Android Nougat Won't Boot If Your Phone's Software Is Corrupt Or Has Malware

An anonymous reader shares a report on Android Authority: In a bid to increase the security of the Android operating system, Google has introduced a new check for malware as part of the boot process in all Android devices. Until Marshmallow, Android devices ran the check as part of the boot process and in Marshmallow, the phone would warn you that it was compromised but would continue to let the phone boot up. In Nougat however, Google is taking this security check to the next level. On the Android Developer's blog, the company explains that Android Nougat strictly enforces that boot check, giving you far more than a warning. The good news is that if your phone is infected with types of malware, it will refuse to boot or will boot in a limited capacity mode (presumably akin to safe mode). The bad news however, is that some non-malicious corruption of data could also mean that your phone will refuse to boot up. Considering that corrupted data may not always be malicious -- even a single-byte error could cause your phone to refuse to boot up -- Android Nougat brings additional code to guard against corruption.

Fixed it for you

[140Mandak262Jamuna]

Android Nougat Won't Boot If Your Phone's Software Is Corrupt Or Has Malware unapproved by google

Re:911

[Miamicanes]

The really fucked up and sad thing is, when Samsung developed Knox, they bent over backwards to ensure that its security didn't depend upon the user having never rooted or reflashed the phone. It had an immutable stage-one bootloader that could ALWAYS be used to boot into a secure & known state from which the second stage of the bootloader could be reflashed, then used to restore the phone to its virgin & secure state.

They ended up disabling it in favor of one-time bootloader fuses, because big corporate clients point-blank refused to adopt Knox unless it permanently exiled rooted and reflashed phones to eternal exile. I participated in calls with Samsung about it, and ended up having HUGE arguments with my own coworkers trying to convince them that Samsung was right. I tried to explain how ARM TrustZone worked, and how Samsung used it to make the stage-1 bootloader absolutely bulletproof. In the end, irrational fear prevailed over logic and design. A feature that could have been used for good ended up being used to cripple the phones of anyone who tried to chainload a better build of Android. RIP.

Making matters worse, Samsung and other manufacturers went a step further with the next generation of phones, and started designing them to be dysfunctional (at least, as far as their wireless functionality was concerned) if the user attempted to treat the locked-down Android as a de-facto bootloader & use it to chainload their own Android ROM (basically, shutting down all the kernel services, killing off all the system threads besides one, then launching the new Android from that final thread). It was never about security, but about asserting control over end users and limiting what they could do. I'm convinced that Samsung tried to do the right thing, but when the largest mobile operator in America (Verizon) threatens to quit allowing its customers to use your phones, it's hard to fight back. Then AT&T joined the lockdown party, knowing that even though they're technically a GSM network, forcing Samsung to lock down its devices would ultimately cause Sprint & T-Mobile devices to end up locked down too, because at that point it would cost more for Samsung to maintain unlocked phones than T-Mobile would have been willing to single-handedly subsidize (Sprint was ambivalently neutral... it didn't care either way, but absolutely wouldn't have paid a premium to maintain a feature they were unenthusiastic about anyway).

The Galaxy Note 4 is a perfect example of why the impact of carrier evil extends beyond the users of the evil carrier itself. The T-Mobile version had an unlocked bootloader. And ultimately, had maybe a half-dozen useful ROM distros for it that ever progressed beyond the "unstable experiment" stage. Why? The number of users capable of RUNNING those ROMs had diminished to a tiny subset of T-Mobile customers. Back when Sprint and AT&T phones were locked with the equivalent of a skeleton key hidden under the doormat (and Verizon's bootloader could be sidestepped via chainloading), there was a large, thriving developer community that took advantage of the fact that the Galaxy S3 was basically the same hardware on every network in America (even the CDMA ones). With the Note 4, that same community was eviscerated & almost completely dried up.