You really can't. DirtyCOW was one thing, I imagine there's a lot more lurking since this shady KingRoot app can root the device in seconds. (for good, not temporary) DirtyCOW isn't enough to do that by itself (at least not easily) but enough to do some nasty stuff nonetheless. It's not safe to put it on the internet or even install programs where you aren't a 100% sure that nothing funny is going on in them. (Which with today's dependency hell, you apparently can never be that sure anymore about) The average android customer does sadly not understand what big a problem that is, even for them, even if they don't care about open source.
Legalese is absolutely not my sector but I'd imagine besides *maybe* a sternly written letter of the FSF, not much is going to happen. There are so many devices out there that have some heavily "linux-like" modified kernel which sources have never seen the light of day and never will. Also many chinese companies just don't *do* licenses, if you get what I mean. It's a pity since Onyx (contrary to many other chinese companies) apparently does it's best to look like they care and be an attractive and reliable company to their western customers, but stuff like that still makes them look kinda shady and doesn't really inspire trust. (what's this module "drmboot" that gets loaded by the kernel for example? Who knows!)
Also an open-sourced kernel as long as it can't be replaced by itself is not going to be that attractive. I don't speak legalese but I don't really understand what the drama about open sourcing the kernel and unlocking bootloader is. It's obviously not security since they obviously don't care about security. I cannot imagine they did something super-fancy to the kernel to begin with, especially since that SoC is mainlained anyways. Are they worried about knock-offs? Also advertising their newer eInk devices as 100% open and able to run plain Linux (only for tinkerers, of course) would do nothing else than boost sales at least. There are a lot of people in that community that won't even bother buying such a device if they can't easily modify it.
I'm counting myself in there btw., I'm now keeping the device since I've had it for a while and it is useful and I do like it, but I'll certainly not buy another under the same circumstances and I wouldn't have bought this one either if I knew then what I know now. I also have (surprisingly) security conscious non-techie friends that were interested in getting such an eInk tablet and I couldn't really advise them this device as being safe to use with the internet, which was their main interest. That together with the price certainly put a damper on their interest.
Last edited by elementarythree; 01-01-2019 at 02:13 PM.
|