zlacker

EU kills Android bootloader unlock starting August 1

submitted by methus+(OP) on 2025-08-02 09:12:28 | 45 points 32 comments
[view article] [source] [go to bottom]

NOTE: showing posts with links only show all posts
1. robin_+m3[view] [source] 2025-08-02 09:51:35
>>methus+(OP)
I’m trying to read the law[1] on this but I’m having difficulty finding the part that forces Android devices to have locked bootloaders. There’s recital 19 that talks about “verification by radio equipment of the compliance of its combination with software”, but there’s nothing stopping a vendor from using a seperate modem / baseband and CPU (like Apple does) right?

[1] https://eur-lex.europa.eu/eli/dir/2014/53/oj/eng

4. Y-bar+14[view] [source] 2025-08-02 09:56:50
>>methus+(OP)
The linked article says:

> As of August 2025, manufacturers selling devices in the EU need to:

> Block the installation of unauthorized software

> Use Secure Boot (or similar) to verify firmware authenticity

> Ensure only signed and approved ROMs can run

But the text at https://eur-lex.europa.eu/eli/reg_del/2022/30/oj/eng mentions no word such as "authorized"/"unauthorized" or "authent(icity)" or "signed" or "approved" so how can we know that this is the EU which does this when it seems like the removal was global, as seen in this article: https://xiaomitime.com/android-makers-remove-bootloader-unlo... ?

5. Ayesh+34[view] [source] 2025-08-02 09:57:22
>>methus+(OP)
https://www.riskinsight-wavestone.com/en/2025/07/radio-equip...

This page (cited by the article at the bottom) has a lot more context and somewhat detailed technical. Information.

◧◩
11. Svip+05[view] [source] [discussion] 2025-08-02 10:05:32
>>Ayesh+34
Under the section "Software authenticity" does it mention that the secure boot requirement appears to come from article 3, §3 (i).

Quoting article 3, §3 (i):

> radio equipment supports certain features in order to ensure that software can only be loaded into the radio equipment where the compliance of the combination of the radio equipment and software has been demonstrated.

The opening of §3 is:

> Radio equipment within certain categories or classes shall be so constructed that it complies with the following essential requirements:

Source: https://eur-lex.europa.eu/eli/dir/2014/53/oj/eng

◧◩
17. dhx+b6[view] [source] [discussion] 2025-08-02 10:18:03
>>Y-bar+14
The means be which restriction of user choice of software would occur appears to be Article 3(3) point (i) of Directive 2014/53/EU.[1] But as you point out, Commission Delegated Regulation (EU) 2022/30 referred to in the source article makes no reference to point (i), only points (d), (e) and (f):[2]

(d) radio equipment does not harm the network or its functioning nor misuse network resources, thereby causing an unacceptable degradation of service;

(e) radio equipment incorporates safeguards to ensure that the personal data and privacy of the user and of the subscriber are protected;

(f) radio equipment supports certain features ensuring protection from fraud;

These so-called "requirements" are so vague that if there was a regulatory body gatekeeping radio devices, I could easily see how the regulatory body could interpret those "requirements" however they wish, including just stonewalling any manufacturer who wishes to argue about the vagueness and interpretation of these so-called "requirements". But the fact that point (i) of Article 3(3) of Directive 2014/53/EU is separated from points (d) through (f) seemingly could be used to argue that "requirements" (d) through (f) were not intended to restrict user choice of software, else point (i) would have also been referenced by Commission Delegated Regulation (EU) 2022/30?

[1] https://eur-lex.europa.eu/eli/dir/2014/53/oj/eng

[2] https://eur-lex.europa.eu/eli/reg_del/2022/30/oj/eng

◧◩◪
31. Y-bar+pw4[view] [source] [discussion] 2025-08-04 08:43:17
>>dhx+b6
That's a good point, I have nothing to add. However, another commenter highlighted this interesting section: >>44766342
[go to top]