I recently found out that a locked device (aka a carrier lock) is actually locked in two very different ways.
-
the sim lock, which prevents you from using a sim card from a different carrier. This usually has some sort of policy regarding how and when to unlock the device (for Verizon it is if the device goes for 60 days without connecting to the Verizon network, might also need to be fully paid off as well)
-
Bootloader lock, this locks the bootloader and therefore disables any way of flashing anything (rom, root, etc) This is not something that will automatically be unlocked as far as I can tell and only the carrier can modify it. Most carriers seem to have the basic decency to unlock the device if you request it from their support, but be warned that there is no guarantee. What is guaranteed, is that Verizon will tell you to fuck right off and will never unlock your device.
The point of this post is to bring awareness to this issue, it is on me that I didn't properly research this and just assumed that carrier lock means just a sim lock, but this sucked.
I bought a pixel 8 which was sim-unlocked but sadly, as I discovered, its bootloader was locked and the "oem unlock" option was grayed-out. This is because it was a Verizon model that was out of the network but still, a Verizon model...
As of right now there are no known exploits against this device / Android version, and so, there is no known way to bypass this.
I literally argued, begged, and threatened Verizon. And their official stand is that they don't allow bootloader unlocks, they don't have the ability to do them (A lie) and that it will degrade my experience (Idiots)
So I started doing anything I could think of. I tried old exploits that were patched (unsurprisingly they failed), I tried sideloading other versions of stock android (worked but didn't affect the bootloader), I even setup mitm wifi hotspot that has a transparent tls inspection (see PolarProxy) but it seems that the OS does not trust any "user" CAs and so it tries to connect to android.googleapis.com, sees that the CA is not a system CA and aborts the bootloader check, which keeps it grayed-out. My idea was to spoof a valid response but apparently Android has good security practices (who knew)
Short of reversing the OS/Bootloader, it seems there is nothing to do.
So this is my warning to you, don't buy carrier models, but if you do, make sure the oem unlock option works, but if you don't, absolutely never buy a Verizon model.
ETA: I bought second-hand under the impression that it was an unlocked device, I thought that by checking sim compatibility I verified that it was, I was wrong.
The thing that annoys me is the way virtually all of these phone models have minor variants that go undocumented in the store pages. I ordered my last phone online, after first searching to make sure it was a model that was supported by the roms I like. The store page advertised it as unlocked, and that it supports GSM. Both of these things are true, and yet it turned out to be a "Verizon" model variant (believe it supports both GSM and whatever Verizon's networks are called these days, cdsm). It sucks because this small variation casts doubt and may reduce which roms I can install (haven't gotten around to flashing one yet). And the other annoyance is that even though it does work fine with my carrier, I still get an annoying notification every time I reboot my phone that complains about the SIM not being a Verizon one even though it works just fine.
This, unfortunately, has been a thing for over a decade. I was excited to discover that Samsung Galaxy S3 (i9300) is/was one of the better-supported phones for custom ROMs... until I realized that the one I have is a Sprint / Virgin Mobile version (d2spr), which looks the same but uses a different SoC entirely.
It wouldn't be so bad if 3rd party sellers would just be more consistently clear about which models and variants they're selling.