Android Nougat Won't Boot If Your Phone's Software Is Corrupt Or Has Malware

An anonymous reader shares a report on Android Authority: In a bid to increase the security of the Android operating system, Google has introduced a new check for malware as part of the boot process in all Android devices. Until Marshmallow, Android devices ran the check as part of the boot process and in Marshmallow, the phone would warn you that it was compromised but would continue to let the phone boot up. In Nougat however, Google is taking this security check to the next level. On the Android Developer's blog, the company explains that Android Nougat strictly enforces that boot check, giving you far more than a warning. The good news is that if your phone is infected with types of malware, it will refuse to boot or will boot in a limited capacity mode (presumably akin to safe mode). The bad news however, is that some non-malicious corruption of data could also mean that your phone will refuse to boot up. Considering that corrupted data may not always be malicious -- even a single-byte error could cause your phone to refuse to boot up -- Android Nougat brings additional code to guard against corruption.

DoS by design

[Henriok]

This sounds like an excellent complementary feature for malware to trigger for a DoS attack.

Re:Emergencies?

You mean after trying to evade arrest and waving a knife/gun/axe around? Or just when you get into an armed fight with a cop and lose? Or you decide to run at a cop, even though there's a gun pointing at you and you've been told to stop? Or you've just shot a cop and don't like bullets traveling in the opposite direction? Or you decided on assisted suicide, but didn't tell the cop he was assisting? Or you don't behave aggressively, comply with any lawful requests the officer makes, but still get shot? Because that last one happens all the time!

Read TFA... not bricked

[jlv]

Ignoring the implied hype in TFA, they quote the original blog post:
"This means that a device with a corrupt boot image or verified partition will not boot
or
will boot in a limited capacity with user consent."
(line breaks added for clarity).

Re:A pattern emerges

[swillden]

8.) Openness is formally removed.

Android is *not* removing openness. I'm a member of the Android security team, and worked around the edges of this feature. We (I'll use that pronoun for simplicity, but please note that I'm not claiming credit) put a great deal of additional effort into making sure that it supported modders who unlock their bootloaders and install custom software. We even made sure that they can use the verified boot feature to ensure that their self-signed images are not modified without their knowledge.

The goal is not to prevent modding, the goal is to improve security by ensuring that malicious images can't be installed.