May 31 AT 8:27 AM Russell Holly 23 Comments

Stop Celebrating: HTC’s unknown Bootloader policy [OPINION]

For the Android modder community, it’s been an emotional couple of weeks. When the HTC Sensation and the HTC Evo3D were announced, there was a great deal of excitement. Each of these devices have a fantastic look and feel to them, and they come with some of the first dual core Snapdragon processors from Qualcomm. Combined with the latest version of HTC’s SenseUI, which is a tremendous improvement over what was already hailed as one of the best Android UI’s, these devices were gaining popularity at an alarming rate.

That is, of course, until it was revealed that these devices would come equipped with HTC’s shiny new cryptographic signature based bootloader. Anger filled the social networks of the world, followed by plans of mass exodus. The Cyanogenmod developer team announced that they had no plans to work with devices locked down in such a way, and even began recommending users switch to LG Android devices. Nearly a week later, HTC’s Facebook page assured the masses that they were “reviewing” their bootloader policy.

Within hours, the internet had mobilized in the form of Facebook comments, thousands of tweets, and petitions all across the web in the hopes that HTC would reconsider. Then, late Thursday night, something that smells oddly like success happened; HTC’s Facebook page had announced, in the form of a message from the CEO of HTC, that they will “no longer be locking the bootloaders on our devices.” As quickly as the internet turned to rage, it turned to sheer rapturous joy. Over 7,700 “likes” on the facebook page, and tens of thousands of tweets and Facebook comments cheering and celebrating this decision were, and still are, being spread across the social universe. Only, what exactly are we all celebrating?

For all intents and purposes, it seems pretty likely that HTC pulled the wool over our eyes, and we not only accepted it, but proceeded to thank them! As a lover of HTC products myself, I’m aware that these seem like harsh sentiments. They come, however, at the disturbing realization that a vast majority have no idea what has actually happened, and more importantly what has been happening to bring us to this point. HTC announced that they would no longer be locking their bootloaders, right? Let’s take a look at what this actually is.

For starters, it is important to point out that prior to the implementation of cryptographic signatures, HTC’s devices were not fully open. Every HTC Android device, with the  exception of the Nexus One, has had some form of software protection on the device to stop users from unlocking the bootloader. An exploit of some kind was discovered on each of the devices in order to achieve “unlocked” status, and the task has been increasingly difficult to accomplish. When an HTC device gets in the hands of a hacker, particularly an hacker, the long process towards breaking these devices becomes their life. Some devices devouring the man with hours worth of attempts, re-attempts, and eventual success, all by volunteers in their free time. This has never really been an easy process, though at times it does seem that way on the outside, especially when devices are unlocked so soon after their release to market.

With this knowledge, I can’t help but ask what HTC actually MEANS by an unlocked bootloader. The only one they’ve ever released that was not specifically a developer phone has been the Nexus One, through a very simple “fastboot oem unlock” command from a computer with the Android Software Development Kit. Will HTC deploy this strategy to all of their new phones, or will they simply resort back to the less difficult previous methods? At this time, HTC has not been willing to comment, but it’s clear that I’m not the only one questioning the definition. Earlier today Verizon Wireless’ twitter account released a statement that unlocked devices “would not be activated on Verizon Wireless”. Before the online rage had reached a fever pitch, Verizon had retracted the statement via Twitter and apologized for the confusion. We may never know wheat went on behind the scenes there, but it shows that even HTC’s partners don’t know what’s going on here.

So, what of existing devices? Once we are offered some sort of definition, will this be applied to existing devices? The hacker community got lucky with the Thunderbolt when an Engineering ROM showed up with everything they needed to skate by, but shouldn’t HTC release something that would allow existing users to legitimately unlock their devices? Or, will they take a que from Motorola, and release their existing batch of devices as planned, and promise to unlock the future ones? For all intents and purposes, the Sensation is finished, fully baked and ready to go. PR reps are already getting review devices sent to them. Will HTC unlock these? There’s no information, only a Facebook post full of wishes. Hopefully HTC makes “the right decision” in this case.

When PC Magazine’s Sascha Seagan commented that “99% of users probably didn’t even know what a bootloader was” I decided to take a look and see exactly who cared about this. When asked, the creator of Rom Manager, a popular piece of software used to managed ROM’s and manipulate the bootloader, noted that he had just above 600,000 active installations of his app. Now, for the sake of argument, and since there’s no other way to track this data, lets assume that for every person who is actively using Rom Manager, there is another person who is either unlocking their bootloader manually, or using some other service. Compare that (speculated) 1.2 million to Google’s recent announcement of 450,000 activations a day and over 100 million total activations of Android, Sascha was pretty darn close.

In the end, we’ve been given very little to go on. HTC’s vague yet hope inspiring statement was a nice gesture, but to have only made the statement on Facebook, and not have followed it up by now with either details or allowed their reps to comment makes me incredibly suspicious that they don’t have an ACTUAL plan yet. With devices like the Sensation and the Evo 3D right around the corner, this statement is sure to boost morale and increase sales, but then they need to actually deliver something. It will already be pretty rough if/when the Sensation gets into the hands of hackers and they find the cryptographic signature still in place. It will be even worse if HTC decides that those devices weren’t included in their statement. We’ve been shown what is essentially an empty bag and been assured it’s full of pixie dust, and that may hurt HTC even worse in the end.

I write things.

    Most Tweeted This Week