To be fair (as a problem we have is that there is a small oligopoly of players and they all mostly suck), the original Android G1 was a locked down device: to get root on it required you to buy the Android ADP1 (which cost a lot more and had serious limitations with respect to apps from the Market); we only got root on it due to a bug (so the same as with iOS... it was just a dumber bug ;P). But yeah: Android wouldn't be usefully open source to anyone if you couldn't at least build your own device to test and run it on, and they clearly support that and they even provide emulators (and, thankfully, more recent, first-party Google devices are nice and open: Google learned their lesson there pretty quickly).
The 'android' that you get from your phone vendor definitely isn't open source. The AOSP project is and the distro from your vendor will have parts of it that can be traced back to the source.
But the android ecosystem as a whole is not 'open source' and not 'open' like people like you tell about. Almost all access is due to hacks and bugs, not because the boot loader and the OS came with the option for user access on the inside.
> The 'android' that you get from your phone vendor definitely isn't open source.
But it's so, so far ahead of iOS in openness. You can sideload apps. You can spin up Android in a VM. You can buy Android devices with unlocked bootloaders and install your own roms or drivers or kernel modules or whatever else. The system can be made yours to command.
iOS doesn't even let me run my own code in userland.
> iOS doesn't even let me run my own code in userland.
This has been possible for a long time. Yes, there are some hoops to jump through (7 day time limit per signing unless you pay), but to say it doesn’t allow you to run your own code is just wrong.
Code that can generate new executable pages on the fly, code that can access the various databases on my phone, code that modifies how the system applications work…I think that's fairly important and useful, especially since the alternative is…you can't do that at all? What's the issue?
That's somewhat tangential to the item at hand isn't it? We are talking about open source, not about hackability or the rather vague term of 'openness'. One could argue that a device that is usable to a lot of people is 'open' and devices that all require their own teaching/learning are not.
And the method by which you get root, which involves unlocking the bootloader and using a custom recovery to flash the su binary and an app to manage it, is in itself enough of a deterrent that only people who know exactly what they're doing do it. It's impossible to root accidentally, you have to install adb/fastboot on your computer and follow instructions. And then every time it boots there'll be a warning that the system has been modified.
Google though... I really hate their stance with SafetyNet. It's as if they're trying to say "your device can either be fully useful or fully under your control, but not both".
I still don't get why iPhones absolutely can't have unlockable bootloaders.
Still, it seems for overall security to have this program exist then not have a program at all.