>On most Android phones, this firmware has so much control that it could turn the product into a listening device. On some, it controls the microphone. On some, it can take full control of the main computer, through shared memory, and can thus override or replace whatever free software you have installed. With some models it is possible to exercise remote control of this firmware, and thus of the phone's computer, through the phone radio network
There are a few things that I find odd about this argument:
1. Phone network firmware is supposed to control the hardware. That's it's purpose. It's supposed to be able to turn the microphone on and off. On CDMA networks like Verizon, it should stop the user from attempting to access data when they're making a call. It should be able to be updated when the carrier makes changes to the underlying protocol(s). I don't see how this is "malicious"
use, especially if it's a technological restriction on the carrier.
2. Also, Stallman seems to be attacking the OTA update capability, which one of the main features of the Android OS. I can understand why he's ideologically opposed to it, but as a practical matter, it's a great feature of the OS. Plus, this is only done at the user's request.
1. Phone network firmware is supposed to control the hardware. That's it's purpose. It's supposed to be able to turn the microphone on and off. On CDMA networks like Verizon, it should stop the user from attempting to access data when they're making a call. It should be able to be updated when the carrier makes changes to the underlying protocol(s). I don't see how this is "malicious" use, especially if it's a technological restriction on the carrier.
The network firmware having the ability to control the radio is acceptable. Having it also able to modify the main CPU's RAM and interact with audio hardware is not. Control of the audio hardware should be entirely the domain of the main CPU. The main CPU (or an auxiliary low-power audio chip under the exclusive control of the main CPU) should then send audio data to the radio chip/SoC component via something like I2S. That way the network firmware can only transmit audio when the user-controlled software on the main CPU says it's okay to transmit audio, and it only transmits the audio fed to it by the main CPU (which may or may not be coming from a microphone, audio file, Internet stream, etc.).
I don't see how your points are responsive. The fact that it's "on purpose" (of course it's on purpose!) doesn't changes RMS's argument that it's unethical and abusable. Your examples aren't "malicious", but it seems awfully naive to believe these are the only applications of that technology.
And I don't think Stallman has anything against network-delivered software. He's been doing that for years. The complaint I read was about the ability of the carrier to install things without user authorization, and to use authorization to remove/modify existing features in a way that cannot be recovered. Both of those have happened in the wild.
The main issue that I have with this specific issue that RMS is making an ideological argument that I don't feel is realistic. He states the following:
>Putting these points together, we can tolerate non-free phone network firmware provided new versions of it won't be loaded, it can't take control of the main computer, and it can only communicate when and as the free operating system chooses to let it communicate.
The problem here is that the phone component needs to be able to override the rest of the OS to receive a call. To suggest otherwise is a pretty huge potential privacy issue... would you want every application to have access to the phone firmware?
In addition, the phone firmware exists to make the phone actually work with a specific carrier. So it needs to have control of the microphone, the speakers, and the radio in order to function. That requirement exists in both a closed implementation, and a FOSS implementation. Therefore, a FOSS firmware implementation still has the exact same potential issues that RMS raised-complete control of the hardware, the ability to restrict the user from doing certain actions, the potential of using the device to spy on people through well obfuscated(or buggy) code, etc.
Some of the more malicious uses are mitigated by a FOSS implementation, I will agree. However, I don't think that RMS has a solution that actually solves any of the issues that he raised.
It's the job of the operating system to control what applications have access to. The firmware does not need to override anything. The OS should either implement a phone component or delegate to a phone app that has been configured to have phone permission.
Binary blob completley-isolated firmware is possible and simple to implement. It's also safe.
>On most Android phones, this firmware has so much control that it could turn the product into a listening device. On some, it controls the microphone. On some, it can take full control of the main computer, through shared memory, and can thus override or replace whatever free software you have installed. With some models it is possible to exercise remote control of this firmware, and thus of the phone's computer, through the phone radio network
There are a few things that I find odd about this argument:
1. Phone network firmware is supposed to control the hardware. That's it's purpose. It's supposed to be able to turn the microphone on and off. On CDMA networks like Verizon, it should stop the user from attempting to access data when they're making a call. It should be able to be updated when the carrier makes changes to the underlying protocol(s). I don't see how this is "malicious" use, especially if it's a technological restriction on the carrier.
2. Also, Stallman seems to be attacking the OTA update capability, which one of the main features of the Android OS. I can understand why he's ideologically opposed to it, but as a practical matter, it's a great feature of the OS. Plus, this is only done at the user's request.