It is like blaming government for policy to make cigarette packaging unappealling.
Every company wants to spy on you using cookies and sell you data or target ads. cookies banners are warnings to protect your data from these greedy companies.
What do OnePlus gain from this? Can someone explain me what are the advantages of OnePlus doing all this?
A failed update resulting in motherboard replacement? More money, more shareholders are happy?
I still sometimes ponder if oneplus green line fiasco is a failed hardware fuse type thing that got accidentally triggered during software update. (Insert I can't prove meme here).
My understanding is there was a bug that let you wipe and re-enable a phone that had been disabled due to theft. This prevents a downgrade attack. It's in OnePlus's interest to make their phones less appealing for theft, or, in their interest to comply with requirements to be disableable from carriers, Google, etc.
right, but the stolen phones get sold in other countries where the carriers don't care if the phone was stolen but care that someone is spending money on their service.
Visit eBay and search for "blocked IMEI" or variants. There are plenty of used phones which are IMEI locked due to either: reported lost, reported stolen, failed to make payments, etc.
I the lines between IMEI banning or blacklisting and the modern unlocking techniques they use have been blurred a little bit and so some carriers and some manufacturers don't really want to do or spend time doing the IMEI stuff and would prefer to just handle it all via their own unlocking and locking mechanisms.
Make perfect sense, Thanks kind stranger. Hope it is the reason and not some corporate greed. It on me, lately my thoughts are defaulted towards corporates sabotaging consumers. I need to work on it.
The effects on custom os community is causing me worried ( I am still rocking my oneplus 7t with crdroid and oneplus used to most geek friendly)
Now I am wondering if there are other ways they could achieved the same without blowing a fuse or be more transparent about this.
I don't think so. Blowing a fuse is just how the "no downgrades" policy for firmware is implemented. No different for other vendors actually, though the software usually warns you prior to installing an update that can't be manually rolled back.
> It on me, lately my thoughts are defaulted towards corporates sabotaging consumers. I need to work on it.
You absolutely do not, this is an extremely healthy starting position for evaluating a corporations behavior. Any benefit you receive is incidental, if they made more money by worsening your experience they would.
> It's in OnePlus's interest to make their phones less appealing for theft,
I don't believe for a second that this benefits phone owners in any way. A thief is not going to sit there and do research on your phone model before he steals it. He's going to steal whatever he can and then figure out what to do with it.
Which is why I mentioned that carriers or Google might have that as a requirement for partnering with them. iPhones are rarely stolen these days because there's no resale market for them (to the detriment of third party repairs). It behooves large market players, like Google or carriers, to create the same perception for Android phones.
Thieves don't do that research to specific models. Manufacturers don't like it if their competitors' models are easy to hawk on grey markets because that means their phones get stolen, too.
It actually seems to work pretty well for iPhones.
Thieves these days seem to really be struggling to even use them for parts, since these are also largely Apple DRMed, and are often resorting to threatening the previous owner to remove the activation lock remotely.
Of course theft often isn't preceded by a diligent cost-benefit analysis, but once there's a critical mass of unusable – even for parts – stolen phones, I believe it can make a difference.
Yes thieves do, research on which phones to steal. Just not online more in personal talking with their network of lawbreakers. In short a thief is going to have a fence, and that person is going to know all about what phones can and cannot be resold.
Their low-level bootloader code contains a vulnerability that allows an attacker with physical access to boot an OS of their choice.
Android's normal bootloader unlock procedure allows for doing so, but ensures that the data partition (or the encryption keys therefore) are wiped so that a border guard at the airport can't just Cellebrite the phone open.
Without downgrade protection, the low-level recovery protocol built into Qualcomm chips would permit the attacker to load an old, vulnerable version of the software, which has been properly signed and everything, and still exploit it. By preventing downgrades through eFuses, this avenue of attack can be prevented.
This does not actually prevent running custom ROMs, necessarily. This does prevent older custom ROMs. Custom ROMs developed with the new bootloader/firmware/etc should still boot fine.
This is why the linked article states:
> The community recommendation is that users who have updated should not flash any custom ROM until developers explicitly announce support for fused devices with the new firmware base.
Once ROM developers update their ROMs, the custom ROM situation should be fine again.
That makes sense, but how would an attacker flash an older version of the firmware in the first place? Don't you need developer options and unlocking + debugging enabled?
Qualcomm phones come with a special mode (https://en.wikipedia.org/wiki/Qualcomm_EDL_mode) that allows devices to get unbricked even after you break the normal user-updatable "bootloader" on flash completely.
This feature doesn't allow unlocking the bootloader (as in, execute a custom ROM), it's designed to install factory-signed code. However, using it to "restore" an old, vulnerable factory code would obviously cause issues.
Open the case and pogo pin on a flash programmer directly to the pins of the flash chip.
Sophisticated actors (think state-level actors like a border agent who insists on taking your phone to a back room for "inspection" while you wait at customs) can and will develop specialized tooling to help them do this very quickly.
thank you for this, I have a follow up question:
Now an attacker can not install an old, vulnerable version.
But couldn't they just install a new, vulnerable version?
Is there something that enforces encryption key deletion in one case and not the other?
AFAIK the signature mechanism hasn't been defeated, so the attacker can only load software signed by the factory keys.
Which includes old, vulnerable versions and all patched, newer versions. By burning in the minimum version, the old code now refuses to boot before it can be exploited.
This is standard practice for low-level bootloader attacks against things like consoles and some other phone brands.
> What do OnePlus gain from this? Can someone explain me what are the advantages of OnePlus doing all this?
They don't want the hardware to be under your control. In the mind of tech executives, selling hardware does not make enough money, the user must stay captive to the stock OS where "software as a service" can be sold, and data about the user can be extracted.
A bit overdramatic, isn't it? Custom ROMs designed for the new firmware revisions still work fine. Only older ROMs with potentially vulnerable bootloader code cause bricking risks.
Give ROM developers a few weeks and you can boot your favourite custom ROMs again.
Not really dramatic IMO. Basically mirrors everything we have seen in other industries like gaming consoles, etc. that have destroyed ownership over time in favor of "service models" instead.
Note that Google also forces this indirectly via their "certification" - if the device doesn't have unremovable AVB (requires qualcomm secure boot fuse to be blown) then it's not even allowed to say the device runs Android.. if you see "Android™" then it means secure boot is set up and you don't have the keys, you can't set up your own, so you don't really own the SoC you paid for..
I was talking about different keys and different fuses. I know about "avb_custom_key" (provisioned by GrapheneOS), but all this AVB is handled by abl/trustzone and I can't modify those because those need to be signed with keys that I don't own.
I know that all these restrictions might make sense for the average user who wants a secure phone.. but I want an insecure-but-fully-hackable one.
Sure if you want to compete against Google or Samsung. Maybe that is the plan that one plus has. My understanding was that they were going after a different Market of phone users that might want a little bit more otherwise why not just go with one of the other people that will screw you just as hard for less.
It is the same concept on an iPhone, you have 7 days to downgrade, then it is permanently impossible. Not for technical reasons, but because of an arbitrary lock (achieved through signature).
OnePlus just chose the hardware way, versus Apple the signature way
Whether for OnePlus or Apple, there should definitively be a way to let users sign and run the operating system of their choice, like any other software.
(still hating this iOS 26, and the fact that even after losing all my data and downgrading back iOS 18 it refused to re-sync my Apple Watch until iOS 26 was installed again, shitty company policy)
and ? this should prevent you from deciding the level of risk or even installing forks of that OS (that can also write fixes, even without source-code by patching binaries) ?
I respectfully disagree my friend.
When Investors , board, wall street is chasing second order and third order delta increase in a stock enshitification is bound to happen. If there is a board that wants return higher than previous year and when you can't optimize costs by improving tech, You find new avenues like showing 2 ads, showing 3 ads. Increasing subscription price or cheekly modifing terms of service and selling your data to 3rd party data brokers. it has nothing to do with subscription cost.
Apple cerifies/recieves licensencing fee for every thunderbolt cable.
Apple only did move to usb-c when backlash is so high and eu law will certainly pass.
It is good for their pr to advertise that they moved to usbc because they wanted to rather than forced to by a government.Apple still tries/atleast tried to control usbc cable usage for iphones. Cables need to get certified.
Apple supported usbc on mac because it is superior and the impact to their revenue is very low. It is also jump from usb-a to usb -c
Do you have any source that states that Apple was forced? Given that they switched the iPhone to USB-C multiple product iterations before it was required makes it seem to be that they were not forced.
>> Apple is so successful is because they know how to create a great phone experience.
I disagree, may be they were at some time. Now they are successful because the walls of the well are so high. It is insanely difficult for us frogs to jump. Happy that governments are trying to bring those walls down
>> I am happy to pay extra for a lot of your dot points.
Good for you because you trust them. Problem is I am not. I dont trust apple/google to make that decision for me. But they dont give that choice. They are making you sacrificing freedom, choice by masking them self as secure. But underlying motive is profits and control.
I heard a story that apple asked meta for comission on ads , when meta rejected they introduced features to remove access to usage metrics to 3rd party apps. If meta agreed , you might never see the privacy features app introduced.
The security you are thinking is a believable mirage. There are several users who have lost thousands of dollars to scammy appstore in app purchases/subsciptions and apple is doing shit to stop this.
> The security you are thinking is a believable mirage. There are several users who have lost thousands of dollars to scammy appstore in app purchases/subsciptions and apple is doing shit to stop this.
And the plan to make this the consensus view is to ban Apple-style curated app stores. That seems to be cheating. When Apple convinced me their App store model was better than the alternative they had to use, y'know, persuasion.
Nokia sorta died, but at the time back in the 2000s Apple had to get through the entire phone industry to establish the iPhone. If the Europeans had any idea how to manage this sort of ecosystem they'd still be running the show. They had an amazing market position to begin with. They flubbed it because no-one in the entire continent seems to know how to run an app store! Now they're legislating their bad ideas in. It is a very European approach to commercial innovation and success.
yes I agree, but we need to change with the age. in early 2000's it is hard to distribute apps/software, and 30% commission made sense.
now it is not, there are several people/companies who can make the app distribution better, efficient for all consumers. they can bring it down to a fraction (apple itself has by now bought it to a fraction of what it costs in 2000).only reason they are not passed down to consumer is because they made sure there is no competition (by force(google paying samsung to not develop its app store) or by design (Apple limiting 3rd party installs and discouraging webapps) - basically how a monopoly/duopoly behaves). it is bad for us consumers
if apple has developed all the tools libraries itself from scratch , put hardwork and sweat into it, i wont have a issue. we all know thats not the case and how much opensource tools helped.
True. I would like to hijack this thread and wante d to discuss what we want for software that is not present.
For me. All i can think of is ondevice , al/ml ( photo editing, video editing etc ) and not the ones the current companies are trying hard shove down our throats.
May be steve is true. We don't know what we want until some one shows it .
It is not just that. In my case , everyone around me are using iphone . I made the sacrifice to not easily connect with them and use android so that i have freedom ( to install, customise what ever).
Once that freedom aspect is taken away. There is no reason for me to make that sacrifice.
Until EU's cross compatibility between messaging apps is passed, we are forced to be in vendor lockin.
With all the things google is doing for custom os last few years ( play protect, no major updates to asop and bundling updates to closed source google libraries etc). It is not speculation it is predicting with high certainty. Google wants custom os market to die and they are doing it brick by brick.
We should Open our eyes and look at the timeline and realise it is not speculation and actual reality before it will be too late.
Source: i am an owner of device with custom os and i know things i have to do to fix broken apps.
You need to look at history. In early 90s why did Microsoft invest in apple when it is its competitors. Investment doesn't mean they are medling into mozilla business.
For companies like google (present) or Microsoft in 90's.
It is better to have a crippled competitor than no competitor.
No competitor attracts government agencies for monopoly which is worse.
In the 1990s Microsoft “invested” in Apple because Steve Jobs allowed them to save face by giving them the option to settle their part of Apple v San Francisco Canyon Co by calling part of it—$150 M—a stock purchase that only lasted a few years. I do not know how much the total cash settlement from Microsoft was, but industry rumors went up to $1B.
Every company wants to spy on you using cookies and sell you data or target ads. cookies banners are warnings to protect your data from these greedy companies.