T-Mo OTA to Lock Bootloaders? No, Don’t Panic Yet
You might have recently heard that an XDA user got hands on a T-Mobile update for the Galaxy S6 – Lollipop 5.1.1 at that. Among many fixes and alleged speed improvements, this update caused premature panic in the XDA forums, reddit and other Android communities because it allegedly “locked the bootloader”. Throughout yesterday, we noticed plenty of angry comments putting the blame on T-Mobile, on Samsung, on Google and on California.
What is going on? Why is the bootloader “locked”? Is it a big deal? Keep in mind this is still developing, so there’s no clear conclusion yet. But don’t worry:
First of all, the initial report on the XDA forums spawned a lot of discussion and people in and out of XDA theorized whether an app would disable the lock, or a system similar to those of other OEMs. XDA Senior Member Sunderwear later provided the partition dumps of the ROM, and now you can get hands on it for your T-Mobile S6. You don’t want to do that if the bootloader is locked down like on Verizon phones of course, but there is no need for a hack-around, script, app, nor cracking a 128-bit encrypted key (good luck on that last one anyway). Reports from the thread confirm that it is as easy as hitting a toggle in Developer Options to make it unlockable, like seen in the “Allow OEM unlock” in Lollipop. This is, indeed, not a traditionally locked-down bootloader. So, if want to get the ROM on your device, read through the thread to make sure everything will work for you (be very thorough).
Now, let’s go back to the core of the matter: why would T-Mobile issue an OTA that suddenly locks the bootloader? Just like Sunderwear originally noted some time after the initial storm, the bootloader is not locked like Verizon and AT&T lock it down – we know that now. The pictures provided show that it is a Factory Reset Protection (FRP) solution made available by Google, which tries to make it harder for thieves to get absolute value out of their stolen phones. This is reminiscent of iCloud for Apple devices, and Apple’s Activation Lock approach did wonders by reducing iPhone theft in major cities. So, in this sense, this is a security measure of Android, and not some crazy idea Samsung had to turn power users away from their phones. KNOX and the missing features in the S6 already handle that part.
Why an OTA, and why now? This is thought to be the effect of a California Kill-switch Law. Last year, this law was discussed throughout forums but the debate faded shortly, and now that the conditions will be effective starting July 1st and we are approaching said date, we see the consequences of the development. With this law in place, Samsung has taken security measures up a notch – this important to note, because Samsung is one of the few manufacturers that provide unlocked bootloaders off the box. This is arguably a strength of Samsung phones, and it is why many power users find Samsung phones easy to deal with. If Samsung wants to keep selling devices in California, they must take measures like the included FRP as their bootloader virtues are sadly not welcome there.
Who’s fault is it, then? By the looks of it, Samsung had to dial back on their out-of-the-box unlocked bootloaders due to California’s policies, so they added Google’s Factory Reset Protection to their S6 Edge build which T-Mobile then pushed out to this user. As of the writing of this article, we haven’t heard official statements. If you consider that Samsung is one of the few that offer an unlocked bootloader out of the box, and that this build still allows for unlocking the bootloader, then there’s not really a reason to get angry just yet. We can expect more factory-bootloader-unlocked devices to get OTAs adding FRP, but so far there’s no clear indication that Samsung owners will see an end to their flashaholic practices.
We expect to hear more about this in the upcoming weeks and months until July 1st, but for now there is no real reason to panic. If you are unsure about the FRP, you don’t have to flash the update if one happens to hit your Samsung device (be it an S6 or something else). Ultimately, this means better security for the average or casual consumer. It is an annoyance, no doubt, but many OEMs and carriers make bootloaders a much bigger hassle. All we have to do now is wait for an official comment from Samsung or T-Mobile, or wait until the official rollout hits primetime.
TL;DR: Bootloader lock is actually Factory Reset Protection, you can allow bootloader unlocking in Developer Options. No need for pitchforks just yet.
As soon as we hear more about this, we’ll let you know!