Google's Android engineers defend the open source platform, arguing that carriers and handset makers who lock down their Android smartphones beg for rooting exploits.
Google's Android team prefers that carriers and handset makers provide
unlocking mechanisms for Android smartphones so application developers can
tweak the operating system without circumventing Android's security.
Android, which is aggressively challenging Apple's iPhone in the U.S.,
is by nature open source. However, wireless carriers and handset makers
"lock down" the devices to prevent tech-savvy folks from accessing with
the software that is hand-picked for their specific phones.
Such moves provided fodder
for Apple CEO Steve Jobs, who openly questioned the open
source promise of Android when third-party companies leverage the platform as
they see fit, then close it down to others to protect their products from
In truth, some developers deliberately exploit the device to gain root
access, prompting claims that the platform is insecure.
When Engadget reported that the Nexus S-which launched
Dec. 16 unlocked or with a two-year contract from
T-Mobile-had been rooted
, a commenter claimed in a not-so-delicate manner that
this happened because Android's security was inadequate.
Nick Kralevich, an engineer on the Android Security team, took exception to
the claim in a blog post
Dec. 20. He noted that Google-branded Android
phones, such as the Nexus One and Nexus S, are designed to allow developers to
customize the operating system.
Kralevich explained that all Android apps adhere to strict permissions and
are "sandboxed" from each other to prevent any bugs from infesting
Despite Google's efforts at protecting its platform and consumers from malcontents,
there are those who conduct rooting attacks by exploiting a security hole on
Kralevich's argues that carriers such as Verizon Wireless and AT&T and
handset makers such as Motorola and HTC are
partly to blame because they don't readily allow benevolent developers to
unlock devices for customization.
This leads to tension between the rooting and security communities.
"We can only hope that carriers and manufacturers will recognize this,
and not force users to choose between device openness and security. It's
possible to design unlocking techniques that protect the integrity of the mobile
network, the rights of content providers, and the rights of application
developers, while at the same time giving users choice."
Ars Technica offers the best technical write-up of the issue here