Risks of having an unlocked bootloader - General Questions and Answers

Hello guys, This is my first thread on XDA forum.
I just bought Xiaomi device (Poco X3 Pro Global) a few days ago.
So this is my first time to try custom rom, I searched what I'm trying to do, I'd like to make sure whether what I understand is correct or not since I'm totally new on custom rom.
the sources I mainly referred to:
source1
source2
Basic assumption:
1. Only flash custom rom without rooting
2. All unlocking bootloader and flashing custom rom process done perfectly, and all resouces (recovery, rom, ADB tool etc...) used during process are 100% clean and genuine.
3. No cold boot attack (source2) happens on me.
Q1. source1 is really helpful, but it's from 2012, is this still valid today?
Q2. source1 is posted on Galaxy Nexus forum, but is this applied to all android based devices, right?
Q3. This threat model assumes attacker has physical access to device, then I guess unlocking bootloader itself is 100% totally irrelevant to software level security risks like malware or OS vulnerability, is this right? (assuming no rooting and 100% genuine rom and resources)
Q4. From source1 you can choose between [device encryption] and [relocking bootloader] to protect security, which methods do you recommend using?
I feel I'm much more inclined to try device encryption method since I don't know if it's possible to relock bootloader safely after migrating from Global stock rom to xiaomi.eu rom. (Can anyone confirm this?) I fear it become bricked during relocking process.
Q5. So if I set device encryption with strong password and turn off USB debugging mode, I need not too worrysome?
Are there any other points in terms of security to bear in mind if you use device with unlocked bootloader?
Thank you for reading my thread

[INFO] Understanding the risks of having an unlocked bootloader
While unlocking the bootloader on a Galaxy Nexus unleashes the full potential of the bootloader, it also poses a security risk. Even with your lockscreen protected with a pattern/PIN/password, not having flashed a custom recovery, having an...
forum.xda-developers.com

jwoegerbauer said:
[INFO] Understanding the risks of having an unlocked bootloader
While unlocking the bootloader on a Galaxy Nexus unleashes the full potential of the bootloader, it also poses a security risk. Even with your lockscreen protected with a pattern/PIN/password, not having flashed a custom recovery, having an...
forum.xda-developers.com
Click to expand...
Click to collapse
that's what I linked in thread (source1)

Only a side-remark:
An Android Smartphone bootloader is processor-specific and every OEM has its own version of bootloader specific for the hardware present in its environment.
It's the primary task of every bootloader to verify the Android OS to be loaded is genuine means signed by OEM to ensure the Android OS ( it's by nature a Custom ROM ) works flawlessly as it can be expected by user. People who use a phone as a tool and not as a toy probably never come up with the idea to unlock the bootloader because they know about the strengths and weaknesses of the phone when they bought it, they can expect that OEM did their best with regards to a phone's performance - OEMs are certainly not dumber than generally claimed by the modder / hacker scene.
My POV: Unlocking a phone's bootloader is an unnecessary action at all. If people do so they indirectly admit that they have purchased a phone that does not meet their expectations - they have made a wrong purchase.

Thanks for comment.
I understand your POV.
I realized later Global rom can't do call recording, that's the main reason why I try to flash xiaomi.eu rom and other optimazations are second reason.
And this phone will be my main phone so I wanted to make sure about security risk before I will change rom.

cromcromc said:
Thanks for comment.
I understand your POV.
I realized later Global rom can't do call recording, that's the main reason why I try to flash xiaomi.eu rom and other optimazations are second reason.
And this phone will be my main phone so I wanted to make sure about security risk before I will change rom.
Click to expand...
Click to collapse
Having an unlocked bootloader doesn't need to be a risk whatsover as long as you're not flashing untrusted ROMS and other components to the device and critically control anything being flashed to the device. If you're flashing a signed ROM from the manufacturer as it sounds like is your plan, there is nothing to worry about. You can even lock the BL again after flashing & optimizing if you absolutely wish to although usually not recommended.

Related

Tips: What is unlocking the phone?

Some people may have doubt about what is unlocking the phone. At first I mistakenly assume that Unlock is refer to unlock the phone screen. It's very clear now that it is not true.
Q: So what is unlocking the Phone?
A: There is a lock inside the phone that stop people from using the third-party system or what we said custom ROM. (Although many phones are using the Android OS, the system in different brands are not exactly the same. In order to keep the unified feelings of their brands, the manufacturers prevent users from using custom ROM. That’s why they set the lock. )
Q: What is the use of unlock?
A: You can use custom ROM after unlock.
Q: Will it brick the phone if unlock failed?
A: Unlock failed has no effect on the phone. If there are some problems during the unlocking process, just take out the battery and restart your phone.
All of these statements are based on personal experience, if wrong, please specify, thank you for your read.
Purpose of unlocking the phone is to use it on another network
markdc said:
Purpose of unlocking the phone is to use it on another network
Click to expand...
Click to collapse
:good:Thank you for your add
Most of the time when it's unlock you can use it with many different carriers check GSM and non GSM carriers, Carriers like verizon, sprint have there own bootloader (Brand Image upon starting) and a secure stock rom. So it somewhat difficult to root there devices, Like my verizon S6 I've been waiting since the OTA update.
-AndroidPhreak.com

I have a doubt about my bootloader

First of all sorry if my english is not clear, thanks in advance.
I bought a Z5 C6603 in a commercial store, I mean it doesn’t come from any cellular provider company. The first thing I thought when I get it was about rooting it and I did, and I did install TWRP too, but before doing these two things I unlocked the boot loader, in fact as I know if this device comes with the option of bootloader unlock: no, that means the rooting and custom recovery are not possible.
If that is true something happened because when I checked up the service menu after rooting and twrp this option tells me the bootloader unlocking is not allowed. My memory is failing because a have been working in several cell phones despite the fact I’m not an expert. I think in the process I install a kernel or a rom wich made the modification, could It be possible that this kernel change the value?
I have the ver. 32.2.A.0.224
I cannot be imagining being without the possibility of changing Roms
That is odd indeed. But since you've already unlocked your BL, what does it matter anyways what your phone tells you?

Buying a used phone. Is the second-hand device trustworthy and safe to use?

[Apologies for being a noob, I tried my best to do the homework]
I want to buy a used Pixel 2 (or Pixel 3). There is some general advice on the internet reminding to check:
(i) for physical damage
(ii) if ESN / IMEI has been blacklisted
(iii) if the device is compatible with a carrier (communication standard, uses SIM and not e-SIM, not carrier locked)
(iv) and warning that the device can break or become blacklisted after the purchase.
All of the above is associated with a risk, which is limited to the amount of money paid.
But my primary concern is the risk from using the second-hand device where privacy is critical (email, online banking, 2FA through SMS). How do I make sure the previous owner hasn't planted a backdoor? If I trust Google, what are the reasonable steps to ensure that the device hasn't been tampered with by someone else? In particular:
(1) How do I check on Pixel 2 that the firmware, bootloader, OS are the original ones?
(2) If the device had been bootloader unlocked and/or rooted, is it possible to restore the original images, re-lock the bootloader to be confident that no one (but Google) will spy on me?
(3) Is there anything I am missing?
(4) Which of these are probably different on Pixel 3 and should be asked on Pixel 3 forum?
I barely understand the difference between the bootlocker and the recovery, and I would appreciate clear answers very much.
Related:
- A related thread mentions telling apart Verizon and unlocked versions of Pixel 2:
Buying Pixel 2 on Craigslist any tips to avoid issues?
Hi, I would like to buy a used Pixel 2 off Craigslist and since I am not familiar with the Pixel 2 I hope you can help me make sure I don't get scammed. I know I need to check that the IMEI is not blacklisted (can run it through the swappa IMEI...
forum.xda-developers.com
- A similar question was asked about Galaxy Note 9. One senior member says "Hell, back in the day we could reset knox counters ... even checking knox isn't a full proof method". Another says "So rest assured if your Warranty Bit is not 0x1 a Custom Binary has never been flashed". I am confused, as there is no concensus.
Bought used. Security concerns?
I had been looking for a new phone for awhile. Settled on a Note 9 because I wanted to try using the S Pen for work and dislike the Note 10 design. However, they are still sold at full price where I live, so I bought one secondhand. Everything...
forum.xda-developers.com
- Here someone says "Really easy to relock" about OnePlus 5. I wonder if the same is true for Pixels 2/3?
Risk of used phone with unlocked bootloader?
Hey guys this is probably a lame question... does any risk come with buying a phone with an unlocked boot loader? I bought an OnePlus 5 from ebay used in great shape. The seller advised the the phone was rooted with Android 10. When i start the...
forum.xda-developers.com
Reboot the phone, and see if the yellow exclamation mark comes up saying the bootloader was modified.
If you don't see that, it means the Pixel 2 bootloader was never unlocked and a custom ROM was never flashed to the device.
Since all Pixel 2 phones would be out of warranty now, the only way to ensure security is to flash a trusty ROM yourself.
kodina said:
Since all Pixel 2 phones would be out of warranty now, the only way to ensure security is to flash a trusty ROM yourself.
Click to expand...
Click to collapse
Thanks for you response, but I am not sure I understand the last bit. Do you mean I would have to flash a trusty ROM myself because there are no certified service centres that would accept the phone, as the warranty has expired? Or do you mean that there are no automatic updates or supported ROMs because of the end of life or something?
up!
wiltingenthusiasm said:
Thanks for you response, but I am not sure I understand the last bit. Do you mean I would have to flash a trusty ROM myself because there are no certified service centres that would accept the phone, as the warranty has expired? Or do you mean that there are no automatic updates or supported ROMs because of the end of life or something?
Click to expand...
Click to collapse
No, I mean even if the bootloader is locked, even if the original owner never flashed a custom ROM, the device (in theory) could still have had been rooted in the past, unknown apps installed, root removed and you would never know. Hoewever, this is all in theory, but it is possible, and only applies if you are paranoid about security.
Otherwise, reboot the phone, no bootlaoder warning = 99% safe to use.
kodina said:
No, I mean even if the bootloader is locked, even if the original owner never flashed a custom ROM, the device (in theory) could still have had been rooted in the past, unknown apps installed, root removed and you would never know. Hoewever, this is all in theory, but it is possible, and only applies if you are paranoid about security.
Otherwise, reboot the phone, no bootlaoder warning = 99% safe to use.
Click to expand...
Click to collapse
Oh, I see. And a factory reset would not help either, because it does not recover the OS from a reserve copy whose integrity can be ensured, but simply deletes all user data and extra apps, while keeping the rest, which could have been compromised via root access. Therefore, there is no guarantee that the factory reset via bootloader really gets the device to the "factory state". Is that correct?
[Many thanks for your explanation.]
wiltingenthusiasm said:
Oh, I see. And a factory reset would not help either, because it does not recover the OS from a reserve copy whose integrity can be ensured, but simply deletes all user data and extra apps, while keeping the rest, which could have been compromised via root access. Therefore, there is no guarantee that the factory reset via bootloader really gets the device to the "factory state". Is that correct?
[Many thanks for your explanation.]
Click to expand...
Click to collapse
In theory, because I have not ready any news, articles, guides or forum threads where people are claiming they have done it.
So, the only option to ensure things are 1% safer, is to unlock the bootloader and flash a custom ROM yourself, trusting that the ROM dev didn't put anything weird in it. Though, as far as I checked, none of the OFFICIAL ROMs for Pixel 2 have a history of putting in something bad.
So, if you want 100% stability, use the default google ROM after a factory reset, but if you want """more""" security, unlock the bootloader and flash the ROM yourself.

Custom Rom

My friend changed my custom rom to CyanogenMod and now I am deciding to change the custom rom again. Can someone help me about changing it. I only have few knowlegde about it. Do I need to unlock the bootloader again or not? From my recent research some they that if your device was rooted there's no need to unlocking bootloader.
P.s Can anyone suggest a new custom rom for my device Samsung Galaxy Avant 4.4.2. As of now it was on CyanogenMod11 custom Rom?
Rooting Android OS means to add a functionality called su to it, whereas unlocking device's bootloader means to give you complete autonomy over your Android device. It will trigger a factory reset that will erase all of your data. It will also allow you to install a custom ROM on your device. Unfortunately, it can also compromise the security of your phone and/or can brick your phone making it impossible to turn on.
To unlock a device's bootloader it's NOT needed that Android OS got rooted before.
so it means that I can change the custom rom without unlocking bootloader because my device is ROOTED?
Exactly the opposite is the case: carefully read posts.

Question Is it possible to used magisk patched image with bootloader (re)locked?

I see that I can add user-settable root of trust to the bootloader so I can set custom secure boot keys like PCs at https://source.android.com/docs/security/features/verifiedboot/device-state , so I think I can use a user modified init_boot image (including the magisk patched one) by signing it with my own keypair.
Also, I know that some manufacturers require 7 days for new devices to be unlocked (like Xiaomi) or do not allow user unlock at all. However, authorized repairers can flash signed factory system images without unlocking it. I guess it is implemented by internal (read-only) root of trust. But can I do this with user-settable root of trust part so I can become authorized repairer to my own device?
P.S. I am using a bootloader-unlocked Pixel 4 XL as my major phone now. I have bought a Pixel 7 Pro but not yet switched to it. I am looking for a method to take both security and scalability into account.
Good and interesting question, sadly I don't have a definitive answer to it - but a few thoughts:
As to your own keypair: I would think that the bootloader checks for integrity and you would need to patch bootloader as well to accept a user-key - not sure if this is feasible.....
AFAIK for Xiaomi devices the authorized repairers use EDL mode with a separate authentification - EDL-mode is (IMO) a separate very low-level boot mode.... I don't think this is related to the "normal" boot mechanism and its keys.....
Is there any specific reason you are aiming for a re-locked bootloader ? The only aspect I could think about is some specific apps that can detect an unlocked bootloader and refuse to function.... from a pure security standpoint I don't see a benefit from re-locking a modified device, at least until you really (!) know all modifications that have been done in low-level detail.....
s3axel said:
Good and interesting question, sadly I don't have a definitive answer to it - but a few thoughts:
As to your own keypair: I would think that the bootloader checks for integrity and you would need to patch bootloader as well to accept a user-key - not sure if this is feasible.....
AFAIK for Xiaomi devices the authorized repairers use EDL mode with a separate authentification - EDL-mode is (IMO) a separate very low-level boot mode.... I don't think this is related to the "normal" boot mechanism and its keys.....
Is there any specific reason you are aiming for a re-locked bootloader ? The only aspect I could think about is some specific apps that can detect an unlocked bootloader and refuse to function.... from a pure security standpoint I don't see a benefit from re-locking a modified device, at least until you really (!) know all modifications that have been done in low-level detail.....
Click to expand...
Click to collapse
The reason why I am aiming for a re-locked bootloader is that everyone can flash a modified image at bootloader. An evil maid or cop may be able to flash a trojan boot image when I am not with my phone.

Categories

Resources