In an era where smartphones are indispensable, the balance between user control and device security has become critical. As Android users, we value the platform's roots in openness and customization. However, recent policies and practices by manufacturers and carriers have restricted user freedom without significantly enhancing security. This petition advocates for practical solutions that ensure security while respecting user control.  

Our Demands  

1. Mandatory Bootloader Unlock Option for All Devices  
   Device manufacturers and carriers should not restrict users from unlocking the bootloader of their devices. Users own their hardware and should have the freedom to customize, repair, and secure their devices as they see fit. Locking bootloaders is a step toward a future where "you will own nothing and be happy," and this must change. Android certification should require that all devices provide a bootloader unlock option (and no, not that joke on developer options, we want the ability to unlock bootloader), even if now we have tools to repair our devices it's not enough as we technically can't really own them. For carriers they must provide a way to allow users to buy contract devices, if this happens, users will pay the remaining amount for the device and then the carrier will allow them to unlock the bootloader.

2. Rework Play Protect
Current security measures, such as Play Protect, rely heavily on comparing apps to an online database, which often falls short in detecting emerging threats or nuanced modifications. Instead, Google should implement AI-driven app scanning that dynamically analyzes the app’s code and behavior in real-time, using cloud processing where necessary. This approach would provide better security for all users without unnecessarily restricting device functionality or penalizing those who prefer customized systems. 

3. Improve App Security with Cryptographic Integrity Verification  
   Sensitive apps should employ cryptographic methods to verify integrity, reducing reliance on Play Integrity checks that penalize rooted or modified devices. Security should focus on protecting data, not restricting user modifications.  

4. Encourage Alternative Data Protection Models  
   Sensitive app data should be encrypted at the application level or within hardware-based Trusted Execution Environments (TEEs). This ensures that even if a device is modified, sensitive information remains secure. Apps should adopt robust encryption practices to protect sensitive information locally or store it securely in the cloud.

To handle tampering, apps could implement mechanisms to detect unauthorized modifications, such as LSPosed hooks. However, instead of outright blocking the app's usage, apps could issue a warning pop-up and provide clear information about the detected issue. In extreme cases, a reboot could be triggered as a defensive measure, ensuring that users remain informed while maintaining device security without alienating root users. This approach balances user freedom and app security, allowing for more inclusive access to services.

5. Promote Root Compatibility and Device Flashability in the Android Ecosystem

Android has already demonstrated that rooted devices can coexist with app and system security through tools like Magisk, which provide user-controlled isolation layers to prevent interference. Officially embracing and refining such solutions would allow rooted devices to participate in the ecosystem without compromising integrity.

Moreover, manufacturers and carriers must not restrict user access to critical device functions. Unlocking the bootloader should grant full control over all device partitions, ensuring they can be flashed and modified without requiring proprietary keys or manufacturer-specific tools. The current situation with platforms like Unisoc, where partitions are sometimes unflashable without the manufacturer’s key, violates the very essence of ownership and user freedom.

6. Push Back Against OEM-Imposed Restrictions Driven by Government Regulations.
Recent policies, such as the 2022 Chinese government regulation:https://www.gov.cn/zhengce/zhengceku/2022-12/15/content_5732079.htm on software and hardware security, have led OEMs to adopt stricter measures to block stock system modifications. This has resulted in limitations like Xiaomi's decision to reduce bootloader unlocks to three devices per year, and starting January 2025, to just one device annually per user. As well stop the bootloader unlock blocking by carriers/oems, examples are what Samsung did:https://github.com/melontini/bootloader-unlock-wall-of-shame/blob/main/brands/samsung/README.md or Asus:https://github.com/melontini/bootloader-unlock-wall-of-shame/blob/main/brands/asus/README.md this is unacceptable and must be stopped now. Although this seems to be the reason why Samsung did what they did, but if what is stated there is true we are in trouble as soon rooting will become impossible in the EU thanks to this new law:https://www.sammobile.com/news/the-real-reason-behind-samsungs-one-ui-8-bootloader-unlock-ban-is-an-eu-law/ or this was their excuse to remove the unlock, regardless now brands have a precedent, but effectively the law doesn't require to remove the unlock:https://www.reddit.com/r/androidroot/s/3TzdXzfHcx

7. Reform Play Integrity to Respect Rooted Devices and User Choice

Google and several OEMs have implemented Play Integrity checks that block apps from running on rooted or modified devices, often under the justification of security. While protection against malicious activity is important, the current approach penalizes legitimate users who root their devices for customization, accessibility, or control over their own hardware.

Apps like Google Pay and many banking applications block access entirely if basic integrity checks fail. More recently, even non-sensitive apps such as ChatGPT have followed this trend, denying access without considering user intent or actual threat levels.

While anti-abuse protections are necessary especially to combat bot farms there are smarter, less restrictive ways to verify user authenticity, such as:

* CAPTCHAs or human presence checks
* App-level encryption for sensitive data
* Context-based security assessments
* Transparent user consent for enhanced protection modes

Root access does not inherently pose a threat. Most rooted users do not tamper with sensitive apps, and blocking them outright only pushes them away or forces them to use unsafe workarounds. Security should be based on behavior and intent, not assumptions.

We urge Google and app developers to:

* Reform Play Integrity to allow rooted or modified devices where appropriate
* Provide alternative validation methods that don’t rely solely on device status
* Recognize root as a legitimate use case, not an automatic security risk

Rooting a device should not equate to exclusion from the modern app ecosystem. Users deserve the freedom to modify their hardware without being locked out of essential services.

These policies not only hinder the ability to modify and repair devices but also set a precedent that other manufacturers may follow. Users should not be penalized for wanting to unlock their bootloaders or install custom ROMs, especially when doing so is a legitimate and often necessary step to fully utilize the hardware they own.

To address this, we propose:

Mandatory bootloader unlock options for all devices, free from restrictive quotas.

A user-consented security model, allowing individuals to opt into secure environments while retaining the ability to customize their devices.

Also make Google revert what they did last months and what they are planning to do next by controlling adb sideload through ID:https://techissuestoday.com/the-android-you-loved-for-its-freedom-is-slipping-away/

Why This Matters  

Android has always stood for openness and user freedom. Recent practices by manufacturers and carriers to restrict bootloader unlocks are a betrayal of these values. Without the ability to control their hardware, users are at the mercy of corporations that dictate how devices can and cannot be used.  

The proposed changes are feasible, align with Android's open-source roots, and respect user rights while maintaining robust security.  

Join Us  

By signing this petition, you stand for:  
- The right to unlock and control your device.  
- A secure Android experience that respects user freedom.  
- Policies that empower users and promote openness and innovation.  

Sign now to advocate for a better, freer Android. Together, we can push manufacturers, carriers, and Google to uphold the principles that made Android great.