I read that the reason Android wipes your data and apps when you unlock the bootloader is to protect this info from unauthorized access. That seems a little odd, since unlocking the bootloader requires unauthorized access to do - i.e., if you can run adb to do the unlock, you can use adb to get at the data that unlocking wipes to 'protect' you from the unlocker. Doesn't make any sense.
That said, are there other more real security considerations to unlocking your bootloader, or to flashing a custom recovery module? As long as I consider my lockscreen password to be 'secure enough', are there best practices to make sure that somebody without this password can not access my unlocked phone through the usb or recovery options?
Also, if I root my phone (or tablet, in this case), does that grant root access to all users in the new Android 4.2 multi-user world. Or is only user '0' granted root? Again, what are the security implications?
Related
hi first of all i'm not a dev and i don't know much about deep functions, so i write this question as a regular user and to find answers that can be advanced in nature but should be easy to understand.
there are flashable zips available to break the lock screen security and to gain access to android device and access all apps with accounts logged in and everything else!
first of all i want to secure my device from any weak points like this, i don't want anyone to bypass my lock screen, but as i talked to a person about it, it looks like i can't survive this "Lock Screen Security Bypass" hack which removes some keys to break the lockscreen security.
then there was a suggestion to not root / unlock bootloader, not to flash custom recovery and not to turn on usb debugging. well even if i do that, there is still a possibility to unlock bootloader from odin mode and or may be flash something from there to break lock screen security, and gain root access and then flash this security bypass zip.
so what i can think is the only way to survive is to encrypt whole device? am i right?
and if i have to encrypt my whole device including ext-sdcard then will all the tweaks work? like xposed framework and it's apps etc? will my phone eat more battery? if i encrypt my device will i survive this lock screen bypass hack ?
please give your opinions by looking at all the possibilites. thanks in advance.
or may be if there is a way to put a password on custom recovery as well as all other modes from where someone can flash things into my phone?
i never heard of anything like that, but why no one is thinking about it?
no one?
Sent from my GT-N7100
I just unlocked the bootloader to install twrp and maybe magisk i wanted to also try the Android P dev preview. but i know having a unlocked bootloader is a security risk also your get that warnign message at boot which makes booting up longer,is there a way to lock and unlock without losing data if im root.
Unlocking and locking wipes all data by design.
Telperion said:
Unlocking and locking wipes all data by design.
Click to expand...
Click to collapse
Is there a way to make the device secure with it having a unlocked bootloader?
With an unlocked bootloader, anyone can install a factory image, which wipes all your locks and your google account (and, therefore, defeats FRP), which is what makes it insecure. The only way to avoid that is to have a locked bootloader (and USB debugging off). (And I've seen reports here that unlocking the bootloader, installing TWRP and Magisk, then locking the bootloader, results in a hard brick (meaning buying another phone, because Google won't replace it)
Run with the unlocked booloader, don't ever leave the phone off your person and have "insurance" that replaces stolen (and possibly lost) phones.
Upto this point, what I understand is that the OEMs hold keys that they use to sign the binaries as trusted such that only what they sign will be accepted and rest others will be rejected. Well, some devices I see can simply unlock using fastboot flashing unlock command when OEM Unlocking option is turned on in developers mode, however, some devices such as the ones from Xiaomi require their own special software to unlock the bootloader which they say is to prevent attackers from stealing the phone data. Well, one can easily flash firmware from Xiaomi without unlocking the bootloader. How do they do that? Does their proprietay software use some kind of keys that sign the firmware files? If so, do you know if it would be possible to replace the keys they use to sign.
Android's user data at any time can get stolen by hackers: here it doesn't matter whether device's bootloader is locked or unlocked.
Most of the Android devices comes to the market with a locked bootloader. Locking the bootloader is actually a kind of encryption of the Android system files. OEMs / carriers do so to keep the OS unaltered by the users. And this for good reasons, IMO. One have to respect
that their devices will be restricted to running software ROMs provided only by them.
To re-flash a phone's Stock ROM phone's bootloader must not be unlocked, because the OS is the original one , means not altered in any way by user.
Hello,
i have to root my S8 pro now because the whole internal memory is nearly used by apps and system.
Is there a opportunity to root my device without unlocking bootloader?
I found magisk to modify the boot-partition and for example getting root on the device.
But you have to unlock the bootloader to flash the new boot-partition. I also read that unlocking bootloader always means that the whole device is resetted to factory-defaults which means losing all installed apps.
I have about 50 !! banking apps for generating TANs. For these apps, it's not enough to reinstall the app. You also need to reconnect the app (especially the device) to the banking account.
I think the only way to backup the the configured and connected app is to have root on the device, right?
My plan was to root the device without unlocking bootloader, then make a full-backup, unlock bootloader which resetting the deivce, and restore the full-backup.
After this, I un-root my device because the banking-apps check if a device is rooted. My plan is t re-roote the device using magisk only when needed and when no banking app is used, and then un-root it again.
Any idea how to solve my problem?
Regards
UP
Root requires unlocked bootloader.Nice plan but it won't work.
aBetterAndroid. said:
Root requires unlocked bootloader.Nice plan but it won't work.
Click to expand...
Click to collapse
Really?
unlocked bootloader ist neccessary all the time while device is rooted, not only when flashing?
Hi,
While going around this forum, i saw a lot that people where claiming that an unlocked phone had it's data fully secure if it was encrypted. Is it actually the case ?
From what i understand, a phone isn't encrypted with your pin code / password. It first generates keys, encrypts the phone with them, and then cyphers these keys using your code. The keys are then stored in a special partition of the phone's memory.
(And thus, if the phone needs be wiped, either remotely or because of too many failed attempts, it just deletes this partition)
Normally, it would be impossible to brute force a lock screen, since the phone will prevent more than ~ 15 attempts. However, with an unlocked device, couldn't an attacker with sufficient knowledge of the hardware be able to use the ability to flash custom boot images / roms to access these keys, and brute force them, bypassing the lock screen ? A sufficiently powerful computer could be able to brute force a 4, 6 or even 10 digits AES key in hours, if not minutes.
So :
1) Is this correct, and how the android encryption works ?
2) if it is, is there any device specific protections to prevent that ?
3) is there any ways to counterbalance that threat with an unlocked device, other than setting a 10 characters password ?
Thank you.
Short answer:
If phone's bootloader is unlocked, someone could take your phone, flash a malicious ROM that contains keystroke loggers or something, and then return the phone to you and wait for you to type your PIN or decryption password. It'd be better to keep the bootloader locked whenever you don't actually need to flash things via Fastboot.
xXx yYy said:
It'd be better to keep the bootloader locked whenever you don't actually need to flash things via Fastboot.
Click to expand...
Click to collapse
I guess this wanders into device specificness, but, at least for my device, pixel 6a, i read that you should never re-lock a bootloader without a completely stock firmware / boot image. So, how can you protect your bootloader while keeping your phone rooted ?
What has a device's bootloader to do with device's Android OS ? Nothing!
xXx yYy said:
What has a device's bootloader to do with device's Android OS ? Nothing!
Click to expand...
Click to collapse
The lockability of the bootloader depends on the signing of the OS!?
you are right. do not lock bootloader on pixel devices. imagine device is fully stock and locked, now some OTA brick device and recovery mode not able to unbrick by sideloading full OTA image - this is nightmare. google's solution is to RMA device, they do not provide any flash tool other than fastboot or WebUSB flash tool (via adb lol)
on the other hand, encryption is secured against bruteforce by gatekeeper (in TEE). as long as your device is powered off your data remains encrypted, unless you decrypt with credentials (we won't talk about the .dismiss() bug on decrypted devices)