OnePlus’s broken promises are leaving developers angry and enthusiasts upset | #android | #security

Once upon a time, there was a scrappy little smartphone company called OnePlus. Its phones weren’t the best you could get, but following the end of the Nexus program, OnePlus picked up Google’s mantle, delivering a low-cost, developer-friendly device that you could root and ROM with ease. In fact, OnePlus did everything it could to help developers, advertising the ROMs they produced for phones that lost official software support while providing test devices, detailed documentation, and source code. Times were good — and they’re over. Now OnePlus appears to have silently killed its developer device seeding program, releases kernel sources late and incomplete (potentially violating the GPL), and has ignored most (and arguably all) of the commitments made to the developer community at the Open Ears Forum conference in 2019.


There hasn’t been any one hard change over the last couple of years, and the developers I spoke to for this story weren’t willing to have their names disclosed. I was tipped off last week that OnePlus was no longer releasing kernel sources for its devices as required, and when they did land after months of delays, they were missing pieces that were previously included and incapable of actually booting on devices themselves without further modification and work from developers — in short, they were missing or late and incomplete, which may be a violation of the GPL agreement OnePlus is required to honor to use the Linux kernel on its devices.

Android runs on Linux, in case you didn’t know, which means every Android device runs the Linux kernel. In most cases, this requires customizing the kernel slightly to work on different hardware, and anyone that does that is required to honor the Linux kernel’s GNU General Public License agreement, or GPL. Among other things, it requires that the “source” for the kernel — the code required to build it as written out before its compiled in a way a computer can use — be made available for other developers to see, use, and base their own further modifications on top of.

While there’s no hard requirement I can tell regarding the required timeliness of kernel source releases, OnePlus is at least breaking the spirit of the GPL by being so late, and it’s definitely breaking it when the source is unavailable or missing parts that are required for it to work. At its Open Ears Forum in 2019, OnePlus promised the “on-time” release of kernel sources for all builds, including Open Betas — more on that later.

OnePlus was late to release (incomplete) sources for the OnePlus 8T’s Android 12 update.

As an example of its violations, in February, OnePlus released the Oxygen OS 12 Open Beta for the OnePlus 8 and 8T series. A stable update rolled out just one month later in March, but kernel source code for this update was not released for months until just last week. In fact, OnePlus did not release the kernel source for these devices on Android 12 until Android Police reached out to the company for comment on the issue. And even then, the initial release appeared to be incomplete if not rushed, missing a specific build number and plenty of pieces of code (like touchscreen support) that would be required for it to work.

OnePlus tells us that this was a “bug,” providing us with the following statement:

Previously there were some inconsistencies between the kernels uploaded on Gibhub [sic] and on OnePlus devices – this was caused by a bug that has since been fixed. Updated kernels are expected to be online within 48 hours.

Updated kernels were later released that included more of the code they were supposed to, though I’m told it was still partially incomplete, may not match what actually ships on devices, and is messier than it should be. In one colorful (and partly censored) example, a developer called it “loony-toons kangaroo sh*t-commits with missing code and blobs because they want to work out of 5 different source bases that don’t even match the one they built their production update with.”

But this is far from the only issue, and the OnePlus 8 and 8T aren’t the only phones that OnePlus has ignored its GPL requirements regarding. OnePlus community developers tell me that OnePlus has also ignored or delayed publishing source code for Snapdragon 855-based devices like the 7 and 7T series, and the OnePlus Nord CE2 was also delayed. In addition, current sources for the OnePlus 9 Pro and OnePlus 10 Pro are both “broken,” according to one developer I spoke to. Even if you turn a blind eye to OnePlus’s new habit of being late, the missing components remain an issue.

For most customers this doesn’t have a big direct consequence, but it can delay or prevent ROMs and custom kernels from continuing their work on OnePlus devices, and more than one developer I spoke to expressed a disinterest in continuing to develop for the company’s products as a result of the company’s behavior. Comments on the OnePlus Open Source Software GitHub also indicate that the developer community is upset by the state of things.

“Open Ears,” closed mind

GPL violations are an issue in themselves (which could land OnePlus in actual legal hot water if someone takes them to court over it), but that’s not the end of the company’s problems. In 2019, OnePlus shipped a whole bunch of developers to Goa, India to talk about how it can better help the community develop software for its devices. At the end, it came up with seven “commitment points” that it claimed to honor going forward. So far as I can tell, almost every single one of them has been abandoned since the company was restructured under Oppo. For context, here’s the full list of commitments OnePlus made in 2019 to developers at the Open Ears Forum:

And here are our commitment points from Open Ears Forum: Developer Community

  1. Kernel sources to be released on time for all builds including Open Beta build.
  2. We will introduce a Bounty Program for reporting security vulnerabilities.
  3. We will be promoting custom ROMS on OnePlus forums and Social Media for EOL (End of life) devices.
  4. Concerns about apps getting killed in the background due to aggressive battery optimization – to be fixed in upcoming updates.
  5. We will make sure that devices are seeded quicker to developers in the program after the launch of a new device.
  6. We will be expanding the existing device seeding program to include more members.
  7. More OnePlus community meetups to be organized around our developer community.

We’ve already covered issues releasing kernel source, but let’s reiterate: OnePlus outright promised “kernel sources to be released on time for all builds including Open Beta build,” and yet developers are seeing delays that number in months with incomplete and half-baked releases landing. I’m also told by an affected developer that OnePlus promised more detailed commit histories for kernel source following a developer request, though this promise was not detailed on public channels. This can make the job of designing custom ROMs and kernels even easier — more information is always better — but outside of what were likely mistakes on OnePlus’s part, that hasn’t happened recently either.

OnePlus also promised “we will introduce a Bounty Program for reporting security vulnerabilities.” That’s a noble endeavor, and the company originally upheld that promise but the URL for OnePlus’s bug bounty program now 404s. By all appearances, it was silently killed. When asked what happened to the bounty program, OnePlus told me “the program is under maintenance so report collections are currently suspended. The program will resume once maintenance is finished.” Whether you believe the company or not, right now it doesn’t exist, so right now that’s arguably another promise broken.

The OnePlus 6T had great third-party ROM support, and OnePlus promised to promote them when it stopped getting updates.

OnePlus did say that it would promote custom ROMs on company forums and social media for devices that were no longer getting official updates, and that did happen for some years (I specifically remember OnePlus promoting ROMs for the 3 and 3T when they reached end-of-life), but the company has now taken to removing links to forums for older products. Older devices like the OnePlus 6 and 6T as well as the OnePlus 5 and 5T still have forums, but they’re difficult to access and the company doesn’t seem to be doing much there to promote third-party ROMs — there aren’t any pinned lists or anything like that. And a quick search on Twitter indicates the company has barely mentioned these phones, let alone promote ROMs for them since they reached EoL.

Fourth, OnePlus guaranteed it was going to “fix” its issue with overly aggressive app management, a claim that never panned out. Brand new phones like the otherwise great OnePlus Nord N20 5G still have this issue in my testing, and the company never made the situation noticeably better on older devices. Benchmarks that measure this problem like Don’tKillMyApp also continue to demonstrate unwanted behavior. When asked about this, OnePlus told me “we have been doing some improvements in the updates regarding this issue.” If Google starts to enforce its new CTS-D requirements, which already include standards for this behavior that OnePlus doesn’t currently meet, OnePlus will finally have to do something about it. But in the meantime, OnePlus phones still interfere with expected app behaviors and I have to consider this promise broken.

Developers at the 2019 Open Ears Forum in Goa, India.

Points five and six were both related to the company’s developer seeding program, where OnePlus would ship out phones to popular projects to ensure that their hardware would be compatible. This means ROM and other project maintainers would have access to a device to make sure of the quality of their work on actual hardware. The company said it would both seed them more quickly and expand the program to include more people. According to developers I spoke to that are part of the seeding program, devices have not been sent to projects since the OnePlus 9 series in 2021. To be perfectly pedantic, that constitutes a bit of a delay at best, if not the outright silent discontinuation of the program at worst, so let’s count both of these promises as broken too.

That only leaves the OnePlus developer community meetups. So far as I know, there haven’t been any for a while, but this is one issue that could have been caused at least in part by Covid. None of the developers I spoke to for this story were aware of any events the company had done for developers recently, though.

Even if you consider the last commitment as out of OnePlus’s hands, given the pandemic, the company has failed to meet at least six out of its seven stated promises, with the tide on some of these promises turning following the company’s reorganization under Oppo, and developers that used to be among OnePlus’s most impassioned fans are mad as hell about it.

We’ve reached out to OnePlus to confirm that it’s failed to meet its “commitment points,” and the company could only argue against breaking two of its promises regarding the bug bounty program and background app optimizations. Even if you take OnePlus at its word and consider those guarantees as fulfilled, the company has failed to uphold its word the majority of the time. When asked for comment, OnePlus provided the following statement, apologizing for its behavior but not claiming that it would return to honoring the prior guarantees:

“In 2019, OnePlus made a series of commitments to developers and users – these ranged from promoting custom ROMs on the OnePlus forums, to seeding OnePlus devices to developers after they launch. Unfortunately, the OnePlus brand has been unable to uphold these commitments and for that we apologize. In the last three years, the OnePlus brand has transitioned to OnePlus 2.0 that has afforded it more resources and access to new technologies. We always operate with our users and developers at the forefront of our minds and will continue to think of ways we can empower both going forward.”

It’s good that the company is willing to respond to these issues rather than just ignore them, brushing complaints under the rug. But it doesn’t sound like OnePlus is actually going to fix the situation, merely acknowledge it.

OnePlus says it’s building a new home for its superfans to try to keep its community going. But by all measures, the company has lied and ignored most or all of the guarantees it has made to its existing developer community. Maybe OnePlus should take a look at what it’s leaving behind and the promises it’s broken before it tries to build something new — and before developers and customers can take it at its word again.

Original Source link

Leave a Reply

Your email address will not be published.

− 2 = four