It looks like trying to find exploits will be the only way hackers will be able to flash their own firmware (read: get root on their own device) on the G1. Here’s a reply I received on the Android mailing list to my question about creating my own firmware image:
The G1 is aimed at end users, not system developers. For user security
reasons the G1 will only accept properly signed system images. I’m not
sure, in this case, who ‘owns’ the key, whether it is the carrier or
the manufacturer, but one or both of them handle insuring system
images are signed.
Android Team @ Google
I’m pretty disappointed. It’s not, of course, about user security: there would have to be a disastrous, multiple-level failure of Android’s security model for an attacker to flash malicious new firmware onto another person’s phone. It’s about either HTC or T-Mobile being institutionally unable to quite countenance handing as much potential power to end users as the Android open OS model potentially offers. And what that spells is a failure of either T-Mobile or HTC to really understand the advantages having the phone’s internals really open to development would be.
I know many people think of access to the kernel as being a hypothetical need: but the two applications I’d really like to help get working on the G1 require low-level access. The G1 lacks modem tethering, and some decent bluetooth file features. Both of those would make for a great (and while not easy, not that hard, given the support in other Linux versions) G1 project — but both would need kernel level hackery. Crippled bluetooth support has historically been one of the most annoying aspects of closed phones; the Android OS held out the a possibility to escape that, but the G1 does not live up to that expectation. Modem tethering is a feature that is also traditionally something that operators attempt to strictly control, as it falls into ideas of bandwidth management.
Some have asked: what did you expect? That T-Mobile would allow users to mess with kernels on devices on their networks, willy-nilly?To which the answer is: well, what are they expecting will happen very shortly? HTC/T-Mobile have actively worked to implement a restriction on how the G1 works. Other manufacturers are now free to make Android phones without those restrictions: the Open Handset Alliance developers themselves have told me that they’d like to see some developer-friendly phones out there. When those phones come out, they’ll have all the advantages of a more open phone, and will be just as usable on T-Mobile’s network. T-Mobile won’t be able to stop people having better bluetooth than their “official” phone, and certainly won’t be able to stop modem tethering short of instituting throttling controls higher up in the network (which is also a far more comprehensive and effective solution to problems of bandwidth than simply banning the feature in their end-user devices).
They can try and hold back their more open competitors on price competition (or rather, the difference between a network-subsidised “end user” phone, and an unsupported, unsubsidized Android phone), but I suspect that, just as IBM clones ended up being more flexible and cheaper than the original IBM PCs, the price differential for basic smartphones is going to gradually be eaten away by Moore’s Law. If control of what devices run on their network is what T-Mobile wants, their end-game at this stage can only be maintaining network device blacklists, which puts it on a collision course with regulators and an angry public.
Like it or not, if networks and phone manufacturers are already buying into the idea of an open device market, they should understand — and take advantage of — the inevitable consequences.