Related
Hello,
I wasn't 100% sure if this was the correct thread or if I should have posted under the ROM section for this phone. We own a start-up company, and have signed some contracts with some larger companies. In one particular contract, we need to take certain security precautions.
My wife has purchased me a Samsung Galaxy S7 SM-G930W8 (the Canadian model). I live in the USA. It's unlocked and multi-csc (whatever that means). The product code is XAC (I believe that means unlocked). We contacted Samsung to verify that a USA sim card would work in the phone, which it does, and that it wouldn't lock the phone to that sim card, which it doesn't. So we're good there.
We explained the issue about the software. The phone comes with some software pre-installed that we cannot have on the phone if we're going to be using it as a company phone, which we would like to do. Samsung said we could disable most of the apps, which we were aware of, however, the contracts specifically states certain types of programs cannot be installed on our company devices.
I asked them if I where to gain root access and remove those programs, would it void the warranty. They said no. The only way we would void the warranty is if we dropped the phone and damaged it, or got it wet.
What would be the best way to go about removing these programs and trying to get a more cleaner version of Android? I understand that a ROM would have to be specific to this phone, because of the various hardware in the phone. But we are not looking for any "extra" programs that tend to come with ROMs to attempt and make them better. I noticed some ROMs for this phone include a custom installer, where we can pick and choose what we wanted installed. But they also come with customized kernels with various security features disabled (such as a fake version of KNOX).
Could someone recommend the best route to go here? Stability is extremely important, however, so is security. We cannot have unapproved third party apps / mods on the phone, but we have some leigh way there. For example, I could probably get around installing a custom recovery partition because the code on that custom recovery partition is not running while we're accessing company resources. If we have to go the route of using a custom ROM, we'd prefer one that supports over the air updates, but does not force them.
Any ideas?
Thank you and sorry for such a novice question. I had done a good bit of research into this and thought I found the perfect one, just to discover that it appears to no longer be supported and the thread on XDA has been deleted.
**EDIT: I should add that my wife upgraded it to Android 7, but I was afraid that would limit our options, so I downloaded the stock XAC ROM for this phone and used Odin to flash it back on, so it's currently running 6.0.1. I'm not sure if that makes a difference or not.
Thanks!
Am I reading correctly that you must completely remove the apps from the phone, not just disable them? The thread below describes how to disable system apps without rooting or otherwise modifying your phone's firmware.
https://forum.xda-developers.com/galaxy-s7/how-to/root-required-oreo-disable-apps-t3814249
Flashing modified firmware will disable Knox, which is something you might not want to do in your case. Also, if you're contractually bound as far as security precautions go, you're probably going to want to update to the latest Oreo firmware and keep it up to date with any security updates as they are issued by Samsung.
Hai Karate said:
Am I reading correctly that you must completely remove the apps from the phone, not just disable them? The thread below describes how to disable system apps without rooting or otherwise modifying your phone's firmware.
Click to expand...
Click to collapse
I apologize in advance if I get your gender incorrect, a quick google search shows your name is unisex. I am going to assume you are a male, until otherwise told so. Yes sir, you are reading correctly that I must completely remove the apps from my company devices, including this phone. I appreciate that my wife bought it for me, but she doesn't fully understand the business like I do and I don't think she really thought it through. I imagine it costed a good bit of money, so I'd hate to have her send it back because I cannot remove the apps.
I appreciate the links to the threads, however, I already know how to disable the apps, but that is not enough. They physically cannot be installed based on what they're capable of doing (ie, a potential for viewing documents / schematics / pcb layouts labeled as confidential or highly confidential, or even worse, being poorly written in such a way where the program is exploitable and someone gains unauthorized access to our network, the certificates we have installed on the phone, etc.)
Hai Karate said:
Flashing modified firmware will disable Knox, which is something you might not want to do in your case. Also, if you're contractually bound as far as security precautions go, you're probably going to want to update to the latest Oreo firmware and keep it up to date with any security updates as they are issued by Samsung.
Click to expand...
Click to collapse
[/QUOTE]
Updating to Oreo is something that we will be wanting to do, but something I have been holding off on, in case I have to flash a modified firmware, or ROM as it's sometimes referred to. As for Knox being disabled, I actually believe that is something we are going to need to happen, have it disabled. We use special software that provides similar functionality that Knox provides, but is a lot more advanced. We actually use a few products for that.
I do have to admit that my knowledge regarding cell phone firmwares is a bit limited, although I do write firmware for other custom created devices. My worries with custom firmware are:
1) Certain security features (excluding Knox) might be disabled or removed (ie, the ability to encrypt the internal flash, encrypt the MicroSD card, having SELinux turned off, having secure boot disabled)
2) The firmware containing programs that most people would find useful but stuff I cannot have. If I have the ability to uninstall it, that's okay, I can do that. But if it's stuck, like it is now, where I can only disable it, that is not okay.
3) Something being installed without my knowledge.
Our security setup checks company phones to see if they're rooted, and if they are, it marks the device as non-compliant. I can have a device as non-compliant for a few hours....but if it's marked as non-compliant for a few days, one of the larger companies we're dealing with call to ask why, and then we have to do a secure session, where they login to one of our devices, but cannot physically click anything, just look, and have us go into various software to see why it's non-compliant, and, well, it's not fun.
We had it happen once because my wife accidentally sent an email from a personal device to a in-house email address, which never got encrypted, and it triggered a security audit, which was not fun at all and I'd rather not go through that again.
Are there no bloat-ware free signed official images or is there no way for a developer to import a signing key into the device to keep secureboot enabled? Also, out of curiosity, why would running a custom firmware disable Knox? In our case, that's something we need, however, I was just curious. And if we go the route of custom firmware, is there a way to show that it's gone, or will all the custom firmware's install a fake version of Knox?
Thank you for taking the time to answer my questions. I really do appreciate it. I know how precious time can be, how busy a person can get, and I realize I have a lot of questions here, but I really need to make sure we're secure.
One of the programs we'll have on there is something called Symantec Endpoint Mobile. I am not sure if you have heard of it or not, but that provides virus protection, etc.
So CSC contains the regulatory information for my country and the providers....my phone is a Canadian phone. I thought Canada did not have Straight talk, yet, my wife's straight talk sim worked. I noticed in the recovery menu, it shows multi-csc. Does that mean my phone has the country specific stuff for more than one country? I'm wondering if I should try changing it to a US phone.
AP contains the kernel, the recovery partition, the system partition, and the bloatware, right?
BL is simply the bootloader.
If I could gain root on this phone without flashing a custom ROM or maybe somehow by just flashing something like TWRP without voiding the warranty, I could just modify the meta-data for the apps that I need to uninstall to allow them to be uninstallable, correct?
Since I went from a partial install of 7 back down to 6.0.1, my camera does not work. I'm wondering if it's because the ROM I used wasn't the correct ROM. It was the G930W8VLU2API1 ROM, minus the CSC, which was G930W8OYA2API1.
I've tried a factory reset, I've reflashed the ROM, using the non-HOME CSC, I've wiped the cache partition....still no camera. It simply says Warning Camera failed. I tried a few of the tricks I've read about on the net to fix it, but so far, no luck. Cleared the data and cache for just about every program, including the camera. I believe the problem might be because I have internet turned off right now, no sim card in, and even though I have automatic updates turned off, the phone still started to download an update.
Did Android 6.0.1 show Secure Boot status in Download mode? My wife, with the same phone, but the American AT&T unlocked carrier version (we paid full price), her's has a Secure Boot: Enabled. She's also running 8.0.0. With my 6.0.1, all there is is a Secure Download, which she also has, but no Secure Boot listed at all.
If secure boot is disabled, I should be able to flash any custom BL without tripping Knox, even if it's not signed.....right? I know with my datacenter, the bootloader changes even a bit, the servers and workstations are not booting, unless I sign the bootloader with my MAK.
**EDIT: Also, what exactly are these z3x things I see on the gsmhosting site? It's hard understanding exactly what they do based off their description because I don't think the developers native language is the same as mine. I go to z3x-team.com, and it almost looks like the device can do almost anything with the Samsung....upgrades, downgrades, unlock codes (wtf?), etc. Is it just a scam or are they worth the investment?
**EDIT2: I made a mistake. I guess there's some special Samsung Knox policy that gets applied to Samsung only devices, that configures it in some sort of way to make it compliant, so Knox has to stay.....
So my GF has doubt that her phone (Samsung A5) has been tapped by her ex BF who knew her phone pass and did take care of all devices they posses
Assuming that is the case, will the factory reset remove tracking software from her phone of will I have to flash her phone with fresh OS to be sure the software has been removed completely
gesaugen said:
So my GF has doubt that her phone (Samsung A5) has been tapped by her ex BF who knew her phone pass and did take care of all devices they posses
Assuming that is the case, will the factory reset remove tracking software from her phone of will I have to flash her phone with fresh OS to be sure the software has been removed completely
Click to expand...
Click to collapse
If the ex actually did something like that and embedded into the system partition on the device, a factory reset will not remove it.
You would need to flash the device with the firmware to remove it, you may even need to use the "re-partition" option in Odin when you flash the device.
It would also be wise to change the password on her Google account before flashing the device, to be thorough, change the password and maybe even the email/username while you're at it, then go to system settings and remove the account then sign back in with the new email/password, then flash the device, after flashing and booting, sign back in with the new account details.
I would also change passwords and account details for any other apps on the device, such as Facebook, Facebook Messenger, any other email addresses or other email apps and any other types of social media apps or other apps that require an email/username and password. Change any and everything on the device that the ex could have possibly had access to. If she also has other devices or PC's synced with her phone or email, I'd change the details on those other devices/PC's as well. If she has WiFi at home, change its password and maybe even see about changing the IP of her modem/router.
Then, after that, make sure she doesn't click on/open/download anything from anyone that she doesn't know, including multimedia texts/pics, it could be the ex trying to embed something again, opening it will just compromise the device again.
Sent from my LGL84VL using Tapatalk
While what Droidriven is saying is correct first things first. Has the phone been unlocked and/or rooted? If the phone is locked (*Not tampered) then all of that is overkill. Here's a simple test that you can do to see how at risk you are. Start the phone in Bootloader mode and see what it says at the top. It will either say Locked, Locked *Tampered, Unlocked or Unlocked *Tampered. Locked is exactly what it sounds like, the phone is factory locked. Unlocked again means exactly what it says, the phone is factory unlocked. The caveat is the Tampered. So you can unlock a phone and lock it back which will result in the tampered tag/statement. In which case anything could have been done or undone once the phone was unlocked even if it says locked. If the phone simply says Locked, there is no need to panic and simply factory resetting the phone will erase anything that the ex may have done or installed. If the tampered tag/statement appears that's when more detailed steps should be taken, as described by Droidriven. It is always advisable to change passwords after a breakup even if you don't suspect foul play as a precaution. If she fears foul play Google offers 2-Step verification, which I highly recommend anyway, which allows the account holder to use an Authentication app that randomly generates codes to access the account and also prevents anyone from accessing the account without the users phone in their direct possession. Google also offers security screening tools that allows users to see where they are signed in, when the last time that sign in point was accessed, and the ability to sign out of sessions that may still be active. Furthermore Google offers notifications that will text or email a user anytime a sign-in occurs allowing the user full disclosure and control over their account. Although not mentioned, Facebook also offers similar tools and notifications should the concern arise. First thing first however, find out how to log into your Bootloader and verify if the device has ever been tampered with and then work from there.
VidJunky said:
While what Droidriven is saying is correct first things first. Has the phone been unlocked and/or rooted? If the phone is locked (*Not tampered) then all of that is overkill. Here's a simple test that you can do to see how at risk you are. Start the phone in Bootloader mode and see what it says at the top. It will either say Locked, Locked *Tampered, Unlocked or Unlocked *Tampered. Locked is exactly what it sounds like, the phone is factory locked. Unlocked again means exactly what it says, the phone is factory unlocked. The caveat is the Tampered. So you can unlock a phone and lock it back which will result in the tampered tag/statement. In which case anything could have been done or undone once the phone was unlocked even if it says locked. If the phone simply says Locked, there is no need to panic and simply factory resetting the phone will erase anything that the ex may have done or installed. If the tampered tag/statement appears that's when more detailed steps should be taken, as described by Droidriven. It is always advisable to change passwords after a breakup even if you don't suspect foul play as a precaution. If she fears foul play Google offers 2-Step verification, which I highly recommend anyway, which allows the account holder to use an Authentication app that randomly generates codes to access the account and also prevents anyone from accessing the account without the users phone in their direct possession. Google also offers security screening tools that allows users to see where they are signed in, when the last time that sign in point was accessed, and the ability to sign out of sessions that may still be active. Furthermore Google offers notifications that will text or email a user anytime a sign-in occurs allowing the user full disclosure and control over their account. Although not mentioned, Facebook also offers similar tools and notifications should the concern arise. First thing first however, find out how to log into your Bootloader and verify if the device has ever been tampered with and then work from there.
Click to expand...
Click to collapse
As far as I know, Samsung does not have bootloader mode, it uses Download Mode, otherwise known as factory mode or Odin mode. It also does not quite display the information that you described as you described it. Some Samsung devices may or may not display bootloader status as "locked" or "unlocked", I've never seen anything about Samsung devices ever showing anything about *Tampered. I've seen devices show "custom binary" or "official binary" and show system status as "official" or "custom", some show info for secure boot, activation lock, kernel lock or Knox warranty void.
But, none of this necessarily has anything to do with whether something could have been embedded into system. You can push things to system even if the bootloader is locked and without "triggering" anything or being "flagged" by the system.
Plenty of Samsung devices have been rooted without unlocking the bootloader, without tripping Knox or Qfuse and will show binary status as "Custom"(the one thing that does show that the device is rooted/tampered but still doesn't necessarily indicate any malicious code that might have been placed by the ex, just rooting the device and nothing else would give the same result), all locks at default status as "locked"(non-tampered) and system status as "Official".
Given that the ex was the one that took care of and managed all devices that she owned, I would just take the thorough route just to cover the bases just because there are so many points of entry that the ex could have set up among all of the devices/equipment that she has.
Sent from my LGL84VL using Tapatalk
While I'll give you that there may be differing nomenclature for the things I mentioned, I've never heard of anyway to reach the Root of a device without going through the Bootloader and without leaving some evidence. While I cannot find an actual picture of the bootloader screen, in the link below there's a picture of the recovery menu where you can see the second option on the Samsung A5 Reboot into Bootloader. Ultimately it's up to the OP but becoming tech savvy enough to root a device is not for everyone. If the device shows no signs of being rooted, to learn how to root a device just in case seems less than worthwhile. OP you could also try one of the root detectors on the Play Store.
https://www.teamandroid.com/2017/01/28/enter-recovery-mode-samsung-galaxy-a5-2017/
VidJunky said:
While I'll give you that there may be differing nomenclature for the things I mentioned, I've never heard of anyway to reach the Root of a device without going through the Bootloader and without leaving some evidence. While I cannot find an actual picture of the bootloader screen, in the link below there's a picture of the recovery menu where you can see the second option on the Samsung A5 Reboot into Bootloader. Ultimately it's up to the OP but becoming tech savvy enough to root a device is not for everyone. If the device shows no signs of being rooted, to learn how to root a device just in case seems less than worthwhile. OP you could also try one of the root detectors on the Play Store.
https://www.teamandroid.com/2017/01/28/enter-recovery-mode-samsung-galaxy-a5-2017/
Click to expand...
Click to collapse
This tells me that you aren't familiar with Samsung devices because plenty of Samsung devices have been rooted without unlocking bootloader, I couldn't even begin to count them all. Unlocking bootloader is really only necessary if flashing a custom recovery or custom ROM. Not all Samsung devices are rooted by flashing a custom recovery to gain root. Most of the Samsung devices sold in the US have locked bootloader that cannot be unlocked by any means whatsoever, yet these devices can be rooted. Obviously, they have been rooted without unlocking the bootloader.
Yes, it may have the "reboot bootloader" option in recovery, if selected, that will boot you into download mode/Odin Mode. Typically, what you are describing with bootloader mode applies to devices that use fastboot, Samsung does not use fastboot, it isn't compatible with fastboot, adb works with Samsung but fastboot does not work with Samsung in any way, shape, form or fashion.
And it is possible to root a Samsung device, then install something in system and then remove root immediately after(which means that root checker will not see anything) and it won't show anything in Odin mode, won't trip Knox or Qfuse and still show Official in Odin mode. If it is rooted, then an app is pushed to system then root is immediately removed and this was all done without rebooting the device in the process, then the bootloader, Knox, Qfuse and all that never even detects that root was ever there because it was removed, which means it never gets loaded at boot for the bootloader and other security coding to see that root was there. Some can be rooted and then flash TWRP using Loki without unlocking the bootloader, which "shouldn't" be possible with a locked bootloader, yet, it is done.
I'm just saying, it isn't always as detectable as you imply.
Sent from my LGL84VL using Tapatalk
Why does Android reset the device to factory settings upon RE-LOCKING the bootloader on Pixel devices? is it just another hassel tactic from Google to make users not have the bootlader unlocked in the first place?
Please don't respond unless you have an answer with a real technical/security justification.
Thanks for your expertise.
fromusofa said:
Why does Android reset the device to factory settings upon RE-LOCKING the bootloader on Pixel devices? is it just another hassel tactic from Google to make users not have the bootlader unlocked in the first place?
Please don't respond unless you have an answer with a real technical/security justification.
Thanks for your expertise.
Click to expand...
Click to collapse
This link has some explanation of bootloader locking and unlocking, and the security side of things (scroll down to near the bottom).
https://source.android.com/security/overview/implement
It doesn't really do much to explain in detail why the relock requires a factory reset, but essentially it's to ensure that there is nothing in the phone that could have been compromised. When the bootloader is locked, certain app developers want to be sure that the device is secure. Any leftover remnants from a rooted device are a potential security issue.
NZedPred said:
This link has some explanation of bootloader locking and unlocking, and the security side of things (scroll down to near the bottom).
https://source.android.com/security/overview/implement
It doesn't really do much to explain in detail why the relock requires a factory reset, but essentially it's to ensure that there is nothing in the phone that could have been compromised. When the bootloader is locked, certain app developers want to be sure that the device is secure. Any leftover remnants from a rooted device are a potential security issue.
Click to expand...
Click to collapse
The link does not say that the device will be reset and the user data will be wiped upon relocking the bootloader. it just says that it will provide the same protection after locking the device upon installing any custom rom and then unlocking it again.
Who gets to say what is "compromised"? The OS provider Google or the device manufacturer or the users who have paid for the software and the hardware of the device and owns it?
if those certain armatures app developers can't write their own stuff secured enough and actually depend on OS to provide them protection at the expense of crappy user experience with limited innovation and hijacked creativity, then that's their problem. An owner of the device should be able to install any OS even that they may have build in their basement or any jack **** they want...or live with the crap that they got from OEM . Just like Windows on any computer can let you do what ever you want to do as an administrator...whichever sites and application you want to access and run. Why is Android (linux) so overtly protective about giving root access to its users?
Anyway, relocking the bootloader will wipe the device again even if you have not installed anything customized even immediately right after unlocking that has already wiped the device...I just don't understand or like the logic behind resetting the whole device upon relocking the bootloader...is Google afraid of people coming after them for security issues on their customized/rooted device? hmmm... if that was the case with Windows, Microsoft would've been bankrupted long ago.
sorry about the above rant, I just woke up after 18 years in coma and I find the mobile device industry still in its infancy... or maybe I just have lost my mind.
In what ways does having an unlocked bootloader make it easier for governments and (other) criminals to get into your device or data? Lots of people say "naaaaa it's not less secure, unlock your bootloader man... the data is ENCRYPTED" I know back in the day someone could just flash TWRP and delete the lockscreen! But now devices are encrypted and that can't be done anymore. I also experience that some security apps require root for their full features (Android Lost). But I'd think it'd be easier to inject some sort script or flash something to help them with trying to get into your device (like removing the unlock attempt limit like is done with iPhone). Luckily Oneplus can relock with custom ROM but most can't ) : .
If you wanna talk about specific devices, maybe talk about Xperia Z5 II and/or LG G8 Thinq. And whether it IS or ISN'T less secure, what can be done to BEST secure a device? Whether official or not.
A device with a locked bootloader will only boot the operating system currently on it. You can’t install a custom operating system – the bootloader will refuse to load it. If your Android phone has a standard locked bootloader when a thief gets his hands on it, he won’t be able to access the device’s data without knowing its PIN or password. (Of course, a very determined thief could crack open the phone and remove the storage to read it in another device.)
If you’re unlocking the bootloader of your device and want to protect against this, you could choose to enable Android’s encryption feature what dependes on Android version - either FBE ( default since Android 10 ) or FDE ( default since Android 6 ). This would ensure your data is stored in an encrypted form ( AES 256 ), so people wouldn’t be able to access your data without your encryption passphrase. However, even encryption can’t protect your data perfectly.
Conclusion:
Of course, you probably don’t need to worry about this too much. If you’re an Android geek installing custom ROMs and rooting your device for your own use, you probably aren’t going to be the target of a determined and skilled thief who wants to access the data on your device. If your device is stolen, it’s probably by someone who just wants to wipe the device and sell it. And this wiping can easily be done by connecting the Android phone via USB--cable with PC and from there launching a specific command.
Hi!
I'm considering buying Pixel 6a for its worth at around 300USD worth but after using Android for several years, I'm concerned about security after rooting, like after theft etc.
Afaik, if bootloader is unlocked, the thief can just flash a new image and that's it!
It's different with iOS where icloud lock (even after jailbreak) can render the device practically unusable.
Can someone guide if some kind of google lock is a possibility nówadays with Android or newer versions of Android?
Are you looking at this from a data security standpoint? Or from "make sure its worthless to the thief".
Data security I believe is much more important than causing the phone to self destruct if stolen, and from a data security standpoint, you don't need to worry about root, because the data stored in the userdata partition is ENCRYPTED, and this encryption is tied to lockscreen security. In other words, they need to be able to legitimately get past the lockscreen in order to have unencumbered access to your data, regardless of what they change with respect to boot and system partitions.
If on the other hand, you're more worried about rendering the device worthless if stolen (i.e., thief can't actually use it), then you're actually talking about gooble's factory reset protection, which pretty much locks you to factory images, and locked bootloaders, and the "unlock bootloader" switch set to not-unlockable.
Factory reset protection works by forcing you to validate that you are the owner of the gooble account previously registered as owner of the device. It can be trivially bypassed as long as the "allow oem unlocking" flag is set to true, or the device has a 3rd party OS key installed, such as from grapheneos.
Also, having the device REPORTED as stolen if it is, will make it unable to connect to a cellular network, which pretty effectively makes it worthless.
Thanks for detailed answer. It answers my question.
While data is first priority, rendering device non-usable is also a deterrent.
Gotta find some ROMs which allow encryption tho. Thanks again
tarun0 said:
Thanks for detailed answer. It answers my question.
While data is first priority, rendering device non-usable is also a deterrent.
Gotta find some ROMs which allow encryption tho. Thanks again
Click to expand...
Click to collapse
It isn't a useful deterrent to theft, because they have to steal it first before they can find out if its been rendered useless or not. Its not like they'll return it if they find out that its useless.
tarun0 said:
Hi!
I'm considering buying Pixel 6a for its worth at around 300USD worth but after using Android for several years, I'm concerned about security after rooting, like after theft etc.
Afaik, if bootloader is unlocked, the thief can just flash a new image and that's it!
It's different with iOS where icloud lock (even after jailbreak) can render the device practically unusable.
Can someone guide if some kind of google lock is a possibility nówadays with Android or newer versions of Android?
Click to expand...
Click to collapse
You should be worried more about having unlocked bootloader as opposed to root.
Root can only be obtained via Magisk, which creates a layer making your System think that Magisk is a part of it. No root could be obtained other than through Magisk manager, and even then, you will get a prompt to allow root to an app or adb. You can provide time limited root or one time only for apps. In other words, root gives the user control. Your OS already has root regardless of Magisk. All Magisk does is give you the power to grant or deny root.
Locked vs unlocked bootloader: this is where you should be concerned. If your bootloader is unlocked, it might be possible to boot or flash a modified recovery or TWRP that will have full write access to your system partitions, which are not encrypted. Android, unlike Linux or Windows never encrypted anything but data partition, and a few years ago, Google dropped even that in favor of file encryption. So, your data partition is no longer encrypted, just the files. So, when TWRP has full access to your system, an adversary may succeed in removing your screen lock/password/pattern and force system to boot straight without any lock. Note, the attacker wouldn't have to deal with encryption at all, but rather use natural Android weakness, which is: the first boot after installing a brand new rom is always without password prompt. So, in this case, the attacker will have the full access to your data.
With locked bootloader, this is not possible, as all fastboot actions are disabled.
99.9% of custom roms require unlocked bootloader. Those few, which are available on locked bootloader, do not provide root. There are only 1 or 2 developments that can provide optional root + locked bootloader.
optimumpro said:
You should be worried more about having unlocked bootloader as opposed to root.
Root can only be obtained via Magisk, which creates a layer making your System think that Magisk is a part of it. No root could be obtained other than through Magisk manager, and even then, you will get a prompt to allow root to an app or adb. You can provide time limited root or one time only for apps. In other words, root gives the user control. Your OS already has root regardless of Magisk. All Magisk does is give you the power to grant or deny root.
Locked vs unlocked bootloader: this is where you should be concerned. If your bootloader is unlocked, it might be possible to boot or flash a modified recovery or TWRP that will have full write access to your system partitions, which are not encrypted. Android, unlike Linux or Windows never encrypted anything by data partition, and a few years ago, Google dropped even that in favor of file encryption. So, your data partition is no longer encrypted, just the files. So, when TWRP has full access to your system, an adversary may succeed in removing your screen lock/password/pattern and force system to boot straight without any lock. Note, the attacker wouldn't have to deal with encryption at all, but rather use natural Android weakness, which is: the first boot after installing a brand new rom is always without password prompt. So, in this case, the attacker will full access to your data.
With locked bootloader, this is not possible, as all fastboot actions are disabled.
99.9% of custom roms require unlocked bootloader. Those few, which are available on locked bootloader, do not provide root. There are only 1 or 2 developments that can provide optional root + locked bootloader.
Click to expand...
Click to collapse
Ahhh... So there are options albeit just 1 or 2 which can root with bootlocker locked!!
I thought it's just impossible to root without unlocking bootloader.
Thanks for the nice explanation
tarun0 said:
Ahhh... So there are options albeit just 1 or 2 which can root with bootlocker locked!!
I thought it's just impossible to root without unlocking bootloader.
Thanks for the nice explanation
Click to expand...
Click to collapse
Just my view: if I were you, I wouldn't buy any Pixels phone that has Titan chip in it. It is just one more reliance on such a 'bastion' of privacy as Google. Note Titan is closed source, and not only it deals with certificates, but it can also modify firmware. Here is Zdnet's description:
"The Titan chip manufacturing process generates unique keying material for each chip, and securely stores this material -- along with provenance information -- into a registry database. The contents of this database are cryptographically protected using keys maintained in an offline quorum-based Titan Certification Authority (CA).
"Individual Titan chips can generate Certificate Signing Requests (CSRs) directed at the Titan CA, which -- under the direction of a quorum of Titan identity administrators -- can verify the authenticity of the CSRs using the information in the registry database before issuing identity certificates."
So, each machine's individual key is stored with some 'magic' database maintained by Titan Certification Authority. In other words, an entity funded by three-letter agencies now has an additional database holding individual keys for each phone.
optimumpro said:
Just my view: if I were you, I wouldn't buy any Pixels phone that has Titan chip in it. It is just one more reliance on such a 'bastion' of privacy as Google. Note Titan is closed source, and not only it deals with certificates, but it can also modify firmware. Here is Zdnet's description:
"The Titan chip manufacturing process generates unique keying material for each chip, and securely stores this material -- along with provenance information -- into a registry database. The contents of this database are cryptographically protected using keys maintained in an offline quorum-based Titan Certification Authority (CA).
"Individual Titan chips can generate Certificate Signing Requests (CSRs) directed at the Titan CA, which -- under the direction of a quorum of Titan identity administrators -- can verify the authenticity of the CSRs using the information in the registry database before issuing identity certificates."
So, each machine's individual key is stored with some 'magic' database maintained by Titan Certification Authority. In other words, an entity funded by three-letter agencies now has an additional database holding individual keys for each phone.
Click to expand...
Click to collapse
Thanks for the opinion broski! But what brand are available there?
I don't like Samsung anymore because they destroy screen with update and don't help customers. Rest brand look more on papers but not in real.
tarun0 said:
Thanks for the opinion broski! But what brand are available there?
I don't like Samsung anymore because they destroy screen with update and don't help customers. Rest brand look more on papers but not in real.
Click to expand...
Click to collapse
Onepluses allow relocking bootloader on custom roms.
tarun0 said:
Thanks for the opinion broski! But what brand are available there?
I don't like Samsung anymore because they destroy screen with update and don't help customers. Rest brand look more on papers but not in real.
Click to expand...
Click to collapse
Don't be intimidated by the technical language - it's not as complicated as it seems. All hardware security modules come with a key that is installed at the factory and signed by the manufacturer. This initial key is only used to establish a basic level of trust, and the HSM will then generate a unique key for encrypting your data and performing attestation. This process is the same no matter what brand of device you use, whether it's an OnePlus, a pixel, or any other brand
Newer pixel models have a feature called ATTEST_KEY that allows each device to have its own unique keys. If one of these HSM keys were to be compromised, it wouldn't affect your security. However, rooting your phone can compromise your security and make verified boot ineffective, even if the bootloader is locked. If you value security, it's important not to root your phone
tarun0 said:
Ahhh... So there are options albeit just 1 or 2 which can root with bootlocker locked!!
I thought it's just impossible to root without unlocking bootloader.
Thanks for the nice explanation
Click to expand...
Click to collapse
This statement is incorrect. The Android user interface was not designed to handle permission prompts for root access. When you root your phone, you increase the potential for UI bugs that were previously not able to cause harm to become attack vectors that can be used to gain full access to your phone. Rooting also weakens the security of your phone by adding new permissive domains and making the *_app SELinux domains more permissive
It is heavily recommended to read this article https://madaidans-insecurities.github.io/android.html
tarun0 said:
Thanks for detailed answer. It answers my question.
While data is first priority, rendering device non-usable is also a deterrent.
Gotta find some ROMs which allow encryption tho. Thanks again
Click to expand...
Click to collapse
For the past five years, it has been required that all Android phones have encryption enabled by default. If you purchase a Pixel phone, it will come with encryption already enabled, but you can further enhance the security of the encryption by installing GrapheneOS as they increase the file name padding length to the maximum supported by the kernel make certain attacks harder.
Block-based encryption is generally considered to be less secure than file-based encryption because it uses a single key to encrypt all data, rather than multiple keys for individual files (which is what FBE does). Android 10 introduced metadata encryption, which encrypts the sector 0 on the data partition, making it inaccessible to attackers even when attempting to access the data through recovery mode. One of the main reasons file-based encryption is preferred over block-based encryption is that it is more difficult to verify the security of block-based encryption, and the algorithms used in block-based verification can be complex and challenging to implement correctly. Additionally, block-based encryption only encrypts data and does not provide any integrity checking, so if the data becomes corrupt, there is no way to detect it and the decryption process will continue. This can result in broken files at best and potentially allow attackers to tamper with or exploit the Linux kernel at worst, as noted by Linux kernel maintainers
optimumpro said:
So, when TWRP has full access to your system, an adversary may succeed in removing your screen lock/password/pattern and force system to boot straight without any lock. Note, the attacker wouldn't have to deal with encryption at all, but rather use natural Android weakness, which is: the first boot after installing a brand new rom is always without password prompt. So, in this case, the attacker will have the full access to your data.
Click to expand...
Click to collapse
This quote is mostly (the bad part) FALSE. The decryption on the files cannot be performed until AFTER the device has been unlocked. If an attacker installs something that skips the lockscreen, the files will NOT be decrypted, since that lockscreen password/pin/pattern/etc. is needed to gain access to the key.
No matter what, whether the device bootloader is unlocked or not, or the device has root access or not... if the device is physically outside of the owner's control, it is necessary to assume that security on it has been compromised and should not be trusted. As the owner, you should assume that it has been backdoored, so wipe it fully and reinstall OS.
there is one exception, though. in AFU state, FBE is already decrypted (same as FDE)
https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass
(does not concern powered off devices)
96carboard said:
Are you looking at this from a data security standpoint? Or from "make sure its worthless to the thief".
Data security I believe is much more important than causing the phone to self destruct if stolen, and from a data security standpoint, you don't need to worry about root, because the data stored in the userdata partition is ENCRYPTED, and this encryption is tied to lockscreen security. In other words, they need to be able to legitimately get past the lockscreen in order to have unencumbered access to your data, regardless of what they change with respect to boot and system partitions.
If on the other hand, you're more worried about rendering the device worthless if stolen (i.e., thief can't actually use it), then you're actually talking about gooble's factory reset protection, which pretty much locks you to factory images, and locked bootloaders, and the "unlock bootloader" switch set to not-unlockable.
Factory reset protection works by forcing you to validate that you are the owner of the gooble account previously registered as owner of the device. It can be trivially bypassed as long as the "allow oem unlocking" flag is set to true, or the device has a 3rd party OS key installed, such as from grapheneos.
Also, having the device REPORTED as stolen if it is, will make it unable to connect to a cellular network, which pretty effectively makes it worthless.
Click to expand...
Click to collapse
Not all of this is really right on the head.
tarun0
FRP is VERY easy to bypass. Takes me about 2 minutes on Android 13 Jan 2022 update on 7 Pro, 7, 6a, 6 pro, 6, 5a, 5, 4a 5g and the 4a. The data is wiped though, so it at least can't have data stolen, but the FRP is more like a fence with a gate that you can just reach the other side to unlock with a paper clip lol
As far as getting past lock screen, there's USB plug-in's that if a true back actor wanted to get into the phone, it bypasses usb debugging and can force test thousands of pins and patterns per minute without flagging the maximum attempt trigger. But again, what's the chance of a phone getting stolen by someone with that level of knowledge? 90% of phone thieves take it, run and sell it quick flip.
Also, with a custom Android recovery, adb commands are possible, so if the device is rooted with a custom recovery, there's ways to extract the lock screen file where its stored and use it. I don't think the recoveries based on LineageOS can do this, but TWRP definitely can as I've done it personally. So far there's no twrp for any android 13 device to my knowledge. Even the android 12 variants of twrp are shotty and barely function.
Dirty flashing a rom will also remove any passcode generally on a phone. and make data accessible.
Reporting it stolen only goes so far. You can spoof the IMEI if rooted or straight up change it if you have tools like MiracleBox
Long story short, an unlocked bootloader and a rooted android device make the device very insecure. The only roms out there that let you re-lock the bootloader after flashing the rom are Graphene and CalyxOS. And I really don't recommend calyx. Its a pile of ****. Don't root graphene either, as you'll have to leave the bootloader unlocked
TechX1991 said:
Dirty flashing a rom will also remove any passcode generally on a phone. and make data accessible.
Click to expand...
Click to collapse
we are talking about FBE encryption, not old FDE encryption with default_password. do not claim what you haven't tested yourself. FBE is simply secure in BFU state. also against bruteforce as gatekeeper lives in TEE. after 140 attempts the timeout has increased to 1 day.
kindly read about how FBE works
https://android.stackexchange.com/a/241688