So I caved and got a T-Mobile G1 phone today. I have to say, despite the reviews claiming it is not quite 1.0, I’ve been having an awful lot of fun with it. At the very least, getting it to sync with the music on my Linux machine, and then being able to set my ringtones to one of those tracks without paying through the nose was a lovely relief. For me, it’s already proven much more flexible than an iPhone could.
My hopes of managing to finally being able to own a truly open phone, as controllable and configurable as a PC, and able to run whatever code I could throw at it, have been rather dashed however. It’s absolutely true that you can run any code you’ve written to Android’s Java-like virtual machine, which is sandboxed away from the real hardware. But exploring and executing code at a lower level on the G1 isn’t currently so free and easy.
I got a chance to peer around the phone using the Android SDK’s android debugger bridge (adb) utility. It quickly became clear that even Android developers can only access a relatively restricted part of their own phone: more than given to normal Android apps, but far less than you’d expect to have as “root” on a Linux system. You can only explore or create files as the “shell” user. Much of the filesystem is owned by root, which means there’s a lot of the filing system that’s closed off from user access. There’s no official documentation on the bootloader for running your own root-level code, or flashing your own kernel.
So, as is so often the case, those who want to use their own code on their own phone will have to wait until somebody comes up with some privilege escalation flaw or undocumented flash utility to take control.
Of course, bright minds are at work on doing just that. Overheard in the excellent #android @ irc.freenode.net IRC channel:
<RyeBrye> I hacked my camera’s firmware manually by using an exploit to cause it to execute arbitrary code – and then blinking out the entire firmware in 0’s and 1’s on the autofocus LED – read in by a photo transistor attached to a sound cable plugged into my microphone port – and then put back into 0’s and 1’s…
<– jbq_ has quit (Read error: 110 (Connection timed out))
<RyeBrye> Then disassembled the ARM9 code in it and worked on porting CHDK to it…
* waldo_ is away: auto-away
<RyeBrye> I’m pretty sure having a whole OS at my disposal should make this a lot easier
I sense that the people behind Android at Google would like its flagship device to more open than it is. It’s certainly sad that for now the iPhone pwnage exploits really do give you root on your device, while Android’s official SDK offer no such thing — making the Apple’s theoretically closed phone more practically open than Google’s theoretically open game-changer.