April 24, 2014

avatar

HTC Willfully Violates the GPL in T-Mobile's New G2 Android Phone

[UPDATE (Oct 14, 2010): HTC has released the source code. Evidently 90-120 days was not in fact necessary, given that they managed to do it 7 days after the phone's official release. It is possible that the considerable pressure from the media, modders, kernel copyright holders, and other kernel hackers contributed to the apparently accelerated release.]

[UPDATE (Nov 10, 2010): The phone has been permanently rooted.]

Last week, the hottest new Android-based phone arrived on the doorstep of thousands of expectant T-Mobile customers. What didn’t arrive with the G2 was the source code that runs the heart of the device — a customized Linux kernel. Android has been hailed as an open platform in the midst of other highly locked-down systems, but as it makes its way out of the Google source repository and into devices this vision has repeatedly hit speedbumps. Last year, I blogged about one such issue, and to their credit Google sorted out a solution. This has ultimately been to everyone’s benefit, because the modified versions of the OS have routinely enabled software applications that the stock versions haven’t supported (not to mention improved reliability and speed).

When the G2 arrived, modders were eager to get to work. First, they had to overcome one of the common hurdles to getting anything installed — the “jailbreak”. Although the core operating system is open source, phone manufacturers and carriers have placed artificial restrictions on the ability to modify the basic system files. The motivations for doing so are mixed, but the effect is that hackers have to “jailbreak” or “root” the phone — essentially obtain super-user permissions. In 2009, the Copyright Office explicitly permitted such efforts when they are done for the purpose of enabling third-party programs to run on a phone.

G2 owners were excited when it appeared that an existing rooting technique worked on the G2, but were dismayed when their efforts were reversed every time the phone rebooted. T-Mobile passed the buck to HTC, the phone manufacturer:

The HTC software implementation on the G2 stores some components in read-only memory as a security measure to prevent key operating system software from becoming corrupted and rendering the device inoperable. There is a small subset of highly technical users who may want to modify and re-engineer their devices at the code level, known as “rooting,” but a side effect of HTC’s security measure is that these modifications are temporary and cannot be saved to permanent memory. As a result the original code is restored.

As it turned out, the internal memory chip included an option to make certain portions of memory read-only, which had the effect of silently discarding all changes upon reboot. However, it appears that this can be changed by sending the right series of commands to the chip. This effectively moved the rooting efforts into the complex domain of hardware hacking, with modders trying to figure out how to send these commands. Doing so involves writing some very challenging code that interacts with the open-source Linux kernel. The hackers haven’t yet succeeded (although they still could), largely because they are working in the dark. The relevant details about how the Linux kernel has been modified by HTC have not been disclosed. Reportedly, the company is replying to email queries with the following:

Thank you for contacting HTC Technical Assistance Center. HTC will typically publish on developer.htc.com the Kernel open source code for recently released devices as soon as possible. HTC will normally publish this within 90 to 120 days. This time frame is within the requirements of the open source community.

Perhaps HTC (and T-Mobile, distributor of the phone) should review the actual contents of the GNU Public License (v2), which stipulate the legal requirements for modifying and redistributing Linux. They state that you may only distribute derivative code if you “[a]ccompany it with the complete corresponding machine-readable source code.” Notably, there is no mention of a “grace period” or the like.

The importance of redistributing source code in a timely fashion goes beyond enabling phone rooting. It is the foundation of the “copyleft” regime of software licensing that has led to the flourishing of the open source software ecosystem. If every useful modification required waiting 90 to 120 days to be built upon, it would have taken eons to get to where we are today. It’s one thing for a company to choose to pursue the closed-source model and to start from scratch, but it’s another thing for it to profit from the goodwill of the open source community while imposing arbitrary and illegal restrictions on the code.

Comments

  1. Chris says:

    Perhaps you should review the actual contents of the GNU [General] Public License (v2). :-)

    Section 3(b) allows you to provide a written offer for source. I think HTC is interpreting this to mean that if you respond to their written offer for source, there’s obviously going to be a delay for them to get your written request, put together the source code and send it back to you, and they’ve decided that 90 to 120 days is a reasonable amount of time for that. (I’m assuming they actually do provide a written offer for source with the phone.)

    This delay seems to be pushing it to me — 30 days would be more believable — but I’m sure it’s legally untested. Anyway, I share the hope that the protection will be defeated; the recovery/upgrade system must be able to turn off the write-protect in order to flash a firmware upgrade, so perhaps sticking a scope on the SD pins will lead to finding out how to replay that. I hope HTC changes their mind about the feature on future phones.

    • sjs says:

      “Section 3(b) allows you to provide a written offer for source. I think HTC is interpreting this to mean that if you respond to their written offer for source, there’s obviously going to be a delay for them to get your written request, put together the source code and send it back to you, and they’ve decided that 90 to 120 days is a reasonable amount of time for that. (I’m assuming they actually do provide a written offer for source with the phone.)”

      Perhaps that is their theory, although I can find no written offer (not in the written materials that accompany the phone nor in the lengthy list of open source licenses on the phone itself). In any case, I agree that 90 to 120 days is not very believable. Although I think 30 days is likewise unbelievable (I mean, they have the source given that they shipped the phone and there’s no reason they can’t just post it simultaneously with the phone’s release) the GPL v3 gives a 30 day grace period for correction of all violations.

      [Edit: The discussion is proceeding in the GPL Violations legal discussion list.]

  2. Lucian Armasu says:

    I agree. It does seem very much like against the principles of open source. Google keeps saying that they don’t want to restrict carriers or manufacturers, because that would be against the principles of open source. But how come carriers and manufacturers get to restrict the users from modifying the open source code? Isn’t open source all about giving access to ANYONE to it, whatever version it may be (HTC’s version in this case)?

    I could live with the idea of giving free hand to carriers/manufacturers because it’s open source, but I can’t stand seeing them lock it down like a Federal vault. If Google really wants Android to be fully open source, then they should actually make it like that and don’t let anyone restrict it without an easy way to bypass that restriction.

    • littlenoodles says:

      Yeah, they’re kinda violating the spirit of the thing, but the GPL doesn’t dictate the spirit in which you use the code. The fact remains that anyone’s free to take the code and use it build a competing phone that does not depend on lock-down for its business model.

      Whether you can find a phone company to let you use that phone on their network is anither issue altogether – unrelated to the GPL. Do the phone companies have a right to sell you an ‘unlimited internet connection’ and then proceed to restrict what devices can do over that connection? Because that’s what they’re doing by locking down their phones (or requiring OEM’s to do that as a condition for access to the network). HTC has little to do with this – except that they’re willing to do the bidding of T-Mobile in order to remain in business…

      So that’s where the FCC ought to get involved – that is, unless Republicans take control again, in which case, you can expect those freedom loving libertarians to show a lot more love to T-Mobile than to you.

  3. kl says:

    @Lucian Armasu:

    Google uses Apache license for most of Android, which gives freedom to developers (carriers), including freedom to make product closed for users.

    GPL (used for the kernel) has opposite goals and gives full freedom to users by limiting freedom of developers (so carriers are not allowed to make source of distributed kernel secret).

  4. Khürt L Williams says:

    The operating system I’m using right now, Mac OS X, is based on open source BSD. That license gives Apple the right to do whatever the heck they want with the code. I’m glad @KL pointed out that the Android license isn’t cut and dry “open”. People tend to conflate open source with the GPL.

    • Staf says:

      Mac OS X, is based on open source BSD.

      But Mac OS X is not open source.

      greets,
      Staf.

      • Kristoffer Lawson says:

        This depends on what you consider “OS X” to be. The kernel is actually readily available, but the GUI components are not. Then again, it is the GUI bits which are different on the various OS X type devices (AppleTV, iPhone etc).

  5. Sheldon Els says:

    Perhaps the FSF would be interested in putting pressure on HTC to help us get proper use of the GPL license by providing sources on the day of release of the software?

    • Anonymous says:

      How about getting the FSF to relent on the GPL and move towards free licenses?

      • Anonymous says:

        YOU can donate whatever effort you want under a BSD style license and leave the GPL out of it.

        The GPL is about innovation being shared, and compounded.

        The BSD style license is fine, but it does not FORCE innovation to be shared.

      • John Millington says:

        (I know you’re trolling, but I’m going to pretend you’re serious.) The very term “free license” is vague; say what you really mean.

        Whichever freedom you’re referring to, probably isn’t the one that FSF is trying to promote. They’re after maintenance freedom, and not all “free licenses” promote maintenance freedom. If a “free license” results in an end user only having one single choice for who is allowed to perform maintenance, then from their PoV that license isn’t useful. That license may serve other goals admirably (e.g. increase developer freedom) but at too high a cost to someone else’s freedom.

        And that’s the problem here: these phones can’t be maintained by the user or whoever they choose to hire, despite the fact that the kernel was originally licensed with that intent. HTC is these users’ only choice, and since HTC’s interests conflict with the users’ interest, users who buy this phone aren’t going to get the features that they want. GPL was intended to prevent that situation, but the “Tivo-ization” trick is a way around it.

        This issue is part of what distinguishes the often-conflated terms of Open Source and Free Software. When RMS makes a big deal about it, he’s not just being pedantic or trying to control the terms that people use; he’s talking about a tangible and objective difference in what users end up having and experiencing.

  6. _mind says:

    From GPL2:
    The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable

    HTC has failed to provide the scripts that control the compilation and installation of the kernel on _all_ of their source code releases. These scripts would necessarily include the signing key (the ‘control’ part), as the GPL is ostensibly about making modifications to the distributed binary.

    • Anonymous says:

      The GPL V2 protects the information ( the source code ) from being restricted. It makes no provisions about hardware nor your ability to run modified versions of the software on any particular hardware. That was the purpose of the V3 GPL. Under V2, you are free to take that source code and run it ( or a modified version of it ) on your own hardware, but it does not require that HTC give you any signing keys to run any software on their hardware.

      • JK says:

        Well, it requires them to provide you with installation script. I think in mobile phone terms it means software needed to flash new firmware.

        But world is full of big companies not respecting their own license agreement. For example Windows EULA

  7. Anonymous2 says:

    “but it does not require that HTC give you any signing keys to run any software on their hardware.”

    Once they sold it to me, it is my hardware. HTC is required to provide keys to my hardware, however the linux kernel community does not care.

    It was a strategic decision by FSF fix the issue in V3 as opposed to going to courts. V2 language is clear ” plus the scripts used to control compilation and installation of the executable “

  8. Anonymous says:

    What about requesting them to remove those part of the code you have written, until they release the code, sadly non of my code/patches has to do with the features in a cellphone, otherwise I think I would had asked them to remove some code.

  9. Anonymous says:

    Contact the FSF and get that license enforced.

    Then make sure you ONLY support company’s with products that comply.

    If that means a ban on HTC products, so be it.

  10. ewan says:

    Contact the FSF and get that license enforced.

    Good grief. It’s well past time this stupid idea died. The FSF holds no copyrights on the Linux kernel, and has no standing to enforce the licence. If it’s going to be done, it needs to be done someone that actually wrote (some of) the code in question.

  11. Anonymous says:

    So much for the “true” successor of G1. Btw HTC haven’t release bluez source code for mytouch slide too. Aren’t those things supposed to be protected by gpl?

  12. Alan says:

    I have an Eris and this thing is horrible. I won’t buy another HTC product again. HTC either make crappy hardware, or when they make superb hardware, they lock it down so much. When is a hardware company going to make an “open” phone?

  13. Andrew says:

    Easy solution: Don’t buy anything from HTC.
    Tell all of your friends to not buy anything from HTC.

    There are plenty of better options out there.

  14. Anonymous says:

    Maybe its me but this article seems like it came from someone that just happened to stick their nose in on Android happenings and jumped to conclusions.

    HTC has been releasing source code to their kernels. Modders have made custom ROMs with it. The releases normally seem to come a little while after the phone is released. Am I missing something here?

    Second it appears that one of the top modders has discovered that the feature thats supposed to keep people from rooting is not a feature at all and is actually a bug. The modders appear to have gotten around it because they have video of CyanogenMod running on the G2 already.

    • sjs says:

      “HTC has been releasing source code to their kernels. Modders have made custom ROMs with it. The releases normally seem to come a little while after the phone is released. Am I missing something here?”

      Yes. Such behavior does not comply with the GPL, as described in the article.

      Cyanogen can run CM6 after temp-rooting and tweaking the running kernel to switch over to CM6. Everything goes away at reboot.

      Go to the wiki link I included in the article, or better yet hang around #g2root in freenode for awhile if you really want to know what’s going on.