I love Android, I’ve pretty much bet the farm on it. And I think CyanogenMod is great. But a CyanogenMod Installer violates the Google Play TOS, and should be pulled.
Today Google Play started listing a CyanogenMod Installer. It’s part of a two-piece system that automates the over-the-wire rooting, unlocking of the bootloader, and replacement of the Android firmware on your device with CyanogenMod.
For the uninitiated, CyanogenMod is the world’s most popular homebrew Android platform. They’ve made a business (literally) of creating community-maintained versions of Android for a broad range of devices. Their popularity stems from being the focal point, or place to go, to get Android updates after the manufacturer (typically in disgraceful manner) abandons your device early.
The CM Installer downloads via Google Play, and then directs you to download a Windows app on your PC. That app then installs the drivers for rooting your phone, and then hand-holds you through the various rooting methods depending on your specific device. That’s a very intensive task, which is why it only supports Nexus, HTC One and some Samsung Galaxy models.
And that’s great. The fact you can sideload apps like this is why Android is the best operating system in the world today.
But, it shouldn’t be on Google Play. Both for TOS reasons and for safety reasons.
Terms of Service Violation
From the Google Play Developer Distribution Agreement:
4.4 Prohibited Actions. You agree that you will not engage in any activity with the Market, including the development or distribution of Products, that interferes with, disrupts, damages, or accesses in an unauthorized manner the devices, servers, networks, or other properties or services of any third party including, but not limited to, Android users, Google or any mobile network operator. You may not use customer information obtained from the Market to sell or distribute Products outside of the Market.
CyanogenMod violates the Google Play Terms of Service because it creates permanent modifications of the device. A Google Play Store app must be able to be fully uninstalled from the Google Play Store. CyanogenMod cannot. Google Play does allow apps to run as root (on rooted devices), but does not allow for the use of exploits to achieve root. Also, CyanogenMod cannot be uninstalled via Google Play regardless.
Granted, there are other “ROM Managers” and tools that allow you to rapidly deploy firmware. The problem is those apps already take into account that a use has 1) Unlocked their bootloader 2) Achieved root using a tool outside of Google Play and 3) Are well-versed and understand the risks of undertaking such a procedure – in other words, their warranty is already void. CyanogenMod Installer violates the above terms because it does interfere with the carrier and risks bricking the device in and of itself.
Carriers also should be grumpy here too. While fans and techies love the fact that CyanogenMod removes Wi-Fi hotspot plan checks and restrictions, this is yet another direct violation of the TOS. CyanogenMod does not transfer over much (if any) of a carrier’s custom stack, directly interfering (or “accessing in an unauthorized manner” as the quote above puts it) with the carrier’s interactions with the Android device. Just don’t shoot the messenger for pointing this one out, please. For the record, PhoneNews.com believes that carrier restrictions on tethering are not legally-enforcible, but this is still a separate, additional Google Play TOS violation nevertheless.
Already we’ve seen reports of some who claim in Play Store reviews that the installer has bricked their device, proof positive of the risks here… and the core reason why it shouldn’t be on Google Play.
More Importantly, A Safety Concern
When you run CyanogenMod on a device, you void the warranty… at least, in the manufacturer’s eyes. I’ve stood up for the opinion that the Magnuson-Moss Warranty Act supports “return-to-stock” methods. Returning to stock is where you revert your device back to factory condition, as in, removing CyanogenMod completely. You can’t do that with the CyanogenMod Installer – there is no uninstaller.
The problem is, Google Play is supposed to be a safe harbor for apps that don’t mess up your device. CyanogenMod is probably the only app that doesn’t hold true on. On Samsung Galaxy devices, and HTC One, you can’t return to stock without downloading a stock ROM that is typically hosted unofficially, in an insecure manner. It’s ripe for abuse, as people who want to “go back” will find, often times, they can’t.
And that’s assuming a stock ROM is available for your device. Aside from Google Nexus factory images, almost no major manufacturer offers restore firmwares that can be downloaded. They aren’t always, and I don’t count BitTorrents from Pirate Bay to be a secure method of obtaining a stock firmware. Once your bootloader is unlocked, often times there’s no way for the device to vouch that the firmware being written is secure. And none of this is addressed in the Google Play Installer.
Sideloading is The Way to Go…
I like the CyanogenMod installer. I think it’s a great idea. There are millions of old, abandoned Kindle Fires, and eventually other mainstream devices that will benefit from a tool like this.
I just think Google should not wait another minute to kick if off Google Play. It should be downloaded directly from CyanogenMod’s web site, and that’s where it belongs.
Google was not contacted prior to the article’s running due to time constraints. A copy is being sent to Google Media Relations, and we will aggressively pursue a response from them.
Update: Following our article, CyanogenMod added a warning to the end of their Google Play Store description, noting that the use of the app may void your device’s warranty. However they have yet to make a mention in the app or in the description of the potential inability to revert installation. In CyanogenMod’s defense, all devices supported by the Google Play app today appear to now have some form of rollback provision, and the company has responded to our criticism by warning users in the Play Store description.
Google, however, has not responded to repeated requests for comment on the subject. We will continue to try to get Google to respond on this subject.
Follow-up: Two weeks after this editorial, Google has removed CyanogenMod’s installer from the Google Play Store. We go in-depth in our follow-up report. Google did not respond directly to this editorial, but we did confirm they were aware of its publication.
I’m somewhat new to the world of Android having picked up an HTC One (on contract with Rogers in Canada) back in May. I couldn’t stand “Sense” so I’m running Nova Launcher Prime now but I’m annoyed with all the crap I can’t remove that came with the phone.
My question: would installing CM be a good or bad thing? I’ve been curious about it but a little worried.
“Cell Phones: How do I restore my original Samsung ROM (remove custom OS ROM) using Kies?”
http://www.samsung.com/us/support/faq/FAQ00052690/61265
the cyanogenmod installer doesn’t violate terms of service.
the app that you get from the google play store is really just a guide for the real thing that modifies the phone, the windows program. with out the other half the cyanogenmod installer is just a set of instructions (with a few networking tools that allow the windows program to keep track when things are done installing). cyanogenmod got through a loophole.
“cyanogenmod got through a loophole.”
You end your comment with an unsubstantiated claim. This article pretty well outlines how the app is part of the warranty-voiding process. Just because it doesn’t actually do the deed, doesn’t mean that it doesn’t set the phone up for it.
I do agree that it is an odd scenario – you have the Android app walking someone through something done tethered via USB. I think CyanogenMod should at least warn people when the app loads about its hazards.
Google seems to be their usual silent smug on this one, which is even more disturbing.
[…] the time we also brought up the fact that such an app being approved for download on the Play Store also constituted a direct […]
Christopher price is an Android developers antichrist. He’s always trying to hate on something. Cyanogenmod installer does not violate the Google tos in any way. The app does not mod your device, it simply makes flashing a development rom easier. The app itself does not do the work, you have to have a computer and the counterpart of the app. You have to initiate the flash of a rom. It’s not just “download the app and click”. Get a life Christopher Price.
I guess not everyone reads what I do with Android on my day job. I really doubt people would say that if they did.
Sigh.
Anyways, I didn’t take down CM Installer. I just pointed something out that Google concurred with. Typical shooting-the-messenger syndrome.
And trust me… Im fully aware of what you do with android. As are all developers. We watch yall too… đŸ˜‰