Google’s Android team prefers that carriers and handset makers provide unlocking mechanisms for Android smartphones so application developers can tweak the operating system without circumventing Android’s security.
Android, which is aggressively challenging Apple’s iPhone in the U.S., is by nature open source. However, wireless carriers and handset makers “lock down” the devices to prevent tech-savvy folks from accessing with the software that is hand-picked for their specific phones.
Such moves provided fodder for Apple CEO Steve Jobs, who openly questioned the open source promise of Android when third-party companies leverage the platform as they see fit, then close it down to others to protect their products from consumers.
In truth, some developers deliberately exploit the device to gain root access, prompting claims that the platform is insecure.
When Engadget reported that the Nexus S-which launched Dec. 16 unlocked or with a two-year contract from T-Mobile-had been rooted, a commenter claimed in a not-so-delicate manner that this happened because Android’s security was inadequate.
Nick Kralevich, an engineer on the Android Security team, took exception to the claim in a blog post Dec. 20. He noted that Google-branded Android phones, such as the Nexus One and Nexus S, are designed to allow developers to customize the operating system.
Kralevich explained that all Android apps adhere to strict permissions and are “sandboxed” from each other to prevent any bugs from infesting other apps.
Despite Google’s efforts at protecting its platform and consumers from malcontents, there are those who conduct rooting attacks by exploiting a security hole on the device.
Kralevich’s argues that carriers such as Verizon Wireless and AT&T and handset makers such as Motorola and HTC are partly to blame because they don’t readily allow benevolent developers to unlock devices for customization.
This leads to tension between the rooting and security communities.
“We can only hope that carriers and manufacturers will recognize this, and not force users to choose between device openness and security. It’s possible to design unlocking techniques that protect the integrity of the mobile network, the rights of content providers, and the rights of application developers, while at the same time giving users choice.”
Ars Technica offers the best technical write-up of the issue here.