Is Google Messages the only messaging app on android that allows RCS interactions? On the iPhone, iMessages is the only app that has direct access to SMS functionality, but I understand that this isn't the case on android. Is this true?
There is a whitelisted set of apps in the OS. Samsung's messenger also is allowed on Samsung devices. They talked about opening the API many years ago and then suddenly stopped talking about it.
For most people, Google Messenger app now uses Google's RCS gateway anyway, so the carrier does not need to support RCS.
I do not know of anyone trying to get carrier-based RCS working with a non Google app using a custom rom with a different whitelisted set of apps, but it sounds to like maybe that would be possible
Additionally, only Google’s is capable of encrypted RCS as far as I’m aware (as the standard does not include that), so using other clients means giving up encryption.
I am not aware of anyone having been managed to connect it to Jibe servers, though. It is completely possible that Google is somehow actively blocking third party implementations, but I don't know for sure.
I think this same expectation in the Apple ecosystem is why I've received single digit spam from their messaging services. I'm sure there's a better way, but I'm sure it's also a game of whack-a-mole and this is just the first whack.
Freedom to root/jailbreak one's phone is not freedom to use a service, if they don't want rooted phones to use their RCS gateway I don't think they should be forced to allow it.
iMessage runs on desktop Macs and can be easily automated there... in fact, how to do it is so trivial and so commonly known that I just asked ChatGPT how to do it and it told me without balking: it is just a handful of lines of AppleScript, as Apple doesn't even try to make it difficult (and arguably has gone out of their way to support it). I am thereby not sure what mechanism you are contemplating that ties the generation of spam to rooted and/or jailbroken devices?
Easily automated does not mean Apple’s servers won’t detect spamming patterns and block that device. If the software is not tied to that device- make up a new identity and keep going. But if it’s tied down with SafetyNet or Apple’s DeviceCheck… that gets expensive. Is it worth buying a Mac Mini if it’s easy to automate but will be blocked in hours?
And what does Apple's servers detecting spamming patterns have to do with rooted/jailbroken devices? iMessage fundamentally is used every day by people who can have as much root as they want on their desktop Mac, and so whatever mechanisms we are talking about that differentiate iMessage from whatever other services can't be cited as an argument to take away freedom to modify your software.
I am not certain, but at a minimum, I suspect that Apple knows a non-rooted device will be incapable of lying about, say, its serial number; whereas a rooted device might make one up and try repeatedly until it finds one that works. The ability to lie about such identifiers makes a device ban impossible to enforce.
And how does that explain Apple not having an issue with you using iMessage on a desktop Mac? Again: we know the anti-spam mechanisms Apple might have in place do not rely on people being unable to root their devices as iMessage runs on desktop Macs (as well as on jailbroken iOS devices, btw, without any need for subterfuge).
Apple simply does not have this restriction that Google is imposing on RCS. Apple's anti-spam comes from a combination of server-side analysis, having a centralized way to enforce bans, and tying accounts to phone numbers, none of which seem to involve banning jailbroken devices as, again: Apple doesn't.
(FWIW, I don't know off the top of my head how Apple ties your iMesaage account to your phone number. I vaguely remember that it involves functionality implemented by the carrier, not just trusting the client, and as RCS definitely has to be supported by the carrier there is no issue deploying such here. Regardless, not only would trusting the client be ridiculously stupid in case it ever got hacked, we can continue to lean into the analysis that Apple does not nor have they ever banned jailbroken iPhones from using iMessage, and so we don't even have to dig deeply: we know their security model doesn't rely on something they don't do.)
Apple has often asserted that software obtained outside their walled garden will do things behind your back on the phone, like using your phone to send spam or collecting your data. I do not agree with this assertion as it implies anyone not playing in their garden is a criminal, but I'd assume these types of behaviors will use that as an excuse.
Apple can't put the genie back in the bottle with macOS, they've been trying though. True root requires a special boot sequence otherwise you really only get pseudo-root. They introduced the AppStore to macOS and it was a huge flop because of how restrictive they made it. Microsoft also tried the same with Windows S on ARM devices and eventually were forced to allow disabling S mode.
Again, I think there is this impression that I agree with any or all of their behaviors. I don't, I'm only reasoning about why and how in some cases it might be one part of a deterrent. Nothing stops me from jumping over a fence, so why put it up to begin with?
We know it isn't part of the deterrent as Apple simply doesn't do this: Apple does not now nor have they ever restricted the use of iMessage on either desktop Macs -- whether their SIP is enabled or not -- nor on jailbroken iPhones. It is thereby nonsensical to look at Google implementing such a restriction and then say it makes sense because Apple manages to keep spam off their platform somehow... we know that is unrelated to how Apple pulls that off as Apple literally doesn't do this thing.
I can bypass HDCP trivially, but it's still there. I'm not arguing its effectiveness, but maybe it's a just one of many defense in-depth solutions they intend to implement. I'm guessing if they block jailbroken devices that it may include emulated devices as well.
p.s. had to do a double take when I saw your name, been a while since I've done anything jailbreak related with iOS but I really appreciated all the work you did when I did. <3
You don't actually have that freedom - the DMCAs anti-circumvention provision robbed you of the right to unlock your own property. You are merely permitted by the manufacturer to root them, and sometimes, for a 3-year period, the copyright office will let you do it too [1].
The company you are defending, and others like it, use every legal, contractual, technical, and economic means to restrict what you may do, so they can sell it back to you, and so they can control which companies can do it, stopping competition before it can even start. The recent ban on open-source HDMI drivers is another such example [2].
A. I'm not defending the company, only their right to refuse service under their own terms.
B. I think all devices and media legally purchased should be open and able to be modified in both form and function by the owner of said devices or media.
C. Being entitled to fully own one's device does not come with an entitlement to utilize online services of a 3rd party.
I understand your position but please try not to put words in my mouth.
Let me describe exactly how you are defending them then, if you really think you aren't:
"this same expectation in the Apple ecosystem is why I've received single digit spam from their messaging services" implies it can be justified as an anti-spam measure that open services can't match. But I've received also single-digit spam (cumulative over multiple years, not per year) on the WhatsApp running on my rooted Android. Nor would this even hypothetically stop non-RCS spam.
In general, companies always have some convenient excuse to cover their user-hostile moves. HP bricked printers using 3rd party ink for "security". Uncritically believing them, or even inventing excuses for them, is defending them.
"if they don't want rooted phones to use their RCS gateway I don't think they should be forced to allow it" - so we've established these companies are actively hostile to your freedom to use your property as you wish. But you are willing to disregard any monopoly/market-power abuse concerns, and grant them the freedom that they deny you (you used "should", so I assume you're not giving a mere factual description of what you think the law is). Just like letting Bell charge extra for using competitor's equipment [1] has ill effects on the market (try selling a phone when all your customers will have to pay an extra monthly fee to Bell for using it) and was rightly banned, so does letting the Google/Apple duopoly control smartphone software. Saying they should be allowed to continue to abuse and expand their market power is a defense of these companies, or rather, is a defense specifically of their anti-competitive and user-hostile practices.
The difference between a "defense" that merely seeks to correct facts, and one that justifies behavior, can be subtle (e.g. "this is necessary to fight spam" vs. "this was done to fight spam" vs. "there was no other way to fight spam"), but I think your phrasing put you in the latter category.
Edit as reply: "I think" and "I believe" do not meaningfully change your position. "I think action X is justified because of Y" and "Action X is justified because of Y" only differ in implied certainty, not in quality.
You conveniently left out "I think" in the first quote yet speak about subtle differences in phrasing. Please practice what you preach. I stated that I believe Apple's controls have resulted in less spam. Is that a defense of their behaviors? I think they should have opened up standards compliant gateways long ago and put the onus of spam control on the gateway operators with clearly defined repercussions for failure to control spam. I said in another comment I would like something akin to the IANA and BGP model of peering.
Why do we have to be absolutists? Why can't I buy into a platform that has the features I want and not the features that don't matter to me? It really weakens your position when you say "actively hostile to your freedom" yet I could have purchased an unlocked, rootable, Android phone. I even have several older ones in a box, my HTC One M8 was awesome. Guess what I chose in the end? Guess what I've had the best experience with? I am enjoying my freedom. Could it be better? YES ABSOLUTELY! Can we do that without being absolutists in either direction? YES ABSOLUTELY!
I can't stand the HDMI LA, they remind me so much of the MPEG LA. It's the same tactics over and over again, take an existing standard or create an open standard, release freely, then iterate and put future versions behind pay-wall and NDA.
HEVC is another example of this B.S. in the industry. STOP TRYING TO MAKE PAYWALLED/NDA'D STANDARDS A THING A-HOLES.
Reminder that in the United States; open standards and patent licensing are not incompatible.
HEVC, for example, has public documents how to implement it. You can get all the specs right now. You don’t even need to pay for the standard itself. You do, however, need to pay the people who own patents on algorithms used within the open standard.
Do I like it? No. But when there’s 50-100 patent claimants, that’s where MPEG LA shows up to simplify things. You don’t strictly need MPEG LA if you don’t mind negotiating with every patent holder individually.
Hilariously, legally, software seems to be unpatentable in both the US [1] and EU [2]. Yet those laws are routinely ignored, and we continue to be plagued by software patents.
[2] https://en.wikipedia.org/wiki/Software_patents_under_the_Eur... - The wiki states that because of the "as such" clause, the exclusion of software patents does not apply to software that does anything inventive or solves a technical problem. But those are already requirements of patentability for anything, software or not. In other words, this interpretation of "as such" renders that entire clause totally meaningless - it could be struck entirely from the law, and software would be no more or less patentable. Clearly such a reading is absurd, and only shows the willingness of courts to ignore law for business interests.
You are right, I conflated the two a bit there. It is an important distinction/difference but with a similar outcome. Especially egregious to me that often the people pushing the newer standards are the same ones signing on to be part of the patent pool. I guess my feeling is that if you want to make it a standard, it should be unencumbered by patents, paywalls, and NDAs. Otherwise how can you expect me to implement the standard?
These companies often make these advancements because it's beneficial to their bottom line, because they can utilize fewer resources or provide a better product to their customers. They then expect everyone to implement their standards so they can reap the benefit of those changes with all their customers.
> I guess my feeling is that if you want to make it a standard, it should be unencumbered by patents, paywalls, and NDAs. Otherwise how can you expect me to implement the standard?
Well, when you are developing a standard, there is no guarantee that every person who owns a patent will reveal themselves. There’s no guarantee your due diligence will find them all either. You could develop a completely open standard, someone announces they’ve got a patent, and if they win in court, that’s the end of it being an open standard.
> These companies often make these advancements because it's beneficial to their bottom line, because they can utilize fewer resources or provide a better product to their customers.
That’s just called business. That’s not evil, and if Linux didn’t benefit their bottom line, it would not be usable today (considering over 90% of contributions are from the big evil companies).
> Freedom to root/jailbreak one's phone is not freedom to use a service, if they don't want rooted phones to use their RCS gateway I don't think they should be forced to allow it.
The whole argument that Google has been making for RCS is that it's open. However, that isn't actually the case. You're only allowed to use Google's apps (or Samsung's since they had enough market power to force Google to make an exception for them). RCS isn't an open service. It's just Google's chat service that they got carriers to adopt claiming it was open.
Google used RCS as a trojan horse to get the whole Android ecosystem to move to a chat service they control - and where they receive all the unencrypted meta-data. They block competing apps from getting access. Google got up on its high horse about supporting an open standard when that was a complete fabrication.
I agree, RCS should have never been adopted as the messaging standard. We have had several open standards that accomplished nearly all the same goals. Personally I believe a federated standard should have been created, one that would allow people to host their own gateways and easily peer with the large carriers. Maybe something akin to the way IANA and BGP operate.
Hasn't this been the case since RCS has existed? I've never seen anyone get it working on a custom ROM. RCS simply isn't a solution until it doesn't rely on Google.
Roll your own distro.. provide your own RCS services. As lame as it may be sound, you wanted out of the Google ecosystem, right? Can't eat your cake too bros.
It is unfortunate that the company that became incredibly successful, at least partly, because of the hackability of Linux and open source software is now actively working to suppress hackability.
I recently had to unroot my phone since it was too much pain. Almost all apps were constantly fighting to not be allowed to run. After a while, I had a variety of root-hiding modules installed on Magisk, and every time I downloaded and installed a new app, the dread was there that it would not work because of root.
War on General Computing[1] is here. For some reason, most people do not seem to care that they do not have full control of the devices that they bought with their own hard-earned money.
It is one of those rare cases where 'your choices affect my choices' and therefore not meshing with the idea that maximum individual freedom is always a good thing. Therefore, I don't think this can be solved by market forces- we may need some regulation. I think it would be fair to ask the companies to allow the apps to run on a rooted device so long as the user takes responsibility for any resulting losses. Any service provider should still be responsible for securing their own systems though.
Getting rid of rooting is not a "war on general computing." General computing means that you can write a wide variety of software for them instead of the computer being meant for a specific use case. The app platform on Android allows for such a variety of apps. Just because it's not possible for an app to record your microphone without asking the user for permission that doesn't mean that the phone isn't general purpose.
"Installing software you want" and "getting access to the root user" are not the same thing either. The root user is a means to an end and not the end in itself for one's desires they have with a computer.
When Google decides that you're not allowed to install a piece of software you want on a non-rooted device (such as a phone call recorder or an ad blocker), and the only way to bypass those restrictions is using root access, then they become the same thing.
Side note I'm super sad the fabric connected hard drives that were popping up seem to have vanished. Drives already run pretty fancy ARM controllers; having a 2.5Gbit network connection out would be such a sweet sweet sweet game changer.
I mean... yes? If a disk has firmware that prevents the owner from destroying it when desired, that's really not okay. It even has a practical angle in cases where you need to make a disk unreadable.
One unstated part of that "if I don't have root on my device" statement is "...and someone else does have root on my device". On normal Android, Google does have root on your device, while you don't. For instance, whenever you tell the Android Market app (nowadays caled "Google Play Store", but internally it's still the same app) to install an application, it doesn't actually install the application; it tells the Google servers to ask your device to install the application, and a highly privileged service on your device does the actual download and installation.
Said service is highly privileged because it's signed with a key only Google has; several system services have special access (root-equivalent, or even actual root) to your device, and these are signed by the Google key. Some of these can be remotely updated, and this update is silent (I had long ago written a small app found at https://github.com/cesarb/packageaddedremovednotifier to notify me about these silent installs, but it depended on a notification which is no longer broadcast on more recent Android versions; it was instructive for me to notice how often Android Market and one other app were silently updated).
It's true that you don't have root on your hard disk (until you connect to its serial console pins and notice that it doesn't even ask for a password before giving you full access to all its low-level commands), but neither does anyone else.
Root access is meaningless on a user build of Android. Android is designed such that the root account is not needed and it is locked down using SELinux.
> to notify me about these silent installs, but it depended on a notification which is no longer broadcast on more recent Android versions
I built a test app on Android 14 and I was able to get the broadcast you are referring to. The changes which the app you linked has not adapted to is that since Android 8 you need to use Context.registerReceiver() to register an implicit broadcast receiver for those actions [1] and since Android 11 you need to use a <queries> tag (or query all permission) in order to get visibility of other apps on the system [2].
they suppressed hackability since the beginning though, but of course not as much as Apple... For example, by default, they block native Linux apps, block ad-hoc WiFi, rooting your device can be a pain, etc
I’m not that pessimistic. The world ebbs and flows.
There was a time when if you wanted an app, it had to be for Windows. It needed to be digitally signed (for good reason) not long later. Good luck moving it to any other platform. Also, good luck getting past corporate IT departments.
Then, the internet got better. Anyone could make a program that ran on any device. Later, we need pseudo-signing for that too, but it was nowhere near as intensive to get.
Desktop computers have never been a free for all. It ebbs and flows. Less freedom on system apps, greater freedom for web apps is the new vogue.
Let’s also not forget the motivation for this - people learned to be terrified of installing software. Remember Windows 10 and 11 S mode? Microsoft claims 60% of users never leave that mode to install even one app outside the Microsoft Store. That’s how much the “Normie” has learned to fear programs, and I think that there’s some blame to be had there. We desired freedom at the expense of the normal user. The normal user has rebelled and rejected freedom voluntarily.
The “Normie” user is perfectly content with a walled garden and a big tech company “securing” their experience. They’ve had their taste of freedom with Windows in the 90s and 2000s and fear it immensely. Blue screens, viruses, clunky software, broken updates, unreliable - but free. Unlike iPhone: Automatic updates, no crashes, viruses almost nonexistent, reliable and simple. Not technically free, but it feels free enough. We don’t really have anyone but ourselves (tech enthusiasts in general) to blame.
I can’t overstate this enough: We want freedom? We need to break the well-earned cultural stereotype that freedom equals a terrible experience.
They don't effing know and most people don't have the mental stack or attention span to make it through an explanation of the factors/consequences involved.
Believe me, I've tried hard to get things boiled down for the layman. We're at a point we're literally speaking languages that have no commonly relatable interpersonal equivalent.
It's much more simple: Normal people (read: not us) buy computers to accomplish a given task, computers are merely tools; a computer and a can opener are exactly the same thing. If the computer serves its user's purpose, that's all that matters.
That is to say: Normal people couldn't care less about fleedumb and rible. Normal people care about getting shit done; presently, locked down smartphones get shit done better than any other computational device for normal people.
I also buy computers and phones to accomplish task.
Those task are, however, way more diverse than task people you are referring to are willing to accomplish.
> There was a time when if you wanted an app, it had to be for Windows. [...] Desktop computers have never been a free for all.
You're not going back far enough (as shown by your statement mentioning only Windows). Back in the MS-DOS days, there was no technical block to doing whatever you wanted with your system. It's no coincidence that Linux originated in these days; the openness of PC clones running one of the DOS variants (MS-DOS wasn't the only one) allowed for the full replacement of the operating system with nearly zero effort. You didn't even have to change the boot sector; a DOS program (LOADLIN.EXE) could completely switch the currently running operating system.
Things are much more locked down in desktop computers nowadays, and the only reason they aren't completely locked down is that Linux had already become popular enough to convince Microsoft to allow for a backdoor (actually a pair of backdoors: signing by Microsoft for popular distributions, and manual disabling for less popular distributions and development).
> [...] people learned to be terrified of installing software. [...] Microsoft claims 60% of users never leave that mode to install even one app outside the Microsoft Store. That’s how much the “Normie” has learned to fear programs, [...]
Is it fear, or is it just convenience? If everything you want or need at that moment is on whatever software store you have (be it the Microsoft Store or Steam or something else), there's not much incentive to look beyond it. It's like what's been said about video streaming providers: once every show you wanted was on a single streaming provider, there was not much incentive anymore to look around on seedy corners of the web for movies, but once that convenience is no longer available (because said provider no longer has the media you want), people once again look for alternatives.
(As an aside, think about the reason "developer mode" in more recent Android versions is hidden behind a secret knock on a disused corner at the bottom of the settings application: if it weren't a hidden setting, "normal users" would enable it. The same with bypassing some security warning pages in the desktop Chrome browser. If "normal users" really feared freedom, they would stay away from these options without the need to hide them.)
To me, this situation only serves to illustrate the importance of computer owners optionally being able to create systems "from scratch". Versus the only option being to use some "we-already-did-the-work-for-you" facility such as a "software development kit" or whatever the terminology is these days.
Custom ROMs might seem like "building from scratch" but to me, it is still far from it. People are still stuck following rules made by someone else, and not the hardware manufacturer. Those rules can change any time, for any reason, long after purchase. Google's ability to easily frustrate people trying to control their pocket-sized computers suggests that whatever control they are able to achieve, it is not enough.
Until I can run NetBSD on an old "phone", or some other pocket-sized computer with similar form factor, I'm not satisfied.
I don't share your experience wrt apps and root checks at all. Only once in a blue moon do I encounter an app that does this, and when they do it's just a good reason not to use it.
In the rest of the cases, say games, the basic root hiding of magisk/kernelsu do wonders, and since recently w/ kernelsu the safetynet bypass comes out of the box. Of course, I avoid relying on this for anything I can't go without.
That said, a big part of this experience might be related to how I primarily run applications from F-Droid these days. The free software app ecosystem is absolutely massive and very mature compared to when I first went gapps-less around 2015, to the point it's rare for me to use anything from the android market at all.
Disgusting behavior by Google, and even more since it's essentially a shadow ban.
First DRM-ed content, now messaging.
Android should just say they don't allow bootloader unlocking outright anymore, then maybe we can move onto an actually free and open source operating system not ran by an advertising company.
Can someone explain what "security mechanisms" an Android phone has built-in that are "destroyed" when a phone is rooted or custom ROM is installed such that banking apps, etc. deny to open up?
If I understand right, rooting means getting administrative privileges like using sudo. But can't they be turned off even after flashing custom ROM? If yes, then why do those app deny to work if the phone uses custom ROM irrespective of rooting status.
(I'm a newbie in custom ROMS concept, so my assumptions above could be massively wrong :) )
Google's safetynet works by downloading a frequently updating and obfuscated binary from google and running it with the highest possible privileges (ARM trustzone on modern phones, bypasses the kernel), which then verifies the integrity of your system against a google-vetted list, preventing any sort of modification, root or not.
This is going to become nigh-impossible to bypass in the future as the binary is encrypted and verifies its signature, and encrypts the response with device-specific keys only available in trustzone. The current bypasses involve spoofing the uavailability of trustzone.
a. Being rooted or in other abnormal device states is (perceived to be?) associated with fraud against the service provider. That's because it's hard to tell the difference between a device in which only the legit user has control, and one that's been remotely rooted by malware (in theory this can be done by using remote attestation but this requires a non-rootable supervisor layer to do that protocol, so you end up going around in circles as root is then not really root).
b. Users not having root means the service provider can (to some extent) reason about how the app will behave regardless of user wishes, which makes it easier to suppress abuse. As Google explain clearly in the article, this is done as an anti-spam measure. If the user doesn't have root then the OS can block automation of the app, protect signing keys, do remote attestations etc and that makes spamming much harder (you can't emulate the protocol). If the user has root then they can just inject code into the RCS app's address space and control it directly.
Consider also why games consoles don't give you root. It's because gaming is a two or three or even four sided transaction (gamer, game developer, console developer who sells at a loss and makes it up on licensing fees, other gamers on multiplayer). If you privilege one party over all the others then the ecosystem fails, so every successful platform exercises tight control over the purchaser of the hardware to ensure the other parties involved have their needs also respected.
There's a thing called Trusted Execution Environments, they're provisioned by the phone manufacturer which is why most people who play with ROMs aren't familiar with them either. But they're heavily related to TPMs.
Basically TEEs allow code to be executed that the OS has no control over and the OS cannot hope to even touch the memory, it's hardware separated by the SoC (system on chip). There are cryptographic accelerators which can be used to sign things and encrypt things, again which the OS has no ability to see this and secrets can be held in ways that the OS can never touch.
Use of the TEE depends on the bootloader being signed and the OS boot process being authenticated. There are other aspects around Android as well, not specifically related to TEE, around user processes never being able to have privileged access, but TEE is a less known part of the modern Android ecosystem.
Please, tell me more about how RCS is the savior and if only Apple would get off their butts and implement it we'd have a perfect utopia...
RCS from almost the start has been heavily controlled by Google and even if it wasn't, it's a bad standard. The idea that we'd wanted to give the carriers control over anything or tie more to our phone numbers is laughable. The lack of encryption (and no, Google's own flavor of encryption doesn't count) is just the cherry on top of a shit sundae.
RCS is irrelevant, I barely use SMS, everything I use is either WhatsApp or a little Telegram right now (I have Signal but that's also largely irrelevant).
70 comments
[ 113 ms ] story [ 2495 ms ] threadFor most people, Google Messenger app now uses Google's RCS gateway anyway, so the carrier does not need to support RCS.
I do not know of anyone trying to get carrier-based RCS working with a non Google app using a custom rom with a different whitelisted set of apps, but it sounds to like maybe that would be possible
- to be able to access Internet
- to be able to read incoming SMS messages for identification
- to implement a full RCS client stack of your own.
There is an open source RCS client library in existence: https://github.com/Hirohumi/rust-rcs-core
I am not aware of anyone having been managed to connect it to Jibe servers, though. It is completely possible that Google is somehow actively blocking third party implementations, but I don't know for sure.
Freedom to root/jailbreak one's phone is not freedom to use a service, if they don't want rooted phones to use their RCS gateway I don't think they should be forced to allow it.
Apple simply does not have this restriction that Google is imposing on RCS. Apple's anti-spam comes from a combination of server-side analysis, having a centralized way to enforce bans, and tying accounts to phone numbers, none of which seem to involve banning jailbroken devices as, again: Apple doesn't.
(FWIW, I don't know off the top of my head how Apple ties your iMesaage account to your phone number. I vaguely remember that it involves functionality implemented by the carrier, not just trusting the client, and as RCS definitely has to be supported by the carrier there is no issue deploying such here. Regardless, not only would trusting the client be ridiculously stupid in case it ever got hacked, we can continue to lean into the analysis that Apple does not nor have they ever banned jailbroken iPhones from using iMessage, and so we don't even have to dig deeply: we know their security model doesn't rely on something they don't do.)
Apple can't put the genie back in the bottle with macOS, they've been trying though. True root requires a special boot sequence otherwise you really only get pseudo-root. They introduced the AppStore to macOS and it was a huge flop because of how restrictive they made it. Microsoft also tried the same with Windows S on ARM devices and eventually were forced to allow disabling S mode.
Again, I think there is this impression that I agree with any or all of their behaviors. I don't, I'm only reasoning about why and how in some cases it might be one part of a deterrent. Nothing stops me from jumping over a fence, so why put it up to begin with?
p.s. had to do a double take when I saw your name, been a while since I've done anything jailbreak related with iOS but I really appreciated all the work you did when I did. <3
You don't actually have that freedom - the DMCAs anti-circumvention provision robbed you of the right to unlock your own property. You are merely permitted by the manufacturer to root them, and sometimes, for a 3-year period, the copyright office will let you do it too [1].
The company you are defending, and others like it, use every legal, contractual, technical, and economic means to restrict what you may do, so they can sell it back to you, and so they can control which companies can do it, stopping competition before it can even start. The recent ban on open-source HDMI drivers is another such example [2].
[1] https://www.eff.org/is-it-illegal-to-unlock-a-phone
[2] https://arstechnica.com/gadgets/2024/02/hdmi-forum-to-amd-no...
I understand your position but please try not to put words in my mouth.
"this same expectation in the Apple ecosystem is why I've received single digit spam from their messaging services" implies it can be justified as an anti-spam measure that open services can't match. But I've received also single-digit spam (cumulative over multiple years, not per year) on the WhatsApp running on my rooted Android. Nor would this even hypothetically stop non-RCS spam.
In general, companies always have some convenient excuse to cover their user-hostile moves. HP bricked printers using 3rd party ink for "security". Uncritically believing them, or even inventing excuses for them, is defending them.
"if they don't want rooted phones to use their RCS gateway I don't think they should be forced to allow it" - so we've established these companies are actively hostile to your freedom to use your property as you wish. But you are willing to disregard any monopoly/market-power abuse concerns, and grant them the freedom that they deny you (you used "should", so I assume you're not giving a mere factual description of what you think the law is). Just like letting Bell charge extra for using competitor's equipment [1] has ill effects on the market (try selling a phone when all your customers will have to pay an extra monthly fee to Bell for using it) and was rightly banned, so does letting the Google/Apple duopoly control smartphone software. Saying they should be allowed to continue to abuse and expand their market power is a defense of these companies, or rather, is a defense specifically of their anti-competitive and user-hostile practices.
The difference between a "defense" that merely seeks to correct facts, and one that justifies behavior, can be subtle (e.g. "this is necessary to fight spam" vs. "this was done to fight spam" vs. "there was no other way to fight spam"), but I think your phrasing put you in the latter category.
[1] https://en.wikipedia.org/wiki/Bell_System#Nationwide_monopol...
Edit as reply: "I think" and "I believe" do not meaningfully change your position. "I think action X is justified because of Y" and "Action X is justified because of Y" only differ in implied certainty, not in quality.
Why do we have to be absolutists? Why can't I buy into a platform that has the features I want and not the features that don't matter to me? It really weakens your position when you say "actively hostile to your freedom" yet I could have purchased an unlocked, rootable, Android phone. I even have several older ones in a box, my HTC One M8 was awesome. Guess what I chose in the end? Guess what I've had the best experience with? I am enjoying my freedom. Could it be better? YES ABSOLUTELY! Can we do that without being absolutists in either direction? YES ABSOLUTELY!
HEVC is another example of this B.S. in the industry. STOP TRYING TO MAKE PAYWALLED/NDA'D STANDARDS A THING A-HOLES.
HEVC, for example, has public documents how to implement it. You can get all the specs right now. You don’t even need to pay for the standard itself. You do, however, need to pay the people who own patents on algorithms used within the open standard.
Do I like it? No. But when there’s 50-100 patent claimants, that’s where MPEG LA shows up to simplify things. You don’t strictly need MPEG LA if you don’t mind negotiating with every patent holder individually.
[1] https://en.wikipedia.org/wiki/Software_patents_under_United_...?
[2] https://en.wikipedia.org/wiki/Software_patents_under_the_Eur... - The wiki states that because of the "as such" clause, the exclusion of software patents does not apply to software that does anything inventive or solves a technical problem. But those are already requirements of patentability for anything, software or not. In other words, this interpretation of "as such" renders that entire clause totally meaningless - it could be struck entirely from the law, and software would be no more or less patentable. Clearly such a reading is absurd, and only shows the willingness of courts to ignore law for business interests.
These companies often make these advancements because it's beneficial to their bottom line, because they can utilize fewer resources or provide a better product to their customers. They then expect everyone to implement their standards so they can reap the benefit of those changes with all their customers.
Well, when you are developing a standard, there is no guarantee that every person who owns a patent will reveal themselves. There’s no guarantee your due diligence will find them all either. You could develop a completely open standard, someone announces they’ve got a patent, and if they win in court, that’s the end of it being an open standard.
> These companies often make these advancements because it's beneficial to their bottom line, because they can utilize fewer resources or provide a better product to their customers.
That’s just called business. That’s not evil, and if Linux didn’t benefit their bottom line, it would not be usable today (considering over 90% of contributions are from the big evil companies).
The whole argument that Google has been making for RCS is that it's open. However, that isn't actually the case. You're only allowed to use Google's apps (or Samsung's since they had enough market power to force Google to make an exception for them). RCS isn't an open service. It's just Google's chat service that they got carriers to adopt claiming it was open.
Google used RCS as a trojan horse to get the whole Android ecosystem to move to a chat service they control - and where they receive all the unencrypted meta-data. They block competing apps from getting access. Google got up on its high horse about supporting an open standard when that was a complete fabrication.
https://en.wikipedia.org/wiki/Rich_Communication_Services
I recently had to unroot my phone since it was too much pain. Almost all apps were constantly fighting to not be allowed to run. After a while, I had a variety of root-hiding modules installed on Magisk, and every time I downloaded and installed a new app, the dread was there that it would not work because of root.
War on General Computing[1] is here. For some reason, most people do not seem to care that they do not have full control of the devices that they bought with their own hard-earned money.
It is one of those rare cases where 'your choices affect my choices' and therefore not meshing with the idea that maximum individual freedom is always a good thing. Therefore, I don't think this can be solved by market forces- we may need some regulation. I think it would be fair to ask the companies to allow the apps to run on a rooted device so long as the user takes responsibility for any resulting losses. Any service provider should still be responsible for securing their own systems though.
[1] https://www.youtube.com/watch?v=HUEvRyemKSg
Said service is highly privileged because it's signed with a key only Google has; several system services have special access (root-equivalent, or even actual root) to your device, and these are signed by the Google key. Some of these can be remotely updated, and this update is silent (I had long ago written a small app found at https://github.com/cesarb/packageaddedremovednotifier to notify me about these silent installs, but it depended on a notification which is no longer broadcast on more recent Android versions; it was instructive for me to notice how often Android Market and one other app were silently updated).
It's true that you don't have root on your hard disk (until you connect to its serial console pins and notice that it doesn't even ask for a password before giving you full access to all its low-level commands), but neither does anyone else.
Root access is meaningless on a user build of Android. Android is designed such that the root account is not needed and it is locked down using SELinux.
> to notify me about these silent installs, but it depended on a notification which is no longer broadcast on more recent Android versions
I built a test app on Android 14 and I was able to get the broadcast you are referring to. The changes which the app you linked has not adapted to is that since Android 8 you need to use Context.registerReceiver() to register an implicit broadcast receiver for those actions [1] and since Android 11 you need to use a <queries> tag (or query all permission) in order to get visibility of other apps on the system [2].
[1] https://developer.android.com/about/versions/oreo/background...
[2] https://developer.android.com/training/package-visibility
There was a time when if you wanted an app, it had to be for Windows. It needed to be digitally signed (for good reason) not long later. Good luck moving it to any other platform. Also, good luck getting past corporate IT departments.
Then, the internet got better. Anyone could make a program that ran on any device. Later, we need pseudo-signing for that too, but it was nowhere near as intensive to get.
Desktop computers have never been a free for all. It ebbs and flows. Less freedom on system apps, greater freedom for web apps is the new vogue.
Let’s also not forget the motivation for this - people learned to be terrified of installing software. Remember Windows 10 and 11 S mode? Microsoft claims 60% of users never leave that mode to install even one app outside the Microsoft Store. That’s how much the “Normie” has learned to fear programs, and I think that there’s some blame to be had there. We desired freedom at the expense of the normal user. The normal user has rebelled and rejected freedom voluntarily.
The “Normie” user is perfectly content with a walled garden and a big tech company “securing” their experience. They’ve had their taste of freedom with Windows in the 90s and 2000s and fear it immensely. Blue screens, viruses, clunky software, broken updates, unreliable - but free. Unlike iPhone: Automatic updates, no crashes, viruses almost nonexistent, reliable and simple. Not technically free, but it feels free enough. We don’t really have anyone but ourselves (tech enthusiasts in general) to blame.
I can’t overstate this enough: We want freedom? We need to break the well-earned cultural stereotype that freedom equals a terrible experience.
Take your "walled gardens" and stuff it. Not everyone wishes to be boxed in that way.
Yes, everyone on Hacker News doesn’t want to be boxed in this way.
In the real world, literally nobody gives a darn about Apple having an iOS monopoly. They love their iPhones, they hate their laptops. Why is that?
Feels like unsubstantiated generalisation.
Source(s)?
Believe me, I've tried hard to get things boiled down for the layman. We're at a point we're literally speaking languages that have no commonly relatable interpersonal equivalent.
As a friend of mine says “oh no you’re confused, this is MY phone…” and then mutters to himself, whose phone is this anyway?
That is to say: Normal people couldn't care less about fleedumb and rible. Normal people care about getting shit done; presently, locked down smartphones get shit done better than any other computational device for normal people.
You're not going back far enough (as shown by your statement mentioning only Windows). Back in the MS-DOS days, there was no technical block to doing whatever you wanted with your system. It's no coincidence that Linux originated in these days; the openness of PC clones running one of the DOS variants (MS-DOS wasn't the only one) allowed for the full replacement of the operating system with nearly zero effort. You didn't even have to change the boot sector; a DOS program (LOADLIN.EXE) could completely switch the currently running operating system.
Things are much more locked down in desktop computers nowadays, and the only reason they aren't completely locked down is that Linux had already become popular enough to convince Microsoft to allow for a backdoor (actually a pair of backdoors: signing by Microsoft for popular distributions, and manual disabling for less popular distributions and development).
> [...] people learned to be terrified of installing software. [...] Microsoft claims 60% of users never leave that mode to install even one app outside the Microsoft Store. That’s how much the “Normie” has learned to fear programs, [...]
Is it fear, or is it just convenience? If everything you want or need at that moment is on whatever software store you have (be it the Microsoft Store or Steam or something else), there's not much incentive to look beyond it. It's like what's been said about video streaming providers: once every show you wanted was on a single streaming provider, there was not much incentive anymore to look around on seedy corners of the web for movies, but once that convenience is no longer available (because said provider no longer has the media you want), people once again look for alternatives.
(As an aside, think about the reason "developer mode" in more recent Android versions is hidden behind a secret knock on a disused corner at the bottom of the settings application: if it weren't a hidden setting, "normal users" would enable it. The same with bypassing some security warning pages in the desktop Chrome browser. If "normal users" really feared freedom, they would stay away from these options without the need to hide them.)
Custom ROMs might seem like "building from scratch" but to me, it is still far from it. People are still stuck following rules made by someone else, and not the hardware manufacturer. Those rules can change any time, for any reason, long after purchase. Google's ability to easily frustrate people trying to control their pocket-sized computers suggests that whatever control they are able to achieve, it is not enough.
Until I can run NetBSD on an old "phone", or some other pocket-sized computer with similar form factor, I'm not satisfied.
In the rest of the cases, say games, the basic root hiding of magisk/kernelsu do wonders, and since recently w/ kernelsu the safetynet bypass comes out of the box. Of course, I avoid relying on this for anything I can't go without.
That said, a big part of this experience might be related to how I primarily run applications from F-Droid these days. The free software app ecosystem is absolutely massive and very mature compared to when I first went gapps-less around 2015, to the point it's rare for me to use anything from the android market at all.
Discussion over here: https://news.ycombinator.com/item?id=39567226
First DRM-ed content, now messaging.
Android should just say they don't allow bootloader unlocking outright anymore, then maybe we can move onto an actually free and open source operating system not ran by an advertising company.
If I understand right, rooting means getting administrative privileges like using sudo. But can't they be turned off even after flashing custom ROM? If yes, then why do those app deny to work if the phone uses custom ROM irrespective of rooting status.
(I'm a newbie in custom ROMS concept, so my assumptions above could be massively wrong :) )
This is going to become nigh-impossible to bypass in the future as the binary is encrypted and verifies its signature, and encrypts the response with device-specific keys only available in trustzone. The current bypasses involve spoofing the uavailability of trustzone.
a. Being rooted or in other abnormal device states is (perceived to be?) associated with fraud against the service provider. That's because it's hard to tell the difference between a device in which only the legit user has control, and one that's been remotely rooted by malware (in theory this can be done by using remote attestation but this requires a non-rootable supervisor layer to do that protocol, so you end up going around in circles as root is then not really root).
b. Users not having root means the service provider can (to some extent) reason about how the app will behave regardless of user wishes, which makes it easier to suppress abuse. As Google explain clearly in the article, this is done as an anti-spam measure. If the user doesn't have root then the OS can block automation of the app, protect signing keys, do remote attestations etc and that makes spamming much harder (you can't emulate the protocol). If the user has root then they can just inject code into the RCS app's address space and control it directly.
Consider also why games consoles don't give you root. It's because gaming is a two or three or even four sided transaction (gamer, game developer, console developer who sells at a loss and makes it up on licensing fees, other gamers on multiplayer). If you privilege one party over all the others then the ecosystem fails, so every successful platform exercises tight control over the purchaser of the hardware to ensure the other parties involved have their needs also respected.
Basically TEEs allow code to be executed that the OS has no control over and the OS cannot hope to even touch the memory, it's hardware separated by the SoC (system on chip). There are cryptographic accelerators which can be used to sign things and encrypt things, again which the OS has no ability to see this and secrets can be held in ways that the OS can never touch.
Use of the TEE depends on the bootloader being signed and the OS boot process being authenticated. There are other aspects around Android as well, not specifically related to TEE, around user processes never being able to have privileged access, but TEE is a less known part of the modern Android ecosystem.
RCS from almost the start has been heavily controlled by Google and even if it wasn't, it's a bad standard. The idea that we'd wanted to give the carriers control over anything or tie more to our phone numbers is laughable. The lack of encryption (and no, Google's own flavor of encryption doesn't count) is just the cherry on top of a shit sundae.