I just sent feedback to ASUS expressing my concern at the loss of bootloader unlocking. I have 2 perfectly good cell phones that are e-waste now, simply because the vendor stopped issuing patches, and the bootloader can't be unlocked to use LineageOS. I bought a Zenfone recently because I thought I'd be avoiding that issue. If they don't fix this, I won't be buying another one. ASUS CEO contact page: https://www.asus.com/us/support/article/787/
I just sent feedback as well. I bought an Asus phone in the past and was planning on buying more in the future. I used to recommend them everywhere. I will not be purchasing any more Asus phones until this is fixed.
I was on the fence about buying a zenphone but waiting to see if the bootloader unlock ever showed back up.
Still holding a pixel 3, unlocked, with lineage. There are no small phones with good specs and unlockable. Zenphone seemed the way, until they stopped with their unlocks.
I have an old Huawei P20 Pro floating around. When it was new, you could contact Huawei and get a code for unlocking the bootloader after providing your phone's serial number. Great I thought, I'll do that later when it stops receiving updates. Stupid me, at some point those arseholes stopped giving out the unlock codes. I wonder if one could sue, but from googling around a bit I can't find a trace of them ever making this a selling point explicitly.
Long is gone the time where unlocking bootloaders and installing custom ROMs was the best path to follow.
Even if you are able to unlock it (with difficulties such as this one, or others that involve opening the device and soldering a shortcut), you will have a device where apps check for unlocked bootloaders and rooted OS, and forbid you from use the application.
the only app ive seen balk at bootloader status (to date) is google wallet. Using a phone to pay for stuff is an opsec nightmare youd only entertain so long as becoming an integrated and saleable asset in a data brokers portfolio is a life goal. 'pm uninstall' and move on, the custom rom is still far more valuable from a security perspective than bending the knee to some bespoke ecosystem payment app (especially if you have an older device.)
the point of oem unlock, and rooting at all, is diametrically opposed to the vendors interest in nearly every facet. The vendor will bark "hackers" as a thinly veiled threat for the uninitiated, but we are initiated. what the vendor doesnt need you doing is erasing their telemetry and walled garden spyware. they dont need you developing alternatives to their store and to their apps, and they especially dont need you turning this effort into something as simple as an ubuntu installation for older phones they expect to follow the strict trade-in model of "buy a new phone every year"
arguably Asus refunded the purchase because this person isn't playing by the rules and being a good consumer.
> Using a phone to pay for stuff is an opsec nightmare
Do you mean "privacy nightmare"? Security-wise, Google Pay beats using your physical card since it uses a device-specific number that can't be skimmed by terminals and reused online.
> the custom rom is still far more valuable from a security perspective than bending the knee to some bespoke ecosystem payment app (especially if you have an older device.)
I'd argue that it only makes sense if you have an older device that's otherwise not receiving any more security updates.
Bank apps, Netflix, and Disney+ also won't work. There are spoofing measures though I've been burned by unlocking and rooting too often to try again, at least not while my devices are still under warranty.
It sure isn't what it used to be, but if you buy the right phone and make a few moderate compromises, it's still a great option.
Installing crDroid on my OnePlus 9 Pro took half an hour, another half to install Magisk Delta with a few modules. The universal dark mode alone (Xposed module "DarQ") is worth the effort, but also the ability to clone apps, have proper clipboard sync, make full-system backups and customise the look and functions of my OS to a currently unparalleled degree.
The only compromise is I can't seem to be able to do NFC card payments (send or receive), one of my 4 banking apps needs a custom patch every few months to start working and a friend tells me the McDonald's app doesn't work.
Do you keep a factory image for your OnePlus 9 pro in case you want to restore it? If so, how do you go about doing that?
After OnePlus decided to stop publishing factory images, I decided to stop buying their phones. It's a real shame, because they really do make some great stuff and prices are quite reasonable generally speaking. I used to buy a new OnePlus phone nearly every year. The OnePlus 6 was one of my favorite phones of all time.
Eh... that's why I'm pondering going back to OnePlus (after short affair with Samsung for the past 2 years) because it's somewhat annoying not being able to tweak stuff...
Alas, it's also annoying that some dumb banks (I'm looking at you ING Poland) consider rooted device as "insecure" but thay have no problem if I open a bank page using admin/root account on the computer)
This is rubbish. I'm running GrapheneOS and have left my bootloader unlocked, and there's no app that has refused to work. The only caveat is some of them need Google Play services. No, I am not rooted, but my last phone was rooted and there might have been one or two apps out of dozens that wouldn't work with root even with Magisk trying to hide the root status. Using a custom ROM is easily one of the beat choices I have made.
What are the downsides with GrapheneOS? I had a few problems with root (Netflix and banking apps) but would love my privacy. My main reason for root is the firewall to block outgoing connections from apps that are not supposed to do it
what? safetynet is absolutely a pain in the ass. i think there are some xposed and magisk modules or whatever that can work around it but that's a cat-and-mouse thing and can break. lot of bank and financial apps, lot of stuff with DRM will break.
If you root, you can bypass those issues in most cases. I have 3 apps detecting it, that I can bypass, and only the German health insurance app from TK detects it (according to the internet, it's getting past most solutions somehow). It's not something I'd recommend the average person, but for people who care enough to fiddle, it's still the best way.
I think since my first Android (HTC Desire Z/T-Mobile G2) I spent a total of 1 week on stock, never was a fan of any of them.
Largely depends on your priorities and level of effort.
You can bypass all current app checks using Magisk and Play Integrity Fix, but it's a bit of work to maintain and can break occasionally. You gain in this case full control of your device like a desktop OS, block ads, modify app behavior, disable unwanted system features, but you have to put in effort to maintain it.
However if you don't want to deal with that, you can also just not use those apps, use it like you would a Librem or PinePhone, load primarily open source software to it, optionally don't even bother with play store, etc. Might not be for everyone, but if you don't care that much for Google Wallet or multi-player games on your phone, it's not a bad option.
I have it on my Pixel 7a, and it's a great experience, but I also don't need to run apps that check for phone "security" or integrity. This is the case OP is talking about.
With the increasing difficulty (impossibility) of bootloader unlocking that most manufacturers are building into their Android devices, I wonder whether it's market reasons (the longer the devices are operational, the longer upgrade cycle) or pressure from intelligence agencies due to minimised Google / telemetry data back doors in custom ROMs.
Using the "simplest answer is often the best" approach, it would historically be the profit motivation at 99% probability. Currently, though, feels like surveillance and intelligence gathering is edging to the higher likelihood.
Edited to add: and maybe it's not even intelligence agencies, maybe it's purely profit driven from the personal-data-selling industry.
It would then be quite shocking to know that Google's Pixel phones consistently allowed unlocking without any nonsense like online verification. They also support relocking your bootloaders as well as using your own signing keys for secure boot.
There probably wasn’t much time spent building the case. Generally solicitors aren’t involved in these cases because it’s not possible to reclaim legal costs, regardless of who wins. Instead most people just represent themselves, and companies will often just send a local manager to represent them. So super low stakes legal process, where in the worst case scenario your out of pocket for the filing costs (£70) plus reasonable expenses for the other party (travel costs, lost earnings etc) which are all tightly capped, so unlikely to more than another £100-£200.
If this went down the small claims track in the UK then ASUS wouldn’t bother with a lawyer because you’re not allowed to reclaim legal costs in the small claims court. So unless ASUS thinks they’re gonna see a flood of similar claims happening, then the cost of a lawyer would probably be triple the cost of settling, or even winning the case.
Also class action cases are very rare in the UK. In the past the courts have generally refused to approve class action cases. It not like in the U.S. where there’s a cottage industry around class action cases. I’ve personally never heard of a class action case happening in the UK, I know they do happen, but they’re so rare that they don’t make it into the news, and most people will never involved in one either directly or indirectly.
I would bet that neither small claims or class action is possible in the US because ASUS has a forced binding arbitration clause in their End User Agreement that almost no one read when they activated their phones.
I'm not sure cookie declining is the way to go these days. You can use "I still don't care about cookies" to stop the dumb pop ups and something like "Firefox Total Cookie Protection" if you don't want to be tracked?
Personally I set Firefox to auto clear cookies on window close except some whitelisted sites. I just use accept all most of the times since it will be cleared anyways.
Okay - so which devices are left that are easily rootable? I will be in the market for new one soon. It's good if EU after mandating usb-c also mandates unlockable bootloaders for whomever wants it.
All pixel phones are very easy to unlock the bootloader, and Google publishes factory images. So if your root goes wrong or you need to revert to stock, it is very easy. The actual process of obtaining root is as easy as it is on any other device, which is to say, I wish it was a lot easier, but it is very doable.
As a bonus, it also opens the door for Graphene OS should you choose to go that direction.
Pixels can also be re-locked with a custom ROM present (I think Graphene is the only one that does this, though). For that reason alone I'll be transitioning back to Pixel (once this phone is beyond help).
From Electrical Engineering apps to my various current/normal/legacy hardware that uses aux... I don't want to carry around a dongle. Ever. I don't want to attach them to things. I just want my phone to have the $3 peripheral.
Seriously sad. I am such an Asus fan after their insanely good gaming laptops.. $500-900 and you can run AI Art and LLMs.
I didn't expect their laptop dominance to exactly extend to Androids. I was hopeful.
I should have probably known better, apparently they don't do native linux support. I had to use some Fedora fanboy stuff to get my peripherals to work. It was easy, but still couldn't use most distros.
Readit News
Still holding a pixel 3, unlocked, with lineage. There are no small phones with good specs and unlockable. Zenphone seemed the way, until they stopped with their unlocks.
What a market to be burying in the mud.
Dead Comment
https://consumer.huawei.com/en/community/details/P20-Pro-Boo...
there's someone from Huawei who acknowledges the policy change, with a date. Maybe check archive.org for the mentioned time and url? HTH.
the point of oem unlock, and rooting at all, is diametrically opposed to the vendors interest in nearly every facet. The vendor will bark "hackers" as a thinly veiled threat for the uninitiated, but we are initiated. what the vendor doesnt need you doing is erasing their telemetry and walled garden spyware. they dont need you developing alternatives to their store and to their apps, and they especially dont need you turning this effort into something as simple as an ubuntu installation for older phones they expect to follow the strict trade-in model of "buy a new phone every year"
arguably Asus refunded the purchase because this person isn't playing by the rules and being a good consumer.
Do you mean "privacy nightmare"? Security-wise, Google Pay beats using your physical card since it uses a device-specific number that can't be skimmed by terminals and reused online.
> the custom rom is still far more valuable from a security perspective than bending the knee to some bespoke ecosystem payment app (especially if you have an older device.)
I'd argue that it only makes sense if you have an older device that's otherwise not receiving any more security updates.
The more pertinent factor is probably the fact that you’re using an operating system built by an advertising company.
Installing crDroid on my OnePlus 9 Pro took half an hour, another half to install Magisk Delta with a few modules. The universal dark mode alone (Xposed module "DarQ") is worth the effort, but also the ability to clone apps, have proper clipboard sync, make full-system backups and customise the look and functions of my OS to a currently unparalleled degree.
The only compromise is I can't seem to be able to do NFC card payments (send or receive), one of my 4 banking apps needs a custom patch every few months to start working and a friend tells me the McDonald's app doesn't work.
After OnePlus decided to stop publishing factory images, I decided to stop buying their phones. It's a real shame, because they really do make some great stuff and prices are quite reasonable generally speaking. I used to buy a new OnePlus phone nearly every year. The OnePlus 6 was one of my favorite phones of all time.
Alas, it's also annoying that some dumb banks (I'm looking at you ING Poland) consider rooted device as "insecure" but thay have no problem if I open a bank page using admin/root account on the computer)
Unfortunately, locking (and unlocking) it wipes user data, so it should be relocked right after installation of GrapheneOS.
I think since my first Android (HTC Desire Z/T-Mobile G2) I spent a total of 1 week on stock, never was a fan of any of them.
You can bypass all current app checks using Magisk and Play Integrity Fix, but it's a bit of work to maintain and can break occasionally. You gain in this case full control of your device like a desktop OS, block ads, modify app behavior, disable unwanted system features, but you have to put in effort to maintain it.
However if you don't want to deal with that, you can also just not use those apps, use it like you would a Librem or PinePhone, load primarily open source software to it, optionally don't even bother with play store, etc. Might not be for everyone, but if you don't care that much for Google Wallet or multi-player games on your phone, it's not a bad option.
Which is a major problem because my tolerance for my bank's app not working when I open it is so low it might as well be non-existent.
I personally gave up this fight.
Magisk and PINE[1] have solved this for me. Yes, even Google Wallet is all good with my LineageOS ROM. PINE is an auto-updating PIF.
[1]: https://github.com/daboynb/PlayIntegrityNEXT
...wha? I just installed GrapheneOS on my Pixel 8 Pro and it is, by a decent margin, the best custom ROM experience on a phone I've had to date.
https://grapheneos.org/usage#banking-apps
This was not a project I expected to use Discord for support. Sad.
I guess I must not run any of those apps?
Using the "simplest answer is often the best" approach, it would historically be the profit motivation at 99% probability. Currently, though, feels like surveillance and intelligence gathering is edging to the higher likelihood.
Edited to add: and maybe it's not even intelligence agencies, maybe it's purely profit driven from the personal-data-selling industry.
Might be better to form a class action.
Wouldn't that be a good reason to do small claims? I can't imagine why I'd want to wait for years in a class action when I can just do a small claims.
Also class action cases are very rare in the UK. In the past the courts have generally refused to approve class action cases. It not like in the U.S. where there’s a cottage industry around class action cases. I’ve personally never heard of a class action case happening in the UK, I know they do happen, but they’re so rare that they don’t make it into the news, and most people will never involved in one either directly or indirectly.
Would it be OK if you were forced to use only the single OS that your computer came preinstalled with?
Dead Comment
As a bonus, it also opens the door for Graphene OS should you choose to go that direction.
From Electrical Engineering apps to my various current/normal/legacy hardware that uses aux... I don't want to carry around a dongle. Ever. I don't want to attach them to things. I just want my phone to have the $3 peripheral.
Maybe I misunderstand the posting.
Then I found out to unlock the bootloader I had to:
1. get a string via a `fastboot` command
2. create a motorola.com account
3. paste string in some motorola.com page to get an "unlock code" emailed IF Motorola decides your device is "unlockable"
4. `fastboot oem unlock UNLOCK_CODE`
5. connect phone to the Internet and wait between 3 and 7 days [2] (turned out to be 3 or 4)
Until I did all that shit, the option to unlock the bootloader in system settings was grayed out.
Afterwards the device works well, but it was a terrible experience and I DO NOT recommend Motorola devices for rooting based on this.
[1]: https://wiki.lineageos.org/devices
[2]: https://nerdschalk.com/how-to-fix-oem-unlock-greyed-out-or-o...
I didn't expect their laptop dominance to exactly extend to Androids. I was hopeful.
I should have probably known better, apparently they don't do native linux support. I had to use some Fedora fanboy stuff to get my peripherals to work. It was easy, but still couldn't use most distros.