It was only yesterday that Cyanogen definitively confirmed AT&T's treacherous move to lock down the Galaxy S4's bootloader, but there is light at the end of that tunnel. No thanks to AT&T but to security researcher extraordinaire and a person I admire Dan Rosenberg, a.k.a. the magician, a.k.a. the root whisperer.

Dan, who is responsible for numerous root and unlock exploits, tweeted this photo of his Galaxy S4 earlier today:


There are no instructions or blog posts explaining the unlock at Dan's blog yet - these should be coming in the future. When, you might ask? This part is not decided just yet, for a good reason (put down your pitchforks). Here's what I was able to find out:

  1. The phone in the photo is indeed the AT&T variant, which is the only currently released GS4 with a bootloader that cannot be unlocked.
  2. As I mentioned, there is a good reason for why the unlock method will be withheld for now. Let me just nudge your thought process in the right direction. A certain other carrier has a habit of locking down bootloaders. That carrier's GS4 variant is not going to be due out until the end of May (May 30th, to be exact). If the unlock was to be released now, that's a whole lot of time to give someone to fix a thing or two up. And if they do, that door may never open again. You see where I'm going with this?

So there you have it - the GS4's bootloader has been unlocked but now we have to practice some patience and try to not feel selfish. Those who wait will be rewarded with custom recoveries, ROMs, and possibly unicorn ponies.

Update: Dan took to xda to publish a brief Q&A:

Some of you may have seen a picture I posted earlier. In case you missed it: https://twitter.com/djrbliss/status/329617760252481537
I thought I would answer some of the more common questions I've been receiving.

Is that the AT&T-branded Galaxy S4?
Yes. It wouldn't be very interesting otherwise. ;-)

Does this allow you to run custom kernels and recoveries?

When will this be released?
I will not be publishing anything at least until the Verizon-branded Galaxy S4 begins shipping (late May).

Does that mean it will work on the Verizon model?
It is highly likely this will also work on the Verizon model, but since I don't have one I'm unable to test at this time.

Will bothering me result in an early release?

Is this the result of a leak?
No. I would not associate myself with the publication of confidential materials that are proprietary to these companies, regardless of the fact that I disagree with their policies on device openness. Plus, where's the fun in that?

What about the bounty?
Feel free to wait until I publish and decide for yourself if it meets your criteria. As always, I prefer any donations go to a reputable charity organization instead of me, but I won't refuse if you insist on throwing money at my PayPal (http://goo.gl/zBGb0).

Is it safe to install OTA updates?
If you are interested in taking advantage of this release, it is recommended that you avoid installing OTA updates until it is published. Please be aware that refraining from installing updates may prevent you from receiving security and stability fixes for your device, and consider whether this is a risk you are willing to accept.

What's your favorite color?

Source: @djrbliss

Artem Russakovskii
Artem is a die-hard Android fan, passionate tech blogger, obsessive-compulsive editor, bug hunting programmer, and the founder of Android Police.
Most of the time, you will find Artem either hacking away at code or thinking of the next 15 blog posts.

  • Loren Cogar

    Well dammit, now you made it more public so they can see it!! The eye of Big Red is always upon you.

    • http://profiles.google.com/drepope100 u m

      The exploit wasn't described. Unless they know exactly how it was cracked, them reading a blog saying that it was means nothing.

      • Thomas

        That's true, but now they've atleast been given a reason to look for it.

        • Mike Reid

          There are 1000's of bugs in every smartphone, found or unfound, regardless of OEM or OS.

          Nobody is going to put 1000's - 10,000s of engineer hours into try to find and patch this bug they don't know about yet. They're too busy with bugs and crapware issues they already know about.

          Software dev is like any business; too much work, too little time, and a surprising amount of crap.

      • http://www.facebook.com/profile.php?id=100000003999549 Mike Harris

        I disagree. This gives them incentive to pour some time and money into finding and patching it themselves.

        • NoUsernamesFree

          If they were really serious about keeping it locked, they would be doing this LONG before it nears release. And they are - but they have other constraints on time and dev power so some bugs will always make it through.

        • Dan

          You obviously have no clue about software development on something this major. That's not intended as an insult, just a statement of fact. Most people can't picture what a ridiculously huge project it is and how many lines of code we're talking about. Rosenberg's post is equivalent to me telling you that I know where your missing $20 bill is. You dropped it sometime in the last year, it's still laying right where you dropped it, and I'm going to pick it up in 30 days.

          Feel free to keep looking for it.

  • yankeesusa

    Good reason to wait. Its almost 100% certain if verizon found the way this was done they would update their phone to prevent it.

    • http://twitter.com/andr3wjacks0n andrew jackson

      You guys really think Verizon would go out of their way to figure out how the bootloader was unlocked on this variant and make theirs harder? Now I really have VZW. They have the :LTE speeds and coverage but I would rather have the ability to do what I want with my phone.

      • gest

        its pretty much a certainty

  • DeadSOL

    "but now we have to practice some patience and try to not feel selfish"

    I don't know why but people don't seem to be able to be patient these days. Many people will whine and cry. Nobody understands that it's all for the community!

  • http://www.facebook.com/profile.php?id=1653571802 Debadatta Bose

    This guy is God.

  • ProductFRED

    If you buy your devices unsubsidized (off contract), just buy the T-Mobile version, even if you're going to use it on AT&T. It's pentaband for HSPA+ (850/900/1700/1900/2100 MHz) and works on both AT&T and T-Mobile LTE (700/1700/2100 MHz). And no bootloader lock (as far as anyone can tell).

  • AndroidUser00110001

    So they will just lock it up again after the 30th.

    • http://www.androidpolice.com/ Artem Russakovskii

      But at that point, you will be able to skip the OTA or just go custom and never look back. And I'm not sure if this will be possible, but flash back to the pre-OTA version and use the exploit.

    • yankeesusa

      Yes, but even if they lock it those that have already unlocked it will not lose it unless they run an ota update. After you unlock it you can just wait for any updates to be rooted and then install those.

    • Jadephyre

      Won't happen if you go Custom, and seeing the horrible Skin almost every OEM puts on Android these days, that is really the only way to go.

  • Bobert

    AOKP switched to cats. So... You guys an quit it with all the unicorn jokes.

    • Clayton Ginther


    • http://www.androidpolice.com/ Artem Russakovskii

      I wasn't talking about AOKP. I like ponies, and the unicorn breed offers the best package in terms of ease of care.

  • blakjakdavy

    Anyone else starting to think that if/when carriers tell samsung to lock a bootloader, samsung do an intentionally bad job so the phone gets unlocked anyway?

  • marcusmaximus04

    Of course, this is somewhat of a gamble. If the carriers manage to stumble across the exploit before he releases it, they can close it and everybody will be stuck with permanently locked bootloaders(well, except Rosenberg). If he released it now, it'd at least guarantee those with AT&T have a chance to unlock theirs before the hole is closed.

    • biff98786

      Then if you're on AT&T just don't accept any OTAs between now and when Verizon launches and your bootloader will be the exact same one that Dan can crack

      • marcusmaximus04

        As I remember from past phones, the carriers are capable of forcing an OTA if you haven't accepted it.

        • biff98786

          In that case then just root (which the AT&T S4 has, I believe) and freeze/delete the two apks that control OTAs. I think they are FWUpgrade.apk and SDM.apk in /system/app/

          Do that and your carrier can't send a dang thing to your phone in regards to forced updates. It's the same way that most custom roms block OTAs too.

        • http://twitter.com/xIndirect Nick Wells

          Actually they can't force it now legally on a phone due to needing it for an emergency call. Hence why all phones in US have to ask you to update. Basically to confirm "I am not in life threatening danger so please make my phone unusable for a few minutes" They'd be sued blind if they didn't ask.

        • yankeesusa

          Not at this moment. Carriers can not force an upgrade at this time. Plus even with that ability they will not as it opens them up for possible legal action.

    • Ryan Yakus

      just don't accept any ota's and you will keep the exploitable bootloader

  • biff98786

    This is awesome news if you're on Verizon and terrible news if you're on AT&T.

    Excellent call by Dan, though. Hold the exploit until Verizon launches then crack both of them with one tool.

    • faceless128

      this is awesome news for users of both.

      • http://twitter.com/Times_Infinity John Cintron

        I guess he means terrible news if you're on AT&T since you still have to use the phone with locked bootloader for a month-ish. Which, IMO, isn't that long of a wait.

  • Steve Green

    Good work, but folks stop buying these things. All you are doing is voting with your dollars for more locked down devices.

    • http://www.facebook.com/profile.php?id=100001623230993 David Davidson

      A lot of people are stuck with a carrier due to work, family, or coverage areas. Remember nearly half the US lives in rural areas, which frequently halves their choice of major carriers. Where I live 90% of the users are on Verizon unless they live on the west side of town, then they might use Sprint. And I live in western Ohio in a completely flat area, not some place REALLY rural and mountainous like in Montana.

      • Squiddles

        I understand what you're getting at, but perhaps Steve's implication was actual hardware. IE: The Galaxy S4 has a locked bootloader. The HTC First does too, but it is unlockable via htcdev.com.

      • Steve Green

        This is false. 82% of Americans live in cities or suburban areas. Half of americans have not been rural for many decades.

        • http://www.facebook.com/profile.php?id=100001623230993 David Davidson

          What the US Census department calls an Urban Cluster is anything but urban, from a practical standpoint. Population density is king when talking cell coverage.

    • Kevin

      Is this the Steve green from Windsor? This is Kevin.

      • Steve Green

        No. My name is very common, so don't be surprised about that. I am not even a citizen of America's hat :)

  • McLean Riley

    The major question is, what if they do find out his exploit and patch it with an OTA before the Verizon version comes out and it doesn't work for either device? Just my .02. This guy posted on twitter just before this how he felt bad to get it from a leak. That is a man who likes to do stuff the hard way.

    Edit: This comment is not to take away from Dan. He is a beast.

  • s44

    Where's the "donate to Dan" button!?

    • http://www.androidpolice.com/ Artem Russakovskii

      Now there as part of the Q&A.

  • ltredbeard

    I too like blue

  • Ray

    Like I said in the other thread, sensationalism FAIL. It was obvious that this was going to happen very quickly. like it always does.

  • Cuvis

    I don't get why the carriers insist on locked bootloaders anyway. Sure, having the loader completely unlocked creates a security risk, but what's the harm in making it unlockable, like HTC likes to do? That way, the average user is protected, and the power user is free to tinker. The way the big carriers insist on just seems to remove value from the device for no good reason.

    • Jadephyre

      They do that to ward off warranty claims of users who f****d around with their devices and break them in the process.
      I don't agree with the practice, but I can sort of understand where they are coming from.
      Personally, I would not give about 50% of the Custom-ROM users a smartphone anyway since they are often enough completely unwilling to read the instructions that come with an unlock carefully, and constantly whine when not everybody stands at attention to help them on a moment's notice, but that's just me.

      • Cuvis

        Why in the world would the carriers give a shit about warranty claims? I'd think that'd be more of a manufacturer concern, and they're more than happy to provide unlockable boot loaders (with the standard caveats about voiding your warranty, of course).

        Of course, from your general tone, it seems more like you're expressing your own bitterness and cynicism than making a serious argument, but maybe that's just me.

        • Jadephyre

          You're not wrong, I am cynical toward a lot of people I see on Forums such as XDA because they have absolutely no clue and are completely education-resistant.

          I understand your argument about the carriers as well, they could just say "do it, but we'll void your warranty" and frankly I don't understand why they don't do it either.
          All I was saying however is, that this is currently where we stand and their possible reasoning behind it.
          Also, think of it this way: When you have a warranty claim, where do you go ? At least here in Germany, you go to the store (electronics store or mobile provider store) where you bought your phone first, Manufacturer second.

  • wolfkabal

    I would have thought his favorite color would have been green, oh well.

  • http://www.facebook.com/john.ross.14418 John Ross

    No GS4 until it's running AOKP. Locked bootloaders are garbage phones.

  • kevin

    And where is this available?