ROM Modding as Consumer Protection

Yesterday, I blogged about Cyanogen Inc. and their prospects. Those prospects can go up a lot with the work of a few enterprising consumer protection advocates.

There are countless Android devices with security flaws. Some of those flaws have been fixed in newer versions of Android, but device manufacturers and/or carriers have decided not to make those newer versions available for certain devices. Some of those flaws are unique to specific devices, due to engineering failures.

As an example of the latter, Justin Case (nom de plume of an Android security researcher) posted yesterday a disregarded root exploit for the Motorola Defy XT, as shipped by Republic Wireless (a small US MVNO/WiFi firm). Here, by “disregarded”, I mean:

The responsible parties for this have informed me that this issue will not be fixed due to the age of the affected device.

Consumer protection laws exist for many types of products. Imagine that instead of this being a phone with a security flaw, that this was a car with a brake flaw. Once this flaw was publicly discovered, there is no way that the car manufacturer would be able to say “sorry, we are not going to fix it, due to the age of that car model, even though we are still selling it today”.

Consumer protection laws would require the car manufacturer to issue a recall and repair the affected car. There are certainly limits — in the US, car recalls only have to go back 10 years from when the defect was discovered, for example. However, since Republic Wireless sells the Defy XT today, age cannot be a consideration.

Consumer protection laws for smartphones should require one of three possible remedies when a flaw is found that could be used to prevent the use of the device for essential operations (e.g., calling emergency numbers):

  1. Replace the device, for free, with a equal-or-better newer device lacking such flaws

  2. Ship an update to the OS for the device that fixes the flaw, or otherwise supplies tools to device owners to fix the flaw

  3. Allows users to replace the OS on the device with a ROM mod that does not contain that flaw

The third item above, of course, has been part of the argument for allowing ROM mods since the early days; I am saying nothing new here. However, the argument that we hear a lot about ROM mods is “freedom”, and while that is a powerful rationale, it does not always fit the mold of something that existing organizations can latch onto in order to push change. Consumer protection, on the other hand, has been well defined for ~50 years, in the US at least. Finding somebody to fight in Washington (or Sacramento) for consumer protection should be significantly easier than finding somebody to fight for more nebulous, if no less important, aims like “freedom to run what we want”.

The AndroidX Tech site contains source code, transitive dependency details, and much more for Google’s androidx artifacts!