I am in favor of this being a switch with default off and not a removal to start. That way distros/users can turn it on if they want or they hear complaints from users, but by default it is in a bit more secure state.

These drivers won't just suddenly vanish from the 5+ years old kernels that these devices usually run on. They are being remove from *current* kernels, which no Android device available in 2024 is running anyway. I really don't get all the vitriol that is being spewed here.

But this seems to me that it removes RNDIS also for host devices. So IIUC, if you run an Android 13 on your phone that has RNDIS usb tethering and linux 6.9 on your laptop, then you will not have USB tethering, because your laptop's kernel does not "speak" RNDIS anymore.

This change is not only for the kernel that the Android phones are running, this is also for the kernel that the RNDIS hosts (e.g. laptops) are running, correct?

You miss the point. Both the host and device side drivers are being removed. That means your 5-year old phone (or phone from last year) won't be able to tether with your PC/laptop running a current kernel.

Indeed. Currently kernel developers are applying wishful thinking. Currently there is no proper stat on how many people still require RNDIS in their PC for USB tethering with the phone. Effectively the dev here is asking users to stay with outdated, unsupported kernel. "This one old feature is insecure. You can't live without it? screw you, may your whole kernel be insecure!" This attitude does NOT help security.

Before you all loose your sanity, remember that this is just a proposal by GH and not a committed change. There are high chance that this proposal will be shut down just like it was last time, and even if not then this proposal only makes the KCONFIG for it hidden so most likely all distros will enable it anyway.

​That is not at all what he said, GH maintains several long term kernels (6.6, 6.1, 5.15, 5.10, 5.4 and 4.19) where this change will not be applied but security fixes will.

how do i know if my cell require this driver?

This functionality is necessary for high-end phones, such as the Samsung Galaxy S models sold even TODAY. This is not technology nobody is using! The protocol may be broken-by-design, but it is essentials for many current phones to allow USB tethering. It most definitely should not be removed in the next 10 years.

Could anybody explain to me the passage "Android has had this disabled for many years so there should not be any real systems that still need this."?
Maybe anyone from the vocal people here?

I'm conflicted on this. Greg's statement about Android not using RNDIS is demonstrably untrue. It's only true in Android 14. However, the vast majority of Android devices are not on Android 14, and probably never will be. I don't believe we should be holding back the overall security of any OS, Linux, BSD, or whatever because people still might be using Gingerbread phones or tablets (Android 4) and may occasionally connect them to their PC. However, two things should enter into people's consideration with both compassion and empathy: not everyone has the funds to have a new (less than 2 years old) phone, and second, many people in developing countries likewise can't afford to keep up with Microsoft, so they use Linux on older hardware (or just stay on old versions of Windows). I've seen a great deal of shallow 'I got mine so you don't matter' along with unsupported broad statements of "well no one uses this". You don't know if no one uses something if you have no metrics to consult. I think following a phone's useful lifetime is probably better... that would be around 4-5 years with a couple of battery changes, or the original battery if the user is particular good at battery maintenance. (They don't use it off the charger much, like myself my SE2 is about 3 years old and still using the original battery).

However, we do have metrics showing Android's update problem, and it's very well documented. The number of Android devices out there using RNDIS is a significant percentage because that was the main way of USB tethering before 14. We also know, to a lesser degree, that computer hardware in developing countries also tend to have a long service tail even more than it does in the US or Europe. What we don't know is just how many people in group A which have Android phones that will never receive updates to version 14 intersect with those with older PC hardware that also use a Linux distro for a desktop. My guess is that it's not zero as GKH seems to believe.

Not that he's ever going to bother reading these comments, and who can blame him, but a switch would be advisable here along with a deprecation message rather than just arbitrarily and unsympathetically saying "well you don't matter, so we're just going to remove it completely cuz security". That's not how you do security, because all that happens is you alienate users (open source is a red herring here, because people can't just add it back and/or maintain it indefinitely out of kernel with no real hope of it being re-upstreamed). Also, I don't buy that statement about RNDIS can't be made secure if they've never even bothered to try: $EXCUSES_CUZ_BULLHEADED_UNREASONABLE_MICROSOFT_HAT E. Security is always a trade off with convenience. You have to respect the user's choices when it comes to things like this. How likely are the flaws in this particular feature going to cause problems with others if it's off by default? Very small? None? Flaws can't be exploited if it's unreachable to begin with because of a switch only usable at boot time. If the user wants the convenience or necessity, then they have accepted any risk big or small with turning the switch on.