Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Android Security Google Software

Android Nougat Won't Boot If Your Phone's Software Is Corrupt Or Has Malware (androidauthority.com) 163

An anonymous reader shares a report on Android Authority: In a bid to increase the security of the Android operating system, Google has introduced a new check for malware as part of the boot process in all Android devices. Until Marshmallow, Android devices ran the check as part of the boot process and in Marshmallow, the phone would warn you that it was compromised but would continue to let the phone boot up. In Nougat however, Google is taking this security check to the next level. On the Android Developer's blog, the company explains that Android Nougat strictly enforces that boot check, giving you far more than a warning. The good news is that if your phone is infected with types of malware, it will refuse to boot or will boot in a limited capacity mode (presumably akin to safe mode). The bad news however, is that some non-malicious corruption of data could also mean that your phone will refuse to boot up. Considering that corrupted data may not always be malicious -- even a single-byte error could cause your phone to refuse to boot up -- Android Nougat brings additional code to guard against corruption.
This discussion has been archived. No new comments can be posted.

Android Nougat Won't Boot If Your Phone's Software Is Corrupt Or Has Malware

Comments Filter:
  • Liability (Score:3, Insightful)

    by Anonymous Coward on Wednesday July 20, 2016 @01:15PM (#52548481)

    Has anyone at Google thought about the deaths that this might cause? If I need to dial 911 because I just severed my foot, I don't care about my phone having malware. I need to dial.

    • by maorb ( 2578043 )

      Then hope that they decide to implement there limited-capacity safe-mode feature rather than completely refusing to boot the phone. If they do that then you won't have a problem dialing in the first place.

      Also, how likely is it that you sever your foot in between the time that you find out that your phone won't turn on and you get your phone fixed. I doubt that you're only just now attempting to turning your phone on after severing your foot, so it's not like your phone will fail suddenly and unexpectedly a

      • I know people (my old in-laws for example) that only turned on their cell phone when they needed to make a call. After that, they turned it back off to save the battery. It was damn annoying since it made the phone only useful for them.

        But they are an example of not knowing their phone wouldn't boot until they needed it.

        • It was damn annoying since it made the phone only useful for them.

          Unless you were paying for your in-law's phone, I bet they didn't care that it wasn't useful for you. Why should they? I know I don't pay that much money to make other people's lives more convenient. They can pay for their own phones.

          • Unless you were paying for your in-law's phone, I bet they didn't care that it wasn't useful for you. Why should they?

            Exactly. They bought the phone for themselves, not for other people, and certainly not for other people to tell them how they should use it.

          • As I posted below, it helped us weed them out of our lives.

            When my wife died, it made it easy for me to justify to myself that it was ok to leave that info as a voicemail for them which was helpful since so much was going on by then and it was hard to stay focused on anything

            • As I posted below, it helped us weed them out of our lives.

              No, it was a convenient excuse for "weed[ing] them out", but I doubt they bought the phone for that reason.

              You couldn't have called them on their landline phone, of course.

        • It was damn annoying since it made the phone only useful for them

          Yeah, it's so damn annoying when other people live their lives the way they want to and don't make themselves available to you on a whim, 24/7.

          Seriously, who should the phone be useful to if not them? You sound outraged that they're doing what they want, the way they want.

          • It was damn annoying since it made the phone only useful for them

            Yeah, it's so damn annoying when other people live their lives the way they want to and don't make themselves available to you on a whim, 24/7.

            Seriously, who should the phone be useful to if not them? You sound outraged that they're doing what they want, the way they want.

            It was more that they expected us to answer our cell phones when they needed us but left their phones off so they couldn't be reached if they were needed.

            Outrage is a bit strong especially and it helped me make the case that my wife's parents where just users of us and made it easier for me to have her eventually drop them from our lives.

            • It was more that they expected us to answer our cell phones when they needed us

              Because you are using your phone as a way for everyone to contact you. Pity they expected you to use the phone in the way you were trying to use it.

              but left their phones off so they couldn't be reached if they were needed.

              Previously you told us they left it off to conserve battery. Which is it? They were deliberately trying to duck your calls, or they wanted the phone to be usable when they needed it, without having to worry about charging it every day?

              If they're turning the mobile off, then it's a pretty good bet they have a landline that they expect people to call them on. Jus

              • OK. I'm not conveying myself correctly.

                This was one of many things they did. The phone was part of many things (the way they treated the kids, my wife, etc. When my son died due to birth defects, my father in law said that on the plus side, I no longer had a defective kid. When my wife had her stroke, they told my daughter it was her fault for getting bad grades.) The phone was mentioned solo because the rest wasn't relevant

                • Yes, "my in-laws turned their cellphone off to save battery" is a bit different than "they turned their cellphone off because they were axe murderers." It sounds like it shouldn't have been annoying at all to you that they were unreachable; it was a Good Thing.
      • Maybe I'm on my way to the store to get the phone fixed when I sever my foot!

      • Then hope that they decide to implement there limited-capacity safe-mode feature rather than completely refusing to boot the phone. If they do that then you won't have a problem dialing in the first place.

        I would think that thy would still allow 911 calling and possibly other numbers as well. They could even boot into a special phone only OS that is sandboxed from all the apps et on the normal OS so at minimum you have a working phone. Of course, you won't be able to do a minute by minute twitter feed of you bleeding out...

      • by Hylandr ( 813770 )

        A more likely scenario would be a car accident in a remote location or breaking down in the desert with no water, stuck on a mountain in freezing weather. Can't call for help if the phone won't boot.

        This could be costly in lives lost.

    • by EvilSS ( 557649 )
      If it's like most phones you'll bleed out waiting on it to boot up anyway.
    • ...are not voice calls or text messages: it's search, and it shows.

      Where is ublock for Chrome on Android? That says all you need to know about Google's intentions on mobile.

    • Considering you can dial 911 without even decrypting the flash or having a SIM card (just press the 'emergency' button), I'd say a relatively minor thing like "unverifiable image" won't have any effect.

    • Has anyone at Google thought about the deaths that this might cause? If I need to dial 911 because I just severed my foot, I don't care about my phone having malware. I need to dial.

      With as long as it takes most smart phones (including iOS) to boot, you'd bleed out before being able to call any way.

  • Then how do you fix it and remove the Malware/corruption?
    • Then how do you fix it and remove the Malware/corruption?

      Maybe:
      fastboot flash system system.img

      I'm wondering what effect this will have on people building their own ROM!

    • Unless the most basic boot functionality is compromised, you could probably still boot into the FastBoot mode and re-flash the device image from there. This may have to be done by an OEM if it's a locked device.
  • Fixed it for you (Score:3, Interesting)

    by 140Mandak262Jamuna ( 970587 ) on Wednesday July 20, 2016 @01:20PM (#52548509) Journal
    Android Nougat Won't Boot If Your Phone's Software Is Corrupt Or Has Malware unapproved by google
    • Android Nougat Won't Boot If Your Phone's Software Is Corrupt Or Has Malware unapproved by the device OEM

      FTFY.

      It's the device OEM's signature that's verified so it doesn't matter what Google thinks, unless it's a Nexus device. If it is a Nexus device you can unlock it and install whatever you like, of course. And you can even sign your own custom images. The bootloader will verify the signature and display the key fingerprint on the warning screen, so you can make sure that (a) the image is what was signed and (b) you are the one that signed it. If the verification of your self-signed image fails, the device

    • Which is what I was thinking. A warning with an offer to help is great. Disabling the phone because a user installed unauthorized software is bad. Apple approves all software which is wall garden which is where Google is heading, but in not so great a way
  • If your phone won't boot, how will you get rid of the malware without losing all your data???

    • by t8z5h3 ( 1241142 )
      there should not be a way, at boot level that is effectively a root kit at that point google can't truest you or your phone so it must be wiped from a outside known good source i guess.
    • The phone can still boot into a limited recovery mode, just not a normal boot.

    • it will refuse to boot or will boot in a limited capacity mode (presumably akin to safe mode)

      It's right there in the summary... underlined no less.

      I'm more concerned about the fact that I may not be able to replace the stock android with a custom firmware. Thanks to all the crapware that manufacturers insist on pre-installing on most handsets, and their refusal to provide updates, you're basically forced to use a custom firmware just to have a usable phone.

      Yes, I know you could always just stick with a Nexus branded device, but then you'd miss out on potentially interesting innovations provided by

      • it will refuse to boot or will boot in a limited capacity mode (presumably akin to safe mode)

        It's right there in the summary... underlined no less.

        I'm more concerned about the fact that I may not be able to replace the stock android with a custom firmware. Thanks to all the crapware that manufacturers insist on pre-installing on most handsets, and their refusal to provide updates, you're basically forced to use a custom firmware just to have a usable phone.

        Yes, I know you could always just stick with a Nexus branded device, but then you'd miss out on potentially interesting innovations provided by another manufacturer.

        Google should never have permitted the android ecosystem to become a dichotomy of "You can get updates, or you can get a cool device, but not both."

        Err, you already can't replace stock Android with a custom firmware if the manufacturer doesn't support it. For example, I have an Asus Memopad, and because Asus doesn't allow it to be unlocked I can't reflash the OS. One of the only downsides to it :/

        Though honestly, the bloat ware is actually sometimes useful for once, and that is a nice change of pace.

        • by ilsaloving ( 1534307 ) on Wednesday July 20, 2016 @03:39PM (#52549427)

          Fair point. My post assumes that have the ability to root the device in the first place.

          S'why I gave up on android and went to Apple. If my choices are all companies that are going to treat me like an abusive control-freak boyfriend who teabags my wallet just for fun, then I may as well pick the ones that uses a condom while screwing me.

        • by Miamicanes ( 730264 ) on Wednesday July 20, 2016 @04:50PM (#52549877)

          Well, actually, in quite a few cases, you CAN replace stock Android with custom firmware regardless of whether or not the manufacturer wants to allow it. As a practical matter, though, those devices usually end up with dysfunctional custom ROMs that can't run newer versions of Android (because Linux intentionally sucks at dealing with binary kernel modules... a policy that mostly worked as intended to keep Linux open on x86 and AMD64 architectures, but has been a complete consumer DISASTER within the Android realm).

          The sad irony is, Windows Mobile 6 (back in 2007) was almost as "open" (in the sense of being able to extend it in ways neither envisioned nor blessed by Microsoft or the phone's manufacturer) as Android is in 2016. Obviously, you couldn't build Windows Mobile 6 from scratch... but fuck, you can't even independently build a copy of the NEXUS GODDAMN 6P's ROM from source. You can build your own AOSP-derived approximation of it, of course... but you'll never be able to independently build your own ROM image that's ultimately identical to Huawei's (and use its source as the starting point for later modifications & improvements).

          Ten years ago, Windows Mobile users at XDA-developers.com ripped files from newer phones and used the .dll files to upgrade older phones to newer versions of Windows Mobile. Today, with Android phones, we're STILL stuck doing more or less the same thing. AOSP has been seriously eroded away by Google over the past few years compared to its golden age (the Galaxy S3... probably the most thoroughly reflashed and extended phone in Android history). Sure, you can build a ROM "for Android" -- but 95% of the things most people regard AS fundamental characteristics of Android (Google Play, Google Maps, and everything that depends upon them to run) are as closed and binary now as Windows Mobile EVER was.

          IMHO, the single biggest fuckup Microsoft made with Windows (Phone) was insisting upon locking it down. It didn't win them a single iPhone customer, and antagonized millions of disillusioned Android owners who are only still with Android because it's the least-evil option we have left. Had Windows (Phone) been at least as open (both as an operating system, and for running "unapproved" software) as Windows Mobile 6 was, I'd argue that several million people who currently have Android phones would have jumped ship and tried Windows (especially if Microsoft quietly made sure there was a fully-working distro comparable to Cyanogenmod that could be flashed to it if the user changed his mind, making the phone's purchase a nearly risk-free experiment). Instead, Microsoft managed to create a phone OS that combined the worst limitations of both competitors & nothing to mitigate them.

  • by Anonymous Coward

    They could be, you know, preventing the malware to get in in the first place, something they're reasonably well positioned for. That would welp ensure that you have a working device. Instead they're finding excuses to burn down your phone, leaving you bereft of service. This is not good service, google.

    So we're back to the sad reality that if you want to have both your phone and the smarts it's sporting these days, you need two phones. One for function, and one for fancy shmancy smarts.

    • by cdrudge ( 68377 )

      Or even better, how about they do both? Try to close up any holes, bugs, or other vectors that malware may attack from. But also have protection in place for when a vulnerability is discovered, because one will. And when it does, be alerted to it and take appropriate measures before you continue to use a compromised phone.

  • by LichtSpektren ( 4201985 ) on Wednesday July 20, 2016 @01:23PM (#52548529)
    TFS is rather concerning but it seems to be conjecture and interpretation of a dev's blog. Presumably (well, I hope at least) there will be some documentation about what the procedure is for turning off the boot-lock or what ever.
    • My understanding is that this only applies to locked bootloaders. Unlocked devices can still run whatever code you want.

  • DoS by design (Score:5, Informative)

    by Henriok ( 6762 ) on Wednesday July 20, 2016 @01:26PM (#52548551)
    This sounds like an excellent complementary feature for malware to trigger for a DoS attack.
    • This sounds like an excellent complementary feature for malware to trigger for a DoS attack.

      If malware can mount the system partition as writable (which is far from trivial) so that it can write changes to the image, it can do much worse than a DoS attack. In particular, it can permanently pwn your device, which would be far more interesting to a malware author than maliciously bricking it.

  • Wow, this is like AI. I'll bet this is powered by a Deep Neural Net using Deep Learning.
  • This is not the way to do it. Give us a "safe mode" if you please, so we still have a phone.

  • ... be as unreliable as Windows.
    Good job, Google.

  • 911 (Score:4, Insightful)

    by Dorianny ( 1847922 ) on Wednesday July 20, 2016 @01:30PM (#52548583) Journal
    As a primary communications device, instability in a cell-phone operating system is not a mere nuisance and frustration but can cost people dearly if not available for contacting Emergency Services when needed. A fail safe mode that instructs people to restore to a clean image or have the device checked out is what Apple's IOS has been doing all along and In my belief it is a big part of why Apple's IOS is perceived to be a more stable OS then Android
    • by t8z5h3 ( 1241142 )
      ios was always going to be more stable because it is tightly controlled to the point of not letting anything go with crash bugs.
    • by I4ko ( 695382 )
      Funny you should say that. Of all the 18 years of owning and using mobile phone devices, with no other then android have I ever experienced something in the lines of "Phone application crashed, device will reboot" and proceed to do so while the call is 2way connected and voice is exchanged. After the 4th such message I never bough an android based device again. It is broken by design, always has been.
    • Re:911 (Score:5, Interesting)

      by Miamicanes ( 730264 ) on Wednesday July 20, 2016 @05:16PM (#52550019)

      The really fucked up and sad thing is, when Samsung developed Knox, they bent over backwards to ensure that its security didn't depend upon the user having never rooted or reflashed the phone. It had an immutable stage-one bootloader that could ALWAYS be used to boot into a secure & known state from which the second stage of the bootloader could be reflashed, then used to restore the phone to its virgin & secure state.

      They ended up disabling it in favor of one-time bootloader fuses, because big corporate clients point-blank refused to adopt Knox unless it permanently exiled rooted and reflashed phones to eternal exile. I participated in calls with Samsung about it, and ended up having HUGE arguments with my own coworkers trying to convince them that Samsung was right. I tried to explain how ARM TrustZone worked, and how Samsung used it to make the stage-1 bootloader absolutely bulletproof. In the end, irrational fear prevailed over logic and design. A feature that could have been used for good ended up being used to cripple the phones of anyone who tried to chainload a better build of Android. RIP.

      Making matters worse, Samsung and other manufacturers went a step further with the next generation of phones, and started designing them to be dysfunctional (at least, as far as their wireless functionality was concerned) if the user attempted to treat the locked-down Android as a de-facto bootloader & use it to chainload their own Android ROM (basically, shutting down all the kernel services, killing off all the system threads besides one, then launching the new Android from that final thread). It was never about security, but about asserting control over end users and limiting what they could do. I'm convinced that Samsung tried to do the right thing, but when the largest mobile operator in America (Verizon) threatens to quit allowing its customers to use your phones, it's hard to fight back. Then AT&T joined the lockdown party, knowing that even though they're technically a GSM network, forcing Samsung to lock down its devices would ultimately cause Sprint & T-Mobile devices to end up locked down too, because at that point it would cost more for Samsung to maintain unlocked phones than T-Mobile would have been willing to single-handedly subsidize (Sprint was ambivalently neutral... it didn't care either way, but absolutely wouldn't have paid a premium to maintain a feature they were unenthusiastic about anyway).

      The Galaxy Note 4 is a perfect example of why the impact of carrier evil extends beyond the users of the evil carrier itself. The T-Mobile version had an unlocked bootloader. And ultimately, had maybe a half-dozen useful ROM distros for it that ever progressed beyond the "unstable experiment" stage. Why? The number of users capable of RUNNING those ROMs had diminished to a tiny subset of T-Mobile customers. Back when Sprint and AT&T phones were locked with the equivalent of a skeleton key hidden under the doormat (and Verizon's bootloader could be sidestepped via chainloading), there was a large, thriving developer community that took advantage of the fact that the Galaxy S3 was basically the same hardware on every network in America (even the CDMA ones). With the Note 4, that same community was eviscerated & almost completely dried up.

  • by Opportunist ( 166417 ) on Wednesday July 20, 2016 @01:31PM (#52548595)

    Like, say, custom firmware that the manufacturer of the phone doesn't want you to install so you can't get rid of the shovelware he got paid to dump onto it and that you cannot deinstall?

  • Nuke it from orbit, its the only way to be sure....

  • by jlv ( 5619 ) on Wednesday July 20, 2016 @01:34PM (#52548627)

    Ignoring the implied hype in TFA, they quote the original blog post:
    "This means that a device with a corrupt boot image or verified partition will not boot
    or
    will boot in a limited capacity with user consent."
    (line breaks added for clarity).

  • Eventually what will happen is your device will not boot if it detects "unapproved" code. That is coming.
    • Eventually what will happen is your device will not boot if it detects "unapproved" code. That is coming.

      Phones exist with and without unlocked bootloaders. You can expect that to continue for the immediate future, at least.

  • It's not true that a single byte error will cause verification to fail. Nougat also adds forward error correction (Reed-Solomon coding) to the image structure, so very, very few random errors can cause enough corruption to be unrecoverable and cause verification to fail. It's not impossible that this will happen, indeed given that there are billions of Android devices it probably *will* happen, once or twice. But it will be well below the threshold of other sorts of low-probability catastrophic hardware fai

    • Also described in the blog post [blogspot.com], the particular error correction method they use means that they can recover from up to 16-24MB of consecutive corrupted memory.
  • if there is malware in it, make it so the android device boots up in safe mode, it only connects to a google server and installs a malware/virus cleaner app and runs it to wipe out all the malware & etc. then reboots your device and reconnects to google to confirm it is clean
    • Would it connect to Google or Samsung/Moto/HTC, etc?

    • Because it assumes two things: that its malware identification never makes a mistake, and that the phone is allowed to talk to Google's servers. The former is obviously untrue, and the latter is not always true.

      This is an incredibly intrusive move on Google's part. They should provide a means to disable it.

      • This is an incredibly intrusive move on Google's part. They should provide a means to disable it.

        In what way is it intrusive? All it does is verify that your boot and system image are unmodified... and there's no reason they should ever be modified in a normal device. Now, if you want to get a device with an unlockable bootloader and install different software, that's perfectly fine, and Google supports you in doing it. In fact, in that case you can even sign your own boot and system images and the verified boot system will ensure that *those* aren't modified, that they're exactly what you signed.

        Now

        • Automatically preventing the device from booting is incredibly intrusive. I find that objectionable out of the gate -- a warning would be much preferable.

          However, if Google is really allowing us to use unlocked devices and modify it without getting in our way, then my objection is removed.

          • Automatically preventing the device from booting is incredibly intrusive. I find that objectionable out of the gate -- a warning would be much preferable.

            A warning is what we've had for several years now, and it's proven to be inadequate. People purchasing used devices just ignore it because they don't understand it. Supporting the tiny minority who use custom ROMs is good, but supporting the large majority who do not is essential.

            However, if Google is really allowing us to use unlocked devices and modify it without getting in our way, then my objection is removed.

            Google encourages OEMs to make bootloaders unlockable. Most don't, though, so be careful what you buy. Nexus devices have unlockable bootloaders.

            • A warning is what we've had for several years now, and it's proven to be inadequate.

              I understand this. What I was saying is that there should be a way to disable the new behavior (perhaps a setting in the Developer Options, where ordinary users would never see it) for those who don't need such a muscular approach. But I'm just talking theoreticals now. If the new method really doesn't get in the way, all this is moot.

              Google encourages OEMs to make bootloaders unlockable. Most don't, though, so be careful what you buy. Nexus devices have unlockable bootloaders.

              Yes, that's been an issue for a long time, and I'm guessing most of us who care already select devices based on that criteria. At least I do. I won't buy a device that I can't

              • A warning is what we've had for several years now, and it's proven to be inadequate.

                I understand this. What I was saying is that there should be a way to disable the new behavior (perhaps a setting in the Developer Options, where ordinary users would never see it) for those who don't need such a muscular approach.

                The problem with that approach is that someone selling/giving you a pre-compromised phone would just flip that switch before they give it to you. If you're not going to be bothered by a big warning during bootup, you're definitely not the sort who will dig through the settings and find that problem... or factory reset the device to reset all of the switches.

                If the new method really doesn't get in the way, all this is moot.

                I think that's the case.

  • ...until just about any OS won't boot unless it is only running approved software (i.e. the software company has paid a big fat fee) or the user has turned off any features (telemetry, spyware by the OS vendor, ad blockers, etc.) that the manufacturer wants to force you to use. It'll be like those DVDs you BUY but won't let you skip over the ads at the front of the movie.
    • It'll be like those DVDs you BUY but won't let you skip over the ads at the front of the movie.

      Lots of people rip the DVDs they own specifically to remove the unskippable stuff.

  • So, if your device is stuck in this state how do you recover your stuff off of it?

    • It's really a good idea to have automatic backups off the device for anything important, independent of this issue. After all, your phone could become broken to the point it doesn't even boot, or it could be stolen.
  • Locked bootloaders are nothing new.

    What the new feature in Android N is about is the ability to add cross-block redundancy to the system image so that a few defective flash blocks can be corrected. There was a posting on the official Android Developers blog that went into quite some details about how they reduced the storage overhead and prepared it for the typical failure scenario of Flash memory.

  • I'm probably being ignorant, but if they can do this, why can't they stop said malware from installing in the first place?

    • For the most part, they do. It's not very easy to get past Android's protections and install malware that impacts the system image.
  • on att an unlocked phone = locked out

    • This not true. I've been using an unlocked and rooted phone with AT&T for years. They even sell special "developer phones" that don't lock the bootloader in the first place. They want a premium for those, though, so I just break the lock instead.

  • ..as a proud owner of a TMobile Galaxy S3, I have exactly zero fear that Nougat (7.0) will brick my phone, as TMobile long ago stopped bothering to update such an ancient device.

    I believe I'm still on 4.3, never to see Kit Kat.

  • Hmmm...

    So Google released Marshmallow, which in my opinion was an overall step backwards for Android, now they're going to do this? It's almost like Google wants everyone to stop using Android.

    • Hmmm...

      It's almost like Google wants everyone to stop using Android.

      I don't think that's it. I think it is simply 'the pattern'...

      1.) A company releases software or a device. It adheres to standards very well, and although it's a bit rough around the edges, it's open enough that an enthusiast community develops that picks up the slack for those willing to tinker with it. Thus, it requires a bit of understanding to become useful, and it may lack some polish, but the community picks up steam.
      2.) The modding community recommends the item to others. The technologically illitera

      • Re:A pattern emerges (Score:4, Informative)

        by swillden ( 191260 ) <shawn-ds@willden.org> on Wednesday July 20, 2016 @06:13PM (#52550339) Journal

        8.) Openness is formally removed.

        Android is *not* removing openness. I'm a member of the Android security team, and worked around the edges of this feature. We (I'll use that pronoun for simplicity, but please note that I'm not claiming credit) put a great deal of additional effort into making sure that it supported modders who unlock their bootloaders and install custom software. We even made sure that they can use the verified boot feature to ensure that their self-signed images are not modified without their knowledge.

        The goal is not to prevent modding, the goal is to improve security by ensuring that malicious images can't be installed.

        • That's good to hear. Thanks!

          • To be sure I'm not painting an overly rosy picture... keep in mind that what I said applies only to devices with unlockable bootloaders. OEMs can choose not to allow unlocking, and most don't. That's their choice. At least Google's design explicitly tells them how to go about allowing unlocking without compromising security, and it pushes SoC makers (who actually write the bootloaders, by and large) to implement support for it so that if OEMs decide to allow unlocking they can do it by flipping a switch.
        • 8.) Openness is formally removed.

          Android is *not* removing openness.

          Yet. Give it time. Android isn't at that step yet, but I have seen absolutely no indications that Android will not end up at step 8 in due course. At the very least, Google isn't defending openness very well, either. Google has done little (if anything) to discourage locking bootloader. Google not only failed to discourage Samsung's Knox e-Fuse, they integrated that feature, along with several others, into recent releases of Android. These are not steps to preserve the modding community.

          I'm a member of the Android security team, and worked around the edges of this feature. We (I'll use that pronoun for simplicity, but please note that I'm not claiming credit) put a great deal of additional effort into making sure that it supported modders who unlock their bootloaders and install custom software. We even made sure that they can use the verified boot feature to ensure that their self-signed images are not modified without their knowledge.

          I appreciate the con

          • I understand the concern, but there's really no evidence for it. Your examples of what Samsung and Microsoft have done aren't evidence... and Google has little more control over Samsung than over Microsoft. Could Google decide that it no longer cares about openness? Sure. But we're actually working quite hard to push it the other direction, and I see no reason to expect that to change.

            What is the thing you're saying Google has done "in firmware" for Android for Work, but hasn't "flipped the switch"? Andro

            • I understand the concern, but there's really no evidence for it. Your examples of what Samsung and Microsoft have done aren't evidence... and Google has little more control over Samsung than over Microsoft. Could Google decide that it no longer cares about openness? Sure. But we're actually working quite hard to push it the other direction, and I see no reason to expect that to change.

              What is the thing you're saying Google has done "in firmware" for Android for Work, but hasn't "flipped the switch"? Android for Work does nothing in firmware, it's all in Android; the only thing remotely close to that is the use of TrustZone for authentication and crypto key management -- and I'm the engineer responsible for those TrustZone components, and I can't figure out what "switch" you're talking about.

              I've been meaning to reply for some time; feel free to e-mail me as I know this discussion will be archived soon.

              You're right that Google has relatively little control over Samsung. What they do have is control over the Android trademark, etc., and if Google can require that the Play Store be within one swipe's distance of the home screen when shipped, Google can make other requirements that reflect dedication to ensuring that devices are able to be flashed with AOSP software. Unless I misunderstand how the

              • I've been meaning to reply for some time; feel free to e-mail me as I know this discussion will be archived soon.

                You're right that Google has relatively little control over Samsung. What they do have is control over the Android trademark, etc., and if Google can require that the Play Store be within one swipe's distance of the home screen when shipped, Google can make other requirements that reflect dedication to ensuring that devices are able to be flashed with AOSP software.

                Those requirements are subject to negotiation. Google has some power to push, not based on the Android trademark so much as on the permission to install the Google Apps -- and especially the Play store. The Play store is the big carrot/stick, actually, because an Android phone without the Play store is much, much less useful... at present. It wouldn't be that difficult for Samsung to set up their own app store, and app developers would absolutely upload their apps to it because Samsung is such a huge part o

No spitting on the Bus! Thank you, The Mgt.

Working...