Right, it’s good to be back. This is news from last week, but heck, it’s relevant for me since I just got my HTC HD7 Windows Phone 7 device. Anyway, if you’re running a very large company in the business of selling phones, gadgets, and so on, there are several ways to deal with jailbreakers. It seems like Microsoft is one of the few companies who knows what it needs to do.
Long-time Windows specialists Rafael Rivera, Chris Walsh, and Long Zheng, who together make up ChevronWP7, released the first Windows Phone 7 jailbreak tool a few months ago, were asked by Microsoft to take their tool offline and come join the company in Redmond to discuss how to best address the homebrew issue.
This talk took place last week, and it appears to have been a productive and fun get-together. Microsoft showed they were good sports by giving them some fun t-shirts (‘I was the first to jailbreak Windows Phone 7, and all I got was this lousy t-shirt.’), but of course, that wasn’t the most important aspect of the talks. Much of the information from the talks is under NDA, but the ChevronWP7 team did get to share that going forward, they’re going to work together with Microsoft to bring a permanent solution for homebrew development to Windows Phone 7.
“To address our goals of homebrew support on Windows Phone 7, we discussed why we think it’s important, the groups of people it affects, its direct and indirect benefits and how to manage any risks,” they explained, “With that in mind, we will work with Microsoft towards long-term solutions that support mutual goals of broadening access to the platform while protecting intellectual property and ensuring platform security.”
This seems like a good approach to me. It would be great if Sony, Apple, Microsoft, and several Android phone makers would implement a simple development switch in their phones – these would obviously void the warranty, but it would give hackers the opportunity to actually own their devices without fear of having to jailbreak all over again whenever an update arrives.
It seems like Microsoft is serious about this. Geohot, famed iPhone and Playstation 3 hacker and jailbreaker, said on his website he’d move his attention towards Windows Phone 7. Not long after, Microsoft’s head of Developer Experience for Windows Phone 7, tweeted that Microsoft would simply give geohot a Windows Phone 7 devices for free – “let dev creativity flourish”.
This isn’t particularly surprising, by the way, to anyone who ever spent any serious amount of time in the Windows Mobile community of yore. Microsoft pretty much looked away and silently approved the modding community there. Several websites were openly dedicated to spreading modified Windows Mobile ROMs, and Microsoft was okay with it.
This is an obligatory comment. The NEXUS from Google do have such a switch. You go the phone setting, enable USB debugging and using Google tools, you can plug your phone and turn off the protection. The phone will reboot and ask confirmation, wipe out everything and give you root access with a warning that your phone is unlocked at boot.
This seem to be a good way to me. I rooted it the hard way because I didn’t wanted to redo my configs, but it is cool to be able to do it “legally” too. (legally as USA point of view, soon to come in Canada, NewZeland and others).
Most readers here can at least think of one cool thing to do with rooted devices. Mine was mostly about backup (git repo as home folder), ssh, port forward and SSHFS/NFS share to quickly access my desktop files directly from any applications that can read/upload file. Doing any of those could have been done anyway, but required a bunch of additional applications, services, memory and lagg. To OSS hacker like me, being able to play with my own toys is cool, but let face it, it’s just me/us.
How many time have you installed Windows on your (larger) family PCs? How many time to you see viruses in their computer after their 14 years old kid have installed smiley packs or cursor theme (and porn)? Could this happen in non-rooted iOS like OSes? Yes, but it is a lot easier to manage when someone else is admin and can push updates at will (apple can, but dont do it). I think for 95% of peoples, hard platform is better. Without any way to compromise it at the exception of buffer overflow, no switch, nothing. Like that, there would be 99% less spam in the world and 99% less viruses, because propagation would be slower without botnet.
I know it is hard for us to accept that, and we will always want the option to improve our gadgets, but this is -because we know what we are doing-, this is not the case for 99%+ of the world. The other 4% is to use a device in special way, like dashboard for an headless robot and stuff that require kernel drivers. 90% of driver could exist in userspace with good io libraries, but 90% is not 100%.
Edited 2011-01-25 22:41 UTC
With Maemo, you just select the Rootsh package from the list of downloadable apps. After that, open the user’s terminal window and type “sudo gainroot”.. you’ve just sudo’d to a Root shell.
I honestly see no reason why Root should be more complicated than this type of opt-in package install.
For full debug/developer mode, you can use the firmware flasher (similar to Nexus aproach I’m guessing) or the package manager easter-egg; create a fake repository entry with specific details, click cancel, click red-pill from the popup.
I like that Root shell access is a seporate function from debug modem also as one can muck things up with Maemo in debug.
Yeah, I agree with this. Make it easy for geeks to fully unlock, while at the same time hiding it just enough so that the non-techies don’t stumble across it by accident and hurt themselves in the process.
As another poster stated, I think there’s value in having a single repository for most folks to get their apps/games from that’s vetted for malware (Linux has been doing this forever), but there still should be an easy way for people to venture out on their own and install whatever they want.
I think it doesn’t even void your warranty
I don’t think having root shell does. At install, you just get the standard “This app is not produce by Nokia. If it breaks stuff, take that up with the developer.”
Not sure about the developer mode. Nokia is pretty supportive. They’ve really got the “community” part right in some ways. My guess is that you’d be good for warrenty unless your changes broke hardware. Anything I’ve managed to do has been fixed with a firmware reflash but that’s all software.
The repository manager is really the jewel. You have about three well stocked repositories by default which includes Nokia’s official stuff. I think a few are in place but disabled. You can easily add additional repositories by hand. Apps with there own repositories setup the repo as part of the first install; “do you wish to add this repository?”. Someone also setup a site that adds repositories based on checkboxes; one can also search by package name if hunting a known program. For the Debian and Debian-Fork folks; /etc/apt/sources.list (and apt-get. hoping for aptitude in Meego but we’ll see.)
“It seems like Microsoft is one of the few companies who knows what it needs to do.”
Hopefully they stand ready to sell them another phone when hackers brick their first one. Everyone wins. Hackers get to engage in self-abuse and Microsoft sells more phones.
Who said that the phone will be bricked? if you’re using a piece of software that unlocks the device in a non-damaging way I really can’t work out what you’re going on about.
This is true; bricking can be handled pretty gracefully.
The phone would just need to be hooked up to a computer and have the OS reinstalled from a backup; Blackberries do this. Eventually, the phone could have a restore partition with a default OS install.
MS should just have a desktop app which lets people tweak their phone and install non-marketplace applications. This would be a good compromise between security and hackability.
The N900 includes a backup app which uses the SD storage. You get a backup of your internal storage including OS and such but you’d be out of luck if it was the SD card that died.
You could also set a restore option with a dual-boot and SD card potentially. It may not be as slick as a vendor included option but may be of interest. I’ll use the N800 for my example as it was the first I did this way.
The storage breaks down like this:
internal flash – 256 or 512?, non-replaceable, holds default storage including OS and user data
internal SD – 8GB SD officially (16GB tested?), removable storage, additional space for user
external SD – 8GB SD officially (16GB tested?), removable storage, additional space for user
Create your clean setup on the standard internal storage; whatever minimum base apps you need installed and initial config settings.
Partition an SD card and mirror your internal storage too it. I have directions for doing Maemo using Tar and the existing bootmenu package. One would have to look up how this is done with other devices.
Set the boot menu default to your SD card’s OS partition. Do whatever further app installs and such you like and see about backing up the SD card (app on the device or just take an image of the SD from time to time).
Now you have a clean boot and working boot. When you break the working boot, boot from the clean and mirror it back over to the SD card.
For me, the initial reason was quickly filling the limited internal storage with apps. The secondary benefits where having the clean boot available and making my palmtop a triple boot (internal maemo2008, ext maemo2007, extmaemo2008). It was also nice to keep my original os2007 install bootable when upgrading to the newer firmware too. I never did persue the Debian partition option. Since then, Maemo, Iphone and Anroid device have all been done with exotic OS choices; win95 on N900?
Why not? I could buy a different WP7 device today if I wanted to. I’d have to pay full price for it but hey…
That is how Microsoft will win.
Business is a war. Anyone will use any means available to crush the opponent. Currently, MS is loosing, Apple and Android is winning. Maybe MS acknowledged, that the hacker community is a strong and powerful tool to gain advantage and can be better controlled by playing “not evil” role. The attitude will change whenever needed.
Or they are doing the same thing they always have, creating a dev friendly environment and a platform that is open enough for most people.
MS doesn’t care how you use your phone, and they never will. All they care about is you using WP7, because that means bigger numbers they can show developers. They make more money off of, and get more value out of, devs buying Visual Studio and MSDN licenses/renewals then they do people buying a handset or computer.
??? Visual Studio has historically been a break-even or money losing product, as far as I have heard. The goal is to create a marketplace around Windows sales, which is where Microsoft makes actual money.
Or create the appearance of openness, especially around areas they don’t care about in order to lock people in.
If MS were serious about openness, then windows would be a unix clone with its own gui, similar to OSX.
Microsoft is putting a jail on their phone, then developer find a way to break it and then they hire them to see how they can make the jailbreak legal…
Why put a jail in the first place?
“Platform security and protecting intellectual property”?
I fail to see how they are protecting security and IP with a jail.
I see how they are protecting their revenue though.
Because with such a jail, you can block unsigned software from running, and you can block paid-for applications being moved from phone to phone.
I kind of get the point that it protects the copyright of some select software vendors against pirates but that is at the expense of other software vendors who are not able to expand their IP because of the jail.
I still don’t get how it improves security. Or maybe the logic is that people will use less software therefore they will use their phone less often therefore they will have less risk to do stupid things?
It’s really simple: without jailbreaking, you can only install from the MArketplace – all safe and tested applications. After jailbreaking, you can install whatever you want, which makes it an incredibly large attack vector.
I understand this is a large attack vector on Windows 95 or Windows XP because the software run with administrator privilege so basically installing software is like giving the key to your house to a random person in the street but is that a large attack vector on modern OS with proper UAC?
We have virtual machines and micro kernels. We install applications on mobile phones since 10 years or so. There has been no security problem with mobile applications until now. An application is not allowed to do things you don’t want it to do with your phone. Is WP7 so poorly designed that a jail is needed to protect the OS from the applications it runs?
Android and Iphone software repositories have both had issues already. I think Android has had more cases of malicious app postings. Apple’s vetting policy does make a difference. Centralized repositories have to be done without stiffling the developers ore opening up to the world. Apple’s method of micromanagement limits who can contribute and has a policy changing based on Apple’s own interests. Google’s method allows more contribution but at the expense of QA and vetting.
Maybe it’s a matter of having a retail repository seporate from community repositories.
Keep Nokia Ovi, Google Market, Apple App Store and whatever the MS repository will be named. These are for paid submission of retail apps or no cost apps from unknowns willing to pay a humble fee and pass the QA vetting.
Add Unstable, Testing, Stable community repositories for each OS respectively. Developers who do not want to sell or pay for premium hosting can earn there way from Unstable to Stable repositories. Stable is enabled on the device along with the retail repository and vendor’s repo for updates and such. The other two repositories can be added manually for the devs and interested risk takers. Installs from these repositories present warnings of increasing severity starting with Stable’s “this app is not produced by Vendor. Vendor is not responsible if it breaks stuff”
Paid repo provides paid constant testing/vetting and a retail framework for sales. Community repos provide a safe outlet for trusted devs protecting users and stages provide a way for new devs to get apps in.
If a trusted developer later decide to run an expteriment with malicious additions; they’re out, no more upload access for them. If the dev can’t be trusted, all they’re submissions must go through the full process just like unknowns.
Of course, one can always add repositories manually at their own risk. It’s not about limiting the user; it’s about providing safe harbours they probably won’t need to ever go outside.
This is interesting. S40, Symbian and Maemo have been around for much longer and there has been no security issue. Maybe design priorities are not the same. It looks to me like iOS and Android were designed with “Wow” and eye candy in mind but they didn’t put too much effort in under the hood design. Time to market was more important than robustness and security? That is my opinion. They took existing kernels without thinking too much about it and put their all effort on the UI.
So what about WP7? Windows mobile has been around for very long but it looks like they have broke everything and started over to follow the new trend. Have they put enough effort in under the hood design?
Actually, there have been some malwares on Symbian, but AFAIK they fixed it through a better security model and app signing.
http://en.wikipedia.org/wiki/Symbian#Malware
(That very same signing policy also pissed many community developers off at the time, as one had to pay for getting a signing key, while paying for developing software was mostly unheard of at the time. There are some tricks which only work on Apple users… )
Edited 2011-01-29 16:41 UTC
WP7 is as i understand it based on windows ce, which is pretty much a single user os… No concept of users or filesystem permissions, so once you have native code running it has full control…
I assume that they want to make it a sufficiently clean and hidden feature to calm down carriers, device-makers, and regular users who don’t want to worry about non-approved apps.
So, a switch hidden away sufficiently that people don’t stumble over it unnecessarily, and probably some stronger “outer” jail that protects the radio portion from hackers. Because, really, freedom is all well and good, but large-scale wireless rests very heavily on careful regulation to work at all.
It could be that’s what they want you to think.
You left out enterprise admins. It’s possible the jailbreak also broke stuff related to applying policies from Exchange, or what not. I would be very ticked off if jailbreaking allowed users to skirt security.
There are ways to do this. MS just has to figure out how they want to do it. For instance, Blackberries are very open, when they aren’t locked down via BES. You can load applications over the air or from the desktop application. I’m assuming MS wants to keep the platform open, but still allow it to be locked down if it needs be.
Really, people aren’t going to muck with the lower level stuff if they get enough tools to do what they want.
I’m starting to become seriously impressed with the WP7 platform.
The UI has got a great wow factor, it’s far more polished than Android and makes iOS look dated.
And now it’s going to be “open” too, so possibly the best of both worlds.
If only MS’s OS strategy didn’t come across as all over the place, I’ve got my reservations about whether they are in it for the long haul with WP7.
Microsoft is not doing this out of the kindness of their hearts; they are doing it out of desperation to get some attention. Nobody cares about WP7, except maybe a few XBOX fans. They took away many useful features from their previous mobile OS and gave people instead a new ugly OS that looks like the control panel for an alarm system, that lacks proper hardware keyboard support, removable memory card support, no trace of accessibility for users with disabilities… And they still haven’t released a single update to prove they have at least improved in that department. So yes, alienating the hacking community would be like shooting themselves in the other foot, so they now have to make themselves appear hacker-friendly to attract more users.
But this can be good news, if Microsoft were really willing to cooperate with the community. After all, their previous mobile OS was in a sense, more open to hacking and customization than the so-called “open” Android, which is only open to the device manufacturers and wireless providers so they can do whatever the heck they want to their devices and then lock the bootloaders and make it really hard to restore the device to factory condition… so they know you have hacked it and can void your warranty. That’s Android “openness” for you. Microsoft better get real with the hacking community if they want to be relevant again in the mobile OS space.