Hacker News new | past | comments | ask | show | jobs | submit login
S.Korea fines Google $177M for blocking Android customisation (reuters.com)
266 points by quasisphere 2 days ago | hide | past | favorite | 91 comments

I think the throwback on HN on this decision is due to the lack of details and context on the news?

From what I've understood from the local news (I'm a South Korean), It's not about blocking handsets with forked Android (that already happens regularly AFAIK), but the requirement of shipping Google apps like Chrome and Google Assistant. The big elephant in the room here is Samsung phones, which do ship it's own custom browser Samsung Internet (BTW, with ad blocking capabilities!) and a separate virtual assistant, Bixby. That's the part where the KFTC decided was monopolistic.

I don't have a personal opinion this, but seems that the comment threads are focusing on the wrong part. Manufacturers were always able to bundle up their fucked-up version of Android. They were always able to ship super-custom UIs. Google never prevented that... but they did force the UIs bloat by having two separate default apps.

Also, it should be noted that Google didn't just disallow shipping Google apps to forked Android. Google disallowed shipping Google apps to any devices from vendors that ship forked Android: if your smartwatch is using forked Android your ordinary smartphone also can't have Google apps even when it's using genuine Android. The KFTC made very clear that this is a nuclear all-or-nothing option to hardware vendors and thus constitutes an anti-trust action [1].

[1] https://ftc.go.kr/www/selectReportUserView.do?key=10&rpttype... (in Korean)

Idk I can somewhat see their reasons. Forked Android isn't necessarily secure: a customer who owns the phone might get hacked or suffer some problem and who will they blame? Not Samsung or Xiaomi etc. They'll blame Google.

If you're signed into Google etc on your phone and that is compromised, it appears to the average person that Google messed up.

I hate when a law or legal decision is aimed 45 degrees off like this. Letting manufacturers bundle their fucked-up version of Android is a bad thing. What we need is mandatory unlockable bootloaders so the users can load whatever they want on their devices.

What we need is control on the bootloader, with the ability to unlock, load our own keys, and relock.

We also need to clean-up the mess with all those "partitions" (some of them with critical informations e.g. calibration, IMEI, etc) so that only one partition would have all those static information (reasonably protected against overwrite, e.g. colocated with bootloader and device-tree). We should be able to re-partition the storage (like we do on PC) without bricking the device...

Google phones allow re-locking the bootloader with your own key, except it still results in a warning during boot, and there's no way you're passing SafetyNet with this, at least not without hacks like Magisk. Also even when you unlock the bootloader, the TrustZone OS, which runs with hypervisor permissions and manages all the exciting things like DRM and SafetyNet itself, is still off limits for you.

> Google phones allow re-locking the bootloader with your own key, except it still results in a warning during boot

The warning is a great thing for security: I'd appreciate it if my phone showed me that warning after I've surrendered it to the border control agent (alternatively, a sketchy repair shop), or bought it pre-owned, or if I "lost" it and gets returned to me.

Let's start with the fact that unlocking the bootloader wipes the entire /data partition to prevent this exact scenario from happening.

That'a a great point, and you're correct on the impracticality of the evil-maid attack. However, my point remains when it comes to less-than-honest repair shops or second-hand sales where wiped devices are not suspicious. I want to know if my bootloader/kernel may have been tampered with before I am able to trust the apps.

I wish I could have thought of that argument on a previous discussion about iPhone/ iPad jailbreak discussion thread

There is a fix for SafetyNet - it forces the client-side library to assume that there is no hardware co-processor.

It's bound to break in the future. Google will stop, if didn't already, certifying devices that lack the TEE.

The issue I'm pointing out is that this device integrity thing exists at all, and that Google ends up having more control over the device and its capabilities than its legitimate owner.

While this all sounds great, I don't imagine legal regulation on how a device is partitioned would go as well as you think...

Librem 5 has its modem on a detachable M.2 card, sounds like what you describe.

I know that a lot of us more tech inclined want this freedom. But grandma is never running toolchain on a computer to install custom software. What 99% of people want is cheap/free and they will give up privacy to get it. I see this as SK giving its citizens what they say they want. I wish that wasn't the case but it seems like that is the world we live in.

> I know that a lot of us more tech inclined want this freedom. But grandma is never running toolchain on a computer to install custom software

This is thought-terminating nonsense, constantly repeated. What my grandma wants is for me to pick what's best for her and install it. What she doesn't want is Google (or Samsung for that matter) keeping her grandson from doing what he thinks she'll like best.

edit: and to be clear, that's what all of my computer-illiterate family members want, although not all of them from me (there are other grandchildren, uncles, etc.). The radical idea that people would rather have decisions made by the people that they love and trust rather than companies that actively and constantly prey upon them should be accepted without question.

Ordinary citizens don't really care. This is SK giving Samsung what they want: an Android-fork OS for their smartwatches and other gadgets where the app store can be controlled by Samsung, not Google.

I think the issue is Google blocking customizations if they want the Google Play store on the device.

I don't think there is anything stopping Samsung from using AOSP.

You are incorrect. Google's AFA is viral in nature. Daring to ship a non-Google Android will cancel your ability to ship any devices with Google Play.

> unlockable bootloaders so the users can load whatever they want

Here you go: https://puri.sm/products/librem-5.

We shouldn't have to sacrifice performance, quality, and reasonable price points in order to have the basic things we've had in the desktop world for decades.

We've only had them for historical reasons. If any of the big manufacturers had the option to invent a "personal computer" now, I'm 100% sure running arbitrary code wouldn't make it to the feature list.

Honestly - I don't think it's just the big manufacturers.

If HTML was invented in the current climate, I'm damn well convinced a simple <a href={external domain}> would be shot down for "security" reasons.

We're seeing a real breakdown into walled ecosystems. My opinion is that most of the steps that direction are well-intentioned (Safety, Security, Consistency, etc). The end result is fucking hell, though, where the ecosystem owner profits massively and unfairly compared to all other entities.

That's how IBM built the PC, loosely. They didn't imagine a market where there would be third party expansion cards, and they believed that users should come to them, and their partners, for software.

Compaq blew that wide open, much to IBM corporate's dismay and IBM legal's glee.

That was an IBM mistake, they never intended to happen like that.

Give me a Librem 5 with an SoC that isn't hot garbage and I'd buy it immediately.

People already complain about the price of that thing. Include a better SoC and it's going to get more expensive.

The BoM cost of the i.MX 8M Quad in the Librem 5 is $35.49. The BoM cost of the Snapdragon 865+, when it was brand new, was $57. That $22 price difference brings a 700% performance increase.

Will mainline Linux work on Snapdragon 865+?

Do you mean that it heats up too much? I don't think this is accurate after latest updates. Also, suspend is not implemented yet. It will greatly increase the battery life and make it colder.

"Hot garbage," in this case, is just a colloquialism that means "it stinks." Garbage smells; hot garbage smells worse. They're not literally referring to heat or temperature.

It's the most modern SoC that supports mainline Linux with FLOSS drivers.

There will still need to be the option for a locked boot loader though.

If I’m Snowden, knowing my boot loader could be unlocked and a key logger side loaded isn’t reassuring.

Ironically, Google's own Pixel devices are basically the only ones on the market that allow locking the bootloader with your own key [0]. They even follow the recommended bootflow [1], displaying a warning screen with the hash of the installed ROM when you boot the phone.

[0]: https://android.googlesource.com/platform/external/avb/+/mas...

[1]: https://android.googlesource.com/platform/external/avb/+/mas...

Why is this ironic?

Probably because it effectively means that Google’s own devices are the simplest to “deGoogle.”

I'm not aware of any manufacturer who allows bootloader unlocking without also displaying a warning screen every time the phone boots up.

Example: https://www.thecustomdroid.com/wp-content/uploads/2019/06/Ho...

My current phone (Xiaomi POCO F2 Pro) only displays a faint lock/unlock icon above the logo while booting. Easy to miss.

But that's not really important, because unlocking the bootloader factory resets the device on every Android phone that I know of. AFAIK it's not possible to unlock a bootloader without the owner's knowledge.

Even if it's easy to miss, a person like Snowden would be looking out for it.

No, locked bootloader's are the stuff of nightmares. Much rather be able to scratch all memory on the device and reinstall.

Perhaps what I mean is "locked bootloaders at POS". Selling them locked should be illegal, but locking them yourself with your own key should be trivial.

How about splitting the difference like locking the bootloader at point of sale with guaranteed period for updates? After the period has lapsed, allow users to unlock the bootloader to extend with custom software upgrades or, a subscription base to continue with original POS policy.

This weirdly intersects for the Right to Repair movement, or for consumers whom would rather be conservative on new device purchases and software licenses.

Reminds me of the idea I've been thinking about - kind of unrelated - but once a device is officially no longer supported by a company - particularly consoles and online games - they should make the source code available so people can continue from there on their own.

I've thought about that before too. As soon as something is no longer actively supported, it should become open for people to maintain themselves. Unfortunately, there's a lot of companies that would fight that with as much money as it takes, so it would never happen (at least not in the US)

It actively goes against their profit interests. If they deprecate the older devices and leave them as black boxes, that's another way to push consumers to buying the new stuff.

Something like this would have to be done with regulation.

Shares some similarities with the gradual corruption of copyright over the years, extending it out into infinity (thanks Disney!), companies would rather hold close the things they refuse to use than give them to the people once they have no more profit to be made off of them.

If only they would frame it as an environmental concern/issue as well, eg: properly dealing with e-waste. Why purchase a device that can be systematically deprecated within a short life cycle when such things can be repaired and/or otherwise be repurposed?

I would like to see a graph of average second hand prices of different abandoned products over time. Mark the interesting points like apple not supporting the next version of the OS or blocking app downloads. Perhaps an income estimate of the average user at the interesting points could also be included and/or sales figures of still supported versions.

Ideally, companies should be forced to deposit everything needed for manufacturing a product - 3D designs, software toolchains, PCBs, BOMs, service tooling - at the national archives to be held in trust.

Once the manufacturer ceases supporting a product, everything becomes open source.

This is kind of solved by Right to Repair legislation. It would prevent companies from making exclusivity deals and force them to allow this stuff to be sold to the public - not that they have to sell it themselves, but their partners would be free to.

I don't know if putting the government in charge of maintaining all of that would be the best idea.

Fun fact, CalyxOs managed to lock the bootloader on my Pixel 2... Found out after trying to get stock android back on it. Now I am all set with CalyxOs, so I don't care. I do get an error message that my device is loading a different OS. Not sure how I can get rid of that...

In all fairness, a locked bootloader won't help against exploits in the OS: https://news.ycombinator.com/item?id=28516095

If I'm Snowden, I would be far more concerned about that.

If such snowden like person wants to use such a device, wouldn't he be able to change to lineage os or whatever knowing full well he is now the master of the device or is there malware that persists still ?

Someone could flash a hacked version of lineage when you're not looking.

that is on you

I recently installed LineageOS on my phone, replacing the stock MIUI. I would probably return this phone if I had no other option than to use MIUI. I much prefer the "pure" Android experience.

For many essential and security critical apps to work, like bank apps or the McDonald's app you need to hide the fact you're using a modified system, because of SafetyNet.

This hiding/bypass works for now, because it tricks Google into thinking your device doesn't support hardware attestation, and fallbacking to Basic attestation, which is easier to bypass. Google can at any time flip the switch to require hardware attestation, and your apps will stop working, with no way around it, other than flashing back the stock ROM your device came with and locking the bootloader. At that point I will probably just buy a new phone.

Sure, but your LineageOS only works because Google is forcing manufacturers to pass CTS tests (which ensure that all Android devices are actually compatible with your apps).

If that disappears, you'll end up with apps that only work on Samsung Androids and your LineageOS will stop being compatible. We're essentially going back to horrorshow of SymbianOS, where different Symbian devices weren't compatible between themselves because the OEMs kept fscking up.

(Heck, in early Android versions Samsung tended to break core APIs all the time and caused a lot of churn on developer side to workaround their per-device fsckups. Having to import phones from half a world away so you could see why the video recorder hardcrashes when you call an API is NOT FUN.).

I remember how people were complaining loudly about my app crashing on Meizu phones. Those never passed the CTS, but that didn't stop the manufacturer from preinstalling play services on them. So we had to buy one and I had to decompile the system framework to find a way to work around their shitty modifications to standard UI components to prevent the app from crashing. Fun stuff.

I bought a Miui phone about a week ago. It's on miui 12.5 and it's the first time I've ever used this OS. I expected to hate it because of all the flack it gets. But honestly, it's fine. It's not that different from Android.

I did have to uninstall a load of bloatware using ADB and I added a custom launcher (Niagara).

MIUI is Android though - and it passes strict Google CTS tests so it stays (reasonably) compatible with software.

At least one SafetyNet TZ applet has leaked few years ago

>or the McDonald's app

Excuse me? McDonald's app considers itself security critical now?

I mean, you put your credit card into it, so yeah?

You also put your credit card into your web browser, and it can even store your cards (without the cvc) to autofill them for you.

The web browser is almost certainly security critical -- although maybe it is treated as a special exception because of user expectations.

Yes, but somehow, web browsers never check for "device integrity", and websites just blindly trust that the browser, or whatever it is on the other end, would do whatever it's told. They don't even have a reliable way of telling what kind of device or OS the user is accessing the website from. And everyone seems to be fine with that.

And that's how it should be with apps, too. And people need to be educated to never, ever be so trustful. You lost your savings to a scammer? Well, you'll be more diligent next time.

Yes, and this is a massive security vulnerability

Anything that deals with your financial information usually has security.

Probably because you can pay your meals with it.

Will they also fine Samsung for blocking the user's right to remove manufacturer-bundled cruftware?

Given that Samsung's revenue is about 12% of S. Korea's GDP, I'm guessing that they will not.

Given that the head of Samsung was in prison for bribery of the president(of korea) and then got released on parole for using Covid vaccination as currency I'm guessing that they DEFINITELY will not.


From what I can understand, AFA meant that a manufacturer could lose their license to Google Play Services on _all_ of their devices if they produced _any_ devices using an Android fork. This is a clear abuse of market power.

The entire focus on anti-trust and moved to harm to other (big) businesses - no care about the consumer.

The Anti-fragmentation agreement google makes these folks sign HELPS consumers. Going to be a crazy situation if that goes away, the app you buy on samsung won't work on HTC etc.

If the oems get fragmented enough then it might open up more space for a smaller competitor (ie an open source project) to come fill the gaps, and I certainly wouldn't mind that. Of course it's not a guarantee but I could see it happening - the more dissatisfied the lazy tech nerd segment gets the more we would all band together and try and make the situation better, and also by the competitors becoming more fragmented it might open others up to possibilities they didn't consider previously. (And yes I am putting myself in lazy tech nerd segment at least as far as my phone goes, I've always run cyanogenmod in the past but the last phone I bought I spent a weekend trying to flash lineage and it was annoying enough of a process I ended up back on stock ROM....but I'd certainly be down to try again given the right circumstances.)

This seems like an issue similar to right to repair... let hackers(in the traditional sense) have their place.

It really isn't because the AFA doesn't impact hackers. It's about basically operating a cartel where a single company controls the products of a large number of other companies and illegally binds them for making their own business decisions.

Google held/holds the ability to allow or disallow all product releases Android manufacturers release, including products which do not use Google Play Services.

Tizen became critical to Samsung because Samsung couldn't release a smart fridge with Android in the background without Google's permission, even if they had no intent on it having a traditional app store... because it might constitute a fork of Android.

Who controls the OS controls the browser.

Who controls the browser controls the platform.

Nothing has changed since the mid-1990s.

It's incredible how long the AFA has been known about and how blatantly illegal it is, yet not subject to any significant penalties.

Law moves so freaking slow, this is about a 2013 complaint. Dealing with tech industry crooks requires faster movement than this.

The headline makes it look like this is for the benefit of consumers.

The article makes it clear this ruling is entirely to the benefit of Samsung Electronics.

Meanwhile the only real android competitor is manufactured by one company who doesn't allow even the end user to install apps not directly approved by Apple.

Do you really call iOS a competitor to android? Its like saying KIA is competitor to a Rolls Royce. Androids range from 50USD to anything else. Apple and Google makes phones but they’re not competitors, their market segments, user base have different opinions on what they want and do.

A quick google search actually reveals Apple has 53% of the market in the U.S. [1]

Also, to even compare that Android phones are 'cheaper' is rather bold, there's Samsung flip phones selling for $2000.

[1] https://www.counterpointresearch.com/us-market-smartphone-sh...

US =/= World. And I said 50$ to anything, i never called them cheap.

You insinuated it by alluding to Kia vs. Rolls Royce, which is curious as Apple products are not luxury items, save perhaps the gold "watch edition" iWatch.

Kia has cheap to expensive cars and Rolls Royce has exclusively expensive cars. May be Rolls Royce was a stretch. But I definitely clarified it in that comment itself by saying 50-Anything. Apple may or may not be called luxury items. But they’re viewed as premium items by general public around the world. People look towards iPhone in awe than a samsung galaxy s21 ultra.

Yes iOS is quite obviously a competitor to Android.

Not even in nearest terms, Android users mostly dont want to use iOS. Neither do most of the iOS users want to use Android. Like I said, they both are different kind of things of the same technology. Apple is no where near Android in world level in-terms of competition either. Like I said Kia is not a competitor to Rolls Royce.

Kia is not a competitor to RR because there are loads of luxury car brands that compete with RR and loads of general-to-expensive brands that compete with Kia.

In the smartphone OS market, it doesn't matter if apple is on the luxury spectrum and android is on the general spectrum, because they are the only relevant OSs around (excluding harmony because it doesn't have nearly as much market share as those two).

So yes, android and iOS are competitors, unless other luxury OS pops up to compete with iOS or OSs like harmony become more relevant to compete with android.

If Kia and RR were the only car brands, they'd be competitors of each other because there are "cheap" second hand cars by RR that compete with Kia (like second hand iPhones) and expensive Kia cars that compete with RR (expensive android phones that compete with apple ones).

I feel like you’re strictly comparing things in terms of price and OS. Im trying to say a Kia user wont want to buy RR or RR user wont want to buy a Kia. The comparison im trying to make is, Switch form iOS to Android and vice versa is very rare. You can’t really call two OSes a competitor if their users want two different things. The users of iOS and Android have different views on what their OS means. And People expect different things from an Apple vs Android. No one looks for Android ways in an Apple phone. And apple never even considers how Android ecosystem is before thinking yeah, we need to include it next release. You compete in same segments, not in different segments, or am I wrong about what I think competition is?

I see your point now. But either way, this was the original post:

> only real android competitor is manufactured by one company who doesn't allow even the end user to install apps not directly approved by Apple

Even if android and apple might be strongly separate segments of the smartphone market, since they are the only relevant ones at play (FirefoxOS is no more, harmony doesn't have significant market share and pure Linux is not a thing yet), they are the only competitiors of each other, because, even if not to frequently, we do observe people switching from apple to android and vice versa, people have no other alternative to get a mobile device to run their apps on.

Your point still stands, someone that's on android and want to leave android but doesn't like apple because they run the business in such a dramatic way, might feel like an OS monopoly, because Android and apple are so different from each other. Still, since both run out apps, both run browsers, both (usually) have cameras, etc etc, they are still competitiors, even if very weak ones (your car analogy doesn't apply here anymore, since smartphones and cars are very different, but it was a good analogy till now, but analogies only go so far).

Just for a note — JY Lee just cane out from behind the bars a few weeks ago.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact