Android engineer touts Nexus openness - see also: webOS
The new flagship Android phone from Google and Samsung, the Nexus S, was "rooted" from day one of its availability. Our pals at Android Central noted the event and today pointed us to a blog post by a security engineer who works on the Android team at Google, Nick Kralevich.
Kralevich notes that with the Nexus S and the Nexus One, it's not quite right to call it "rooting" the phone, as those two Android devices are designed from the get-go to easily let developers get root access to hack away at the device. To say that you've "rooted' the Nexus S is a bit of a misnomer, all you've really done is turn on the access that was there waiting for you. Other Android devices, he rightly notes, are locked down by manufacturers and carriers and so must be "rooted" by taking advantage of some kind of insecurity to open them up for full development playtime.
....all of which should leave users in webOS land slightly bemused. Read on.
Rooting is hostile to open development
Kralevich ends with the following hope:
Unfortunately, until carriers and manufacturers provide an easy method to legitimately unlock devices, there will be a natural tension between the rooting and security communities. We can only hope that carriers and manufacturers will recognize this, and not force users to choose between device openness and security.
The open-source Android platform is often locked down and difficult to access - to say nothing of the closed-source elements from both Google, manufacturers, and carriers that gets added on. The mighty Google has been unable to convince their hardware and carrier partners to allow easy root access.
On the closed-source webOS, root access is freely available to all and doesn't even require access to a computer - just tap in the Konami Code and the device is open. The lowly Palm has shipped webOS devices on multiple carriers with this open access available to one and all.
Palm's relative openness and support helped to spur a homebrew development and hacking community that is proportionately larger than anybody looking at webOS marketshare would ever expect.
In fact, the refrain that you don't need to "root" a webOS phone is one many webOS fans have been familiar with for over a year now. We've talked about the relative 'openness' of Android and webOS on this site several times before.
(In this regard, we can lump iOS and Apple in with the Android crowd - there's still the same roadblocks thrown up in front of users, they just happen to come from one source instead of many.)
Android is Open Source - but only nominally. There are usually closed-source apps added in from Google and manufacturers and carriers. The actual hardware, as we just saw, if often locked down.
Android's openness means that often it's open to manufacturers and carriers to close it down from hacking and tweaking by end users.
On Android, there is a lot of effort that has to go into trying to uncover the latest 'sploit on an ever-increasing array of handsets from a huge group of manufacturers - each with their own particular security holes to take advantage of. Once that process is completed, adding customizations usually requires a fairly-complicated rooting process followed by flashing entirely new ROMs to add features and functionality. In some cases, those ROMs include code that developers most certainly don't have permission to redistribute - this has led to some clever workarounds (Cyanogen deserves special recognition here), but some Android hackers have been put in the position of exposing themselves to nastygrams from manufacturers for distributing their improved ROMs.
Counterintuitively, sometimes it takes a little bit of centralized control to foster openness within the ecosystem. With webOS, we have a single manufacturer making the design decisions. Luckily, that manufacturer has (to date) decided to leave their OS easy to "root."
webOS is not as open as Android. Nearly the entire codebase is closed source - although since it has a simpler architecture than Android, it's in some ways more accessible. webOS' openness means that while it's closed-source at the top, it actually can be more open to hacking and tweaking by end-users than Android.
We are lucky to have a homebrew community that quickly organized around a framework for development championed by WebOS Internals. The result is a community of webOS hackers and developers that spend their time working together collaboratively do to interesting things with the platform.
On webOS, all of the hacking effort can be channeled into patches and other improvements. Instead of spending time figuring out how to 'root' the latest webOS device, developers simply punch in the Konami Code. Thanks in large part to the organizing efforts and pure-as-the-driven-snow code distribution philosophy espoused by WebOS Internals, these improvements to webOS come on a much different system compared to Android. Rather than reflashing entire ROM images, webOS hacks come via easy-to-install and easy-to-uninstall patches to the OS. Because of this framework, developers are rarely put in the position of needing to redistribute proprietary code in order to let users download and utilize their enhancements.
Openness and Homebrew
To be sure, I don't want to denigrate the homebrew / hacking / ROM development scene for Android - the people there do incredible work and are to be commended for it. The problem is that Android's decentralized, open framework means that manufacturers and carriers can more easily hinder that development.
Wouldn't it be better if Android developers could spend more time souping up the engine and less time trying to pop the hood (and really, why lock the hood)? With webOS, the hood latch is simple to open and the engine is easily accessible (unfortunately, the webOS car/hardware in this metaphor is more Pinto than Porsche, but hopefully that will change soon).
When Kravelich asks manufacturers and carriers to move beyond the false dichotomy between openness and security we can't help but note that there's one manufacturer and a slew of carriers that are executing on his vision right now.
They're doing it with Palm phones running HP webOS.