In a statement on the official Android developer blog, Google security engineer Nick Kralevich highlighted the relative openness of Google's new Nexus S smartphone, confirming that it provides a simple and easy way to unlock the bootloader for the purpose of installing third-party firmware—much like its predecessor, the Nexus One.

More significantly, he contends that it is possible for Android to meet the security requirements of the mobile carriers without necessitating the kind of enthusiast-unfriendly lockdown mechanisms that are common on handsets that are sold at subsidized prices with contracts.

As we have explained in some of our previous coverage about Android rooting, the vast majority of Android smartphones are configured to prevent users from tampering with the underlying platform. In order to gain "root" access and flash the device with custom third-party firmware, end users have to exploit privilege escalation vulnerabilities in the operating system and circumvent other various protection mechanisms.

The Android modding community has proved extraordinarily resourceful in defeating the barriers erected by the mobile carriers, making it easy and practical for many regular users to install custom ROMs such as those supplied by the excellent Cyanogen project.

Google's own devices, such as the Nexus One and Nexus S, are among the small minority of Android smartphones that laudably give users a convenient way to unlock the bootloader and install a custom ROM without having to resort to finding security holes. This is a great feature for Android enthusiasts who want to use third-party firmware. It is also very useful for independent Android platform developers who want to be able to test their modifications on real-world hardware.

It's important to recognize the significant difference between Android devices like the Nexus S that support bootloader unlocking by design vs. Android devices that can only be modified if security holes are exploited. Kalevich felt compelled to address that issue due to the recent spate of coverage about the Nexus S that wrongly conflated the two.

Adding a more intriguing dimension to the discussion, he goes a step further and argues that the carriers should follow Google's lead and give users legitimate unlock methods. Lamenting the carriers' resistance to offering open devices, Kralevich says that consumers should demand the freedom to install the software of their choice on carrier-subsidized devices.

"Unfortunately, until carriers and manufacturers provide an easy method to legitimately unlock devices, there will be a natural tension between the rooting and security communities. We can only hope that carriers and manufacturers will recognize this, and not force users to choose between device openness and security," he wrote. "It's possible to design unlocking techniques that protect the integrity of the mobile network, the rights of content providers, and the rights of application developers, while at the same time giving users choice. Users should demand no less."

Kralevich's statement challenges the need for closed devices and unambiguously shoots down the empty rationalization that extreme lockdown is needed to protect users and the mobile networks from abuse. Google has generally taken a deferential tone in the past regarding the restrictions introduced in the platform by the carriers, arguing that facilitating that kind of customization is part of what it means to have an open software platform. It's unusual (but very welcome, in our opinion) to see a Google employee like Kralevich using a company venue to criticize the carrier lockdown practices in such a direct manner.

Open Android hardware

When Google first launched Android, the company hoped that it would have enough leverage over the carriers to force them to embrace the open model. In 2008, when Google was trying to build developer enthusiasm for the platform, the company used to talk about how Open Handset Alliance members would have to refrain from blocking applications if they wanted to use the operating system. Google likened its mobile operating system to the Carterfone decision, contending that Android would give them the power to unilaterally bust open the mobile technology ecosystem and usher in a new era of consumer freedom and choice.

The company has obviously had to make some tough compromises along the way. Google has very effectively used its exclusive control over the Android Market and Google-branded applications as a means of forcing most of the carriers and handset makers to refrain from fragmenting the platform, but has been unwilling to try using the same tactic to mandate open devices—likely because Google figured out at some point that it simply wouldn't go over well with the carriers.

Google largely relies on the carriers to bring Android to consumers and raise awareness of the platform through advertising campaigns for individual Android-based devices. As such, the carriers have become important partners in Google's effort to popularize Android. If Google were to try to force them to open up their devices at this point, the carriers would just fork the crap out of the Android platform, make their own app stores, and do whatever else is necessary to cut Google out of the loop.

The Nexus One was a strategy for tackling this issue competitively. By creating an open phone and making it desirable, Google hoped that consumers would vote with their wallets and give the carriers an incentive to open their devices, too. Even more promising was the disruptive opportunity that the Nexus One offered for eroding US consumer dependency on carrier subsidized phones.

It didn't work out very well in practice. The number of consumers who actually cared enough about having an open device to be willing to buy one off contract wasn't large enough to make the N1 a real success. Google ended up shutting down its Web store for the Nexus One and offering it exclusively though the developer program.

Despite the rather limited sales performance of the Nexus One, Google has fortunately decided to continue iterating on open devices with the Nexus S—selling through a normal retail channel this time, which will hopefully work better. (It wouldn't hurt to support more frequencies, too. Maybe next time?)

The availability of the Nexus S ensures that modders and developers have the choice of at least one modern handset that provides legitimate and native support for bootloader unlocking. Coupled with Kralevich's public criticism of closed devices, it seems like Google is at least making a commendable effort to stand behind its position on open hardware even though the company hasn't been able to single-handedly reform the rest of the US mobile industry.