Native

Windows Phone 7 unlocker: ChevronWP7

November 26, 2010 · 4 min read

My motivation for this post is to hopefully have a single place for my thoughts on just what "jailbreaking" means on WP7, what this tool has done, what MS can do, and well pretty much anything else related to the subject.

I have friends invested in WP7 and I completely understand their concern. Another motivation was following a thread from a friend back to this unfortunate starting point: https://twitter.com/ChrisWalshie/status/7967096923226113 (@mikebmcl being my friend in the situation). This was likely in response to this post: https://www.chevronwp7.com/post/1686961408/our-stance-on-piracy. This resulted in one of the other names on the project issuing this post: https://www.istartedsomething.com/20101127/my-thoughts-on-my-thoughts-on-chevronwp7/ leading back to a further post from Mike. That's a lot of concern from both sides.

I don't like the term Jailbreaking in this instance as that seems to infer, based on iPhone and Android definitions, that the carrier lock is also circumvented and you can possibly use your phone anywhere. Let's be clear, this tool is only useful for loading XAP files to the device without a marketplace account. You are still very much "in jail" and tied to the big bad wolf carriers but using the term jailbreaking does give you recent legal protection to a degree.

The problem with opinion in this matter, on both sides, is it doesn't seem to be grounded in complete truth. Comments on Mike's blog talk about a smartphone being like a PC and should be unlocked for all. While at a basic hardware level this is true, what is actually created is more of a specialized hardware device like an Xbox 360. You are given a big walled garden that just so happens to use phone capabilities and the internet but essentially from a legal standpoint you aren't given the keys to this kingdom. You are merely allowed, by the rightful rulers of the realm, to breathe the air they've given you for the low low price of $100 USD.

Windows Phone 7 devices require Windows Live ID to use the cool parts. Windows Phone 7 devices require apps be bought/loaded from the marketplace only. This by nature creates a unique ID between Windows Live ID of the purchaser to the app ID given by the marketplace. Microsoft can literally tell who has purchased what application on which device. This to me, is "game over, man!" for the most part.

At ReMIX Atlanta '10, Brandon Watson was asked a question regarding sideloading of apps besides marketplace for enterprise developers that wish to install apps that the public shouldn't see (think government, high security firms) and at the time they didn't have an answer but were working on it. Part of the answer is what this tool does, unlocking, but consider what this means. Every employee with a wp7 will have to unlock their device to run their company-mandated app? This enterprise app won't be submitted to the marketplace so I don't believe it'd be as trackable. We're essentially saying here "the piracy that matters (i.e. marketplace content) is covered" but the question somewhat remains about where that leaves the private enterprise.

I didn't bring ReMIX to hold Brandon or MS to a firm answer, just that steps can still be made to "tighten up the graphics" so to speak. Worst case, this tool is bringing exposure to the real risks you face as an appdev on the WP7 marketplace.

Here are what I believe are steps to mitigate piracy in any wp7 device:

  • Obfuscation - Provided it works 100%, Reflector returns lovely little "This has been obfuscated and cannot be disassembled" messages.
  • Keep track of your main project's GUID or if extra paranoid, create an extra unique ID in your app that you know won't be altered by the marketplace.
  • If you're using the network, use analytics if you can spare the data. You have to be careful here to stick to the rules of both the analytics firm and the marketplace guidelines but this does provide a method of phoning home.
  • Microsoft has a lot of tools at their disposal to fight for you. You sign agreements to use the WP7 device and I believe MS is within its right to ban a Live ID from any WP7 device.
  • It's likely every time an app is loaded the phone sends MS the live ID and app GUID regardless of marketplace status. Worst case it can collect this locally until time of an OS update if network access is never used.

Pre-Post Update: Before I had a chance to finish my thoughts on this post even more statements have been flying on this issue. https://www.winrumors.com/microsoft-using-chevronwp7-unlock-could-render-windows-phone-7-permanently-unusable/ reads as fear to me, like MS would easily "flip a switch" to render your phone useless. I personally read that as "If you're unlocking your phone using this tool, you run the risk of anything happening and a carrier or MS is legally within right to exact anything mentioned" which isn't quite as heavy handed as the comments were leading towards.

I also want to be clear about where I stand. I believe tools like this are a valuable resource. There is a hole that desperately needs to be addressed, not only in downloading XAP files but unlocked devices. Developers talk in code so until you saw a working proof of concept you weren't going to really listen. Mike is a developer on the marketplace so I completely understand his frustration but I consider the backlash on both sides unfortunate and unwarranted. You're both right to some degree and wrong in others. I have deep respect for Mike, the ChevronWP7 team, and the efforts that lead to their discovery after learning about it on XDA. Hopefully civilized discussion on what boundaries should be set can continue versus whatever the hell is happening now.