus.

Interesting, I can't find any such requirement online about OnePlus devices, but I did come across this mentioning that a law passed in California forced Google to do this on some devices:


Pretty sad if true.

This discussion is not about carrier unlock! This is about `fastboot oem unlock`.

Yes. That's what I'm talking about. Not carrier unlock. Bootloader unlock is blocked until the phone is fully paid off (if purchased under loan), and I believe T-Mobile requires a 40 day wait before bootloader unlock is allowed even if you pay in full upfront, and I think Verizon prohibits it completely. Google enforces these rules on their devices and requires the phone to connect to Google to authorize bootloader unlocking. It's an automated version of the manual bootloader unlock codes that some manufacturers do.

The average consumer only wants to purchase the cross-section between what is the cheapest and works the best. For most consumers Open Source is not a feature.

With various right-to-repair legislation popping up everywhere, I am not so sure.

Software restrictions are one way to ensure planned obsolescence.

Actually, there is a specific set of features that guarantees planned obsolescence:

* Irreplaceable battery (or one that is difficult to remove by the user).

* on the iPhone, the Lightning socket and the Home button. The former starts to wear out after ca. 5 years; the Home button lasts a bit longer. Apple will repair both these for you but at this point you will be tempted to buy a new device instead because of the costs involved.

* the support for older devices is being dropped from SDKs. With time, it becomes more and more difficult to develop apps for your device. For many developers this is something completely natural and reasonable. For me it's not. I'm not asking Apple to support iPhone 4s (would be nice, but it's unrealistic), but just to let me still run and provision apps on my old MacBook with a previous version of Xcode. It used to work well in 2012, why can't I do it now? Upgrade, upgrade, upgrade, produce tons of electric waste, buy more, buy more. OK, I am buying new devices, but I care about the old ones. I won't throw away a perfectly working phone that will serve me another 10 years just because it is not considered modern enough.

EOL-ed smartphones are powerful computers, they have tons of different uses, I wish manufacturers recognized it and collaborate with their customers to reduce the amount of electrowaste.

For most people, EOL phones have 0 use.

I think this will change as devices become more long-lived (I still use an Android 5.x device today) and more repairable.

For many it won't matter, but for many it will.

You can see a similar thing today with automobiles. Some people only buy for features and let it go after a couple years, but many others also consider longevity and repair and parts costs.

If you want to free yourself from the clutches of Google, I recommend the LineageOS microG fork: https://lineage.microg.org/

Buying a LineageOS-supported device doesn't necessarily help. I bought a Pixel 2 from the Google store, and later replaced it under warranty due to a bad microphone. Now the bootloader is permanently locked, and security updates ended in 2020. This is a widespread issue with no known solution:


You'll have the control to...not even lock your bootloader.

Use GrapheneOS, if you want something resembling security.

But then they don't allow me to have root at the same time. They claim it is for security reasons but fail to explain why and get really unfriendly. Maybe some power-trip? So now I can choose between vendor lock-in and random-programmer-lock-in.

The GrapheneOS developers like to talk as if relocking the bootloader is unique to Google Pixels and providing a custom key is unique to them.

But that's not true. Every OnePlus device in the last few years allows avb_custom_key as well, Xiaomi Mi A2 does too, probably many others. And ROMs like Pixel Experience publish their custom keys too.

Relocking the bootloader doesn't imply that verified boot is enabled or that that it's not broken for alternate OSes, as is the case for the devices you mentioned.


It doesn't matter whether it's the tyranny of Samsung being dicks or the tyranny of the copyright cartel jamming the fiction that is intellectual property down our throats (and thereby being dicks) that is fucking up one's phone.

Perhaps the law needs to recognize that buying hardware should come with rights to the firmware. If all hardware is useless without firmware, then all hardware is useless without additional and separate rights, and that is a stupid and inefficient world in which to reside.

I think we should have a clear separation between hardware and software companies. This is how it worked in the old days when the internet was built. Hardware companies are getting too much power over our data, and we need more freedom of choice in how our data is treated and by whom, regardless of the hardware that we own. A company can be "good" one day and "bad" the next day. We shouldn't be forced to throw away any hardware when that happens.

Does that mean concessions on how well everything is integrated (in the view of the company and some people)? Probably, but that is of minor concern imho.

> I think we should have a clear separation between hardware and software companies. This is how it worked in the old days when the internet was built.

I think that's an exaggeration, isn't it? Aside from the old PC industry (still surviving today), most computers were produced as a whole: whether it was Sun microcomputers and SunOS or Atari STs and GEM or Apples and MacOS, they were paired.

The development of separate and competing operating systems and computers, with interchangeable parts and well understood standards, was an innovation but a temporary one.

> and we need more freedom of choice in how our data is treated and by whom, regardless of the hardware that we own

To that end, we need operating system developers to design data-first systems, where the user is in control of their data. Moreover, the liability for data loss and leaks in service-provided cloud storage should be so high that companies will be nervous about storing your data. It's so frustrating to me the number of apps where you install them, and you can't do anything with them without having a user account - even though there's no legitimate reason for them to have a user account for me!

The thing was that with computers we had the BIOS, that defined an open (well, in the first days it was proprietary but became a de facto open specification) that allowed interoperability between hardware and software, to the point that it provided the most basic functions to be able to boot whatever operating system you liked.

We should have done the same on the mobile, there is no reason why this works on computer and not on smartphones, if not commercial reasons. Why on a macbook I can install Linux but on an iPhone I can't boot whatever operating system I want? It's not a matter of security, because it's the user that chooses to change the operating system.

All modern investment in this space is explicitly trying to push for better hardware software co-design. This is seen as the path forward in light of Moore's law dying. There has always been a boundary where your ownership of software truly begins. In PCs it was at the firmware, and with smart phones it has been at some arbitrary location the os vendor has seen fit. The web had been the most crippling place for user control of software, and they own no part of the devices software or hardware.

> All modern investment in this space is explicitly trying to push for better hardware software co-design.

I'm ok with hardware vendors writing their own firmware. The problem I have is when they push updates, and take over control of my hardware.

So hw/sw codesign is fine, as long as it is sold as a hardware unit that I control.

> This is seen as the path forward in light of Moore's law dying.

At this point I care more about having control over my data and devices than about Moore's law.

IMHO mainstream consumers are clearly voting with their wallets that the benefits of hw/sw integration are more important to them than the drawbacks of hw/sw integration.

That's because consumers are greedy and shortsighted actors which need help from an external entity to prevent them from getting trapped in a local optimum.

> I can almost guarantee this is due to licensing issues with the camera firmware.

I think that a good pro-market regulation would be to require that all hardware be sold with the firmware required to operate it under some sort of open source license.

Once one has bought a device, one should be able to continue operating it.

I don’t care that the evil company A has an obligation to evil company B to screw me. I just despise being screwed.

Never buy devices with non-free firmware. They're always full of garbage like this.

my needs are more utilitarian - I need a smart phone that's waterproof. Not a single one of the libre* phones are waterproof, let alone reasonably water resistant, so they're a nonstarter for me. I'm a nerd but I'm also outdoorsy. My phones have gone for swims in the Gulf of Mexico and been caught in squals more times than I can count.

My experience is that water proof phones ironically are more prone to water damage since they don't drain. Simple moist in a tent can kill it.

Can you give examples from your experience?

My current phone, Samsung S9, got ruined in a moist tent. It said "water in charging port" and refused to charge since that point. Samsung fixed on warranty.

My wifes prior phone got cracks on it and it seemed to let in moist and then not drain or get dry. Something fried in it.

I had an S7 for years, and then upgraded to an S10e. I was just in a pool yesterday with the S10e taking video. The charging port message is to prevent damage. If the message never goes away or you have intrusion, that's a valid warranty claim.

Doesn't that rule out any phone?

Not, reportedly, the Librem 5 phone.

But it still contains a cellular modem and a wifi module, both of which run proprietary firmwares.

But, crucially, they both run externally to the CPU and main system, and can not affect it in any way. It’s just as if they had put the firmware on a ROM chip beside the modem and wifi chip.

A phone, sure, a smartphone, not a chance

The Librem 5 is absolutely a smartphone: https://puri.sm/products/librem-5/

Your linked page calls it a "phone" not a "smartphone", so you're proving GP's point.

What. By that definition, the Google Pixel 5a is not a “smartphone” either, since its product page does not use that term, either: https://store.google.com/us/product/pixel_5a_5g?hl=en-US

Your leg is being pulled.


By what metric is it somehow not a smartphone?

Even if that is the case, what is the reason to forbid the access to the camera completely? Just remove the stock camera app with the proprietary algorithms in them. And let other applications access the camera trough the stock Android camera API.

A camera is in the end a sensor that captures some video, why locking down that video stream? I get the algorithms, but leave the raw video stream to be used by other applications.

It's not just a raw video stream, but more complex work is needed to manage sensors.

But why should customers care? They bought a device for good money and it stops working due to the user installing a different OS ? Good thing in the EU custom OS installs dont break warranty (even if vendors try to make you think otherwise).

Then put that junk in a secure enclave (that unlocking doesn't touch), or in a separate chip. Don't screw over your users who want to have some control over the device.

Then they shouldn't use such camera. Simple. This should be illegal!

AFAIK similar thing happens with Sony smartphones. They claim to officially support AOSP. But:

"If you unlock the bootloader, you may void the warranty of your device and/or any warranty from your operator. See your device’s warranty statement for details. Additionally, due to the modified device software, Sony’s repair network will likely have to replace key components before it can properly test, repair and verify your device using our repair tools and software. Consequently, if Sony performs a warranty repair, Sony will likely charge you a significant service fee for the additional costs caused by your modification of the software."

And regarding camera:

"Certain pre-loaded content on your device may also be inaccessible due to the removal of DRM security keys. For devices running recent software versions, for instance Xperia Z3, the removal of DRM security keys may affect advanced camera functionality. For example, noise reduction algorithms might be removed, and performance when taking photos in low-light conditions might be affected. The secure user data partition may also become inaccessible, and you will not be able to get any more official software upgrades if you unlock the bootloader."

I was very enthusiastic about Sony smartphones when I first read about them officially supporting AOSP, but after reading those terms I just bought cheap Android One Xiaomi instead, who supports unlocking bootloader with a single click, does not void your warranty or break your camera and you can easily re-flash original firmware.

On the surface this seems blatantly illegal: after the sale is made the no-longer-owner removes functionality.

Can someone please explain how this is legally not some sort of theft, or bait-and-switch, or ... something?

I read comments about firmware licensing, or Japan's camera noise thing. Those sound like Samsung problems, while disabling a camera sounds like an actionable user problem.

It's not really an after-sale thing. They sold a phone with a booby trap set already. If the customer springs the trap, that's a customer action, not a Samsung action.

Most laws tend to frown upon traps. And the blame goes to the one who sets the trap, not the one who trips it, even if the victim was engaging in otherwise illegal actions.

That depends on the trap and how you set it. If you dig a hole for a house and someone falls in you are not liable.

As always, intent is king. If you make a hole intended to be a trap for trespassers, you likely will be liable. If the hole has a different, legitimate purpose, then you're likely not liable if you've marked the hole properly.


Not really related to the discussion at hand but I often wonder if that's the right way to make laws? "Intent is king" is the watchword of modern American jurisprudence but I ask you: If you killed 3 people, are they less dead if it was an accident? If people knew they would be punished for consequences instead of intent, would people be more careful about considering the consequences of their actions? Would that make for, just in general, a more observant, more considerate, more intelligent populace, with less collateral damage? By extension, might that result in more just/fair laws just in general?

I'm fairly confident this "intent" thing is absolutely the wrong way to build a society. I would love if someone would engage with this idea and offer criticisms for/against but so far nobody has.

That sounds wrong and likely varies wildly across jurisdictions.

If you dig a hole on your property you better secure it, or else kids might fall in.

Yes, that’s actually why tort reform is such a big topic in American jurisprudence. Because property owners are liable if a bunch of kids suffer injuries on their property by falling into a hole, almost regardless of intent. Yes even if it’s properly secured with fencing, in many jurisdictions the trespassers sue for damages and succeed often.

Even failing to shovel the snow and having someone trip and injure themselves is enough grounds for some sort of tort liability.

To a lesser extent it’s true in Canada and the UK too I believe.

It's an "attractive nuisance." You'd better lock your hot tub and garage freezer too.

It's legal because 1) There's a binding arbitration clause 2) Samsung have more money for lawyers for you.

Is 1.) a EULA/click through?

If so I think it is void in Europe. You probably still have to fight but you should stand a chance if you have some resources and want to fight.

It seems that bootloader unlocking isn't listed as a feature and this restriction is implemented from day 1. So it shouldn't be illegal, I think. It's still better than phones that don't support unlocking.

It's probably somewhere deep in the EULA/ToS and furthermore it is shown, while unlocking the bootloader. Whether this is legal or not, is surely an open question.

That raises whole other legal questions....

One basic pillar of contract law basically everywhere is that one can not be bound by a contract that they didn't read, even if they signed it. Usually these cases involve coercion or not knowing the language. If nobody can read the EULA because it's 10 pages of densely written legalese, can they even be bound by it?

Since BigCo deliberately made their EULA harder to read than necessary, that probably counts as "acting in bad faith" which is an entirely different legal avenue for the EULA to be void.

I can't help thinking that the correct "malicious compliance" strategy for legislators to tackle this is to pass a law that says any time a user is required to agree to an EULA on a device which is capable of playing audio files, the device should have to play an unskippable audio recording of the EULA being spoken out loud by a voice actor, at a normal talking speed.

Adding a 30 minute wait before someone can use your product or your website would ruin the customer experience, and would encourage at least some companies to question which clauses are actually needed.

> One basic pillar of contract law basically everywhere is that one can not be bound by a contract that they didn't read, even if they signed it.

Wait, there has to be more nuance to this, right? Like, I can't just sign a contract and say "I didn't read it" when a term I don't like comes into force. Is there a precedent for where that line is?

For those who can't be bothered to read wikipedia, this only applies when the courts can find you read it to the best of your ability and misunderstood it. Mostly it applies to those who can't read (either at all or the language of the contract) and so trusted someone else to tell them what it meant and they were deceived.

If you could have read the document but didn't, that is your own fault and the contract stands. Only if you couldn't have read the contract, or you clearly could not understand it does the contract not apply.

"If you could have read the document but didn't, that is your own fault and the contract stands." That's the point, isn't it? Gideon v. Wainwright clearly established that no non-lawyer can be expected to win against a trained lawyer. Since BigCo has a team of trained lawyers making the EULA impossible to read, ... Well, Gideon didn't go this far, but if we extend the logic in that ruling, there's certainly a major precedent that nobody can be expected to understand the EULA, and thus it might be void.

I support this interpretation.

I'm not a lawyer and I'm not a native speaker but I have spent way too much time on EULAs and groklaw and stuff when I was younger and my honest conclusion is a competent lawyer can probably make a planet size hole in a contract without most of HN noticing: many because they don't read it (I'm here now), many because English is not their first language an even among those who know English well(I used to be in this camp), legalese is almost a separate language.

There is much more to it and I wouldn't trust any legal advice given to you by OP.


Of course there's more nuance to this. As I mentioned, these cases usually involve coercion (someone held a gun to your head and made you sign the contract) or not speaking the language (interpreter wasn't available/translated wrong/deceived).

This question then rests on: Can the user reasonably be expected to read 10 pages of dense legalese?

I think the real-life answer is an obvious NO. Current law generally assumes YES, except in cases where it doesn't. You see how there's some conflict here which I expect to be clarified by some court soon.

It's printed quite clearly in the quick start guide that it'll break your phone if you do it. Maybe people should read the little booklet, but as you can see it's not hidden under a pile of text.

> Approved firmware versions

> This device will only operate with

> firmware versions that have been

> approved for use by your wireless

> carrier and the device manufacturer.

> If unauthorized firmware is placed on

> the device it will not function


Discussion question: If something is immoral and debatably illegal, does documenting it in the quick start guide make it somehow less immoral? Or does that just mean it was documented?

You posed the following question:

> If nobody can read the EULA because it's 10 pages of densely written legalese, can they even be bound by it?

I explained to you that the premise of your question was flawed. I didn't comment on any other considerations beyond that.

Imagine if the wrapper for a ream of paper said "by opening this wrapper, you agree to pay us $5 if you print double-sided on any of this paper". That's what EULA/ToS on things I already own feel like.

If you tamper with the device it's your responsibility, innit? It's not like they disabled a properly functioning device that uses the original firmware with an OTA update.

> If you tamper with the device it's your responsibility, innit? It's not like they disabled a properly functioning device that uses the original firmware with an OTA update

And more to the point, Samsung is under no obligation to allow bootloader unlocking at all, much less ensure that it continues to provide any specific set of functionality.

The alternative here isn't "Samsung stops disabling the camera when the bootloader is unlocked," it's "Samsung stops allowing bootloader unlock."

This is always the game with Android phones - you have to do your research to understand whether you can install your own software on them, and what might be lost if you do so. If you don't want a bunch of headaches, just buy a Pixel series straight from Google.

It's not up to Samsung to allow bootloader unlock or not. There will be exploits that will allow for a bootloader unlock or worse unless they allow for it.

Besides, we don't have to be happy with the status quo, we can legislate for bootloader unlocking to be allowed.

> Besides, we don't have to be happy with the status quo, we can legislate for bootloader unlocking to be allowed

Unfortunately, that's not the world we actually live in. This thread is in response to the (great?) grandparent who suggested:

> On the surface this seems blatantly illegal: after the sale is made the no-longer-owner removes functionality

Our governments may theoretically have the power to force vendors to provide functionality like this to end users, but it's hard to imagine that actually happening (can you imagine how hard Apple would lobby against unlocking iPhones, for example?).

The only thing we can do is stop buying devices from vendors who exhibit such user-hostile behaviors.

I'm pretty sure Ford would be in serious trouble if it deliberately bricked the entertainment system when you change the oil outside of a dealership.

If you mess with the central electronics of the car I'm sure the car could choose to disable itself and they wouldn't owe you a cent.

They would likely fall afoul of EU right-to-repair laws.

There is in my opinion a difference between a car and a phone.

If a car fails, people can die. If a phone fails, it normally doesn't have a huge impact.

If a car disables itself, because the central electronics were messed with by laymans, not some repair shop, it is in my opinion totally okay, as it would otherwise endanger humans.

But for a phone/other non-critical electronics, there is in my opinion no reason why its functionality should be reduced, just because you did something harmless like unlocking the bootloader. (In this case, the camera could still make photos, just without the fancy patented/copyrighted algorithms)

Is that a legal distinction where you live? If not, this all needs to be phrased in the context of “I think this is reasonable and am advocating for legislation with my elected representatives”.

Thanks, rephrased it a bit to make it obvious

Yeah, I’m with you in spirit but it’s a tough fight with some very entrenched interests.

"Re-locking the bootloader does make the camera work again, which indicates that it’s more of a software-level obstacle. With root access, it could be possible to detect and modify the responsible parameters sent by the bootloader to the OS to bypass this restriction."

The new Samsung phones are less attractive for many reasons. A few months ago I upgraded my S8+ to a S20+. I considered the S21+ or Note, but none of those have a microSD slot.

I suspect that my next phone will be one of these: https://puri.sm/products/librem-5/

After Apple's incredible reversal on privacy/spyware inclusion in iOS 15 I've chosen to cancel all future purchases with them and buy this. Hoping my american-made one comes soon.

I will likely continue to carry my 12 pro max 512GB for a while as my primary camera/use old school apps, but my linux phone will be how people reach me/where I store my media and files.

I purchase ~5 iPhones/year for my family (soon to be 6) and upgrade them every year (selling the old hardware). I refuse to participate in their closed ecosystem if they insist on shipping malware.

If you plan to use the Librem 5 (or Pinephone like me), I would highly recommend setting up a Matrix server. They're very easy to administer, hardware requirements have been dropping for months, and it means you don't have to switch chat apps.

Would it be nice to switch to whatever your preferred messenger is? Absolutely. But some people won't make the jump, and this allows you to switch more completely to the Linux phone.

I understand the appeal, but that's paying flagship prices for a phone with 7 year old hardware specs. You're paying for freedom, but trapped in 3 GB of RAM and 32 GB of internal storage (expandable, but you still need to store core software on that internal space).

A $900 device with low tier hardware specs (720p screen, 32GB eMMC storage, etc.) is not a particularly appealing offer. I understand that the value comes from the security aspect, but I personally don't find that worth a $700 markup.

It is $850 markup. For $107 you can get UMIDIGI A11. decent phone with Android 11, global LTE bands, 4 GB Ram and 128GB Storage.


Ben, is that you?

I am not Ben. Bootloader is also supposedly easy to unlock.

The value comes from the freedom aspect. Some people value freedom higher than others, some even say that you can’t put a price on freedom.

Comparing specs between Linux and Android is an Apples vs oranges comparison IMO. I think a lot of people are unaware of the huge overhead that Android (and even iOS) has.

The intention of the statement was to show that it is low-end hardware at a high-end price point. Performance of eMMC flash memory isn't magically going to be "hugely" faster because it's ran on a different OS. That 720p screen will perform the same too. Android performance overhead is not relevant to this.

Won't that be a downgrade though, even from your old S8+?

Not trying to dissuade you from the Librem 5 but fyi the Note 20 Ultra does have a microSD card slot. Samsung were planning to remove it from the Note 21 Ultra but that device was cancelled.

Is this actually reliable enough to use as an everyday device? As much as I'd like to leave the big 2 I'm not going to carry something that might be unusable when I really need it.

I had an Xperia Z3 Compact from Sony and it had this same restriction. Much of its camera functionality (including de-noising) was DRMed and if you unlocked the bootlader it would delete the keys. No way to restore them.

Unlike the Z Fold 3 it doesn't kill the camera completely, you end up with a lower quality camera without its post-processing features but it's still usable.

Ok yes, it would technically only turn your camera into a potato instead of disabling it completely

This is probably due to some copyrighted binary blob used on the camera driver of the front facing camera, given how much magic it needs to do to compensate for the opaque pixels.

It could be for compliance with Japanese law which forbids taking photos without a shutter sound? This in principle doesn't apply when you're not in Japan, but after unlocking Samsung has no way to tell.

Edit: reading the article about SONY (https://www.xda-developers.com/sony-xperia-android-pie-unloc...), DRM keys seems to be a more likely cause, which drcursor's comment also mentions.

BTW there is no law in Japan about shutter sound, makers are following the consensus by their own will (don’t want to be the only ones to not follow)

This is usually just a trivia, but in these cases it’s informative on what length makers feel obligated to go to protect that shutter sound part. Which is, not much in general.

If you use a foreign SIM card it won’t follow that rule, same for some of the capture modes, etc.

Note: India actually has a law over this which is (to emphasise how serious the law is) even coded into AOSP (not on the camera app itself), where it won't allow you to silence the shutter if either you're roaming inside India (regardless of the origin of your SIM card) or you have an Indian SIM card (regardless of where you are roaming).

I can't remind a similar law on any East Asian country though.

Huh? There's no such law. I have turned off the shutter sound option in every single phone I've purchased here in India so far.

I have use multiple phones with Indian sim card with no shutter sound.

I searched around in the AOSP source code but nothing jumped out. Can you link to the code?

Here's PR to remove the shutter sound for Japan: https://review.lineageos.org/c/LineageOS/android_frameworks_...

India looks same implementation: https://android.googlesource.com/platform/frameworks/base/+/...

If this were the case, then why doesn't every phone have the same restriction? And why would it make its first appearance from a Korean company on a phone for the American market?

Different legal opinions and Samsung being more risk-averse I guess?

However reading the article about SONY (https://www.xda-developers.com/sony-xperia-android-pie-unloc...), DRM keys seems to be a more likely cause...

Some devices sold in Japan is unlockable. It's unlikely to start such regulation in 2021.

Videos: exist

Japan's cybersecurity minister was proud of never having used a computer (https://www.theguardian.com/world/2018/nov/15/japan-cyber-se...). What do you expect from such ignorance? Laws that make sense (like holding creeps accountable)?

> Japanese law which forbids taking photos without a shutter sound?


IIRC people secretly taking upskirt photos in trains was a significant/frequent problem

So "Silent Camera" app is popular. It basically just take a screenshot from preview, but now it's enough for some use case thanks to higher resolution of screen. (Some apps are advanced maybe, not using screenshot) Some conference presentation orders people to avoid shutter sound by using silent camera app.

... who can just turn the video on and off really quick (or even write a very simple app to turn the video on for one frame).

O_O I am shocked. That's really bizarre

A lot of phones have issues with the built in cameras when flashing third party firmware. The roms that seem to work better with these phones integrate the original binary blobs from the manufacturer. I guess the question is can you do that in this case?

Could it be that the camera is directly connected to the security chip responsible for things like biometrics, payment, etc. and that unlocking disable it?

Somehow it does not make me feel better. I have hardware that becomes more restricted the moment I want to actually use it as I see fit.

Sadly this seems to be the trend of the last few years, that hardware is locked down and you sometimes have to use exploits to have full control over your device

quite unlikely

While I know I'm an outlier, this has made me more interested in these devices. It's become almost impossible to find "smart" phones without cameras. I need to read my email, get directions and (unfortunately) us slack but that's about where my needs end. I don't like cameras. I don't want to be in front of them or be responsible for taking photos of things. (I find that my disinterest and my lack of skill makes them all pretty bad anyway, which is fine by me.) I've been known to physically remove them, if I have to replace batteries (I generally opt to fix them over buying new, until the software experience degrades due to becoming under powered for the updated experiences). I'd buy the smaller one (fold? flip?) if I could be promised that the camera would never work.

I have one of these on the way and never intended to root it, but this outrages me.

I get that Samsung reserves the right to say "its been rooted and is now longer certified "safe" by us, but BREAKING the functionality of the device that I paid for and own is vandalism.

You can cancel or return it. Money is a signal every company has to pay attention to.

I have been hearing "vote with your wallet" for more than 30 years. It has never, ever, made a difference in the direction of hardware.

It depends on the circumstances. If everyone on HN orders a phone from some new phone startup, and then everyone returns it a few weeks later, that could spell the end of the company. But for companies like Apple and Samsung, making products is just kind of a hobby side business -- they could collect interest on the balance of their corporate treasury indefinitely and make more money than you could ever imagine.

> Re-locking the bootloader does make the camera work again, which indicates that it’s more of a software-level obstacle

My guess is that their camera supplier has a secret blob that they want to retain encrypted...

What is up with that site repeatedly expanding the border to cover the edges of text on mobile? Such a toxic design.

XDA has gonna from the go to site for Android related everything. To an ad website.

If you don't have a blocker like pihole or something similar, it is unusable on mobile.

Or just use Firefox mobile...

Or Vivaldi

While that is a bummer for advanced and/or privacy seeking users, it is understandable.

I have considered membership in the CalyxOS Institute where you get a Google Pixel 4a phone all set up with CalyxOS. Something similar with the most modern hardware would be better, but the situation with Samsung, is what it is.

It is not understandable, and we shouldn't accept asshole behavior like this. If we do, other manufacturers will follow one by one, and in 2 years you won't have any options left. Like it was with removable batteries. SD cards. Headphones jack.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact