> “We anticipated that people would attempt to unlock the phones and explore the underlying operating system. We encourage people to use their Windows Phone as supplied by the manufacturer to ensure the best possible user experience. Attempting to unlock a device could void the warranty, disable phone functionality, interrupt access to Windows Phone 7 services or render the phone permanently unusable.”
In what way is that embracing? They can't legally prohibit it so voiding the warranty is the most they can do.
Sideloading ≠ jailbreaking. Microsoft isn't taking a position on jailbreaking by any definition that existed prior to this morning. They're merely tolerating sideloaded apps, which removes one incentive for jailbreaking.
I placed embraces in quotes for this reason. There is a big difference from actually embracing something and admitting that it can't be policed effectively anyway. I would say they fully embrace it if they ever release detailed documentation for hackers, provide contests for cool hacks etc.
The article never says that MS embraces jailbreaking. Keeping the original title "Microsoft: we can’t stop you from jailbreaking Windows Phone 7" would make more sense, since it would be pointless to argue on this, and would have kept the article's gist.
This isn't jailbreaking a phone, it's just sideloading apps. Jailbreaking on iOS is commonly used as a means of sideloading, but don't conflate the concepts.
If Microsoft is really going to prohibit its hardware manufacturers from throwing up roadblocks to sideloading, the way AT&T does with its Android phones, then good for Microsoft, but this story doesn't include any details on that point.
edit: It's pretty slimy to reappropriate the word "unlock" in a mobile context. It conventionally means "convert a phone to run on a compatible carrier's network", not "convert a phone to run non-Microsoft-approved apps." Unlocking a WP7 device now has two distinct definitions.
What are the probable consequences of allowing sideloading apps though? It'd mean that you could pirate apps without jailbreaking the device, right?
Why would they want to allow that?
On iOS devices, you have to jailbreak your device, and tolerate the mess that comes with that, in order to pirate. I think most people simply don't want to bother with pirating on iOS simply because it's so messy, compared to the legit way.
Also, Microsoft are going to make themselves look like assholes when it turns out they're not going to allow actual jailbreaking/unlocking after all. I just don't get this.
It's difficult to juggle loyalties. Sounds like Microsoft is taking a pragmatic approach, which is great for developers - but the carriers still hold a lot of power.
In terms of their phone OS, if the network carrier's needs aren't met, maybe the platform will go the same way as Zune?
--
As much as I admire the decision, I still get the feeling that MS is reacting and responding, rather than forging ahead with a truly innovative strategy.
Re. Kinect; I thought that Microsoft initially disliked the hacking attempts (and bounty) put forward by ladyada - and even put out a pretty harshly worded statement confirming that position.
It's fairly straightforward to see how highlighting the openness of a platform can drive buzz, true interest and sales; especially when the Kinect's recent history is examined. But if this is a reaction, how likely is it that the corporation's culture is changing from the inside-out? (i.e. will this be a lasting change?)
Whoever wrote the initial statement from Microsoft was just confused about what the Kinect "hacking" actually was. They thought someone was trying to mess with how the Xbox processes the data, which is locked down, but they were just trying to access the Kinect's raw output stream, which is left open. Microsoft's stance didn't change, they just figured out what was going on. As long as the media isn't interested in the distinctions between hacking, jailbreaking, sideloading, reverse engineering, etc., this sort of confusion will persist.
With Windows Phone, the stance and culture did change, but in the opposite direction to what you're suggesting. Up to 6.5 Windows Mobile was totally open (in the sense that a Windows PC is open), you were free to install whatever you wanted, change the OS settings etc. Consumers hated Windows Mobile and loved the iPhone so with WP7 they moved to a more locked-down iPhone-like model.
Consumers hated Windows Mobile and loved the iPhone so with WP7 they moved to a more locked-down iPhone-like model.
That makes sense to me - but I think the reasoning might be more complex?
I think UI simplicity and UX constraints helped to ensure the iPhone's interface became so successful. I don't think that this (well considered) simplicity should be confused for openness.
In relation to openness, I'd imagine the main reasons for producing a more locked-down (closed) system, would have been the carrier's desire to control their customer's experience and Microsoft's desire to create a profitable mobile-app ecosystem.
I still think it would be possible to create a pleasing UI and UX, for a (relatively) open OS like Android. I think such a thing could potentially please users as much the (closed) iPhone OS.
Yeah, I was being flippant. I certainly don't think openness and good UX are mutually exclusive, myself.
Besides everything you mentioned I've seen rumors that one reason they're restricting third-party apps to a .NET bytecode sandbox is that they're planning to eventually swap out the current CE6 kernel for something different and incompatible (possibly NT-based), and they want to just be able to port the .NET environment rather than trying to persuade third-party devs to port their apps.
Pretty much everyone is taking the pragmatic approach. Besides, if they feel as if they need to in the future, they'll close up. They'll still play the cat and mouse game, but to gain marketshare they might leave the screen door open to get some buzz. In general there hasn't been much of an indication of Apple fighting really hard either. Closing exploitable holes is not anti-pirate or anti-unlocker.
"Microsoft, who have lately been making some laudable efforts to embrace the hacker community." .... of course they are! They're wayyy behind Apple and Google, and want to play catchup. If that means "embracing" the hacker community, so be it; except, of course, when the same hacker community tries to hack something where they're the market leader, in which case they'll release the hounds!
Please don't be fooled by Microsoft's new-found religion. Once they have achieved market leadership, they'll be the first to throw the hacker community under the bus. And Microsoft isn't the only company with this attitude; I'd posit that the vast majority of companies are like this.
Apple strongly cautions against installing any software that hacks the iOS. It is also important to note that unauthorized modification of the iOS is a violation of the iPhone end-user license agreement and because of this, Apple may deny service for an iPhone, iPad, or iPod touch that has installed any unauthorized software.
This would be a major departure from Apple if they don't actively fight the jailbreakers/unlockers. Apple has spent a lot of time and money fighting people trying to modify their own devices; Microsoft would be wise to not follow their lead.
Be serious. Apple closes security holes in iOS as they're discovered, just like every other OS vendor. Not closing them would be unthinkable, regardless of whether some exploits are currently being put to popular use. The platform would suffer more if they didn't.
If anything, Apple deserves grief for not aggressively releasing patches to holes discovered in prior versions of the OS, after they've been obsoleted.
It's difficult to call much of what Apple has done "closing security holes". For instance, the original jailbreak required physical access, as it was done via recovery mode. This is no more a "security hole" than single-user mode on OS X.
Are you really arguing that highly portable mobile devices shouldn't be proof against an in-person attack by someone you know, say over the course of a shower, or having left your phone on your desk over lunch? Of course that's a security hole. (So is single-user mode.)
1) If someone has physical access to your computer/car/phone/whatever, you should consider it compromised already; it's all just a matter of how easy it is for the first person to do it. (Smart cow problem)
2) Real-world security, at the end of the day, is a tradeoff between safety and user friendliness. This is why it doesn't make sense for Hacker News to use two-factor authentication, but it does make sense for your bank. Every additional security feature has its tradeoffs; adding new ones lightly is as bad an idea as not considering security at all.
A minute ago you were saying that a vulnerability requiring physical access wasn't a security hole. Now you're saying I should consider my phone compromised because other people have physical access to it. I don't see how you can hold both positions.
Everything from leaving JTAG interfaces active (which many devices do) to enabling you to reflash a phone without authentication (which the iPhone does) could be considered vulnerabilities. We deal with these because they make more sense than the alternative.
These 'security holes' are not typically security holes which let people do things with the device without authorisation from the device's owner; instead, they prevent authorised people (by the person with legal authority over the device, i.e. the owner) from doing things, so are better termed a deficiency in an anti-feature rather than a security hole.
Fixing the holes in the anti-features may be in the interests of Apple if it lets them get a better deal with mobile networks, but it isn't in the interests of device owners.
These 'security holes' are not typically security holes which let people do things with the device without authorisation from the device's owner; instead, they prevent authorised people… from doing things
The exploits used to allow authorized people to "do things" are the same exploits that can be used to allow unauthorized people to "do things". There's no differentiation at all, except the intent of the person writing the exploit payload.
You might argue that Apple should give jailbreakers everything they want, but Apple won't do that. You can't seriously argue that Apple should hold off on patching security holes because they're being used today by nice people.
Has MS done that? As far as I'm aware, they haven't actively protected their devices from jailbreaking. I think only time will tell whether or not they decide to go down that path.
Edit: The question was reworded to be less vague, so I'll answer here rather than deleting the previous one. Apple has actively fought jailbreaks and unlocks time and again. From explicit code to brick the baseband in the early days of the unlock (just before I left the iPhone dev team, in late 2007), to their continuing battle to re-jail iOS devices. With each release, they're making it harder and harder to take control over your own devices.
Neither. The solution is simple: don't fix non-vulnerabilities for the purpose of breaking jailbreaks/unlocks. In a number of cases, jailbreaks have been done via real vulnerabilities, e.g. browser vulns, but this is 1) due to closing "security holes" that enabled early jailbreaks, and 2) not the majority.
Windows is not open source so it is probably harder for the carriers to just lock it down (unless they require something in the business deal). With Android, being open source, then the carriers can change it however they want.
The only difference between this and Apple or other companies is that they even mentioned it. It's not something companies want to "educate" consumers about. It's something that exists and is outside what the company wants, but hey, you can still do it so long as the laws keep siding with the consumer.
But at the same time there are indeed soft-ware/hardware mods that the companies can't warranty or trouble shoot. So washing their hands in those situations isn't that insane.
In what way is that embracing? They can't legally prohibit it so voiding the warranty is the most they can do.