undefined | Better HN

0 pointsnecovek4y ago0 comments

Sure, that would be ideal. For some reason, phone manufacturers have started requiring registration to get an unlock code.

So while I'd be ecstatic for us to get you-own-the-hardware-device-you-bought legislation, at this point in time, I'd be happy with your-device-needs-not-go-in-the-trash-once-we-stop-giving-you-security-updates at least.

In a sense, we should push for both, but we don't have to push for both with the same initiative.

0 comments

3 comments · 1 top-level

g_p4y ago· 2 in thread

The OEMs' justification for this is to try to make it harder for greybox importers/resellers or box shifters to tamper with the firmware on phones.

It's not unheard of for modified firmwares with malware to get put onto phones that are being sold into different markets.

If you need to register phones one by one, it slows the process down and makes it harder to modify a large number of phones, as they can try detect and prevent bulk requests. In theory that is believed to make it less likely that a customer buys their phone and ends up with a bad experience (keylogger in the modified firmware) that they attribute to the OEM.

There's obviously a self interest from OEMs to use this to also enforce market segmentation - they don't want people box shifting handsets from low margin markets into high margin markets and undercutting the official retail price. Some OEMs like Samsung have added region locks to their phones in the past because of this (which are released after 5 minutes of a call is made while connected to a mobile network from the original sales market.

thaumasiotes4y ago

> Some OEMs like Samsung have added region locks to their phones in the past because of this (which are released after 5 minutes of a call is made while connected to a mobile network from the original sales market.

What's this accomplishing? If you're willing to replace the firmware, you're willing to make a local call to yourself. That's much less invasive.

g_p4y ago

It's not accomplishing a lot, but it just plays into making it harder to logistically do the grey box imports. You need multiple SIM cards going into your pile of devices, you need to have someone in the original market working with you to reliably make that call with every device.

This adds friction to the process for someone trying to do it at scale. Just like how needing to register accounts to request the bootloader code can slow them down. Some OEMs even added waiting periods (you'll get your code a week or so after verifying your phone number, and they limit how many requests an account can make).

The idea is that eventually it won't be worth modifying greybox devices if there's enough small barriers that annoy the person trying to unlock the device bootloader.

j / k navigate · click thread line to collapse