Android Oreo's Rollback Protection Will Block OS Downgrades

jbernardo writes: Google is using the boiling frog method to exclude power users and custom ROMs from android. A new feature in Android 8.0 Oreo, called "Rollback Protection" and included in the "Verified Boot" changes, will prevent a device from booting should it be rolled back to an earlier firmware. The detailed information is here. As it rejects an image if its "rollback index" is inferior than the one in "tamper evident storage," any attempts to install a previous version of the official, signed ROM will make the device unbootable. Much like iOS (without the rollback grace period) or the extinct Lumias. It is explained in the recommended boot workflow and notes below, together with some other "smart" ideas.

Now, this might seem like a good idea at first, but let's just just imagine this on a PC. It would mean no easy rollback from windows 10 to 7 after a forced installation, and doing that or installing linux would mean a unreasonably complex bootloader unlocking, with all your data wiped. Add safetynet to the mix, and you would also be blocked from watching Netflix or accessing your banking sites if you dared to install linux or rollback windows. To add insult to injury, unlocked devices will stop booting for at least 10 seconds to show some paternalist message on how unlocking is bad for your health: "If the device has a screen and buttons (for example if it's a phone) the warning is to be shown for at least 10 seconds before the boot process continues." Now, and knowing that most if not all android bootloaders have vulnerabilities/backdoors, how can this be defended, even with the "security/think of the children" approach? This has no advantages other than making it hard for users to install ROMs or to revert to a previous official ROM to restore missing functionality.

not evil

[rogoshen1]

No really guys, just look at our motto!

Re:not evil

[cjjjer]

When Alphabet took over they removed that motto from their code of conduct in 2015 so they are free from "doing no evil" for 2 years now...

Re:not evil

That's their OLD motto. The new one is "We build robots for the government."

Re:not evil

[Tough+Love]

Alphabet never "took over". It is still the Larry, Segey and (to a lesser extent) Eric show, nothing changed. This always was who they were.

One question, Google

[Opportunist]

Care to inform me why the fuck me, or anyone who has at least parts of his mental health remaining, would want to buy such a device?

Re:One question, Google

[hawguy]

Care to inform me why the fuck me, or anyone who has at least parts of his mental health remaining, would want to buy such a device?

Probably because nearly all consumers have no interest at all in rooting their phone, installing a custom ROM, or even rolling back to a previous release. It's a very tiny subset of users that care about such things, not enough for most companies to care about serving them.

Re:One question, Google

Care to inform me why the fuck me, or anyone who has at least parts of his mental health remaining, would want to buy such a device?

You don't want to be brainwashed by "the fruit cult" into paying egregious amounts of money for a device that can be made for under 100 USD outside of the USA?

Re:One question, Google

Businesses would buy such a phone or tablet as an additional layer to mobile device management to prevent employee from making modifications to the device.

Re:One question, Google

Can you tell me why I shouldn't want that feature? It sounds great. What's the downside?

Re:One question, Google

[thegarbz]

Care to inform me why the fuck me, or anyone who has at least parts of his mental health remaining, would want to buy such a device?

With several billions of smartphones in the world and several 10s of thousands of people at the most interested in custom ROMs or potentially downgrading firmware (which can't be done without voiding the warranty on any current smartphone anyway), ...

care to inform me why anyone bar a rounding error of people would give a damn?

Re:One question, Google

Care to inform me why the fuck me, or anyone who has at least parts of his mental health remaining, would want to buy such a device?

Because Apple devices will suck even harder and if Google somehow surpass Apple in sucking, then Apple will find new ways to suck even harder!

Re: One question, Google

Not me. Typing this on an android 6 phone now... Which came out on 5. 5 worked great, had a backdoor for root. 6 ended all that, and introduced many obvious bugs like the vendor was trying to sunset the model. Blame the carrier or the handset manufacturer for those bugs sure, but i think im going to go back to 5 for the best experience (and i'll rely on tight selinux rules, asr etc for security). Actually this phone is fantastic and tho it was $850 new is old stuff at $250 new now (still available - old stock presumably). Maybe I should buy 4 of them to keep me going until someone releases a good open android app compatible linux based option with replacable battery, memory card (saved me from loosing irreplaceable family photos not yet backed up last time my phone died) and a quality camera/optics.

Re:One question, Google

[bluefoxlucid]

Maybe because nobody lied to them about not being able to install custom ROMs?

The frigging summary is like, "It will prevent you from installing custom firmware by checking the roll-back index of official, signed firmware and refusing to boot official, signed firmware with a lower roll-back index". That doesn't say it will do anything special for unofficial firmware.

Been there with Secure Boot

Welp, looks like I'm never buying a new Android phone. This is going to be secure boot Google edition, with the bricked systems and all.

Re:Been there with Secure Boot

[Ungrounded+Lightning]

Welp, looks like I'm never buying a new Android phone...

My phone company (AT&T) pushed an OS update onto my smartphone a couple weeks ago. I wonder if it enabled this "fix" (or if the next one will).

Re:Been there with Secure Boot

You realise you can still turn this "secure boot" system off completely with fastboot oem unlock and install anything you like, just like always?

Re: Been there with Secure Boot

And how do you do that now that most vendors have blocked it? Is there a list of devices which we can still unlock?

Re: Been there with Secure Boot

[dbitter1]

From 'Murica, probably not. I bought my last phone- a LG G4- from British Amazon, and got the unlockable EU version. Unlocked SIM to start, with NO spyware apps, just a vanilla android install. Enter a (legally obtainable) dev code, poof, unlocked boot loader, and the rest is easy. Often times (not sure if this is still the case today) you also get a phone with the capability to use more bands than the just-US ones the carriers sell, so they can save $.05 while they overcharge you. Also +1 for removable/replaceable battery. LG FTW.

Have you noticed lately..

that google is pretty much killing itself.
All the recent news about google are just scandals, this is good stuff, im glad to be here to see the start of the end for it.

Re: Have you noticed lately..

Problem is they will loose such a small amount of people they'll still make more money than ever before. This wont hurt them financially so its not the end.

So

[fermion]

Wasn't there just a security alert about phines being rolled back without the users knowledge on phones?

On a PC if you are going to 'roll back' the best thing to do it start from a clean hard disk. The only reason to this is if there are problems, in which case the safetest thing to do is to wipe the machine.

Does the Android phone have forced installation, if so then Antoine buying it is an idiot. If not, then why bring it up.

And as always data is only lost if you don't back it up. Now, on upgrade data can also be migrated so you may not be able to use it one an old system, but again, if this is not a forced upgrade, why didnt you back up data.

What is this, the day /. lets the children run the front page so they can whine about the fact the candy store charges momey?

Re:So

As far as I can tell (and I'm an iOS security professional, not an Android one) that particular attack involved rolling back individual security component packages, not the entire OS. I don't believe that the anti-downgrade "feature" Google is pushing with Oreo offers any mitigation against this kind of attack. I may be wrong about that, however.

Re:So

Antoine buying it is an idiot.

Why bring Antoine into this?

Re:So

Does the Android phone have forced installation, if so then Antoine buying it is an idiot. If not, then why bring it up.

I guess you've never used a smartphone, they all come the OS pre-installed, and all of the "secure" data already written, with no way to erase / change it. By definition, the installation is forced because attempting to install anything else will result either in a device booting to a firmware error message and subsequent firmware download mode or a paperweight.

Some (few unless you buy a "developer's" phone or import an unlocked one from overseas) devices allow the use of non-signed OS images, but this is not ubiquitous. In the US it's practically non-existent due to carrier contracts and lock-ins. Even major electronic retailers carry very little (if any!) unlocked devices and the ones that are unlocked are not marked or advertised in anyway, so it's a case of checking the model number online.

Most of the time the only way to gain control over the device is to hack the pre-installed OS. Which means keeping the device on an exploitable OS version, as an upgrade would remove the hack and (potentially) close the hole used to get back in.

This means that for users who want greater control over their current device, they had two options:

1. Find an exploit on the current version of the OS.

2. Find an exploit that was previously usable on an older version of device's OS, and downgrade it. (This is what TFS is talking about preventing users from doing.)

This "protection" is pointless. Most devices are not kept up to date anyway, so the protection won't be a significant factor passed the point of sale. Although, this does give the DRM lovers a new toy to play with, so expect to see it used on the flagship phones. (Samsung, HTC, Blu, and the like.)

Second of all, most exploits are for the kernel. THAT gets updated very rarely, due to the non-maintained proprietary bits that depend on very specific kernel APIs to make the hardware work. So although this might apply to let's say Android O -> P it won't do much for the kernel that wasn't updated.

Finally this does nothing to protect the users post boot. You'd need to hack the system anyway to write to the system partition, and once you have that you pretty much have what you want from a hacking standpoint. An upgrade could wipe you out, but a downgrade would as well, and there's little point to downgrading with root level access if you are going for anything malicious. Root already has access to most, if not all, valuable user data, and further acquisition of valuable data requires a user unaware of the intrusion. (Something that a downgrade might just make noticeable.) If anything these "protections" just make persistence past upgrades more difficult, while making sure that the device won't have an unexpected user customization that makes exploitation more difficult. (Hypervisor / external encryption / authentication / etc.)

In the end this won't protect end-users. This is just taking another pot shot at power-users, while grandstanding for the commoners to get easy "we're doing SOMETHING" points.

Fuck Google

[sexconker]

Fuck Google.
Fuck Google.
Fuck Google.

I like this.

[poptix]

I don't want *my* device stolen, downgraded, then rooted. I want it secure.

I buy devices that can be OEM unlocked and rooted though, (currently the Pixel XL) in case I want a custom ROM or root.

As long as I can buy a device capable of being OEM unlocked and/or rooted I don't see the problem. If you have an issue with rev XYZ of a ROM you can always install a derivative with a fix from XDA, or a straight up copy of a prior version with a different name/version, just not a *signed* copy of a prior version.

tldr; All this does is prevent thieves from backtracking to an exploitable ROM. If you have authorized access you can still OEM unlock and do whatever you want.

Re:I like this.

It also prevents legitimate users that might need to rollback due to a bug or feature that affects them badly in a new build from rolling back. Really this should be a completely optional check that is user settable as a rollback can be critical. I have had to rollback twice in recent years due to breaking changes and why is it unreasonable to want to be able to use the last known good build from the manufacturer as I don't want to root m phone or put on custom roms.

Re:I like this.

[rtkluttz]

A persons device is the person who is administrator. If YOU aren't root on your own device then you aren't the owner. So now, if someone has to choose between traditional bad people trying to own your device with malware and make it work against you or googles malware making it work against you.

Re:I like this.

[Xenx]

Just as a point, if there is a setting to enable/disable the security check.. you make the security check easier to bypass.

Re:I like this.

Because there is pretty much no upgrade on Android :p

Re:I like this.

[toejam13]

I've owned android devices ever since my T-Mobile G1 and I have *never* needed to roll back an OS upgrade.

I have. I upgraded my Galaxy S1 Fascinate from stock Android 2.3 to a Cyanogenmod Android 4.0 ROM, but later rolled back to stock because of how frequently my handset would freeze.

My Galaxy S5 Neo just upgraded to Android 7.0 last week. The lock screen clock is now weird, lock screen controls for PowerAmp are now buggy, and the several programs now seem to just sit and think for a second or two. I tried replacement lock screen apps to fix the first two issues, but they bring their own set of bugs. I'm half tempted to roll the handset back to Android 6.0. Probably going to be my last Samsung phone.

Re:I like this.

I don't want *my* device stolen, downgraded, then rooted. I want it secure.

Then buy an iPhone.

This is so hilarious that after years of seeing Android fanbois point at the iOS and saying how bad it is that Apple users cannot downgrade iOS, now this same "feature" is coming out for Android, we see the Android fanbois all coming out in favor of it!

Welcome to your new walled garden. The difference with Apple is your garden is owned by a company whose main profit center comes from spying on you. I would rather go with the company that profit from overpriced hardware.

Re:I like this.

Yeah because ios is magically more secure..

Re:I like this.

It's not magic, but yes, it is more secure.

There is a reason Android exploits sell for only one hundred to two hundred dollars each, and iOS exploits sell for one million to ten million each.

Perhaps now that will change and Android exploits giving root will climb in value too.

Re:I like this.

You know that Apple has been largely blocking downgrades since the 3GS in 2009, right?

Re: I like this.

Also, provided bootloader unlock is possible, I don't see where the problem is. Real power users that can't roll back the butter easy way will do it the macho way and having to format the entire damn phone is a non issue for them.
This feature is only a problem for ex-iphone users who don't know how to deal with computers to begin with. The rest of the Android community will continue unaffected.

Re: I like this.

Its so hilarious how you don't have the faintest idea that the rollback can be done with a bootloader unlock. People are complaining about easy rollback vs hard rollback, not the impossibility of doing it.
Stop talking about what you don't know.

Re: I like this.

Lol, the reason for the price difference is that the people exploiting it have free reign, just like the malware that went undetected for 2 years on Ma cs.

Users like you believe you're invulnerable because of the OS you run, even if it's jailbroken regularly (i.e. exploiting a bug)

Re:I like this.

[l20502]

I had to roll back my phone once to the laggy and old stock version so I could take videos on a vacation, thanks Qualcomm!

Re:I like this.

[poptix]

I didn't see anything about this which prevents you from having root on your device. Can you provide more details?

Re:I like this.

[poofmeisterp]

It also prevents legitimate users that might need to rollback due to a bug or feature that affects them badly in a new build from rolling back. Really this should be a completely optional check that is user settable as a rollback can be critical. I have had to rollback twice in recent years due to breaking changes and why is it unreasonable to want to be able to use the last known good build from the manufacturer as I don't want to root m phone or put on custom roms.

I hear ya, but hear me out... I doubt this is the reasoning. The "Why" is: Google isn't stupid... Are they? Assuming they aren't stupid and wanting to be a center point of attention for a massive security breach of "all users of Android Oreo" (or something of that ilk), this hits a brick wall. The logic, their logic, that is. If a new release comes out and several weeks later after most (meaning a lot) of the users have upgraded their devices, an exploit gets found where any device running the OS can be compromised; this leaves all of the users in a state of danger until Google finds a way to release a fix for all vendors running that version. The users can't take the device somewhere and have it downgraded to prevent the exploit from being available until Google releases "their fix".

This is essentially sounding like a Windows 10 mock behavior. "We take control" is good if you're an idiot, but it's also really bad if you're an idiot OR smart and the controller creates a dangerous situation for your finances (to be blunt). Yes, I'm aware you can unlock the bootloader/etc, but that's for the current power users set. The end idiot/smart (but non-power) users succumb to Google's authority. This isn't news. What's new is the inability to have an instructional new-release or friend method of getting around the problem.

The best method for attacks now is to have the malicious code execute and do its bidding. When the device is rebooted for anything, I mean anything, any reason at all, that boot will cause the device to be corrupted/wiped. That's what I'd do if I were a malware producer. That way the choice of the end user is to "leave the device alone and let the malware do its malwaring, or power it off and lose everything if [I] power it back on."

Screw ransomware's encryption stuff. Put a dent in the economy by disabling peoples' mass connectivity methods they're used to. Sure, workarounds will be found (find a phone on a desk and call using it, check your stock shit on some computer at your desk at work or home, post your pictures/videos of every element of your life using a stand-alone camera and desktop computer to your FB/Twitter/etc account, etc etc). It's not that we won't survive, it's that people will lose their way, and when many people lose their way, mass hysteria sets in.

Anyhow, I'm not typing all of this to come up with doomsday scenarios. It's just real - doing something like this locks a person in to using something that can be found to be bad, and have them locked into a bad place until a way out of that bad place is found and pushed on them. That or most everyone needs to learn how to unlock bootloaders, back up data, install an Android custom OS, restore data elements, and be fluid with back and forward software down/upgrades, you know, a power user. Just the ridiculousness of that past sentence makes it clear that it ain't'a'gonna happen.

Android Just Made My Decision For Me

Going with an iPhone. At least Apple is the devil we know.

Re:Android Just Made My Decision For Me

[reboot246]

To hell with that. Why do I have to choose any devil at all?
Somebody, please, just give me an old flip phone.

Re:Android Just Made My Decision For Me

[thereitis]

Looking at some "failed" entries to the mobile phone world: Amazon, Ubuntu, Mozilla, Microsoft: if they don't sell a bazillion phones then the plug is pulled. With that kind of track record, who wants to take a chance on a new phone OS?

Re:Android Just Made My Decision For Me

[Xenx]

In this case, they're obviously talking about the fact that Apple is relatively upfront about the fact that you're going to use the phone as they decide. A flip phone is going to be even more restricted in function than an iPhone. You're basically just picking which name you want the devil to go by.

Re: Android Just Made My Decision For Me

I'll bootloader unlock my phone everyday if that is what it takes before joining the Apple cult.

Splash screen

[kaoshin]

http://www.nouveaugallery.com/...

Can malware use this to prevent patching?

[dacut]

One potential flaw in this mechanism: I think a malware image can prevent rolling back to a known-good image by setting the rollback indexes to ridiculously high value, say 2147483647 (2**31-1).

This diagram shows how the workflow is supposed to proceed. If Mallory gets her verification key onto your device (either by social engineering or another flaw), then her custom malware image can be booted by the device in locked mode. The user will get a warning about this being a custom OS (good!), but then the rollback index values in Mallory's image are written to the stored rollback index values (bad!). If I then attempt to go back to Oreo 8.0, it won't let me.

A better mechanism would be to have a set of stored rollback index values per verification key, not a global set per device. Then I could roll back to the stock factory image from a Mallory's malware image.

Re:Can malware use this to prevent patching?

[Kjella]

Can't you use the A/B support for that, one for stock Android, one for custom OS? From the example they seem to have different rollback indexes.

Re: Can malware use this to prevent patching?

How can you install Mallory's malware image?

A locked bootloader phone requires signed images to update or change.

Nothing here says you can't reinstall the current version on top of the corrupted one

Re:Can malware use this to prevent patching?

[poofmeisterp]

One potential flaw in this mechanism: I think a malware image can prevent rolling back to a known-good image by setting the rollback indexes to ridiculously high value, say 2147483647 (2**31-1).

This diagram shows how the workflow is supposed to proceed. If Mallory gets her verification key onto your device (either by social engineering or another flaw), then her custom malware image can be booted by the device in locked mode. The user will get a warning about this being a custom OS (good!), but then the rollback index values in Mallory's image are written to the stored rollback index values (bad!). If I then attempt to go back to Oreo 8.0, it won't let me.

A better mechanism would be to have a set of stored rollback index values per verification key, not a global set per device. Then I could roll back to the stock factory image from a Mallory's malware image.

Good info, thanks!

I'm being humorous, but truthful. This feels like "Ad non-view punishment". If a ad-blocker is installed, you can get those nice "ads pay for our site; you can't view unless you see the ads" on a desktop OS. This seems like a "if you have a custom installed OS, you get to wait 10 seconds as a time-out".

I know it's not the same, but it just seems to match. A user who installs a custom ROM on an unlocked phone should have to see the warning, at most, 1 time. To see it every time is a form of coercing the user into going back to the main or losing ADHD valuable time if user doesn't wanna.

"No advantages"

[93+Escort+Wagon]

This has no advantages other than making it hard for users to install ROMs or to revert to a previous official ROM to restore missing functionality.

No advantages - except enforcing security, whether you want it or not. And the story link provided even says Rollback Protection can be disabled.

Now you may not want it - you may think you're smart enough to not need it - but let's not pretend there's no reason for this.

The summary's proffered example of "no easy rollback from windows 10 to 7" is technically true, but overstating things quite a bit for dramatic purposes. More relevant analogs would be "no easy removal of Windows security patches you've previously applied" and "no easy rollback from your current Linux kernel to the previous one which contained a remote root exploit".

Re:"No advantages"

[rtkluttz]

Security against who? I am the owner of my devices. Anything that prevents the owner from doing what they wish is the definition of malware whether it is coded by Russians or by Google.

Re:"No advantages"

And let's be honest here. Google's Android upgrade process is not exactly smooth. On my Nexus 4, the OTA update would always fail with broken android guy and I'd have to reflash manually. Even after factory image reinstall next OTA would always fail.

Thankfully I got rid of that piece of shit crap and got an unlocked iPhone SE (couldn't believe how cheap they are nowadays). Never had any overheating issues, random reboots or upgrade issues like with Google's shit.

Google's SafetyNet is a joke that is easily bypassed. They are just trying to make it more relevant because every time they do something people on xda bypass that security theater in a matter of days if not hours.

Re:"No advantages"

[Xenx]

If it was an upgrade forced on an existing device, you have a point. For any device that is sold with the feature, you're knowingly purchasing a device that performs this check. That means you don't care enough to check, don't mind it, or want the feature. Regardless of which one, it isn't malware at that point.

Re:"No advantages"

[fafalone]

So your more relevant analog is "no easy removal of Windows security patches you've previously applied", and somehow you feel things are overstated? Inability to roll back Windows security patches would be outright catastrophic given the frequency at which they break something.

Re:"No advantages"

Prevent me from fuck-all? Nothing wrong with that picture ... rather, that's a libertoon definition of WTF ... nobody else hold that crappy attitude or expresses those crappy needs. Freak suck belladonna !

Re:"No advantages"

The definition of rtkluttz is a "fucked-up wad of used sanitary napkin".

Re: "No advantages"

Calling bs.

I've had or been in contact with dozens of phones, and have had precisely 0 problems doing updates. I don't even back up because it's so reliable. (And this is after locking and unlocking bootloaders, playing with or recovering from water damaged phone that was stuck in a boot loop then fixed by a shop).

You had one device that may have been faulty. In my experience, Many i users have similar \ same problems (random battery problems, etc) but just shrug it off.

Re:"No advantages"

[bluefoxlucid]

If I physically steal your phone, an unlocked bootloader lets me replace your firmware with a custom, insecure firmware that bypasses your lock screen and everything.

If you lock your bootloader, I can use an exploit to hack into your phone and take control.

If you upgrade your phone's official OS image, I can load an earlier version of the OS image and then hack into it anyway.

This anti-rollback mechanism stops that last one. Remember: A brick costs $0.89 at Home Depot. I can probably get most people's phones out of their possessions. Prostitutes have been able to pull it off while getting paid by the person they're robbing.

Re:"No advantages"

[JohnFen]

except enforcing security, whether you want it or not.

If "security" is being enforced against my wishes, it is an attack.

Re: "No advantages"

You are an idiot if you think Googles upgrade process is reliable. Reliable is rolling back to old version if upgrade fails. Google doesn't do that and leaves the system in fucked up state.

Just because it works 99.9% of time doesn't mean it's smooth and perfect. Just because you haven't encountered issues doesn't mean there are no issues.

Did I state that everyone has these issues? No. I stated that I had them. You are calling BS on what exactly?

Re:"No advantages"

[kiminator]

You're making the incorrect assumption that security patches only prevent you from doing certain things with your device. This is far from the case. By large, security patches are designed to prevent exploitation of your device by other actors. If, for example, you use your phone for banking or payments, you should be extremely motivated to ensure that you have minimized the possibility of anybody hijacking your device and gaining access to your money as a result.

Google

More evil from google

Reset-persistent malware; Google Play Movies

[tepples]

If you're buying an Android device used, you want to know whether the previous owner hasn't installed malware that persists across an apparent factory reset. Popping up a "This device runs a custom operating system" notice while the bootloader is loading the kernel is an unobtrusive way of doing this.

If you're buying an Android device, and you watch movies, you want a wide selection of movies. Google can do one of two things. It can keep its license from major movie and television studios to offer their works through Google Play by continuing to improve the digital restrictions management that deters copying a rented stream. Or it can lose its license and pull the works from Google Play, and end users will end up having to buy an iPod touch, iPhone, or iPad in order to continue to watch notable movies and television series once the licensed apps become iOS-exclusive.

Re:Reset-persistent malware; Google Play Movies

Or Google can ask the providers why Windows gets a pass.

Re:Reset-persistent malware; Google Play Movies

[Kjella]

Or it can lose its license and pull the works from Google Play, and end users will end up having to buy an iPod touch, iPhone, or iPad in order to continue to watch notable movies and television series once the licensed apps become iOS-exclusive.

You mean after the major movie and television studios see a mysterious 80-90% drop in revenue and torrents get another vitality boost. There's no way they could afford dropping Android as a market, it's like saying that if we broke the protection on DVD/BluRay/UHD BluRay they'd stop selling discs and force us to the cinema. Everyone can see that's a bluff.

Re:Reset-persistent malware; Google Play Movies

Mul-ti-pass?

Re: Reset-persistent malware; Google Play Movies

I don't see your point, at all. The truism is: There is no safety once the hardware is controlled. Period. Full stop. Second hand buyer has zero integrity assurance.

See the sublime Ken Thompson compiler hack. Recursive, infinite.

King Fucker Chicken

Re:Reset-persistent malware; Google Play Movies

[poofmeisterp]

If you're buying an Android device used, you want to know whether the previous owner hasn't installed malware that persists across an apparent factory reset. Popping up a "This device runs a custom operating system" notice while the bootloader is loading the kernel is an unobtrusive way of doing this.

If you're buying an Android device, and you watch movies, you want a wide selection of movies. Google can do one of two things. It can keep its license from major movie and television studios to offer their works through Google Play by continuing to improve the digital restrictions management that deters copying a rented stream. Or it can lose its license and pull the works from Google Play, and end users will end up having to buy an iPod touch, iPhone, or iPad in order to continue to watch notable movies and television series once the licensed apps become iOS-exclusive.

I'm sorry to throw this in, but I don't "get" the "new" generation. If I want to watch a movie, I have a device at home that puts it on a large screen for me to sit on this thing called a "couch" and watch. The "need" to have a way to watch mobile-accessible versions of shows/movies/etc is scary. I also say this because I work at a place where productivity falls in departments under the top-level one (top-level department, that is) because people watch movies and shows at work. Their work contains errors from distraction and they seem overwhelmed with too much work with very little work actually being performed.

Ban the devices. Well, we did. People left and others hid the fact they were doing it but their "symptoms" persisted and they were eventually confronted. Only 10%, LITERALLY 10% stopped and wanted to keep their job. Their performance increased. The other 90% left or (at least two people) were fired because what they were being paid was more than what they were producing. We were basically paying them to entertain themselves at work.

The ban was lifted because attrition and in-company mass planning to reduce productivity "won". Now people are individually canned if their production is lower than the lowest (reminds me of school grading curves). To be more to the point of "I don't get people" is that most all of them have headphones/headsets and listen to music all day. They need background noise or something. I don't get it. They have been found to type words from their songs into what they're working on; again, no joke. I (37yo), don't find it difficult to have the noise of other people, machines, HVAC, etc from serving as my "background noise". It actually helps me concentrate on topics more. I've tried listening to music with headphones, and it helps lock me into one task, but it reduces my performance by an estimated 70%.

I don't get it. Having said that and being a psychological "master-reader", I never will get it. It's a generational thing.

Much like Lumias?

any attempts to install a previous version of the official, signed ROM will make the device unbootable. Much like iOS (without the rollback grace period) or the extinct Lumias.

Pretty sure it was possible to downgrade Lumias with Windows Device Recovery Tool.

Baaah Baaaaah.

[CrashNBrn]

What ClickBait, This has nothing to do with customROMs.

"RollBack Protection", prevents the device from booting from an earlier major version of Android. So as to prevent would-be thieves from easily wiping the device and obviating Android Oreo's security mechanisms.

Android 8.0 Oreo Review

No more OS downgrades—If an attacker steals your phone, Android has several security features in place that will make it more difficult to access your device. It doesn't help matters much if the attacker can just downgrade the operating system to a version that didn't have those protections in place, so with that in mind Android 8.0 introduces "rollback protection" into the Verified Boot process. With rollback protection, Verified Boot will no longer start up an OS that it detects has been downgraded to an earlier version.

Developers (or Android-obsessed journalists) that need to downgrade their device to an older version for testing or checking something can disable this feature, which will trigger the usual slew of boot-up warning messages. Google also says it has "hardened the bootloader unlocking process," which should make it harder for bugs or malicious apps to unlock the bootloader without user approval.

Re:Baaah Baaaaah.

[mjwx]

What ClickBait, This has nothing to do with customROMs.

Yes, but the problem is that the headline "OMG! New Iphone" just isn't bringing in the clicks like they used to, so running a scare non-story about Android is the best they can do. It seems the announcement of a new Iphone now brings in as much fanfare as Toyota, announcing a new Camry.

The 2 minutes Android hate is a regular occurrence on /. now.

Re:not evil, just dumb

[davecb]

Downgrade attacks were a problem with old Sambas, so it's a real concern. Google just did the mitigation badly.

Hanlon's razor: "Never attribute to malice that which is adequately explained by stupidity"

No viable alternatives?

[waspleg]

Subject.

Sadly we're getting what most of us deserve

How many of us have purchased random hardware when there were vendors out there working to improve things either because it was cheaper or because we needed it immediately/otherwise too impatient!! Hardware doesn't magically just work with Linux. There are people and companies that have to do the work or convince the right chipset vendors to release code or even do the work for them. The reality is if we want phones that are in the users and community's control we got to purchase from vendors and companies working to give us that control regardless of what they offer. They'll never get to a point where they have something we want if we don't support them now (even when they don't have what we want exactly). The Linux market is huge, but only a tiny fraction which is maybe 3% are buying Linux hardware from companies that are working on getting the complete set of code released for their devices. Check out ThinkPenguin.com or MiniFree.org as both companies are working on getting code released and/or engineering (well ThinkPenguin is, they have or are working on EOMA68 for engineering, release of ath9k-htc source so we can have properly supported USB wifi chipsets to build adapters off, or at least get adapters that work (they sell em too), they fund LibreCMC and sell wifi routers, etc) or otherwise contributing something of value (ie the person behind Mini Free has contributed to LibreBoot).

What comes after EOMA68 is potentially a modular communications device designed from the ground up to evade or reduce the resolution of tracking (all cellular devices depend on being tracked to receive or make calls) and separate cellular modem components from the rest of the phone such that encryption can actually work against malicious adversaries (ie cellular modem firmware will never be releasable and communications carriers / government have remote control of firmware updates and can and have used this to spy on the rest of the device, so any encryption on a phone currently is futile, separating the modem and providing power on/off control of it to the main CPU can solve or reduce this problem to one degree or another).

Re:Sadly we're getting what most of us deserve

[tepples]

How many of us have purchased random hardware when there were vendors out there working to improve things either because it was cheaper or because we needed it immediately/otherwise too impatient!!

Or because another factor, such as screen size, was the deciding factor. There aren't any laptops smaller than 13 inches at System76 or ThinkPenguin, for instance.

Hobson's choice: the feature or no device

[tepples]

For any device that is sold with the feature, you're knowingly purchasing a device that performs this check. That means you don't care enough to check, don't mind it, or want the feature.

Or you have checked, the result being that all devices available to the public include the feature, and you begrudgingly accept the feature. This, for example, is true of the "Windows 10 preinstalled, no other OSes warranted" feature of every non-Apple laptop PC shown in a U.S. retail chain's showrooms. Technically, one might argue that this falls under "don't mind it" but I felt that this sort of Hobson's choice was worth mentoining.

Re:Hobson's choice: the feature or no device

[Xenx]

There are a number of options available, The choice isn't this or nothing. The choice is this, that, the other, or nothing. People aren't guaranteed there will be a phone that meets all of their wants. The best you can do is decide which are most important and choose one that meets those..

Re:Hobson's choice: the feature or no device

[tepples]

The choice is this, that, the other, or nothing.

Where this, that, and the other all have the same anti-feature.

Re:Hobson's choice: the feature or no device

[Xenx]

No need to lie to support your side of the argument. There are options w/o this feature.

Re:Hobson's choice: the feature or no device

[tepples]

I asked about Linux laptops in a Staples store, but the sales associate told me all laptops came with Windows. I asked about Linux laptops in a Best Buy store, but the sales associate told me all laptops came with Windows except the MacBooks. So among non-Apple laptops in U.S. retail chains, which are the "options w/o this feature" of Windows?

Re:Hobson's choice: the feature or no device

[Xenx]

You incorrectly(partially) compared the situation to Windows. My counterpoint was in regards to the actual topic, Android, and not Windows. However, there are options for laptops without Windows. They are limited, and generally found online. You'll also find that you're not likely to save much money getting one without Windows.

Re:Hobson's choice: the feature or no device

No need to lie to support your side of the argument. There are options w/o this feature.

You are the one that is lying. What options?

Re:Hobson's choice: the feature or no device

[tepples]

My counterpoint was in regards to the actual topic, Android

What new, non-Apple replacement for an Android device can I find in stores? An Apple device requires a Mac, such as a $499 Mac mini, in order to load non-Store apps.

However, there are options for laptops without Windows. They are limited, and generally found online. You'll also find that you're not likely to save much money getting one without Windows.

Saving money is secondary to saving time working around things like broken audio, broken Wi-Fi, broken Bluetooth, broken backlight brightness control, broken suspend, a laptop keyboard that doesn't agree with my hands because I never had the chance to try it first, a laptop screen that doesn't agree with my eyes because I never had the chance to try it first, or a chassis that is so large that it is difficult to find a bag that doesn't scream "This is a laptop bag; please come rob me."

Re:Hobson's choice: the feature or no device

[Xenx]

You're anon, so I shouldn't expect much anyway. Technically, just about every android phone on the market right now is an option without this feature. There is literally no way to know which manufacturers are going to support it or not in the future. However, pretty much any device that comes with an unlocked bootloader would be a place to start. I would imagine the manufacturer's that embrace that market wouldn't use this feature. In the off chance they do, an unlocked bootloader means you still ultimately have some control.

Already left Apple due to this crap.

Latest major OS bricks your device and that is that.

This does not prevent custom ROMs!

[Namarrgon]

As is made clear further down, the rollback index does not prevent custom ROMs, old versions, or anything else from being installed IF the device's bootloader is unlocked - as has always been the case when installing custom ROMs.

All it does is prevent locked devices from being downgraded (to a presumably less-secure version that could be exploited). Locked devices are locked for security, so this is entirely expected behaviour. If you would rather take control and manage your own security, you can unlock the bootloader at any time (at least on Google's own devices; YMMV with other vendors). Then you can install anything you want.

Re:This does not prevent custom ROMs!

[Sark666]

Good to hear. But regarding root, if I have a device that has a root procedure, I'll then be excluded from future ota updates. Worse still, it tries to install and fails and have a non booting device. To get the update you have to disable root, which causes other issues.

I like having a device with root access but they make it a pain in the ass to actually maintain the device if you still want official updates. This doesn't apply if you have a custom rom.

Re:This does not prevent custom ROMs!

[Namarrgon]

OTA upgrades always verify the hashes of the files they're upgrading before anything starts. If you've managed to root your locked device without modifying system files then it will upgrade fine (but usually leave you without root afterwards). If you have modified system files then the upgrade will fail that check before it upgrades anything, and you'll have unroot it & restore the system to stock (or re-flash the stock OS image) to get OTAs again. This rollback protection won't affect that.

Re:This does not prevent custom ROMs!

[AmiMoJo]

Root users can manually download and install OTA updates. I do it all the time.

Having said that, my primary phone is unrooted and the bootloader locked. The only reasons I had to root have all become moot now - granular permission control and ad blocking. Both are available without root, and the extra security provided by a locked bootloader and fully encrypted phone is extremely valuable.

Re:This does not prevent custom ROMs!

Is "locking" a fuse, like it was on old Android? Or is it a switch, like it is on ChromeOS?

If you can unlock, downgrade, and relock, then we have no problem. but your comment stops just barely short of saying that.

ChromeOS is the model citizen here. It's had downgrade protection since day 1, but the protection is, "during a downgrade, wipe of userdata is enforced by a small program with little attack surface." In this case, the program runs on the TPM. There's a counter in the TPM that, if you want to decrement it, you have to forget a disk encryption key.

Android have been B-team compared to ChromeOS since day 1 on both user respect and security.

Re:This does not prevent custom ROMs!

[Namarrgon]

Yes, you can re-lock the bootloader as easily as unlocking it, and have been able to since the Nexus S. Unlocking will of course always wipe user data, and on some devices re-locking may wipe it as well.

iOS has more paid app and IAP revenue per user

[tepples]

You mean after the major movie and television studios see a mysterious 80-90% drop in revenue

How so? Last I checked, revenue from paid apps and IAPs per user is nine times as large on iOS compared to Android. This gap is so big that it more than offsets Android's larger user base.

Re: iOS has more paid app and IAP revenue per user

Apple's market is rich people with more money than brain cells. Android's market is everyone else.

Re:iOS has more paid app and IAP revenue per user

[AmiMoJo]

The methodology in that article is flawed.

They measure the revenue from Google Play vs. the Apple Store. However, Apple requires all payments to go through Apple. The Amazon app on iOS can't process any payments, it takes you to the Amazon web site instead. Everything has to go through Apple, including all in-app purchases.

Google is far less restrictive. You can install entire alternative apps stores (and they are very popular in China and India). You can have your own payment systems, e.g. Amazon or Netflix directly. Netflix used to charge more on iOS to cover the Apple tax, I don't know if they still do.

DRM requirement for 4K streaming

[tepples]

Or Google can ask the providers why Windows gets a pass.

Probably because it's easier to upgrade a random PC to the latest build of Windows 10 than to upgrade a random phone to the latest build of Android. This allows app developers to exclusively target a new feature update (such as Anniversary, Creators, or Fall Creators) where known holes in Protected Media Path and other digital restrictions management technologies in Windows 10 have been plugged.

And no, Windows doesn't necessarily get a pass. No app (legally) plays UHD Blu-ray movies on Windows on a PC with a CPU older than Kaby Lake or an operating system other than Windows 10. You may also need to replace your motherboard with one that supports Intel SGX and your video card with one that supports AACS 2.0 and HDCP 2.2. (Source) Movie studios have put similar requirements on 4K streaming. (Source)

Re:DRM requirement for 4K streaming

[ZorinLynx]

Does any of this even slow down piracy though? I see movies on the torrent sites often before their release dates.

Re:DRM requirement for 4K streaming

[KozmoStevnNaut]

Looks like I'm sticking with good ol' 1080p, then.

Fuck DRM.

Re:DRM requirement for 4K streaming

It does not. Those of us who pirate shit get a superior experience literally because Hollywood cripples the legit one.

toolz

Are you desperately in need of a hacker in any area of your life???

I will help you at affordable prices, i offer services like
-hack into your cheating partner's phone(whatsapp,bbm.gmail,icloud,facebook and others)
-Sales of Blank ATM cards.

-hack into email accounts and trace email location -all social media accounts,

-school database to clear or change grades,

-Retrieval of lost file/documents

-DUIs -company records and systems,

-Bank accounts,Paypal accounts -Credit cards hacker

-Credit score hack -Monitor any phone and email address

-Websites hacking, pentesting.

-IP addresses and people tracking.

-Hacking courses and classes.

my services are the best on the market and 100% security and discreet work is guaranteed. Email: northpolehackers@gmail.com

So do you want safety or liberty?

[iamacat]

You get to choose. Either get an easily unlockable device like Pixel or OnePlus and install whatever ROM you want. Fine, 10 second boot delay, but how often do you boot a phone? Or, you just don't worry about it and just be safe. Then you don't want someone to downgrade your phone to an OS version that can be targeted with various exploits. If you change your mind, you can still unlock the bootloader after verifying some information with your vendor or wireless provider to make sure it's really you. What do you honestly think is better for an average non-technical user who has some pretty private information on that phone?

Re:So do you want safety or liberty?

You don't get to choose. The competition between nations and their corporations, is to see who can take your freedoms while limiting your abilities to provide your own safety, in exchange for nothing, while requiring you to pay for the 'service'.

You get to choose between a sandwich and a douche, as southpark put it.

Re:So do you want safety or liberty?

[bluefoxlucid]

Revolution Remix boots pretty fast.

Much like iOS? Nope.

[scdeimos]

As it rejects an image if its "rollback index" is inferior than the one in "tamper evident storage," any attempts to install a previous version of the official, signed ROM will make the device unbootable. Much like iOS (without the rollback grace period) or the extinct Lumias.

That's not how the iOS downgrade grace period works at all. The installation blobs of iOS are code signed with expiring keys and the expiry dates are (generally) set to 2 weeks after the next iOS release.

This means you can at least trick iTunes/iOS into downgrading after the expiry period so long as you've kept the downloaded blobs and use tools like Prometheus... but Google's basically shut the door on its Android users.

google is the most dangerous company in the world

do not use google products, please always look for an alternative.

google is evil (https://abc.xyz)

https://vimeo.com/203355957
https://www.amazon.com/They-Live-Trailer/dp/B00H2TCK7S

Re:not evil, just dumb

[currently_awake]

If the next version of the OS is found to have a massive security bug after you install it, with no work-around in sight, the logical temp fix is to roll back to the prior version. Or if the new version blocks "Install other OS" or some other useful feature without prior warning, you might choose to reverse the install.

Re:not evil, just dumb

[davecb]

I agree: asking the user if they're OK with the change is better, and re-asking on boot when someone's selected a know hacked version is a minimally adequate way to confirm it was the user who said OK and not some virus.

Re: not evil, just dumb

[bogeskov]

Ohhh. You mean like this https://m.slashdot.org/story/3...

Re:not evil, just dumb

[Dripdry]

Hanlon's Razor:
It means that the willfully malicious get a free pass by acting stupid or claiming stupidity, and teaches people the same. It's a hair away from victim shaming, where someone feels/knows that someone has done wrong but they're told,"Oh, it's ok that person is just stupid." What utter nonsense!
I'm tired of Hanlon's Razor. It's totally bankrupt.

Re:not evil, just dumb

[davecb]

Whereas to me it says "most things can be fixed, without needing to murder the person who caused it" (;-))

In the specific case of Google, they repeat one particular stupid mistake every time they start something new: they assume that they've covered all the ways it can go wrong, and therefore don't need a customer support mechanism. This is a minor variation on that bit of arrogance.

Nope

[JohnFen]

this might seem like a good idea at first

No. No, it doesn't.

Android connected to TV; watching on bus commute

[tepples]

I have a device at home that puts it on a large screen for me to sit on this thing called a "couch" and watch.

A lot of such devices run Android OS. If Android loses movies, these users will switch to Apple TV.

The "need" to have a way to watch mobile-accessible versions of shows/movies/etc is scary. I also say this because I work at a place where productivity falls in departments under the top-level one (top-level department, that is) because people watch movies and shows at work.

For those not afflicted in the way you go on to describe at length, it's not about watching movies and TV shows at work as much as watching them on the bus or train ride to and from work. Or is it considered suspicious for an employee to get to and from work in any way other than a personal automobile?

This is part of verified boot

Unlock the bootloader and this is bypassed.

how about Forced Data Theft aka Telemetry

Will the new system allow the user to choose if they want their data stolen by google or even Windows? Why is everyone not calling the representatives to call for a privacy law that would put an end to the data raping of users by companies?

Re: not evil, just dumb

Its not arrogance, its a closed world assumption