Copying my comment from the other post from AppleInsider:
"No it doesn't. This is appleinsider, and obviously they think everything is about Apple.
But if you read the proposal, it never mentions smartphones. It is fairly clear that this aims to target other types of electronics such as hand tools.
I'm pretty sure EU is satisfied with at cost smartphone battery replacement policy they introduced while back. The whole point is to not scrap electronics just because the battery is old, not that average Joe should be able to do it himself for the cost of making phones more expensive to produce or lose IP ratings."
* not that average Joe should be able to do it himself *
From the article: "This new law states, specifically, that users should be able to replace a battery in their phone without any special expertise or tools."
Wouldn't that mean that Average Joe should be able to do it? I would assume that I'd be able to buy a battery and replace it at home instead of shipping it off to some factory and being without a phone - or not actually have to take it to the nearest shop if I don't want to be without a phone for a while.
And from what I can find about Apple's battery replacement: They'll only do it IF you have apple care AND your battery has 80% capacity and your phone doesn't have issues such as a cracked screen. [1] This certainly doesn't sound like an easily replaceable battery.
I recently got the battery in my 6-year-old iPhone replaced by Apple for, as I recall, €55. Just brought it in and they did it, no applecare. Made the phone as good as new, I hope to use it until OS security updates stop, which should be at least another couple years.
And the "no cracked screens" provision is because access to the battery on most iPhones is from the top side, by lifting the display with a suction cup. If the glass is already cracked, lifting it is likely to cause further damage, and it may not go back in afterwards.
iPhones are the best value phone on the market today bar-none, people just tend to be short sighted with their understanding of "expensive".
You can buy a €400 used iPhone and get updates for longer than most brand new Android phones. And by the time that used iPhone stops getting updates, you'll still be able to sell it for some non-zero value, while that budget phone will be worthless and destined to be e-waste.
My phone was $150 brand new and still works acceptably over 3.5 years later. Software updates weekly thanks to LineageOS (firmware updates are another story).
Yeah, I'm probably one of the most uniquely qualified people to plug LineageOS as an engineer who's launched multiple AOSP based hardware products.
Comparing LineageOS to actual first party support when the SoC manufacturer has long forgotten your device exists isn't really realistic: you're getting updates in name only. The blobs that run the most important things are frozen in time.
-
Not to mention, if you're willing to put up with that level of limitation, you can get a brand new iPhone SE for $150 too. It'll be locked to a carrier, but that's a lot less limiting than "literally never going to have a meaningful update again"
I'm not going to argue that "use LineageOS" is viable advice for most users (it's not), but what do you mean "The blobs that run the most important things are frozen in time"? I suppose they're "the most important things" in that they're required for a usable device, but I wouldn't call them the most important things when it comes to updates.
If I'm running an outdated Android version, my threat model basically can't include any internet or cell connectivity, since an outdated media parser means a bad web page or media message and my phone is the attacker's playground. But an outdated baseband firmware means what, I have to watch out for ne'er-do-wells dodging the FCC with high powered SDRs in my neighborhood who know what model of phone I'm using? In a better world, Lineage could feasibly ship updates for every component, but as far as I can see, one of these is a lot more important than the other, and it's the one LineageOS does take care of.
The SoC has a lot more binary blobs than a baseband firmware. It's one thing if the alternative was living like a hermit, but no, the alternative is not supporting an ecosystem predicated on SoC vendors abandoning your advice because it's in their best interest for you to buy a new one.
Android for personal use is a complete non-starter for me today, it's a terrible ecosystem driven on waste with fundamental flaws that will never get fixed because of a misalignment of interests.
Again, not defending the Android ecosystem, but what is the threat model here? Poking through those, they all seem only locally exploitable by malicious apps, which yeah not great, and under just the right circumstances maybe chainable from a sandbox, but hardly the most important thing to be concerned about for most users compared to "your device still has stagefright vulns".
At the point where you're writing off local arbitrary reads from unprivileged apps as "hardly the most important thing", I'm wondering what threat model you're pushing since to most people in security that's a pretty plain threat.
Even if you arbitrarily decide only RCEs matter, there's again a lot of binary blobs in a modern device and more importantly they do a lot more than you seem to think.
I'm not sure why Stagefright is your synecdoche for RCE when just a few months ago we got a set of CVEs that made it look like child's play. It turns out your device being exploited via baseband doesn't take SDRs, your baseband today is involved in MMS too:
Arbitrary local reads from unprivileged apps is a "pretty plain threat" in terms of recent developments in security as a result of improvements to what we can secure. In a typical desktop OS, it's just the norm, but for mobile OSs we've moved the goal posts because we can. If we were talking about deploying a new OS or shipping new devices, then yes, it would be absolutely unacceptable, but we're talking about keeping smartphones past their support alive, so I think it's fair to say at that point we expect the user to only install a small set of critical applications on the device. If what the user wants is a mobile game console to mess around with while also functioning as secure storage for sensitive documents, then yes, the user might need to rethink what's acceptable risk.
>they do a lot more than you seem to think.
I do mobile security research, I am well aware of what these devices do. The reason I cite stagefright vulnerabilities as an example is because stagefright is a library that has continued to have vulnerabilities well past the original set you're probably thinking I'm referring to, and vulnerabilities that we have seen exploited in practice. Are there any known worms exploiting the project zero bug you've linked? Because at least from what I've come across, an updated LineageOS install only running apps from F-Droid would not be vulnerable to any non-targeted attack in the wild I've heard of. (Not a rhetorical question, to be clear, it's entirely possible I missed something, and I would love to know more if my understanding it out of date.)
> The regulation provides that by 2027 portable batteries incorporated into appliances should be removable and replaceable by the end-user
And from the proposal[2]
> This Regulation should apply to all categories of batteries placed on the market or put into service within the Union, regardless of whether they were produced in the Union or imported. It should apply regardless of whether a battery is incorporated into appliances, light means of transport or other vehicles or otherwise added to products or whether a battery is placed on the market or put into service within the Union on its own.
What makes you think smartphone batteries are excluded?
Because this legislation did not come out of nowhere. There were investigations about batteries at home before they fianlized this, and none of it involved smartphones. For example, there was a lot of talk about Dewalt, B&D, Ryobi and others each having a different batteries and a different type of chargers.
Smartphone battery issue was addressed separately and the whole spin on user replacable smartphone battery seems to come from forums like this and not EU. In fact, this proposal specifically allows water proof devices to be handled by a professional (an "independent" professional to be exact, which is very much inline with the previous proposal on smartphone battery replacement).
I also don't see anything supporting this interpretation in the actual regulation - quite to the contrary. It repeatedly refers to all batteries, and says nothing of any class of devices that are exempt.
> new regulatory framework for batteries will consider rules on recycled content and
measures to improve the collection and recycling rates of all batteries
> It is necessary to create a harmonised regulatory framework for
dealing with the entire life cycle of batteries that are placed on the market in the Union.
> It is also necessary to update Union law on the management of waste batteries and to take
measures to protect the environment and human health by preventing or reducing the
adverse impacts of the generation and management of waste,
"Products placed on the market [...] in applications that the end-user is not intended to split up or open [...] should be subject to requirements applicable to batteries."
This sounds to me like as long as they have a recycling program for cellphones, the entire phone can be considered the "battery" and no user replaceablilty is necessary.
>Products placed on the market as battery packs, which are batteries or groups of cells that
are connected or encapsulated within an outer casing to form a complete unit ready for use
by end-users or in applications that the end-user is not intended to split up or open and
which conform to the definition of batteries, or battery cells that conform to the definition
of batteries, should be subject to requirements applicable to batteries.
I don't think phones can be considered being placed on the market as battery packs
You'd have to go further than that. The actual law says:
>specifically designed to operate primarily in an environment that is
regularly subject to splashing water, water streams or water immersion, and that are
intended to be washable or rinseable
An iPhone is specifically designed to cope with primarily outdoor use. It rains outdoors. Outdoors is "an environment that is regularly subject to splashing water".
Never mind phones, what about EVs or cars in general? Currently to replace a Tesla battery you need to lift the car, undo a 30 bolts, use another lift or do some lift juggling to drop the battery, etc. How on earth do you design an EV with the same battery capacity if the battery must be removable without tools or expertise? Hell, my petrol ford fiesta has a battery which fails this requirement (needs spanners to undo the connectors and the hold-down and needs the expertise of knowing which batteries are appropriate, how to safely disconnect it, how to remove it).
Assuming they are regular, not security, bolts, Teslas are in the clear. It's no specialty tools or expertise. Working on a car assumes you have the tools and expertise to put a car on a lift, rotate N standard bolts to remove them, and move heavy objects. And you can read the documentation to know how to do it.
It's specifically to prevent Tesla from saying "well, you need to have Tesla-bolt driver, the only way to remove our 30-bolts. And we only sell those to authorized Tesla-trained mechanics who took our course because if you mess up a secret process it won't work".
EV batteries are exempt, as are batteries which are "specifically designed to supply electric power for starting, lighting, or ignition and that can also be used for auxiliary or backup purposes in vehicles, other means of transport or machinery"
I believe Teslas have a lead acid battery specifically for the listed purposes. But I can't quite remember. Should watch some more Rich Rebuilds I guess.
I see no reason in principle that this is an intractable problem. A problem, sure, but one which is solvable given the right incentives, which is what this law is for.
I think phone batteries are included, but I don't think that there is an appetite for aggressive behaviour in that manner.
This is an ewaste policy, look at the objectives. Collection of waste, recovery of lithium, new batteries need to be made from recycled batteries.
Home replacement of batteries won't accomplish any of those goals. I would say that it would encourage more batteries to go in the bin. Apple and Samsung already provide fairly cheap services to replace those batteries and once removed the batteries can be recycled, this is going to impact other phone providers who don't offer anything, EV manufacturers who don't recycle or provide simple replacement programs, electric bikes that have batteries built into the frame so cant be replaced at all.
Compared to all that Apple is a fairly good citizen.
eWaste also includes all the stuff not including the battery. Making batteries replaceable increases the lifespan of all that other stuff.
Of course they may not be supported by software in the case of phones and tablets, but (a) that's a separate issue and (b) not all tech with non-replaceable batteries are phones and tablets. It's an increasingly common pattern in wireless headphones, powered toothbrushes, hair clippers, etc.
That was really my point, there are clauses but the main point of the entire thing appears to be to stop things having non-replaceable batteries.
Phones are a bit annoying, but they can have their batteries replaced. There are much lower hanging fruit, such as all the phones that can't have the batteries replaced at all, or the toothbrushes, etc.
But EU mandates that toothbrushes need to have replaceable batteries isn't click-bate enough compared to Apple conspiracies.
The cyber resilience act which is worked on in parallel would require software updates (not necessarily new features) for a "reasonable" amount of time (I recall about 5 years for phones).
Are you suggesting that Apple & Samsung might sell phones in Europe that are technically in violation of this law? Or are you just saying that it was unnecessary for them to be included, but acknowledging that they will design their devices to be compliant?
Man can you imagine if the EU got all the tool manufactuers standardise on battery type. They'd get one last hurrah with a battery shape then the worst problem in owning cordless tools would be solved.
Personally, I suggest they adopt the ryobi battery as the standard.
Doing construction landscaping work and having batteries and drills fall into mud. I prefer the larger battery stem as there's less tiny grooves to get dirty etc.
This completely makes sense. The battery replacement program is straightforward enough, and Samsung have a similar battery replacement program here in the UK.
This is an ewaste prevention policy not a "right to repair". Right to repair comes next, we just want any sort of repair to be considered for these electronics.
Except this isn't happening with phones now. Apple offers affordable battery replacement options without any idiot regulators forcing them to compromise their designs to add a "feature" most users don't need or want.
"No it doesn't. This is appleinsider, and obviously they think everything is about Apple.
But if you read the proposal, it never mentions smartphones. It is fairly clear that this aims to target other types of electronics such as hand tools.
I'm pretty sure EU is satisfied with at cost smartphone battery replacement policy they introduced while back. The whole point is to not scrap electronics just because the battery is old, not that average Joe should be able to do it himself for the cost of making phones more expensive to produce or lose IP ratings."