I’d like to try and dispel some misinformation here and arm you with what you can and can’t do with the phones – and hopefully not introduce more incorrect information into the arguments.
First off, you should know that Root, S-OFF, and an unlocked bootloader do not depend on each other. I’ll go into what each of these are below.
“Root” is a term that essentially means running a program without restrictions. We have root management programs called Superuser and SuperSU that allow one to choose whether or not to allow a program to run with root access.
When you install a program from Google Play, you’ll notice all sorts of permissions, such as FULL INTERNET ACCESS, READ PHONE STATE AND IDENTITY, along with many others. These are the restrictions that an application has when running; it specifically has to be granted permission to do something in order to function. A program also can’t touch any other program’s data, code, or whatnot.
A root-running program does not need any of these permissions in order to do what it wants. It just requests to run as root, and then it can grab your data, modify other programs, and send all your contacts text messages containing your photos if it wanted. It never has to ask permission. Root allows you and your applications to run with scissors through most of the operating system, and it’s great.
Most custom ROMs ship with Superuser/SuperSU for root access, although there is no requirement that they do so. You can have a custom ROM without root. You can also have a custom ROM that grants root to everything without the aid of a superuser application.
You do not have to be either HTCDev unlocked (the official method), or S-OFF, or running a custom ROM to have root access, although most people would be running a custom ROM and be one of the two.
Without being HTCDev unlocked or S-OFF, you generally are required to run a local root exploit to obtain root. The HTC EVO 4G LTE had one of these several days before the phone was available. These generally will throw up a “tampered” warning that can be removed by installing a new RUU.
So, root does not require the phone to be unlocked or S-OFF, but it generally goes hand in hand with them.
Unlocked bootloader / fully unlocked bootloader
All HTC phones ship with a locked bootloader. Almost all HTC phones you can unlock the phone for free and with not too much hassle by using the manufacturer’s website, HTCDev.com. Last I checked, all of the EVO line is unlockable there.
Unfortunately, some people have issues with the warning that you might be voiding your warranty. They take this to mean, “you do this, we know who you are, if anything goes wrong with our product, you’re out $500.” That’s not what the warning says though, and since most of you are Sprint customers, you should know you deal with Sprint for warranty work, not with HTC. Sprint and HTC both have a history of taking unlocked phones and repairing them.
In fact, you can check out the official Sprint policy here. As for HTC’s policy, I’m still waiting for someone to loudly complain they were denied due to using the unlock website. I’ve been waiting for a year. It may have happened, but it’s not commonplace.
An unlocked bootloader generally means you’re able to put a custom ROM on the phone, or “flash a ROM.” In the way we use it, an unlocked bootloader is taken to mean being able to write to partitions on the phone’s internal memory that the operating system lives on. This is done from a level of operations called recovery.
The HTCDev unlock method allows you to do most of this; however, it does not allow you to directly access the internal space where the software lives that talks to the carrier towers (i.e. Sprint.) This is done, in theory, to prevent spoofing of someone else’s phone, running on the wrong band, wreaking havoc with nearby cell phones, disabling carrier controls, etc.
The HTCDev method also does not allow Recovery to access the kernel space, or stock splash screen areas of the phone. The theory behind this being that the stock recovery requires the kernel intact in order to work, so if you damaged or changed the kernel, you might have a semi-bricked phone. I’m not entirely sure on the splash screens though – I think they got caught up with the stability attempts.
Opponents of the HTC method claim that the unlock method HTC provides prevents kernel developers and the AOSP projects such as CyanogenMod from going forward because you can’t flash a kernel from Recovery mode. AOSP requires specialized kernels generally.
Now, starting with the EVO 3D, we had this. We got around it using a method where we flashed kernels from fastboot instead of recovery. Team Win introduced a method called HTC Dumlock that allows flashing kernels sort of from recovery mode (it sets up a script, boots into Android mode for a second, flashes via Android mode, and pops back out). Flash Image GUI also flashes kernels from Android mode, bypassing the restriction. 4EXTcame along and did a modified version of Dumlock that works like a champ.
The total extra time to flash a kernel due to HTC’s kernel-protection is about six seconds.
Radios are off limits as per the carrier’s request. If you’re going to use Sprint, you’re going to run the radio software they gave you. In the past, this has not been much of an issue. You can still update radios, it’s just a bit of a pain.
Having an unlocked bootloader does not mean you have root. You just have the ability to flash a ROM, which generally will contain a root-giving program.
I’ve run unlocked on my EVO 3D since a week after I got it, flashed a couple of hundred ROMs, and never once had one that I couldn’t due to having an HTCDev unlocked bootloader.
S-OFF means you have complete control of the phone. Security off. Do whatever you want from whatever mode you want.
HTC does not really care if you get S-OFF on your phone, but the carriers do. An S-OFF phone means you have access to write new radio firmware into the device. HTC is required by their agreements with the carriers to do what they can to prevent users from being able to install firmware that could be potentially disruptive to the towers, or prevent the carrier from accessing your device without your knowledge, which may be required by the government or a warrant.
Every new software update that the carrier pushes will contain new code by HTC to attempt to prevent you from getting S-OFF.
An S-OFF phone has no restrictions on what you write, so you could wipe the kernel, bootloader, and everything out and be stuck with a phone with no operating system and no way to do anything.
An S-OFF phone can show that it still has a locked bootloader, although recovery will treat the phone as though it is unlocked. Having S-OFF does not mean you have root, although you can flash a ROM with root. You can also flash kernels and splash screens directly from recovery without any additional methods required.
S-OFF exploits are almost universally patched from version to version, and unless you’re really paranoid about HTCDev voiding your warranty, it’s not worth waiting for. Unlock via HTCDev, and get S-OFF later when it’s available.
An S-OFF phone that’s updated to a new software version that patches the exploit used to obtain S-OFF generally will not re-enable security on that phone. You should still be S-OFF.
Hopefully that covers it.
If you’re angry about a locked bootloader, there’s no reason to be other than that HTC has not written a recovery that allows flashing of kernels, and you have to take six more seconds to flash with a custom recovery. They have their reasons, which may appear annoying and directed against root-seeking people, but are easily surmountable.
If you’re angry about S-OFF, direct your anger at the carriers.
And if I’m missing something or wrong about anything above, please let me know and I’ll correct it as quickly as possible. I’d like to have one completely solid piece of information on HTCdev, EVOs, unlocked bootloaders, and S-OFF so people can get on to complaining about what’s really wrong with the carriers, the phones they put on the network, and how they treat root-wanting customers.