T-Mobile sneaks "rootkit" into G2 phones - reinstalls locked-down OS after jailbreaking

Update: See more on this here

James Losey from New America Foundation writes, "I thought you might be interested in a new 'feature' of the latest Android phone. Officially released tomorrow October 6, some T-mobile stores began selling the HTC G2 yesterday. Within 24 hours, users have discovered that the phone has built-in hardware that restricts what software a device owner might wish to install. Specifically, one of the microchips embedded into the G2 prevents device owners from making permanent changes to the Android operating system, re-installing the original firmware."

Plugging a USB wireless modem into a laptop for T-Mobile's broadband services does not mean that T-Mobile can say that Ubuntu Linux is not an approved operating system, or that Skype is not an allowed voice service. Yet when unsuspecting members of the public buy Google's Android G2 at a T-Mobile store, they aren't getting a customizable mobile computer or phone but are instead getting a device where the hardware itself dramatically limits users' right to make changes to their computers and install the operating system of their choice.

Clearly, this is a major new initiative to control users rights to run their computers as they see fit. Instead, the new Google Android hardware rootkit acts just like a virus -- overriding user's preferences to change settings and software to conform to the desires of a third party. And just like a virus, this kind of behavior should be just as illegal. Users of the new Google Android G2 should be warned that their device has a rootkit that will overwrite their software modifications. We are seeking further clarification as to the legality of this malicious software.

Newest Google Android Cell Phone Contains Unexpected 'Feature' -- A Malicious Root Kit. (Thanks, James!)

(Image: Fuck T-mobile, a Creative Commons Attribution (2.0) image from gillyberlin's photostream)


  1. Why?

    what is the reason they do this – why go out of your way to reduce your customers experience, and in a sly way too…can anyone tell me?

    also is this google or t-mobile doing this?

  2. If you go to actual XDA forums there is no mention of any rootkit. They are disregarding this article as BS. Article is misinformed and doesn’t have credible sources.

  3. The behaviour is probably valid, but it’s not really a rootkit in the strictest sense of the word. There’s a valid argument about owning your device implying that you have control over the software that the device runs, and hardware manufacturers taking that ownership away from you with respect to software, but this isn’t the way to do it.

  4. Yep, I’m gonna cry bullshit on this one, at least until there’s any kind of credible evidence at all. the links they provide at the end of their article are completely unrelated to the issue they describe.

    Sounds like Apple-sourced FUD to me.

    But it might just be that the concept of a “hardware rootkit” is… just too wrong-headed to be real.

    1. So here’s what I’ve heard.

      1. This isn’t “a rootkit”.
      2. What it is is HTC (who make the phone) disabling writes to /system.
      3. Thus, it frustrates attempts to get root.

      It’s annoying, and I have no idea why they’ve done it.

      But it demonstrates something that I’ve been saying for a long time – in a year or two, you aren’t going to be able to buy an Android phone that isn’t as locked-down as an iPhone (ie you have to jump through jailbreaking-style hoops to get access to it). The era of “open Android” is coming to a close.

  5. As a G2 owner, its a bit annoying I can’t scrape some of the pack-in apps off my device.

    On the flipside of this argument, hopefully this will help keep new users like me from bricking the phone as we tear into the (amazingly unmoderated) app market.

    Its only been on sale a couple of days, they’ll crack it eventually.

  6. I’m betting this is nothing more than a network-activated Factory Restore to wipe any sensitive data off of stolen phones.

    It’s a useful safety feature if so.

  7. If you have a look at the forum you can read about it.

    Basically whenever the device is rebooted all the files in the /system folder are overwritten by some hardware. The folder is restored to some previous state and the phone is locked down again.

    So you can jailbeak the device but once you reboot it it will be locked down.


  8. And the Android Robots will be incoming to claim this couldn’t possibly be true in three… twoo…. shit they beat me to it.

    The fact is that if this story was about iPhone, there would by now be 300 comments claiming this was typical Apple evul from a company that wants to control the universe. NO ONE would be saying they don’t believe it “until there’s any kind of credible evidence”.

    That’s not to say the story is correct – but I hope that the next time some bullshit story comes out about, say, Apple ordering cops to beat up protestors or inventing some super-DRM which will be applied to everything you own, you all stop and think for a minute instead of rushing to your Twitter-barracades.

  9. The openness and flexibility of Android sure is a double edged sword. Lucky me, I live a place where carriers never had a big habit of neutering or locking down phones much. But I understand you can avoid these problems by getting neutral handsets like say the Nexus One?

    Anyway, I <3 Android.

  10. Thats the price you pay for the “free” handset from your carrier. Of course, the anticompetitive cell phone industry in the USA doesn’t leave you much of a choice. There will always be better hardware with no preinstalled Bing (looking at you, Verizon) crap if you buy an OEM Android.

    1. Thats the price you pay for the “free” handset from your carrier.

      T-Mobile is actually one of the more enlightened carriers. You can buy the phone for full price and get cheaper monthly service or get a subsidized phone and more expensive monthly service.

      The problem is, even if you buy the phone, it is still locked down.

    1. /s noooooooooooooooo. I want this onnnnnnnnnnnnnnneeeeeeeeeeee. /s
      Personally I am moving away from android. I bought the droid as it was a google experience phone. Now that there will never be such thing as this ever again, I have lost interest. Used to be android was unique and different. Aside from whether this story is true or not. It doesn’t matter. I might as well go back to my jail broken iPhone. I guess this means android is wearing big boy pants nowadays since they want to cock block just about every good thing about the phone. Vzw recently started doing this by putting bing on the newer android handsets. They have also been increasing the amount of crap where on their droid phones. Sigh. For a brief period of time My nerd lust of google and Linux, hacking where at the perfect intersection.

  11. Meh, it’s a phone, not a computer.

    I also can’t change the software on my TV or in my satnav, why would I care that I can’t change it in my phone? If you don’t like the OS then don’t buy it.

    But then I’ve also never felt the need to jailbreak an iPhone. I’m paying for the convenience of not having to deal with the OS and the UX when I buy the phone, I’d rather not take that responsibility on myself thanks – and ‘freedom’ aside, this isn’t a service, it’s a product; it’s not always up to you how you use it.

    Time is money friend.

    1. “I also can’t change the software on my TV or in my satnav”

      Yes you can. Hell you can run alternate firmware in your router. Rockbox can be installed on most mp3 players. You can run various forms of linux on GPS devices. Same for TVs. Just because you don’t know how to do it or wouldn’t care to doesn’t mean it’s not possible or desirable to other people.

  12. I’m really glad I saw this. I’ve been planning to grab one of those puppies.

    Now I’m considering just dropping T-Mobile.

  13. Defend this commons, this code is our code. The freedom to run the code or unsalient alternatives.

  14. Darn right, it’s just a phone.

    There must be quite a few who find a sort of perverse delight in playing the never ending game of jailbreak-and-recapture with their smartphone carriers. Not me!

    Since I can’t get a smartphone/tablet plan which provides both true user ownership of the hardware and an uncapped data stream, I’m quite content to get by with my barebones Virgin voice-only phone and my wi-fi netbook.

    Why beat your heads against the wall??

    It’s interesting how many here are ready to vote with their feet against the RIAA oligopoly but won’t do the same with the wireless oligopoly.

    1. “It’s interesting how many here are ready to vote with their feet against the RIAA oligopoly but won’t do the same with the wireless oligopoly.”

      I have. Of course I took the good fortune not to live in a country where there is a healthy competition between phone companies and you can move between them easily.

      Sim free phone and 30 day rolling contract FTW.

    2. “It’s just a phone,” huh?

      It’s a phone that can do more than most people’s networked PC’s in the mid 90’s with a different, but absolutely *real* software ecosystem surrounding it. Sorry, mate, but it *is* a computer, one that happens to also be a cellular phone.

      This stuff does matter, and the way people go about these things matters too. I’m an iPhone user myself, not jailbroken, because I find the stability and usability tradeoffs acceptable. If you don’t, fine, no problem, do what you want. For me, I’ve never in my years of owning a phone been happy with all the carrier-cruft. Is it kind of the same thing for the carrier to do this stuff as for Apple to do it?

      Only kind of. Carriers have different motives, methods and results and, ultimately, the aesthetic of the damn thing matters. This is the part that so many people refuse to acknowledge as valid… my Apple stuff isn’t just pretty for the sake of pretty. It works better. Attention to detail and quality are what we used to call “elegance” in engineering circles. Apple has it. Most other companies don’t and the hacks at cell carriers damn sure don’t. Nor, as I said, do they have much incentive. They’re fighting hard not to be a dumb pipe for data (and losing that battle, IMHO) and these sorts of control methods are how they force their own relevance.

      I care about that stuff and I’d rather Apple censor an app now and again than deal with carrier nonsense, buggy phones and the nest of toxic thorns that is the Android app market.

      1. “Sorry, mate, but it *is* a computer, one that happens to also be a cellular phone.”

        Maybe I should have phrased my post thusly: Would you buy a computer that was locked down by your ISP? ‘Cos I wouldn’t.

        Anyone who signs a contract for smartphone service which permits the carrier to jail the phone has zero right to bitch about it.


        Don’t like what they do? Don’t give them your money.

  15. “it’s just a phone” and a web browser, email device, GPS (with Google Maps), media player, camera, compass, level, metal detector, metronome, barcode scanner, alarm clock, flashlight, game console, and TV remote. It runs Dropbox, Skype, Pandora… so clearly it’s “just a phone.”

    I have faith the Android community will overcome this temporary obstacle. How many “unhackable” products have been released that actually lived up to that name?

    1. Hear hear!

      The corporate pea brains are so naive. They never see true cause and effect because of their need for absolute control.

      iPhone jailbreak is used mostly for carrier-mandated crippling. PS3 jailbreak happened *after* Sony took out OtherOS feature. Coincidence? Maybe, but I doubt it. Most homebrew developers and real hackers hate pirates.

  16. Damn it, this was going to be my first smartphone. T-Mobile just lost a customer. I’ll buy the Verizon version of the G-2, the Merge, unless they lock it down to this extent as well.

    1. I doubt you will have a lock down free phone from Verizon either.

      All in all I like the G2, and at least at this point, I don’t see the need to root it. If the day comes when I need to do that, I’m sure someone will have found a solution to the problem anyway.

  17. I have a G2, I’m irritated that it doesn’t have the wifi-tethering (that works fine on my gf’s nexus 1). I’m sure if I’m patient there will be a community provided fix to this problem.

  18. “Plugging a USB wireless modem into a laptop for T-Mobile’s broadband services does not mean that T-Mobile can say that […] Skype is not an allowed voice service.”

    Actually, yeah, it does. Verizon, for example, can cut you off if you’re caught using VoIP over their 3G.

    Worse, the “Net Neutrality” plan endorsed by Google actually enshrines this behavior in the rules.

  19. I’ve got an iPhone that uses Tmobile in Europe, and can say their connectivity is crap on it there.

  20. The alternative may involve occasionally saying “no” to that part of your brain which keeps exclaiming “Oh, Look! New! Shiny, shiny!”

    Sometimes you may have to say no for quite a while. I manage to do so.

    1. I’ve owned three mobile phones in my life, only the latest is a smartphone. I don’t jump at “shiny”.

      It’s great that you’re in a market or situation with choice. Do you believe that this is universally true?

      1. As I said upthread, I have the cheapest plan I could get from Virgin Mobile ($20 a month, $15 for the phone).

        I have data and text switched off, it’s voice only.

        Up until last year, I had a Motorola flip phone which I originally got in 2003: again, voice only.

        So my choice, where all the new, shiny smartphone plans come with data caps and jailed phones, is to opt out.

        If enough other people did so, the problem would eventually solve itself.

        1. That’s certainly a market utopian perspective.

          Sadly, the reality is that the market is (obviously) not rational. In fact, cannot be, as long as the available options are stacked.

          I’ll certainly buy an unlimited data, non-jailed, stock Android, reasonably priced package with excellent coverage and top of the line hardware as soon as it comes along. Especially if it comes packaged with unicorns!

          But waiting for that seems overly optimistic (even without the unicorns). Sometimes the perfect is the enemy of the good: In my case, I have a smartphone with unlimited data and a reasonable rate, but a slowish locked phone with “Touchwiz”.

          Waiting for the perfect concordance of features is indistinguishable from indifference to the market. Choosing the best *available* option has more influence.

          I hope you are able to wait it out and get the best deal, though. Buying technology is also like getting a haircut: the longer you wait, the more you get for your money. ;)

          (My first two phones were V-Mo, as well. The choice of drug dealers and cheapskates!)

          1. “The choice of drug dealers and cheapskates!”

            I’m certainly the latter. Every connectivity option that’s come my way for the last 25 years has been viewed through the lens of “Am I gonna feel like I got my wallet rifled through on this deal??”

            It goes back as far as using offline reader/responder programs in the days when Compuserve and GEnie billed by the minute.

  21. I’m with you Charlotte 100%, anyway… something from the Xda developers will comes up to sort it out the problem,..however… Kerry you’re wrong my friend,Do you like the Apple policy? good for you!, I think you are with the 2% of iPhone owners that are happy with Steve job’s marketing madness,a part of that!… what’s is wrong with the Android market? if you use your brain nothing is going happen to your device because you can choose what you want to install on your handset, and don’t tell me please that for the iPhone you cannot find stupid applications on the market?!it’s full of it!! I’m an Android myself with Htc Hero.. white 3UK rooted and an Htc Desire no-rooted for different reasons, believe me both of them have more then 120 applications, they are both fast with no problems whatsoever in terms ..like you said of ” usability, stability and so on, they are simply perfect…they are open source.Kerry We don’t like limitations, we like elegance too.

  22. It’s not a rootkit in the strict since of the word but I am still really pissed off about it. It’s not actually a bad feature, except that it is being forced on the user. I’m sure it won’t be long before someone figures out how to hax0r it, but it’s bullshit anyone has to waste time figuring that out. The G2 was supposed to be the heir to the original “googlephone”, the G1. I absolutely loved my G1, it’s only flaw was that it was slow and incapable of surviving as laundry. I am pretty happy with my G2, but it is not living up to the marketing. It was supposed to come with vanilla Android, instead it comes with TMO shit embedded in an OS that is forced on the user. As of now you can’t run vanilla Android on it. It also comes with 2gigs internal memory, on paper it is supposed to have 4gigs.
    My biggest complaint though: There’s no fucking number row on the keyboard!

  23. I have a hack that might solve this. A legal hack, not a technical hack.

    I bought a T-Mobile myTouch, and found it to be loaded with spyware, including about 50 apps, which it would not let me uninstall. These apps came with permissions to read call history, files, text messages, contacts, basically everything. These are apps from companies I don’t trust, like Facebook. Oh and I can’t uninstall them.

    So here’s my idea.

    These apps are all copyright and all come with End User License Agreements (EULAs).

    What I will do is look at the EULAs (they came with the phone) and see who I am licensing the software from. Then send a letter:

    “Dear Sir:

    I no longer agree with the terms in the EULA for _____ which came my purchase of a T-Mobile myTouch on November 15, 2010. I propose the following replacement EULA:

    Licensor (“Facebook Inc”) grants licensee (“My name”) a perpetual, royalty-free, non-exclusive license to redistribute, decompile, modify, sell, make available for download, incorporate into other products or systems, and / or sublicense, the (name of app). Further, licensor grants licensee a perpetual royalty-free license to use and sublicense any of Licensor’s patents which may be used in the application.

    If you disagree with this new EULA, respond in writing within 30 days. Otherwise, non-response indicates agreement. In any case, I exercise the option in the EULA to exit the agreement, and it indicates that I must return or destroy all copies of the software.”

    That’s my idea. I need to send them a letter like that. I notice that after I make a call, the 3G connection icon lights up, indicating that some app is uploading my call data, and I have no way to block it.

  24. I think this will only prevent a persistent partial root. kind of like the first unrevoked for the evo that had to be run after every reboot. once nand write access is obtained this won’t be an issue, if it even ever was.

  25. But I thought Android phones were open? Anyhow, rest assured that Apple is watching this very carefully.

    1. Android phones *are* open, until providers modify them (by using the open platform to build a closed one, sadly).

      Unlocked, stock android phones are available, though expensive (as compared to subsidized ones).

  26. A lot of this kind of bull is why i have a jb’d ipod touch and a cheap prepaid t-mo phone. the phone runs me about $100-$150 a year for minutes. the ipod touch is fully open and not subject to over the air usurping.

    i’d love to have internet everywhere, but not to the tune of a couple thousand dollars over a 2 year period. wiki2touch means i have 4 gigs of wiki text offline, which suffices for rudimentary info cravings.

    the jailbreak hasn’t compromised the ipod and isn’t complicated to perform. a bit time consuming perhaps, and cydia isn’t great, but at least I can have 5 column apps, backgrounding, wallpaper, and unauthorized wifi tools. most are purely cosmetic (“slide with dick…” unlock text) but hey, it’s my device, and i want it customized. sbsettings is a godsend for controlling wifi on/off and brightness and killing processes.

  27. Up next… Calvin Klein creates clothing that is unalterable and will repel any accessories of an unapproved color or style placed anywhere near it.

  28. Sorry to say, this is a dumb question because I’m ignorant. Please bear with me.

    For a couple of years now my household has been using generic GSM mobile phones with prepaid T-Mobile SIMs. I buy the phones unlocked from internet vendors, typically for $50 or $100, and drop in the SIM cards.

    I activate the service online. T-Mobile never even knows who I am and doesn’t seem to care, not that I particularly care whether they do. Then I buy a card at the drugstore to add $100 worth of minutes which don’t expire for a year, and later add more prepaid minutes from cards as I need it.

    These mobiles make phone calls just fine (well, within the limitations of T-mobile and its relatively sparse coverage). Admittedly, some of the fancy features don’t work, though on one of them I can use the “internet” button to get to T-zones and see my minutes balance (not that I really need to).

    So in the unlikely event that I should ever get a craving for a smartphone, is there any reason I can’t buy a generic unlocked Android phone and drop in a SIM (or whatever equivalent chip they use) for any carrier I want? Or is the whole interoperability of GSM an anomaly imported thanks to Europe’s slightly more enlightened mobile phone laws?

    Again, apologies for my ignorance. Just wondering.

  29. As long as there is a tech savvy nerd, with a super computer or a handheld computer( smartphones) there will always be a way to get around the “security measures” and set up the OS anyway you feel you need to. Just don’t brick your phone doing it.

Comments are closed.