So my GF has doubt that her phone (Samsung A5) has been tapped by her ex BF who knew her phone pass and did take care of all devices they posses
Assuming that is the case, will the factory reset remove tracking software from her phone of will I have to flash her phone with fresh OS to be sure the software has been removed completely
gesaugen said:
So my GF has doubt that her phone (Samsung A5) has been tapped by her ex BF who knew her phone pass and did take care of all devices they posses
Assuming that is the case, will the factory reset remove tracking software from her phone of will I have to flash her phone with fresh OS to be sure the software has been removed completely
Click to expand...
Click to collapse
If the ex actually did something like that and embedded into the system partition on the device, a factory reset will not remove it.
You would need to flash the device with the firmware to remove it, you may even need to use the "re-partition" option in Odin when you flash the device.
It would also be wise to change the password on her Google account before flashing the device, to be thorough, change the password and maybe even the email/username while you're at it, then go to system settings and remove the account then sign back in with the new email/password, then flash the device, after flashing and booting, sign back in with the new account details.
I would also change passwords and account details for any other apps on the device, such as Facebook, Facebook Messenger, any other email addresses or other email apps and any other types of social media apps or other apps that require an email/username and password. Change any and everything on the device that the ex could have possibly had access to. If she also has other devices or PC's synced with her phone or email, I'd change the details on those other devices/PC's as well. If she has WiFi at home, change its password and maybe even see about changing the IP of her modem/router.
Then, after that, make sure she doesn't click on/open/download anything from anyone that she doesn't know, including multimedia texts/pics, it could be the ex trying to embed something again, opening it will just compromise the device again.
Sent from my LGL84VL using Tapatalk
While what Droidriven is saying is correct first things first. Has the phone been unlocked and/or rooted? If the phone is locked (*Not tampered) then all of that is overkill. Here's a simple test that you can do to see how at risk you are. Start the phone in Bootloader mode and see what it says at the top. It will either say Locked, Locked *Tampered, Unlocked or Unlocked *Tampered. Locked is exactly what it sounds like, the phone is factory locked. Unlocked again means exactly what it says, the phone is factory unlocked. The caveat is the Tampered. So you can unlock a phone and lock it back which will result in the tampered tag/statement. In which case anything could have been done or undone once the phone was unlocked even if it says locked. If the phone simply says Locked, there is no need to panic and simply factory resetting the phone will erase anything that the ex may have done or installed. If the tampered tag/statement appears that's when more detailed steps should be taken, as described by Droidriven. It is always advisable to change passwords after a breakup even if you don't suspect foul play as a precaution. If she fears foul play Google offers 2-Step verification, which I highly recommend anyway, which allows the account holder to use an Authentication app that randomly generates codes to access the account and also prevents anyone from accessing the account without the users phone in their direct possession. Google also offers security screening tools that allows users to see where they are signed in, when the last time that sign in point was accessed, and the ability to sign out of sessions that may still be active. Furthermore Google offers notifications that will text or email a user anytime a sign-in occurs allowing the user full disclosure and control over their account. Although not mentioned, Facebook also offers similar tools and notifications should the concern arise. First thing first however, find out how to log into your Bootloader and verify if the device has ever been tampered with and then work from there.
VidJunky said:
While what Droidriven is saying is correct first things first. Has the phone been unlocked and/or rooted? If the phone is locked (*Not tampered) then all of that is overkill. Here's a simple test that you can do to see how at risk you are. Start the phone in Bootloader mode and see what it says at the top. It will either say Locked, Locked *Tampered, Unlocked or Unlocked *Tampered. Locked is exactly what it sounds like, the phone is factory locked. Unlocked again means exactly what it says, the phone is factory unlocked. The caveat is the Tampered. So you can unlock a phone and lock it back which will result in the tampered tag/statement. In which case anything could have been done or undone once the phone was unlocked even if it says locked. If the phone simply says Locked, there is no need to panic and simply factory resetting the phone will erase anything that the ex may have done or installed. If the tampered tag/statement appears that's when more detailed steps should be taken, as described by Droidriven. It is always advisable to change passwords after a breakup even if you don't suspect foul play as a precaution. If she fears foul play Google offers 2-Step verification, which I highly recommend anyway, which allows the account holder to use an Authentication app that randomly generates codes to access the account and also prevents anyone from accessing the account without the users phone in their direct possession. Google also offers security screening tools that allows users to see where they are signed in, when the last time that sign in point was accessed, and the ability to sign out of sessions that may still be active. Furthermore Google offers notifications that will text or email a user anytime a sign-in occurs allowing the user full disclosure and control over their account. Although not mentioned, Facebook also offers similar tools and notifications should the concern arise. First thing first however, find out how to log into your Bootloader and verify if the device has ever been tampered with and then work from there.
Click to expand...
Click to collapse
As far as I know, Samsung does not have bootloader mode, it uses Download Mode, otherwise known as factory mode or Odin mode. It also does not quite display the information that you described as you described it. Some Samsung devices may or may not display bootloader status as "locked" or "unlocked", I've never seen anything about Samsung devices ever showing anything about *Tampered. I've seen devices show "custom binary" or "official binary" and show system status as "official" or "custom", some show info for secure boot, activation lock, kernel lock or Knox warranty void.
But, none of this necessarily has anything to do with whether something could have been embedded into system. You can push things to system even if the bootloader is locked and without "triggering" anything or being "flagged" by the system.
Plenty of Samsung devices have been rooted without unlocking the bootloader, without tripping Knox or Qfuse and will show binary status as "Custom"(the one thing that does show that the device is rooted/tampered but still doesn't necessarily indicate any malicious code that might have been placed by the ex, just rooting the device and nothing else would give the same result), all locks at default status as "locked"(non-tampered) and system status as "Official".
Given that the ex was the one that took care of and managed all devices that she owned, I would just take the thorough route just to cover the bases just because there are so many points of entry that the ex could have set up among all of the devices/equipment that she has.
Sent from my LGL84VL using Tapatalk
While I'll give you that there may be differing nomenclature for the things I mentioned, I've never heard of anyway to reach the Root of a device without going through the Bootloader and without leaving some evidence. While I cannot find an actual picture of the bootloader screen, in the link below there's a picture of the recovery menu where you can see the second option on the Samsung A5 Reboot into Bootloader. Ultimately it's up to the OP but becoming tech savvy enough to root a device is not for everyone. If the device shows no signs of being rooted, to learn how to root a device just in case seems less than worthwhile. OP you could also try one of the root detectors on the Play Store.
https://www.teamandroid.com/2017/01/28/enter-recovery-mode-samsung-galaxy-a5-2017/
VidJunky said:
While I'll give you that there may be differing nomenclature for the things I mentioned, I've never heard of anyway to reach the Root of a device without going through the Bootloader and without leaving some evidence. While I cannot find an actual picture of the bootloader screen, in the link below there's a picture of the recovery menu where you can see the second option on the Samsung A5 Reboot into Bootloader. Ultimately it's up to the OP but becoming tech savvy enough to root a device is not for everyone. If the device shows no signs of being rooted, to learn how to root a device just in case seems less than worthwhile. OP you could also try one of the root detectors on the Play Store.
https://www.teamandroid.com/2017/01/28/enter-recovery-mode-samsung-galaxy-a5-2017/
Click to expand...
Click to collapse
This tells me that you aren't familiar with Samsung devices because plenty of Samsung devices have been rooted without unlocking bootloader, I couldn't even begin to count them all. Unlocking bootloader is really only necessary if flashing a custom recovery or custom ROM. Not all Samsung devices are rooted by flashing a custom recovery to gain root. Most of the Samsung devices sold in the US have locked bootloader that cannot be unlocked by any means whatsoever, yet these devices can be rooted. Obviously, they have been rooted without unlocking the bootloader.
Yes, it may have the "reboot bootloader" option in recovery, if selected, that will boot you into download mode/Odin Mode. Typically, what you are describing with bootloader mode applies to devices that use fastboot, Samsung does not use fastboot, it isn't compatible with fastboot, adb works with Samsung but fastboot does not work with Samsung in any way, shape, form or fashion.
And it is possible to root a Samsung device, then install something in system and then remove root immediately after(which means that root checker will not see anything) and it won't show anything in Odin mode, won't trip Knox or Qfuse and still show Official in Odin mode. If it is rooted, then an app is pushed to system then root is immediately removed and this was all done without rebooting the device in the process, then the bootloader, Knox, Qfuse and all that never even detects that root was ever there because it was removed, which means it never gets loaded at boot for the bootloader and other security coding to see that root was there. Some can be rooted and then flash TWRP using Loki without unlocking the bootloader, which "shouldn't" be possible with a locked bootloader, yet, it is done.
I'm just saying, it isn't always as detectable as you imply.
Sent from my LGL84VL using Tapatalk
Related
I'm loving to try out the CM7 builds and other custom ROM, but at the same time I'm concerned with all the security risks of an unlocked bootloader and cwm recovery.
I wanted to know if there's a way to trigger a factory reset to remotely wipe the phone using the clockwork recovery. Anyone know of anything done like this?
I know there are apps out there that trigger a remote wipe by going into the stock recovery but, when that happens on CM7 for instance, the phone just goes on that Exclamation Mark screen since the stock recovery was overwritten.
Since CM7 can actually reboot to cwm recovery, would there be a way to issue a command to reboot to recovery AND perform a factory reset (or one that would bring back the stock recovery and then do the wipe).
Am I talking nonsense here? I just wanted to minimize risks with a phone theft for example, by wiping everything (I can wipe the SD card already, but am now concerned with the system itself).
Thanks!
You're just being too paranoid. Unlocking your bootloader won't affect anything.
Besides.. the chances are, if a person stoel your phone. I seriously doubt that they have any knowledge of recovery and all these other things that most users on XDA know.
If they do know, then the chances of them stealing your phone are low. I mean really, what individual with knowledge of flashing different ROMs and all these other things would have the audacity of stealing your phone? Only chance is if you lost your phone (not insulting anyone but I don't think people would have the courage to steal a phone from you if they are so knowledgeable in flashing)
And you can always go to http://market.android.com and download "Plan B" onto your phone.
https://market.android.com/details?id=com.lookout.labs.planb&feature=search_result
After you install it, Plan B will start locating your phone using cell towers and GPS, even if you didn't have GPS switched on. Your location will keep updating for 10 minutes, and you will get an email each time it is located, whether the phone is moving or standing still. You can start the process again by texting “locate” to your number from any other phone. In order to locate your phone, we send you a text via SMS, so standard message rates apply.
Click to expand...
Click to collapse
Yeah, it is somewhat paranoid but I think you can never be too safe with your information nowadays
Having an unlocked bootloader allows anyone to access your phone's data completely and while that's great for flashing ROMs, it's not a secure method.
I understand that most people don't really have the expertise going on at these forums, but I just wondered if someone had developed a security app of that sort, I would certainly buy it!
Plan B is an interesting app, but just allows you to try to locate your phone, not wipe it.
fabio008 said:
Yeah, it is somewhat paranoid but I think you can never be too safe with your information nowadays
Having an unlocked bootloader allows anyone to access your phone's data completely and while that's great for flashing ROMs, it's not a secure method.
I understand that most people don't really have the expertise going on at these forums, but I just wondered if someone had developed a security app of that sort, I would certainly buy it!
Plan B is an interesting app, but just allows you to try to locate your phone, not wipe it.
Click to expand...
Click to collapse
? I don't get the point that you're making of "unlocked bootloader" vs. "locked bootloader." It's the same thing, it just allows more freedom. Phones that aren't Nexus run on a locked bootloader and such. They're able to flash ROMs and do all that.
And Plan B is a last resort app, its not supposed to be used a security app. Thats what their primary app, Lookout is for.
Stop being paranoid, if somebody steals your phone. The chances of them knowing about recovery and doing all of that are VERY LOW.
If its something that bothers you just put a security lock on your phone and Lookout or any other related app. Report it to the police and they'll help you retrieve it.. unless thats something Brazil doesn't offer.
fabio008 said:
Yeah, it is somewhat paranoid but I think you can never be too safe with your information nowadays
Having an unlocked bootloader allows anyone to access your phone's data completely and while that's great for flashing ROMs, it's not a secure method.
I understand that most people don't really have the expertise going on at these forums, but I just wondered if someone had developed a security app of that sort, I would certainly buy it!
Plan B is an interesting app, but just allows you to try to locate your phone, not wipe it.
Click to expand...
Click to collapse
You can use Autowipe app and use a pin code to lock ur screen. Autowipe has options to wipe ur phone after 'n' number of unsuccessful attempts to unlock ur screen. You can also set options in the app, to wipe ur device when sim card is changed.
Sent from my Nexus S using XDA App
zephiK said:
? I don't get the point that you're making of "unlocked bootloader" vs. "locked bootloader." It's the same thing, it just allows more freedom. Phones that aren't Nexus run on a locked bootloader and such. They're able to flash ROMs and do all that.
And Plan B is a last resort app, its not supposed to be used a security app. Thats what their primary app, Lookout is for.
Stop being paranoid, if somebody steals your phone. The chances of them knowing about recovery and doing all of that are VERY LOW.
If its something that bothers you just put a security lock on your phone and Lookout or any other related app. Report it to the police and they'll help you retrieve it.. unless thats something Brazil doesn't offer.
Click to expand...
Click to collapse
I understand the chances of knowing about recovery are indeed very low, still, locked and unlocked bootloader have a significant difference when talking about access to your phone's data. With 2.3.3 now, there is no way to flash cwm if you have a locked bootloader (unless you completely erase your phone), while having it unlocked allows you to access everything from the modded recovery (considering you have the expertise).
It is a long stretch but I just thought it was worth discussing additional security possibilities when you're not completely "stock".
kirdroid said:
You can use Autowipe app and use a pin code to lock ur screen. Autowipe has options to wipe ur phone after 'n' number of unsuccessful attempts to unlock ur screen. You can also set options in the app, to wipe ur device when sim card is changed.
Click to expand...
Click to collapse
Yeah, I actually have a pin code and WaveSecure installed, so for the most part I think it works OK. But their wipe function is not that great, it leaves a lot of stuff behind.
Hello,
I wasn't 100% sure if this was the correct thread or if I should have posted under the ROM section for this phone. We own a start-up company, and have signed some contracts with some larger companies. In one particular contract, we need to take certain security precautions.
My wife has purchased me a Samsung Galaxy S7 SM-G930W8 (the Canadian model). I live in the USA. It's unlocked and multi-csc (whatever that means). The product code is XAC (I believe that means unlocked). We contacted Samsung to verify that a USA sim card would work in the phone, which it does, and that it wouldn't lock the phone to that sim card, which it doesn't. So we're good there.
We explained the issue about the software. The phone comes with some software pre-installed that we cannot have on the phone if we're going to be using it as a company phone, which we would like to do. Samsung said we could disable most of the apps, which we were aware of, however, the contracts specifically states certain types of programs cannot be installed on our company devices.
I asked them if I where to gain root access and remove those programs, would it void the warranty. They said no. The only way we would void the warranty is if we dropped the phone and damaged it, or got it wet.
What would be the best way to go about removing these programs and trying to get a more cleaner version of Android? I understand that a ROM would have to be specific to this phone, because of the various hardware in the phone. But we are not looking for any "extra" programs that tend to come with ROMs to attempt and make them better. I noticed some ROMs for this phone include a custom installer, where we can pick and choose what we wanted installed. But they also come with customized kernels with various security features disabled (such as a fake version of KNOX).
Could someone recommend the best route to go here? Stability is extremely important, however, so is security. We cannot have unapproved third party apps / mods on the phone, but we have some leigh way there. For example, I could probably get around installing a custom recovery partition because the code on that custom recovery partition is not running while we're accessing company resources. If we have to go the route of using a custom ROM, we'd prefer one that supports over the air updates, but does not force them.
Any ideas?
Thank you and sorry for such a novice question. I had done a good bit of research into this and thought I found the perfect one, just to discover that it appears to no longer be supported and the thread on XDA has been deleted.
**EDIT: I should add that my wife upgraded it to Android 7, but I was afraid that would limit our options, so I downloaded the stock XAC ROM for this phone and used Odin to flash it back on, so it's currently running 6.0.1. I'm not sure if that makes a difference or not.
Thanks!
Am I reading correctly that you must completely remove the apps from the phone, not just disable them? The thread below describes how to disable system apps without rooting or otherwise modifying your phone's firmware.
https://forum.xda-developers.com/galaxy-s7/how-to/root-required-oreo-disable-apps-t3814249
Flashing modified firmware will disable Knox, which is something you might not want to do in your case. Also, if you're contractually bound as far as security precautions go, you're probably going to want to update to the latest Oreo firmware and keep it up to date with any security updates as they are issued by Samsung.
Hai Karate said:
Am I reading correctly that you must completely remove the apps from the phone, not just disable them? The thread below describes how to disable system apps without rooting or otherwise modifying your phone's firmware.
Click to expand...
Click to collapse
I apologize in advance if I get your gender incorrect, a quick google search shows your name is unisex. I am going to assume you are a male, until otherwise told so. Yes sir, you are reading correctly that I must completely remove the apps from my company devices, including this phone. I appreciate that my wife bought it for me, but she doesn't fully understand the business like I do and I don't think she really thought it through. I imagine it costed a good bit of money, so I'd hate to have her send it back because I cannot remove the apps.
I appreciate the links to the threads, however, I already know how to disable the apps, but that is not enough. They physically cannot be installed based on what they're capable of doing (ie, a potential for viewing documents / schematics / pcb layouts labeled as confidential or highly confidential, or even worse, being poorly written in such a way where the program is exploitable and someone gains unauthorized access to our network, the certificates we have installed on the phone, etc.)
Hai Karate said:
Flashing modified firmware will disable Knox, which is something you might not want to do in your case. Also, if you're contractually bound as far as security precautions go, you're probably going to want to update to the latest Oreo firmware and keep it up to date with any security updates as they are issued by Samsung.
Click to expand...
Click to collapse
[/QUOTE]
Updating to Oreo is something that we will be wanting to do, but something I have been holding off on, in case I have to flash a modified firmware, or ROM as it's sometimes referred to. As for Knox being disabled, I actually believe that is something we are going to need to happen, have it disabled. We use special software that provides similar functionality that Knox provides, but is a lot more advanced. We actually use a few products for that.
I do have to admit that my knowledge regarding cell phone firmwares is a bit limited, although I do write firmware for other custom created devices. My worries with custom firmware are:
1) Certain security features (excluding Knox) might be disabled or removed (ie, the ability to encrypt the internal flash, encrypt the MicroSD card, having SELinux turned off, having secure boot disabled)
2) The firmware containing programs that most people would find useful but stuff I cannot have. If I have the ability to uninstall it, that's okay, I can do that. But if it's stuck, like it is now, where I can only disable it, that is not okay.
3) Something being installed without my knowledge.
Our security setup checks company phones to see if they're rooted, and if they are, it marks the device as non-compliant. I can have a device as non-compliant for a few hours....but if it's marked as non-compliant for a few days, one of the larger companies we're dealing with call to ask why, and then we have to do a secure session, where they login to one of our devices, but cannot physically click anything, just look, and have us go into various software to see why it's non-compliant, and, well, it's not fun.
We had it happen once because my wife accidentally sent an email from a personal device to a in-house email address, which never got encrypted, and it triggered a security audit, which was not fun at all and I'd rather not go through that again.
Are there no bloat-ware free signed official images or is there no way for a developer to import a signing key into the device to keep secureboot enabled? Also, out of curiosity, why would running a custom firmware disable Knox? In our case, that's something we need, however, I was just curious. And if we go the route of custom firmware, is there a way to show that it's gone, or will all the custom firmware's install a fake version of Knox?
Thank you for taking the time to answer my questions. I really do appreciate it. I know how precious time can be, how busy a person can get, and I realize I have a lot of questions here, but I really need to make sure we're secure.
One of the programs we'll have on there is something called Symantec Endpoint Mobile. I am not sure if you have heard of it or not, but that provides virus protection, etc.
So CSC contains the regulatory information for my country and the providers....my phone is a Canadian phone. I thought Canada did not have Straight talk, yet, my wife's straight talk sim worked. I noticed in the recovery menu, it shows multi-csc. Does that mean my phone has the country specific stuff for more than one country? I'm wondering if I should try changing it to a US phone.
AP contains the kernel, the recovery partition, the system partition, and the bloatware, right?
BL is simply the bootloader.
If I could gain root on this phone without flashing a custom ROM or maybe somehow by just flashing something like TWRP without voiding the warranty, I could just modify the meta-data for the apps that I need to uninstall to allow them to be uninstallable, correct?
Since I went from a partial install of 7 back down to 6.0.1, my camera does not work. I'm wondering if it's because the ROM I used wasn't the correct ROM. It was the G930W8VLU2API1 ROM, minus the CSC, which was G930W8OYA2API1.
I've tried a factory reset, I've reflashed the ROM, using the non-HOME CSC, I've wiped the cache partition....still no camera. It simply says Warning Camera failed. I tried a few of the tricks I've read about on the net to fix it, but so far, no luck. Cleared the data and cache for just about every program, including the camera. I believe the problem might be because I have internet turned off right now, no sim card in, and even though I have automatic updates turned off, the phone still started to download an update.
Did Android 6.0.1 show Secure Boot status in Download mode? My wife, with the same phone, but the American AT&T unlocked carrier version (we paid full price), her's has a Secure Boot: Enabled. She's also running 8.0.0. With my 6.0.1, all there is is a Secure Download, which she also has, but no Secure Boot listed at all.
If secure boot is disabled, I should be able to flash any custom BL without tripping Knox, even if it's not signed.....right? I know with my datacenter, the bootloader changes even a bit, the servers and workstations are not booting, unless I sign the bootloader with my MAK.
**EDIT: Also, what exactly are these z3x things I see on the gsmhosting site? It's hard understanding exactly what they do based off their description because I don't think the developers native language is the same as mine. I go to z3x-team.com, and it almost looks like the device can do almost anything with the Samsung....upgrades, downgrades, unlock codes (wtf?), etc. Is it just a scam or are they worth the investment?
**EDIT2: I made a mistake. I guess there's some special Samsung Knox policy that gets applied to Samsung only devices, that configures it in some sort of way to make it compliant, so Knox has to stay.....
There are many sites selling Mix 3's some Chinese, some Global, some with locked bootloaders, and some with unlocked bootloaders, this thread is to help people "protect" the devices they have bought (or will buy).
It's through my understanding that the most "secure" way of protecting your phone & data from thief's is to have your bootloader locked, with no custom recovery, encryption on & usb debugging disabled right?
This is because with a unlocked bootloader, the thief has the ability to boot into TWRP (for example) & simply wipe your pin/password/lock off the phone completely, then just boot it up, factory reset it & sell it.
I know there is methods such as putting the phone in cold temperatures so you can retrieve the encryption keys from the RAM, but assuming the thief is just basic & what's to make some quick money off your phone...So...
What's the best way & most recommended thing to do with Xiaomi devices specifically, locked/unlocked, encrypted/not-encrypted, does it matter?, If not, why not?
Any help is appreciated! The more in-depth the better.
Even with a locked bootloader a thief can hold VolUp while booting, wipe phone and sell it. Wiping is possible in any case and thats not even the issue a stolen Phone is gone.
The issue are your data which can be stolen too when you have a unlocked bootloader. Simply boot to twrp connect usb and copy everything. But you can prevent that with encryption and enable "requires pattern to start". That way if your phone gets stolen the thief can still Install/use Twrp but he needs to enter a pattern to decrypt the storage. If he doesnt, twrp wont be able to read the partition and your data is safe. He can still wipe the Phone and sell it but you cant prevent that. I don't know if the pattern generates the encryption keys or retrieves them from somewhere but i'd assume it generates them, probably together with some device specific values, else that would be a flaw in my book. If someone could enlighten me here that'd be nice.
If your bootloader is locked he also can't access your data. Since stock recovers doesn't allow/support Usb-filetransfer. So a lockpattern is all you need there. Encryption shouldnt really matter against the normal thief.
I am going this way: Unlocked bootloader to get rid of Miui, Twrp to have a proper recovery menu, and encryption+pattern to save my data. Disable USB-Developer Options to prevent adb shenanigans.
But on the hand if you wan't to get really panariod a locked bootloader would be better since you still can read the system image from the phone from twrp, this means, and this is a easy way to do it, you could read it copy it to the pc and simply brutefroce the lockpattern. If you have the partitions you can simply try 3 patterns either it works or the phone locks itself up because you did 3 wrong. If it locks up you simply write the partitions back and try again. If you can do 3 in 30 seconds you are done in 45 days since there are only 390.000 different patterns on a 3x3 grid (which is what most people use since some Roms don't even allow for 4x4 or 5x5) but if you emulate it and can do 3 in 15 seconds you are down to 23 days. If you run it in 20 emulators you are done in 1 day. (That would be an awesome weekend project.) In emulation you could really optimize this since you can cut everything out what isn't needed for the attempt to encrypt the partition. you dont even need the screen to load, simply send the decryption module whatever the last module in the Numbers-from-touches-chain would have sent, everything that is loaded before the attempt to decrypt must be unencrypted therefore can be messed with, probably it's even universal across phones since that's a stock android thing. If it tries to write used attempts, save whatever what gets overwritten beforehand, let it write its thing, kill the process, revert changes and try again with the next set. Maybe you get it down to 3s or 4s for 3 attempts and boom you are at 6 hours to encrypt any android phone, no matter which version, with an unlocked bootloader which uses a 3x3 pattern. But your data would be really valueable to someone if they did this. You can't do that with a locked bootloader since you can't read the partitions or you could just use the 5x5 pattern, which you cant do on MIUI (i just tried and havent found where you could change it). But probably i have a giant oversight in there so this probably woudn't work
________________________________________________
On the other hand if you want to recover your phone you should make it as easy as possible to get the thief into your phone since you dont want them to run it off and wipe it. I DONT RECOMMEND THIS. But you could make a 2nd user who has no lock pattern on it. Concider your Data public at this point but while they are busy looking at your selfies you could use a app like prey to track the phone. But since Data are more important than a phone i'd never do or recommend that.
Or you could just buy a tin foil hat.
~phoeny~ said:
Even with a locked bootloader a thief can hold VolUp while booting, wipe phone and sell it. Wiping is possible in any case and thats not even the issue a stolen Phone is gone.
The issue are your data which can be stolen too when you have a unlocked bootloader. Simply boot to twrp connect usb and copy everything. But you can prevent that with encryption and enable "requires pattern to start". That way if your phone gets stolen the thief can still Install/use Twrp but he needs to enter a pattern to decrypt the storage. If he doesnt, twrp wont be able to read the partition and your data is safe. He can still wipe the Phone and sell it but you cant prevent that. I don't know if the pattern generates the encryption keys or retrieves them from somewhere but i'd assume it generates them, probably together with some device specific values, else that would be a flaw in my book. If someone could enlighten me here that'd be nice.
If your bootloader is locked he also can't access your data. Since stock recovers doesn't allow/support Usb-filetransfer. So a lockpattern is all you need there. Encryption shouldnt really matter against the normal thief.
I am going this way: Unlocked bootloader to get rid of Miui, Twrp to have a proper recovery menu, and encryption+pattern to save my data. Disable USB-Developer Options to prevent adb shenanigans.
But on the hand if you wan't to get really panariod a locked bootloader would be better since you still can read the system image from the phone from twrp, this means, and this is a easy way to do it, you could read it copy it to the pc and simply brutefroce the lockpattern. If you have the partitions you can simply try 3 patterns either it works or the phone locks itself up because you did 3 wrong. If it locks up you simply write the partitions back and try again. If you can do 3 in 30 seconds you are done in 45 days since there are only 390.000 different patterns on a 3x3 grid (which is what most people use since some Roms don't even allow for 4x4 or 5x5) but if you emulate it and can do 3 in 15 seconds you are down to 23 days. If you run it in 20 emulators you are done in 1 day. (That would be an awesome weekend project.) In emulation you could really optimize this since you can cut everything out what isn't needed for the attempt to encrypt the partition. you dont even need the screen to load, simply send the decryption module whatever the last module in the Numbers-from-touches-chain would have sent, everything that is loaded before the attempt to decrypt must be unencrypted therefore can be messed with, probably it's even universal across phones since that's a stock android thing. If it tries to write used attempts, save whatever what gets overwritten beforehand, let it write its thing, kill the process, revert changes and try again with the next set. Maybe you get it down to 3s or 4s for 3 attempts and boom you are at 6 hours to encrypt any android phone, no matter which version, with an unlocked bootloader which uses a 3x3 pattern. But your data would be really valueable to someone if they did this. You can't do that with a locked bootloader since you can't read the partitions or you could just use the 5x5 pattern, which you cant do on MIUI (i just tried and havent found where you could change it). But probably i have a giant oversight in there so this probably woudn't work
________________________________________________
On the other hand if you want to recover your phone you should make it as easy as possible to get the thief into your phone since you dont want them to run it off and wipe it. I DONT RECOMMEND THIS. But you could make a 2nd user who has no lock pattern on it. Concider your Data public at this point but while they are busy looking at your selfies you could use a app like prey to track the phone. But since Data are more important than a phone i'd never do or recommend that.
Click to expand...
Click to collapse
Really appreciate the time you took to type out this post, thankyou.
Why does Android reset the device to factory settings upon RE-LOCKING the bootloader on Pixel devices? is it just another hassel tactic from Google to make users not have the bootlader unlocked in the first place?
Please don't respond unless you have an answer with a real technical/security justification.
Thanks for your expertise.
fromusofa said:
Why does Android reset the device to factory settings upon RE-LOCKING the bootloader on Pixel devices? is it just another hassel tactic from Google to make users not have the bootlader unlocked in the first place?
Please don't respond unless you have an answer with a real technical/security justification.
Thanks for your expertise.
Click to expand...
Click to collapse
This link has some explanation of bootloader locking and unlocking, and the security side of things (scroll down to near the bottom).
https://source.android.com/security/overview/implement
It doesn't really do much to explain in detail why the relock requires a factory reset, but essentially it's to ensure that there is nothing in the phone that could have been compromised. When the bootloader is locked, certain app developers want to be sure that the device is secure. Any leftover remnants from a rooted device are a potential security issue.
NZedPred said:
This link has some explanation of bootloader locking and unlocking, and the security side of things (scroll down to near the bottom).
https://source.android.com/security/overview/implement
It doesn't really do much to explain in detail why the relock requires a factory reset, but essentially it's to ensure that there is nothing in the phone that could have been compromised. When the bootloader is locked, certain app developers want to be sure that the device is secure. Any leftover remnants from a rooted device are a potential security issue.
Click to expand...
Click to collapse
The link does not say that the device will be reset and the user data will be wiped upon relocking the bootloader. it just says that it will provide the same protection after locking the device upon installing any custom rom and then unlocking it again.
Who gets to say what is "compromised"? The OS provider Google or the device manufacturer or the users who have paid for the software and the hardware of the device and owns it?
if those certain armatures app developers can't write their own stuff secured enough and actually depend on OS to provide them protection at the expense of crappy user experience with limited innovation and hijacked creativity, then that's their problem. An owner of the device should be able to install any OS even that they may have build in their basement or any jack **** they want...or live with the crap that they got from OEM . Just like Windows on any computer can let you do what ever you want to do as an administrator...whichever sites and application you want to access and run. Why is Android (linux) so overtly protective about giving root access to its users?
Anyway, relocking the bootloader will wipe the device again even if you have not installed anything customized even immediately right after unlocking that has already wiped the device...I just don't understand or like the logic behind resetting the whole device upon relocking the bootloader...is Google afraid of people coming after them for security issues on their customized/rooted device? hmmm... if that was the case with Windows, Microsoft would've been bankrupted long ago.
sorry about the above rant, I just woke up after 18 years in coma and I find the mobile device industry still in its infancy... or maybe I just have lost my mind.
On many sites, I have manually used Google Autofill and the text saying "Submit" is converted into "$MyPassword", and I think this is a security issue. I have disabled the bootloader on my phone and plan to root it fully, and I think this may be a part of the problem. I may need to look into taking extra measures in securing my phone now that I have disabled the bootloader.
All in all, is this a major concern? Are there things I need to do now that I've unlocked the bootloader?
A phone's bootloader ( if it's not got corrupted ) simply boots the phone in one of these modes: Normal, Recovery, Fastboot, Sideload, EDL.
Have never heard you can disable a phone's bootloader.