Way back in old and boring January of this year, Microsoft announced they would be working together with the Windows Phone 7 homebrew community, with the goal of creating a stable, supported way for homebrew developers and people interested in homebrew applications to enable side-loading on their WP7 devices. Well, they took their sweet time, but the ChevronWP7 team (Rafael Rivera, Chris Walsh, and Long Zheng) and Microsoft have just announced the results.
The unofficial ChevronWP7 unlocking tool enabled side-loading on pre-NoDo Windows Phone 7 devices simply be providing the same kind of dev-unlocking you would get if you paid $99 for a developer account. While the tool was taken offline in January pending the talks with Microsoft, unofficial mirrors kept hosting the tool. When the NoDo update was pushed to devices, the tool became useless, as it doesn’t work on NoDo.
And now we finally have a solution for people who want to side-load applications onto their post-NoDo Windows Phone 7 phones. The ChevronWP7 team will soon relaunch the tool, but this time with the full support from Microsoft, so you won’t have to worry about the device re-locking itself after an update or sync. Unlike the previous version, this one won’t be free – it’ll require a small fee to cover ChevronWP7’s costs.
I’m quite happy with this move. A small fee is acceptable, and it will enable homebrew developers to go wild, outside of the controlled nature of the Windows Phone 7 Marketplace. This will open the door to some serious WP7 hacking, but without the fear of being shut down by the next update. Developers who were previously wary of hacking WP7 will now jump on the bandwagon.
This leaves Apple as the sole smartphone operating system maker actively blocking homebrew. Palm’s webOS has always been open to this, and HP is continuing this trend. Recently, several Android smartphone makers – no doubt pressured by Google – have announced that they will no longer lock down their devices. Symbian has always been open to this, so this means only Apple is actively blocking homebrew.
Imagine if you bought a PC and they were going to charge you money for the privilege of installing anything not officially endorsed by The Man? People wouldn’t put up with this shit on PCs, so why do it on phones?
Note: I realize that this is a slightly better solution than having to constantly work around the manufacturer by jailbreaking, but far from what I would call acceptable. Acceptable to me would be for the vendor to allow me to load whatever the hell I want on the hardware that I bought, without having to pay an extortion fee first.
Edited 2011-06-19 19:00 UTC
I think that is the way the OSX going. iOSization of the whole Apple platform.
I wonder how long it’ll take them to enforce running of signed only binaries…
Precisely because it’s a phone – a consumer electronic device, not a general purpose computer. It’s needs to be reliable and free from malicious software because it has the important task of making or receiving calls.
Despite the fact that I’ve bailed out of WP7 and got an Android phone, I think Microsoft now has the best solution to keeping everybody happy. Users have the official marketplace with properly vetted applications free from malware and spyware, and if you want to install something that will never appear in the official marketplace you now can.
The fact that you can’t completely trust software in the Android marketplace is a disaster.
Having said that, I definitely agree that this sideloading feature should not be chargeable. Not really in the spirit of the hacking community.
Rrrright, because you want a free pony… waaaaaaaaahhhh
So you think that being able to program programmable hardware that has been designed to be user-reprogrammable is some sort of magnificent privilege that people should pay an extra for ?
I mean, I’m okay with paying an extra for reprogramming my microwave and fridge, because it requires special hardware and doc and all. But to reprogram a phone, all the homebrew community needs is a command line tool that enables application transfer to the phone, or does it itself if there are fears of DRM breach etc. This takes 20min to code or so when you know the hardware, and it is almost 100% sure that the WP7 team has already had to develop such a tool for internal use anyway. Why should you be charged a significant extra for it ?
There are engineering costs associated with not only opening up a closed phone but providing any kind of programming architecture. Not opening it up means that your test matrix is a lot smaller. You don’t have to worry as explicitly about malware trickling into the ecosystem. You have tighter control over the quality of the apps running on the phone. And you can recoup some of your engineering costs by charging a developer license fee.
While that may be anathema to people who are used to giving away their time for free — or expecting others to do so, that’s simply the way that most consumer electronics devices work. If you want to play in their sandbox, open up your wallet and dust it off. These are for-profit enterprises. PCs are not analogous because they can be built with off-the-shelf components. Try building your own phone. It requires significant engineering investment.
Edited 2011-06-21 21:00 UTC
I’m not comfortable with that reasoning for some reasons :
1/You’ll need a documented and tested low-level interface for device manufacturers to code drivers anyway.
2/People pay quite a lot of money for their phone, either directly or through their phone plan (with a nice premium in the latter case). Shouldn’t part of that money cover the engineering costs of the operating system ?
3/If the hombrew interface is sufficiently obscure, you don’t lose control on the app market. Jailbreaking exists, yet I don’t think there’s anyone here ready to argue that Apple keeps a tight grip on everything related to iOS. By creating a standard way to do it, manufacturers keep control on the jailbreaking process itself, instead of having customers who randomly break the security of their device in an uncontrolled way to get it to work.
You’re right, my belief that software development can’t be both enjoyable and profitable at the same time in the world we’re living in may be influencing me there.
I will invoke laptops as a counter-example. If you believe that laptop design is all about putting well-known components together, I’ll ask you why a lot of Acer laptops make the noise of a turbofan while sometimes still overheating to death, whereas many designs from Asus (including, IIRC, Apple laptops) manage to be quite cool and quiet under use. I’ll also ask why laptops exist in a very wide range of thickness, from Lenovo’s ultra-thick designs to those Adamo and other Macbook Airs which take pride of fitting in an A4 envelope.
Like with phones, laptop manufacturers have to do a part of the design themselves (motherboard, battery, airflow and case, I guess) in order to produce a convincingly good product. Yet somehow, they manage to make enough profits that keeping those devices open is financially doable. Why can’t phone manufacturers do the same ?
Edited 2011-06-22 05:42 UTC
No, it’s completely different. You’re talking about a very small set of driver DDIs for a limited set of devices; whereas, opening the engineering specs exposes the device to a potentially unlimited set of partners. That will increase your costs.
No. You buy an expensive car, you don’t get schematics for the components in that car, either. You don’t get schematics for your DVR or your Blu-Ray player or virtually other kind of consumer device.
The reason that hacking isn’t more common is that manufacturers will void your warranty if you’re running a jailbreak device. And I don’t blame them. Who would want to support a broken device that’s the result of hacking?
I will just trust anything in the Amazon marketplace!
Stop whining and build your own phone, if you don’t like their terms.
Edited 2011-06-21 01:41 UTC
You see, that’s precisely the problem which he’s talking about. You don’t have to build your PC yourself to get the “right” to program that computer you own yourself. Any PC will do.
Phones, however, are another story…
Yes and no. It’s… complicated.
The security model of Symbian only lets self-signed sideloaded apps do so many things with the device. For most uses, this will be more than sufficient (you can even access telephony functionalities and such), but still some things are blocked. You can’t distribute your binary to everyone and just tell them to install it, as an example. To do that, you need to pay some money to Nokia and have them check and digitally sign your applications.
More details :
http://www.developer.nokia.com/Community/Wiki/Capabilities_%28S…
https://www.symbiansigned.com/app/page
http://www.developer.nokia.com/Community/Wiki/index.php/Category:Sy…
Edited 2011-06-19 19:05 UTC
Or better, for an individual description of each flavour of Symbian Signed :
***Open Signed Online***
http://www.developer.nokia.com/Community/Wiki/Open_Signed_Online_~*…
Free of charge, not for commercial use. Application is signed by Nokia for use on one single phone, then put online for 30 days and kept usable for 3 years. Access to relatively “sensitive” capabilities (power management, system settings alteration).
***Open Signed Offline***
http://www.developer.nokia.com/Community/Wiki/Open_Signed_Offline_~…
Only for corporate developers. Requires a special certificate costing $200/year. Access to even more sensitive capabilities (direct communication with device drivers essentially). Deployment on up to 1000 devices, with the same 3-year validity limit as before. The application is still checked and certified by Nokia before signing.
***Express signed***
http://www.developer.nokia.com/Community/Wiki/Express_Signed_%2…
Only for corporate devs. Require the aforementioned certificate, plus a $10 token per signed application. Allows devs to sign their applications themselves (although they are still subject to random audit by Nokia). Applications are freely deployed, and their certificates have a 10-year validity limit. Access to same capabilities as Signed Online.
***Certified Signed***
http://www.developer.nokia.com/Community/Wiki/Certified_Signed_~*~@…
Similar to before, but the token costs $150 and applications must be submitted to some sort of VIP signing service that’s trusted by Nokia (Sogeti HT). Applications may get full access to the device, although some capabilities require agreement with device manufacturers (ex : accessing the unprotected version of DRMd content, altering application’s security capabilities and other system files).
I’m 99.9% sure that homebrew falls under the ***Open Signed Online***
And Apple allows none. So yeah… Apple is till the odd one out.
I’ve read this here a few times in various articles, and someone, can’t remember who, posted this link
http://developer.apple.com/programs/ios/distribute.html
that has a section about Ad Hoc Distribution,
So I’m a bit confused. Can someone clarify for me how Apple is the odd one out when it seems their option is less restrictive than Symbian? Is there something I’m misinterpreting?
By default, Symbian blocks applications without a certificate. However, you can disable this block – you’ll get a warning you can dismiss. This way, you can distribute an application any way you like. The OP failed to mention this.
just to clarify: this is a switch in the UI – not a hack. It’s implemented by Symbian developers. Go to Tools > App mgr > Options > Settings.
Edited 2011-06-19 21:29 UTC
Ahh ok. So are applications distributed in this manner able to access the full functionality of the device, or are there certain things that are available only to signed applications?
Just so we know we’re comparing “Apples” with apples so to speak.
I dunno, I’ve installed countless applications that way and have never felt anything being held back or whatever.
Also, since last year, application signing has become entirely free. http://www.developer.nokia.com/Community/Blogs/blog/nokia-developer…
Cool. It would be interested to know for certain though, like I said, just for a true comparison.
I’ve also just phoned a friend to confirm something I thought I recalled him telling me. His daughter attends a highschool with an “iPhone” program (iPhone, iTouch, iPad) and according to his daughter all of the better apps developed by the students are posted to an intranet where anyone in the school with an iDevice can download and install them. It’s a school of 1800 students so seemingly the 100 Ad Hoc restriction doesn’t apply. I’ve heard Apple provide a lot of additional tools for educational institutions for management and crap so maybe this is enabled through that program.
Ah yep, just had a read of that the the links to the Ovi store publishing stuff and it all looks similar to what I’ve read about publishing on the iTunes App Store. Free for free apps and revenue shared for paid apps. Apple probably charges more but it’s Apple, it’s expected.
“Apple probably charges more but it’s Apple, it’s expected.”
Pointless flaming, but hey, it’s expected.
Anyway, the revenue share is 70/30 in every major mobile application store, including the App Store, Ovi Store, Android Market, Samsung Apps, Windows Phone Marketplace… Usually it’s the annual membership costs that differ.
Currently Nokia charges 1 euro when signing up, and Apple charges 100 USD per year. As Symbian withers, the former won’t really matter after a while.
Things are held back, you just don’t see it. Again, see what self-signed apps can and can’t do here : http://www.developer.nokia.com/Community/Wiki/Capabilities_%28S…
Only for distribution on the Ovi store, which is fully under their control, so in this respect they are not much more lovable than the others actors.
Wrong!
The UI setting you mentioned provides another level of filtering. If you set it to All, you’ll be able to install self-signed applications (with seriously limited capabilities) along with Express/Certified Signed applications. The other choice disallows self-signed stuff.
There is no user accessible setting to disable the Platform Security’s certificate checks. It’s possible though by using ROMPatcher+ for example, but that’s not less complicated than jailbreaking an iPhone for example.
Symbian is still a PITA even with that option of disabling SSL, I have a Nokia phone and every time I wanted to install an app I would get these SSL errors, tried to disable it, tried changing system date, tried everything, but the error still persisted, and it wasn’t a app-specific error because I have tried with a few apps.
Not to mention most apps on Symbian suck big time. I made a mental note to never use or buy a Nokia or Symbian based phone ever again.
Android is my next phone.
Edited 2011-06-20 11:23 UTC
Apple ad-hoc distribution only allows up to 100 users, so it’s good for closed-beta tests, or maybe an app only used by staff of a small company. But it’s not useful for anyone wanting their app to be used by more than 100 people.
Duude… You can’t even install that app on your OWN device without paying a yearly $99 fee or jailbreaking.
Yes and no. The problem with Open Signed Online is that you can’t easily redistribute your software, as every new user will have to contact Nokia and repeat the signing process again.
As “superior” signing methods require you to sign on the behalf of a company, I guess that homebrew must stick with self-signed, which has several limitations (you are limited with basic user-mode applications rights, no advanced system capabilities) and displays a warning each time the application is installed.
Thankfully, I was wrong about self-signed applications : they’ll work on any device, provided that the user has disabled certificate checks and that he accepts the warning. They just have limited capabilities.
Edited 2011-06-20 05:49 UTC
This is great news for WP7 users, but if we were to compare WP7 unlocking and iOS jailbreaking there will be a great difference : iOS jaibreaking is free, WP7 unlocking will not be free, it depends on Chevron’s fee amount the success of this solution.
Whereas one is actually supported: WP7
This is really awesome! I am glad I purchased a WP7 phone!
I only use phones to make phone calls, so I shouldn’t even care, but I am of the opinion that once you purchase ANY hardware, you can do whatever you want with it without fear of getting shutdown, bricked, or sued. This is possibly a step in the right direction, as long as the fee is small. Although, this fee should have some guarantee of some sort. As in if you ruin your phone by installing homebrew, Microsoft will take responsibility, if you pay the small fee. If you choose to not pay the fee, there should be no fear of consequences, but you install homebrew at your own risk. I don’t know what any user agreement looks like when buying one of these phones, and I don’t know what “apps” or “homebrew” for phones are, so maybe I am totally off here.