Hacker News new | past | comments | ask | show | jobs | submit login
Unlocking the Pixel 9 bootloader breaks some Pixel AI apps (liliputing.com)
91 points by edward 3 months ago | hide | past | favorite | 81 comments



This isn't unprecedented, Sony used to encrypt most of their phones image processing stack with a key which was deleted forever if you unlocked the bootloader, making the camera permanently perform much worse even if you re-locked the bootloader later. Likewise with Winevine DRM, unlocking the bootloader will break L1 playback, either forever or until you re-lock depending on the device.

I'm guessing this is Google similarly trying to stop people extracting their local models by not letting unlocked devices access them. I wonder if they'll also crack down on porting the Pixel Camera app to non-Pixel devices, people have been doing that forever because the processing is better than many devices native camera apps.


That this is legal is crazy to me. Such a strong reason to split up the hardware and software sides of the businesses.


Why would it be illegal?

I’m not saying it’s right, but what would the law look like making it illegal and what would the impact be positive and negative?


> Why would it be illegal for a manufacturer to retain full control of what you do on your device after they've supposedly sold it to you?

The fact that this question even needs to be asked at all shows just how dire the state of consumer rights in tech is.


Who’s asking that question?


It's a rephrasing of your question, isn't it?

If there's a difference in this context, please clarify.


It’s not. It’s an uncharitable interpretation of my question, aka straw man.

I was hoping for a discussion about exactly what I said. The basis for such a law and its impacts.


It's not a strawman. They were specifically answering your question of "Why would it be illegal?" and not delving into the specifics of what the law would look like. And the answer they gave is that it's bad for a manufacturer to retain control like that of a device you own. Also that it's a consumer rights issue, basic enough that nobody should need to ask why.

I guess the shouldn't have used the word "full" but that's pretty picky.

It looks like a pretty reasonable argument to me. They didn't discuss the basis but "consumer protection" seems to me to be sufficient basis. For impacts, I'm not sure what you're looking for; without being an expert it's hard to go beyond "companies stop doing that". But either way, replies don't have to answer every question you asked.


> what would the law look like making it illegal

How about "you can't sell a tool that actively works against the interests of the customer"?


Or "you have to advertise it as such".


This is much better than GPs attempt, because, tobacco. Or, well, anything, really.

I'm sure some more targeted path could be taken. Like outlawing selling non-OSS. That sure would be nice...


This sort of crap was banned under the first sale doctrine (which basically said that if you sell a thing, then the buyer owns the thing, including the right to use and resell it, and even the patented parts of it). The impact was overwhelmingly positive.

One could argue that using copyright and eulas to bypass first sale is a misuse of copyright (the standard penalty for that is “you lose your copyright”, which seems completely reasonable and proportional to me).


There's no right of first sale for copyrighted code.

https://en.m.wikipedia.org/wiki/Apple_Computer,_Inc._v._Fran....

> The district court found in favor of Franklin. However, Apple appealed the ruling to the United States Court of Appeals for the Third Circuit which, in a separate case decided three days after Franklin won at the lower level, had determined that both a program existing only in a written form unreadable to humans (e.g. object code) and one embedded on a ROM were protected by copyright. (See Williams Elec., Inc., v. Artic Int'l, Inc., 685 F.2d 870 (1982)). The Court of Appeals overturned the district court's ruling in Franklin by applying its holdings in Williams and going further to hold that operating systems were also copyrightable.


> There's no right of first sale for copyrighted code.

Yes, that was the premise of the complaint.

> Citation

I don't see anything here that resembles first sale, just a ruling that copyright applies to compiled code. The concept of first sale doctrine is that despite the presence of the seller's ip the seller loses control over most uses. Nobody is arguing against the existence of the copyright.


Why would object code be such an important difference? Are we glossing over the fact that this is how computers were programmed and that people very much did read and write this format?


> I'm guessing this is Google similarly trying to stop people extracting their local models by not letting unlocked devices access them.

It seems like it's not even that thought out. Google allows the devices to fully download the models...just not run them?

If you want the models, here ya go: https://pastebin.com/jh4YG5jX

That's every file the app downloads on launch.

EDIT: Seemingly I'm wrong. Someone below in another comment stated that they are not allowing the device to download the Gemini Nano model and that's what the failure is from.


Is this the same model?

Someone looks like they extracted it and uploaded to HF.

https://huggingface.co/wave-on-discord/gemini-nano/tree/main


Oh wow, that's interesting, thanks for sharing. I was experimenting with the Pixel Recorder app, which calls into the AICore system service, which calls into the Protected Download API to download its models. Based on the URLs ("pixelai-models" vs "aicore-models") it looks like Pixel Screenshots is doing its own thing and not using AICore.


It does the same thing re: hooking, but downloads most (if not all?) of the models, only at the end does it fail with "precondition check failed" from the server which aicore just repeats.

I haven't gotten further in it to figure out what it's bailing out on, aside from the request going to google using the trusted dl service and failing. It could be the same model call and they are being oddly protective over gemini nano.


But are they encrypted?


I'm not super well versed in TF, so I have no real clue.

But the files seemingly all have headers. Maybe TF offers an encrypted "inside the file" while having the headers not encrypted, but unless they do it doesn't look like it.


Unlocking the bootloader has long broken a lot of functionality. Play Integrity (formerly known as SafetyNet) provides three levels of checks, and increasingly apps are requiring the phone to pass the second level in order to use the app.

Until last year, it was possible to spoof the second level (though not the third), with an unlocked bootloader, but Google started cracking down on that hard and it's essentially a game of whack-a-mole. Because the spoofing requires finding the fingerprint for a supported device that hasn't yet been banned (of which there are a finite number), it's a losing battle.

That said, unlocking the bootloader on Pixel devices is less useful than it used to be, because of an expansion between what the base device already does and a degradation of what an unlocked and/or rooted device can do. There are fewer custom ROMs than there were a decade ago, and (unlocked) Pixel devices get rapid updates with long official support.

Rooting the device used to give you the ability to install custom adblockers and bypass screenshot restrictions, but Android now has better support for DNS-based adblocking built in, and they've now cut off the main loopholes that allowed people to screenshot apps that block access. I think it's now impossible to screenshot an app if the app has blocked screenshots[0]. Ironically, it's easier to screenshot or get videos of apps on iOS than of those same apps on Android - I don't know if that's because developers don't bother to implement the blocking APIs on iOS or some other reason, but more than once I've ended up having to pull out a backup iPhone in order to screenshot/record something I couldn't on a Pixel device.

Pixel phones already don't include most of the bloatware that comes with other devices, and the remaining stuff is built in and can't really be removed without impacting the core functionality of the device. So root access gets you a lot less than it used to, for Pixel devices.

[0] In the spirit of classic bash, I am asserting that it's impossible, half hoping that someone will take that as an opportunity to correct me: https://web.archive.org/web/20230711000352/bash.org/?152037


An unlocked bootloader is the only way to take a local backup of app data now, afaik, since they've made the adb backup tool more and more useless - and phone transfers too.

So you can either have no banking app, lose all your data when your Pixel glitches out, or (recommended option) upload all your data to the cloud for the voyeurs at Google to perv at.


> half hoping that someone will take that as an opportunity to correct me

Well, you can use another pixel to take a photo of the screen...


Are you not allowed to take screenshots of specific apps? Not gonna buy this phone then :(.


Imagine my surprise when I tried to take a screenshot on Apple Vision Pro of how cool it was to watch Apple TV while chopping vegetables, only to find that Franklin had been replaced by a black box.


Things like this are why physical media + open video formats and players will always be a superior choice to streaming apps.


If that's a deal breaker, then what phone would you buy? Every Android phone supports FLAG_SECURE (which is such an Orwellian name), and iOS has its own equivalent API: https://github.com/JayantBadlani/ScreenShield


Well, the phone should keep my own needs above everything else, and no app maker should hamstring me on MY OWN phone. Somehow I have the feeling certain phone makers are sitting on the horse backwards.


I agree with you. I don't want app developers to stop me from being able to screenshot whatever I want on my own phone. I just don't know what to do about it.


Switch to GNU/Linux phones. Works for me.


There are too many apps tied to some real-world thing that only support iOS and Android. Consider banking apps for mobile check deposit, or apps that let you remote start your car. And even if you were willing to go without those conveniences, consider the SeatGeek app. I've been to shows where the only way to get tickets was with that app - there was no paper option and no Web option. And even though emulators like Waydroid exist, a lot of those kinds of apps implement things like SafetyNet or Play Integrity, basically to intentionally refuse to work in any environment not officially blessed by Google.


These are just more reasons to start acting before you lost any control over all your computing.


Well, if you're willing to do that, you could just say "don't use such apps then"... which isn't helpful if it's for your bank, or your government...


Most apps work with Waydroid. If somebody forces you into the duopoly, you should start complaining and switch banks...


> Most apps work with Waydroid

Does that include any of the apps that block screenshots? If not, this again becomes a more complex version of "don't use such apps".


I never tried them so can't tell.


Where do I complain about the EU regulation that caused the banks to implement this requirement? Should I switch continents?


How about https://edri.org?


I find all this screenshot blocking stuff stupid. You can just point another phone or camera at the screen to grab a "screenshot" anyway. It's just security fluff, and ultimately just degrades the user experience.


It's a general Android feature that I believe is meant to be used to make exfil of sensitive data harder.


It's an Android API, not specific to this phone.


Go try to take a screen shot of Netflix.


That's a non issue... on a PC :D.


That's because Netflix hasn't forced Microsoft, Google and Apple to enable these blocks on their OSes and browsers...for now.


They absolutely have, Windows, Android and Apples platforms all have the concept of "secure" framebuffers which appear as black rectangles if you attempt to screenshot or record them. Netflix and similar will only serve you high res video if your system supports that protection amongst others, otherwise they'll restrict you to something like 720p.


I think Chrome gives back black screens if you try to do so.


If you use the built-in Windows screenshot (print screen) it just copies a black frame to the clipboard. It's trivial to bypass with e.g. ShareX (I don't know if Snipping Tool suffices).

EDIT: Ah missed the comment below which explains that already.


Yeah but Netflix won't serve you 4k on a PC unless you use Edge (not even chrome iirc) or their windows app. Screenshot those and you'll get black rectangles.


Great post. This is one of the great enshittifications affecting android. I currently use grapheneos but I'm likely going to move to iOS. More and more apps are no longer allowed to run / have broken features due to the play integrity api.

If I'm forced to live in a walled garden, might as well go with the well maintained one that isnt run by a monopolistic surveillance/advertising company.


Do you have Play Services installed? I, thankfully, have yet to run into an issue with any apps and Play Integrity, but I also export my sdks that are installed on a profile with GPS so I can install them on my main profile. I also hope to be able to use those outdated versions if they ever go to Play Integrity required states.


I do. There's a number of apps that are now broken, and you can't even install them from the playstore anymore e.g. Authy and relay for reddit. Sure you can save APKs and reinstall them (I have for relay), but the last working version is from last year and has multiple bugs including ones that cause app crashes.

Various apps from minor banks in my country don't work (even with compatibility features enabled), although all the major ones do thankfully.

Uber was also doing A/B testing earlier in the year where they would disable a lot of features if you had an untrusted device for some users.


Interesting. Thanks for the reply!


> This is one of the great enshittifications affecting android. I currently use grapheneos but I'm likely going to move to iOS.

Are you saying that iOS is immune to the enshittification? Why not invest in true alternatives (GNU/Linux smartphones)?


Can you name a single Linux (non android) smartphone that has good 3rd party app support, isn't buggy, isnt slow and has acceptable battery life?


It all depends on what "good", "fast", "isn't buggy" mean for you. Librem 5 has one day of battery life (if you don't use it too much) and a possibility to switch the battery on the go. It's slower than Android but sufficiently fast and stable for me to use as a daily driver. You can run Android apps with Waydroid (F-Droid works fine for me). More reviews: https://news.ycombinator.com/item?id=41356567.


it's okay to be wrong about something


> Pixel Screenshots [...] which lets you capture screenshots that are analyzed by Google’s Gemini Nano on-device AI and saved in a searchable index, allowing you to ask Google for information about things you saved days, weeks, or months ago..

Sounds like a benefit, to be honest. I take a lot of screenshots. It's never occurred to me to "ask Google" about something I screenshotted. I don't hoard screenshots, they're actively used for something, maybe an idea for a creative project, or a quote I liked. Once they're logged somewhere, I delete the screenshot, as it's no longer necessary.

This feature also sounds suspiciously similar to Windows Recall.


Is it just the unlocking or do those apps also look at the exact keys securing the boot chain & OS? In other words, what if I install GrapheneOS and lock the bootloader again?


I took a brief look into it, and they use the Google Private Compute Services Protected Download API to download the Gemini Nano model, which uses remote attestation to cryptographically ensure that your device is running the stock ROM: https://github.com/google/private-compute-services/tree/mast...

I'm not sure why they do that, tbh, since Gemini Nano is now part of Chrome, and you can download it without remote attestation. If you were dedicated enough, you could probably force the AICore system app on a rooted device into using the Gemini Nano model you downloaded from Chrome. I briefly attempted this but it proved too annoying so I gave up.

Edit: It appears Pixel Screenshots works differently than Pixel Recorder, which is what I was looking into.

https://news.ycombinator.com/item?id=41373011


I've personally looked into the Pixel Screenshots check.

It appears that they are doing server side verification of the devices TEE[1] keys plus bootloader checks, either of which will trip it.

This can be spoofed using leaked keys (that get revoked fairly quick), but in this case it seems they are also verifying that the keys are the keys for their Pixel 9 devices.

[1]: https://source.android.com/docs/security/features/trusty


On a tangent, have you ever looked into the google phone app and how it decides whether it will offer call screening?


Sounds like a win-win scenario?


Yeah I'm not seeing a downside to this.


Until they start removing more features.


Does it start working again if you re-lock the bootloader?


Yes*

* re-locking wipes your device to a factory state


In that case it sounds like a software protection product has been applied to the AI-based applications. That product is doing a simple check that should be fairly easy to hypass through other means.


Nah, it's doing a server side check for the devices TEE keys before letting it launch the models. Something that, at least publicly, can't be bypassed. Even with something like TrickyStore to fake the TEE keys.


A local phone reset won't touch the TEE keys though. It doesn't sound that sophisticated.


Yeah, I should have said with rather than for. They're doing server side verification of the TEE environment using their protected download service from what I can tell.

https://github.com/google/private-compute-services/tree/mast...


Not on GrapheneOS, you are able to re-lock it after installing GraphenOS (and you should), I think it just wipes the user data, but definitely not to a factory state


I'll gladly finance at 4x the cost (so like around $5,000) to purchase an alternative Pixel for a fully open source bootloader with physically compartmentalized chips with open interfaces and a less sleek device.

I don't give a shit about Ai slop.


Sounds a bit like Librem 5.


I wish it was comparable. The Librem 5 is years behind flagship smartphone hardware. I want to switch, but it would be difficult to give up the stability that comes with Android. That said, maybe the Librem has improved in the last year or so.


> The Librem 5 is years behind flagship smartphone hardware.

https://puri.sm/posts/the-danger-of-focusing-on-specs/

> but it would be difficult to give up the stability that comes with Android

This is true: Android had a decade of development with a huge team. However, depending on your usage patterns, it can be good enough today. It works as my daily driver. See also:

https://news.ycombinator.com/item?id=41356567


Thanks for the info. Their comments on hardware treadmills are reasonable. I'm not looking to chase the latest hardware, but I was still scared off by reviews claiming web video playback performance issues. I suppose I was hopping for the bumps to smooth out a bit.

I find it encouraging to hear that it's working for you. I'll probably take another look at making the switch when I have a moment. I'd much rather support an alternative platform if possible.


This is exactly the reason why Fairphone should increase their Hardware security comparable to the Titan M2 so that there is an environmentally friendly, secure alternative out there that support AS many custom Roms/OS AS possible.


The "and nothing of value was lost" meme seems applicable here.


Until they start removing more features.


as long as it still does call screening im ok. the rest is AI hype garbage.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: