It did a great deal more than that. It also allowed the toggling of VoNR, which apparently affected the fallback behavior of some people's services. (Ie. It would fall back to LTE and not roam back to 5G data unless nudged manually)
However for me, it would enable backup calls over a secondary sim card's data, which would allow text and calls overseas without the usual extortionate charges. Oddly enough, I believe that toggle is enabled for my carrier... but only on iOS.
I'm sure they had to do this based on carrier pressure, but it would be great if Google would just put more resources into getting carrier support/certification so their flagship devices will work more places.
This phone/carrier nonsense is just stupid. I had lots of trouble with Wi-Fi calling on Android phones:
* A phone purchased outside US/unlocked but non mainstream (aka not Samsung/Pixel) phone purchased in the US cannot enable Wi-Fi calling despite having hardware & software support for it, as it's not a supported model
* An at&t Samsung phone that is later unlocked cannot enable Wi-Fi calling when using a Visible SIM card. But guess what works? But a Verizon SIM card, insert it without buying/activating a plan, and the phone will ask you whether you want to "switch to" Verizon. After restarting the phone, bloatware from Verizon appears on your phone and suddenly your phone is capable of WiFi calling. (Alternatively, you may be able to connect your phone to a PC and use a tool to fix this.)
Not to mention the voicemail mess. On Android, each carrier provides their own voicemail app that is not integrated with the phone app.
I don't know who to blame, but all of the nonsense makes me question the decision to use an Android phone.
The days of GSM/3G were great. All you needed was a quad-band phone, of which plenty were available from numerous far-East companies but many based on the same or similar chipsets, and you'd have connectivity in the whole world.
The situation with LTE is far worse, with several dozen different bands and many opportunities to whitelist and effectively do user-agent discrimination. Even if you bought an unlocked device, if it doesn't have the bands in the area you want to use it and those your provider has cells for, you won't get any service.
a high-severity privilege escalation vulnerability
This is an extremely clear signal of how they think of the user --- as sheep to be corralled and controlled, not as individuals who have control over the devices they bought. The "security" propaganda they continue to spew has been going on for a while, long enough that increasingly more users are now aware of the truth.
To paraphrase the famous words of Linus: Google, fuck you!
Why is having so many bands a bad thing? Demand for data is so much higher now you need (ideally) hundreds of MHz of spectrum in dense areas. You need some way to partition that up as you can't just have one huge static block of spectrum per auction.
The issue with LTE isn't bands, it's the crappy way they have done VoLTE and also seemingly learnt nothing for VoNR.
They should have done something like GET volte.reserved/.well-known/volte-config (each carrier sets up their DNS to resolve volte.reserved to their ims server which provides config data to the phone). It would have given pretty much plug and play compatibility for all devices.
Instead the way it works is every phone has a (usually) hopelessly outdated lookup table of carriers and config files. Sort of works for Apple because they can push updates from one central place, but for Android it's a total mess.
> Why is having so many bands a bad thing? Demand for data is so much higher now you need (ideally) hundreds of MHz of spectrum in dense areas. You need some way to partition that up as you can't just have one huge static block of spectrum per auction.
Because different countries use different sets of bands. That was true for GSM too, but quad band phones were reasonably available. Many phones were at least tri band, so you would at least have half the bands if you imported a 'wrong region' tri-band.
But now, you'll have a real tough time with coverage in the US if you import a EU or JP phone.
I trust this "patch" can be easily reversed in open source versions of Android like Graphene. Just another example of why we need open software on our phones.
In Australia, tons of phones were rendered useless during the "3G switchoff". What was not mentioned about this switchoff is that lots of 4G devices were affected - specifically those that supported VoLTE but were not endorsed by the carriers.
I got one of my old phones IMEI's blacklisted just by using the Pixel IMS app. It worked for about 24 hours before the phone got blocked.
From what I remember the issue was that many models of phone would use 4g/5g for everything but emergency calls, which was done over 3G. So the government made the choice to block those phones from the network entirely rather than leave them seemingly working but unable to make emergency calls.
Pretty much, but the govt didn't do any blocking directly. They just told the carriers, "Hey, you must not allow people to use devices on your networks that are unable to make emergency calls, or we'll apply serious penalties."
The carriers then responded, "I notice that there is no requirement that we allow any device that can make emergency calls. So we will only allow devices we also sell (and maybe a few other models, if they're popular enough that we can't get away with not allowing them). And if that means more people than necessary will have to buy new phones, we will happily sell them new phones."
> While not documented in the official changelog, Google appears to have quietly patched this particular exploit.
So Google and phone carriers conspired to secretly sabotage user devices. Isn't that patch the actual "hack", given that it is undisclosed and against the device owner's wishes? Why are we going along with this deranged pretense that even if you buy something, it still belongs to the manufacturer?
No, this is not really tied to whom you purchased the Pixel from. But it is tied to which carriers would sell you a Pixel at all. Meaning they have some sort of an agreement with Google and Google added configuration files whitelisting these features for the carrier in question.
If you did this somewhere it was illegal, wouldn't that be you violating local laws, not Google violating local laws? If it's the former, then Google shouldn't have "fixed" this "vulnerability", because things you own shouldn't enforce laws against you.
Yes. The argument will be that because it's expensive to police everyone, lawmakers will simply require anyone selling massmarket goods to do the policing instead.
If you're making a non-compliant device in your garage for you and your friends, the police might come. If you're trying to sell it broadly, the police will come, regardless of the user.
I'm for freedom of choice, but pushing regulations up the manufacturing stack is definitiely more efficient use of my tax money.
First, "local" where? I don't know of any laws making VoLTE devices illegal (..unless blessed by a phone carrier?). If you know of any, feel free to list them, but know that Google has blocked it for all users, globally, not just in the localities where VoLTE is somehow illegal.
Second, I don't want Google enforcing the law - contrary to your framing, it would not be Google violating known local laws, but users that illegally (assuming it is illegal anywhere) enabled VoLTE.
Third, it sounds like they're not enforcing the law, but phone carrier bidding. Having private companies backdoor our devices to force the will of other companies on us is way more corporate dystopia than I am comfortable with. If someone steals my bike, I'm not allowed to break into their house to retrieve it. Yet Google can just abuse their backdoor access to my phone and hack me to make some 3rd party corporation happy?
Well, supposing VoLTE is legal in my local area, and my phone carrier allows it on my device, so there is neither legal nor contractual problems, and Google has just sabotaged my phone. Am I allowed to then hack into Google, take their root Android signing key or whatever it is they have to subvert ownership rights, and use it to patch my phone and restore the functionality they broke and that I paid for? No? Well, what if I had sold them the SSD on which those signing keys are stored? Then it's okay, right, that's how it works? If I sell you something it's not actually yours if I had the foresight to include a backdoor in it, and as long as I have the thinnest of pretenses, I can abuse that access against your wishes? Because consumer rights and property rights and personal sovereignty all go up in smoke as soon as something contains a CPU.
> that let Pixel users enable VoLTE anywhere
It did a great deal more than that. It also allowed the toggling of VoNR, which apparently affected the fallback behavior of some people's services. (Ie. It would fall back to LTE and not roam back to 5G data unless nudged manually)
However for me, it would enable backup calls over a secondary sim card's data, which would allow text and calls overseas without the usual extortionate charges. Oddly enough, I believe that toggle is enabled for my carrier... but only on iOS.
> that toggle is enabled for my carrier... but only on iOS
WiFi calling over 2nd SIM has always worked on iOS, so I was surprised when it didn't work on Pixel.
How on earth is this a "vulnerability"? It needed adb shell access.
The same way being allowed to install programs on your own computer is called "jailbreaking".
People were exploiting the poor mobile carriers.
From the article:
>To gain these elevated privileges, Pixel IMS uses Shizuku, an open source Android app that lets other apps run processes as the shell user.
It's possible for an app to use wireless debugging to debug the phone it's running on to get shell permissions.
I'm sure they had to do this based on carrier pressure, but it would be great if Google would just put more resources into getting carrier support/certification so their flagship devices will work more places.
And... Sell in more countries as well.
This phone/carrier nonsense is just stupid. I had lots of trouble with Wi-Fi calling on Android phones:
* A phone purchased outside US/unlocked but non mainstream (aka not Samsung/Pixel) phone purchased in the US cannot enable Wi-Fi calling despite having hardware & software support for it, as it's not a supported model
* An at&t Samsung phone that is later unlocked cannot enable Wi-Fi calling when using a Visible SIM card. But guess what works? But a Verizon SIM card, insert it without buying/activating a plan, and the phone will ask you whether you want to "switch to" Verizon. After restarting the phone, bloatware from Verizon appears on your phone and suddenly your phone is capable of WiFi calling. (Alternatively, you may be able to connect your phone to a PC and use a tool to fix this.)
Not to mention the voicemail mess. On Android, each carrier provides their own voicemail app that is not integrated with the phone app.
I don't know who to blame, but all of the nonsense makes me question the decision to use an Android phone.
The days of GSM/3G were great. All you needed was a quad-band phone, of which plenty were available from numerous far-East companies but many based on the same or similar chipsets, and you'd have connectivity in the whole world.
The situation with LTE is far worse, with several dozen different bands and many opportunities to whitelist and effectively do user-agent discrimination. Even if you bought an unlocked device, if it doesn't have the bands in the area you want to use it and those your provider has cells for, you won't get any service.
a high-severity privilege escalation vulnerability
This is an extremely clear signal of how they think of the user --- as sheep to be corralled and controlled, not as individuals who have control over the devices they bought. The "security" propaganda they continue to spew has been going on for a while, long enough that increasingly more users are now aware of the truth.
To paraphrase the famous words of Linus: Google, fuck you!
Why is having so many bands a bad thing? Demand for data is so much higher now you need (ideally) hundreds of MHz of spectrum in dense areas. You need some way to partition that up as you can't just have one huge static block of spectrum per auction.
The issue with LTE isn't bands, it's the crappy way they have done VoLTE and also seemingly learnt nothing for VoNR.
They should have done something like GET volte.reserved/.well-known/volte-config (each carrier sets up their DNS to resolve volte.reserved to their ims server which provides config data to the phone). It would have given pretty much plug and play compatibility for all devices.
Instead the way it works is every phone has a (usually) hopelessly outdated lookup table of carriers and config files. Sort of works for Apple because they can push updates from one central place, but for Android it's a total mess.
> Why is having so many bands a bad thing? Demand for data is so much higher now you need (ideally) hundreds of MHz of spectrum in dense areas. You need some way to partition that up as you can't just have one huge static block of spectrum per auction.
Because different countries use different sets of bands. That was true for GSM too, but quad band phones were reasonably available. Many phones were at least tri band, so you would at least have half the bands if you imported a 'wrong region' tri-band.
But now, you'll have a real tough time with coverage in the US if you import a EU or JP phone.
I trust this "patch" can be easily reversed in open source versions of Android like Graphene. Just another example of why we need open software on our phones.
In Australia, tons of phones were rendered useless during the "3G switchoff". What was not mentioned about this switchoff is that lots of 4G devices were affected - specifically those that supported VoLTE but were not endorsed by the carriers.
I got one of my old phones IMEI's blacklisted just by using the Pixel IMS app. It worked for about 24 hours before the phone got blocked.
From what I remember the issue was that many models of phone would use 4g/5g for everything but emergency calls, which was done over 3G. So the government made the choice to block those phones from the network entirely rather than leave them seemingly working but unable to make emergency calls.
Pretty much, but the govt didn't do any blocking directly. They just told the carriers, "Hey, you must not allow people to use devices on your networks that are unable to make emergency calls, or we'll apply serious penalties."
The carriers then responded, "I notice that there is no requirement that we allow any device that can make emergency calls. So we will only allow devices we also sell (and maybe a few other models, if they're popular enough that we can't get away with not allowing them). And if that means more people than necessary will have to buy new phones, we will happily sell them new phones."
> While not documented in the official changelog, Google appears to have quietly patched this particular exploit.
So Google and phone carriers conspired to secretly sabotage user devices. Isn't that patch the actual "hack", given that it is undisclosed and against the device owner's wishes? Why are we going along with this deranged pretense that even if you buy something, it still belongs to the manufacturer?
> Many carriers only permit VoLTE and VoWiFi on devices they sell or have officially tested.
Does this happen even if you are using a carrier's SIM card; it's just because you didn't buy the hardware from them?
It's not just an IMEI-level block so data still works?
No, this is not really tied to whom you purchased the Pixel from. But it is tied to which carriers would sell you a Pixel at all. Meaning they have some sort of an agreement with Google and Google added configuration files whitelisting these features for the carrier in question.
(At least for many EU based carriers.)
weird amount of cope in here
Oh what a terrible vulnerability.. good to know it's patched, I feel much more secure now, thanks Google!
If Google had not patched this, it would have violated local regulations right? In other words, they are trying to be compliant right?
What do people want - a company to openly violate known local laws?
If you did this somewhere it was illegal, wouldn't that be you violating local laws, not Google violating local laws? If it's the former, then Google shouldn't have "fixed" this "vulnerability", because things you own shouldn't enforce laws against you.
Yes. The argument will be that because it's expensive to police everyone, lawmakers will simply require anyone selling massmarket goods to do the policing instead.
If you're making a non-compliant device in your garage for you and your friends, the police might come. If you're trying to sell it broadly, the police will come, regardless of the user.
I'm for freedom of choice, but pushing regulations up the manufacturing stack is definitiely more efficient use of my tax money.
> it would have violated local regulations right?
First, "local" where? I don't know of any laws making VoLTE devices illegal (..unless blessed by a phone carrier?). If you know of any, feel free to list them, but know that Google has blocked it for all users, globally, not just in the localities where VoLTE is somehow illegal.
Second, I don't want Google enforcing the law - contrary to your framing, it would not be Google violating known local laws, but users that illegally (assuming it is illegal anywhere) enabled VoLTE.
Third, it sounds like they're not enforcing the law, but phone carrier bidding. Having private companies backdoor our devices to force the will of other companies on us is way more corporate dystopia than I am comfortable with. If someone steals my bike, I'm not allowed to break into their house to retrieve it. Yet Google can just abuse their backdoor access to my phone and hack me to make some 3rd party corporation happy?
Well, supposing VoLTE is legal in my local area, and my phone carrier allows it on my device, so there is neither legal nor contractual problems, and Google has just sabotaged my phone. Am I allowed to then hack into Google, take their root Android signing key or whatever it is they have to subvert ownership rights, and use it to patch my phone and restore the functionality they broke and that I paid for? No? Well, what if I had sold them the SSD on which those signing keys are stored? Then it's okay, right, that's how it works? If I sell you something it's not actually yours if I had the foresight to include a backdoor in it, and as long as I have the thinnest of pretenses, I can abuse that access against your wishes? Because consumer rights and property rights and personal sovereignty all go up in smoke as soon as something contains a CPU.