Slashdot Mirror

← Back to Stories (view on slashdot.org)

Android Oreo's Rollback Protection Will Block OS Downgrades (androidpolice.com)

Posted by BeauHD on from the feature-spotlight dept.

jbernardo writes: Google is using the boiling frog method to exclude power users and custom ROMs from android. A new feature in Android 8.0 Oreo, called "Rollback Protection" and included in the "Verified Boot" changes, will prevent a device from booting should it be rolled back to an earlier firmware. The detailed information is here. As it rejects an image if its "rollback index" is inferior than the one in "tamper evident storage," any attempts to install a previous version of the official, signed ROM will make the device unbootable. Much like iOS (without the rollback grace period) or the extinct Lumias. It is explained in the recommended boot workflow and notes below, together with some other "smart" ideas.

Now, this might seem like a good idea at first, but let's just just imagine this on a PC. It would mean no easy rollback from windows 10 to 7 after a forced installation, and doing that or installing linux would mean a unreasonably complex bootloader unlocking, with all your data wiped. Add safetynet to the mix, and you would also be blocked from watching Netflix or accessing your banking sites if you dared to install linux or rollback windows. To add insult to injury, unlocked devices will stop booting for at least 10 seconds to show some paternalist message on how unlocking is bad for your health: "If the device has a screen and buttons (for example if it's a phone) the warning is to be shown for at least 10 seconds before the boot process continues." Now, and knowing that most if not all android bootloaders have vulnerabilities/backdoors, how can this be defended, even with the "security/think of the children" approach? This has no advantages other than making it hard for users to install ROMs or to revert to a previous official ROM to restore missing functionality.

8 of 119 comments (clear)

  1. I like this. by poptix · · Score: 4, Informative

    I don't want *my* device stolen, downgraded, then rooted. I want it secure.

    I buy devices that can be OEM unlocked and rooted though, (currently the Pixel XL) in case I want a custom ROM or root.

    As long as I can buy a device capable of being OEM unlocked and/or rooted I don't see the problem. If you have an issue with rev XYZ of a ROM you can always install a derivative with a fix from XDA, or a straight up copy of a prior version with a different name/version, just not a *signed* copy of a prior version.

    tldr; All this does is prevent thieves from backtracking to an exploitable ROM. If you have authorized access you can still OEM unlock and do whatever you want.

    --
    Just because you disagree doesn't mean it's not true.
  2. "No advantages" by 93+Escort+Wagon · · Score: 4, Informative

    This has no advantages other than making it hard for users to install ROMs or to revert to a previous official ROM to restore missing functionality.

    No advantages - except enforcing security, whether you want it or not. And the story link provided even says Rollback Protection can be disabled.

    Now you may not want it - you may think you're smart enough to not need it - but let's not pretend there's no reason for this.

    The summary's proffered example of "no easy rollback from windows 10 to 7" is technically true, but overstating things quite a bit for dramatic purposes. More relevant analogs would be "no easy removal of Windows security patches you've previously applied" and "no easy rollback from your current Linux kernel to the previous one which contained a remote root exploit".

    --
    #DeleteChrome
  3. Re:One question, Google by hawguy · · Score: 2, Informative

    Care to inform me why the fuck me, or anyone who has at least parts of his mental health remaining, would want to buy such a device?

    Probably because nearly all consumers have no interest at all in rooting their phone, installing a custom ROM, or even rolling back to a previous release. It's a very tiny subset of users that care about such things, not enough for most companies to care about serving them.

  4. Re:not evil by cjjjer · · Score: 3, Informative

    When Alphabet took over they removed that motto from their code of conduct in 2015 so they are free from "doing no evil" for 2 years now...

  5. Baaah Baaaaah. by CrashNBrn · · Score: 4, Informative

    What ClickBait, This has nothing to do with customROMs.

    "RollBack Protection", prevents the device from booting from an earlier major version of Android. So as to prevent would-be thieves from easily wiping the device and obviating Android Oreo's security mechanisms.

    Android 8.0 Oreo Review

    No more OS downgrades—If an attacker steals your phone, Android has several security features in place that will make it more difficult to access your device. It doesn't help matters much if the attacker can just downgrade the operating system to a version that didn't have those protections in place, so with that in mind Android 8.0 introduces "rollback protection" into the Verified Boot process. With rollback protection, Verified Boot will no longer start up an OS that it detects has been downgraded to an earlier version.

    Developers (or Android-obsessed journalists) that need to downgrade their device to an older version for testing or checking something can disable this feature, which will trigger the usual slew of boot-up warning messages. Google also says it has "hardened the bootloader unlocking process," which should make it harder for bugs or malicious apps to unlock the bootloader without user approval.

  6. This does not prevent custom ROMs! by Namarrgon · · Score: 5, Informative

    As is made clear further down, the rollback index does not prevent custom ROMs, old versions, or anything else from being installed IF the device's bootloader is unlocked - as has always been the case when installing custom ROMs.

    All it does is prevent locked devices from being downgraded (to a presumably less-secure version that could be exploited). Locked devices are locked for security, so this is entirely expected behaviour. If you would rather take control and manage your own security, you can unlock the bootloader at any time (at least on Google's own devices; YMMV with other vendors). Then you can install anything you want.

    --
    Why would anyone engrave "Elbereth"?
    1. Re:This does not prevent custom ROMs! by AmiMoJo · · Score: 3, Informative

      Root users can manually download and install OTA updates. I do it all the time.

      Having said that, my primary phone is unrooted and the bootloader locked. The only reasons I had to root have all become moot now - granular permission control and ad blocking. Both are available without root, and the extra security provided by a locked bootloader and fully encrypted phone is extremely valuable.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  7. Re:Been there with Secure Boot by Anonymous Coward · · Score: 2, Informative

    You realise you can still turn this "secure boot" system off completely with fastboot oem unlock and install anything you like, just like always?