Hello everyone who will read me, I am a fairly new user to Samsung, and I would like to install something other than the stock but I heard that if I put unofficial software, some things will stop working, although in general if there is some way to optimize stock without unlocking the bootloader I will be grateful tell me, But my question in general is what is lost when the knox counter goes up
Hi! You can debloat stock ROM and leave it clean without unlocking the bootloader, but you will need a computer with ADB fastboot and USB debug enabled in developed options.
Related
Hello everyone, I have questions. I will be happy if someone could help me understand Android better.
Edit: find most answers here https://android.stackexchange.com/questions/21460/what-does-fastboot-oem-lock-do, the following remains:
Is locked OEM equal to locked bootloader?
If not, which is more serious e.g. undesirable when using rooted custom ROMs?
Is it possible that booting fresh custom ROM will lock bootloader (or OEM..) back without asking? just like this happened to me with stock firmware
Is it dangerous if bootloader gets locked and I use TWRP?
Hello. What's the easiest way to backup everything (and I mean everything, including detailed app data) before unlocking my bootloader? I want to flash a custom kernel with minimum modifications to anything else, and obviously I want to take a backup of everything before I lose them with the unlock process, but I haven't been able to find a way to do so on a stock ROM that's not even rooted.
Or is there a way to root my phone before I unlock it?
I've never had a OnePlus device before, so here I am, asking dumb questions. :silly:
Also, one more question (in three parts, sorry!): since some of the newer apps, especially banking apps, have started using stricter safety procedures, they can detect an unlocked (or even merely rooted) device, and so they don't work. 1) Is there any way I can use a custom kernel on a locked (or relocked) bootloader? 2) Is it possible to use a custom kernel on an unlocked phone that's not rooted? 3) If neither of the two is possible, how can I prevent said apps from detecting my unlocked bootloader and rooted phone?
Thank you very much in advance for taking the time to answer all of my questions.
I've been planning to unlock my bootloader to install TWRP and GSI's on this device but I've seen the warning message you get every time you restart the device. I have plans to sell this device in the future, so I would like to know if there is a way to relock the bootloader or remove the warning message on startup. Thanks.
Yes you can relock the bootloader, the process is done the exact same way that you use to unlock it. The warning message will be removed and you will only be able to flash stock binaries.
But for Samsung phones specifically there is something to note, there is something called an "E-Fuse" that will be "tripped" when the bootloader is unlocked for the first time. There is no way to revert the phone back to a pure factory state after this happens. The feature is called Samsung Knox and it prevents a few (Samsung based) features from working.
You can read a bit here - https://en.wikipedia.org/wiki/Samsung_Knox
I know about tripping Knox. I don't really care about not being able to use Secure Folder or S Health so it's not an issue for me. My main concern is to remove the obnoxious warning when booting the device as it can be intimidating to a non savvy potential buyer. Anyways thanks for the reply.
Hello guys, This is my first thread on XDA forum.
I just bought Xiaomi device (Poco X3 Pro Global) a few days ago.
So this is my first time to try custom rom, I searched what I'm trying to do, I'd like to make sure whether what I understand is correct or not since I'm totally new on custom rom.
the sources I mainly referred to:
source1
source2
Basic assumption:
1. Only flash custom rom without rooting
2. All unlocking bootloader and flashing custom rom process done perfectly, and all resouces (recovery, rom, ADB tool etc...) used during process are 100% clean and genuine.
3. No cold boot attack (source2) happens on me.
Q1. source1 is really helpful, but it's from 2012, is this still valid today?
Q2. source1 is posted on Galaxy Nexus forum, but is this applied to all android based devices, right?
Q3. This threat model assumes attacker has physical access to device, then I guess unlocking bootloader itself is 100% totally irrelevant to software level security risks like malware or OS vulnerability, is this right? (assuming no rooting and 100% genuine rom and resources)
Q4. From source1 you can choose between [device encryption] and [relocking bootloader] to protect security, which methods do you recommend using?
I feel I'm much more inclined to try device encryption method since I don't know if it's possible to relock bootloader safely after migrating from Global stock rom to xiaomi.eu rom. (Can anyone confirm this?) I fear it become bricked during relocking process.
Q5. So if I set device encryption with strong password and turn off USB debugging mode, I need not too worrysome?
Are there any other points in terms of security to bear in mind if you use device with unlocked bootloader?
Thank you for reading my thread
[INFO] Understanding the risks of having an unlocked bootloader
While unlocking the bootloader on a Galaxy Nexus unleashes the full potential of the bootloader, it also poses a security risk. Even with your lockscreen protected with a pattern/PIN/password, not having flashed a custom recovery, having an...
forum.xda-developers.com
jwoegerbauer said:
[INFO] Understanding the risks of having an unlocked bootloader
While unlocking the bootloader on a Galaxy Nexus unleashes the full potential of the bootloader, it also poses a security risk. Even with your lockscreen protected with a pattern/PIN/password, not having flashed a custom recovery, having an...
forum.xda-developers.com
Click to expand...
Click to collapse
that's what I linked in thread (source1)
Only a side-remark:
An Android Smartphone bootloader is processor-specific and every OEM has its own version of bootloader specific for the hardware present in its environment.
It's the primary task of every bootloader to verify the Android OS to be loaded is genuine means signed by OEM to ensure the Android OS ( it's by nature a Custom ROM ) works flawlessly as it can be expected by user. People who use a phone as a tool and not as a toy probably never come up with the idea to unlock the bootloader because they know about the strengths and weaknesses of the phone when they bought it, they can expect that OEM did their best with regards to a phone's performance - OEMs are certainly not dumber than generally claimed by the modder / hacker scene.
My POV: Unlocking a phone's bootloader is an unnecessary action at all. If people do so they indirectly admit that they have purchased a phone that does not meet their expectations - they have made a wrong purchase.
Thanks for comment.
I understand your POV.
I realized later Global rom can't do call recording, that's the main reason why I try to flash xiaomi.eu rom and other optimazations are second reason.
And this phone will be my main phone so I wanted to make sure about security risk before I will change rom.
cromcromc said:
Thanks for comment.
I understand your POV.
I realized later Global rom can't do call recording, that's the main reason why I try to flash xiaomi.eu rom and other optimazations are second reason.
And this phone will be my main phone so I wanted to make sure about security risk before I will change rom.
Click to expand...
Click to collapse
Having an unlocked bootloader doesn't need to be a risk whatsover as long as you're not flashing untrusted ROMS and other components to the device and critically control anything being flashed to the device. If you're flashing a signed ROM from the manufacturer as it sounds like is your plan, there is nothing to worry about. You can even lock the BL again after flashing & optimizing if you absolutely wish to although usually not recommended.
My friend changed my custom rom to CyanogenMod and now I am deciding to change the custom rom again. Can someone help me about changing it. I only have few knowlegde about it. Do I need to unlock the bootloader again or not? From my recent research some they that if your device was rooted there's no need to unlocking bootloader.
P.s Can anyone suggest a new custom rom for my device Samsung Galaxy Avant 4.4.2. As of now it was on CyanogenMod11 custom Rom?
Rooting Android OS means to add a functionality called su to it, whereas unlocking device's bootloader means to give you complete autonomy over your Android device. It will trigger a factory reset that will erase all of your data. It will also allow you to install a custom ROM on your device. Unfortunately, it can also compromise the security of your phone and/or can brick your phone making it impossible to turn on.
To unlock a device's bootloader it's NOT needed that Android OS got rooted before.
so it means that I can change the custom rom without unlocking bootloader because my device is ROOTED?
Exactly the opposite is the case: carefully read posts.