Android Nougat won’t boot if your phone has malware!

[Preach2k]

A recent report states in a bid to increase the security of the Android operating system, Google introduced a new check for malware as part of the boot process in all Android devices. Up until Marshmallow, the software ran a check as part of the boot process, the phone would warn you that your phone was compromised but would continue to let the phone boot up. In Nougat however, Google is taking this security check to a new level.

Nougat strictly enforces that boot check, giving you far more than a warning. What happens is if your phone is infected with types of malware, your phone will refuse to boot or will boot in a limited capacity mode (Maybe in safe mode). However, the corruption of data could also mean that your phone will refuse to boot up…

Android has alerted about system integrity since Marshmallow, but starting with devices first shipping with Android 7.0, we require verified boot to be strictly enforcing. This means that a device with a corrupt boot image or verified partition will not boot or will boot in a limited capacity with user consent. Such strict checking, though, means that non-malicious data corruption, which previously would be less visible, could now start affecting process functionality more.

In the changes we made to dm-verity for Android 7.0, we used a technique called interleaving to allow us to recover not only from a loss of an entire 4 KiB source block, but several consecutive blocks, while significantly reducing the space overhead required to achieve usable error correction capabilities compared to the naive implementation.

However, for those who root or use custom firmware, this could pose a problem as Google says that any device with a locked bootloader will use this to check for modifications. Unless your smartphone has an unlocked bootloader , using custom ROMs and tinkering with your smartphone will be a lot harder with Nougat.

What do you guys think of the changes to the boot process in Nougat and the additional security?

Source

 

[Narsil]

As long as it does not interfere with my unlocked bootloader, I really don't care how it impacts the plebs. <grin>

 

[FoxKat]

A recent report states in a bid to increase the security of the Android operating system, Google introduced a new check for malware as part of the boot process in all Android devices. Up until Marshmallow, the software ran a check as part of the boot process, the phone would warn you that your phone was compromised but would continue to let the phone boot up. In Nougat however, Google is taking this security check to a new level.

Nougat strictly enforces that boot check, giving you far more than a warning. What happens is if your phone is infected with types of malware, your phone will refuse to boot or will boot in a limited capacity mode (Maybe in safe mode). However, the corruption of data could also mean that your phone will refuse to boot up…







However, for those who root or use custom firmware, this could pose a problem as Google says that any device with a locked bootloader will use this to check for modifications. Unless your smartphone has an unlocked bootloader , using custom ROMs and tinkering with your smartphone will be a lot harder with Nougat.

What do you guys think of the changes to the boot process in Nougat and the additional security?

Source

It's interesting, and as a general statement virus protection and detection can only be a good thing in the long run.

This is however I believe a two -pronged purpose. First it is intent on keeping the OS secure and to help bolster it as a secure OS that can be safely adopted in otherwise secure environments such as corporate and enterprise scenarios. Second, it is in fact a way to further reduce the tinkering that is done to the OS by hackers or developers both with good intentions and bad, to minimize the problems they create that cause the phones to operate in a manner other than as is intended by the manufacturer and the carrier.

As much as we may love to be able to customize and even to install completely revised versions of the OS, there are some who do this with very little experience, and who when operation problems arise after often bring those problems to the technical support teams at the carriers and manufacturers who are then tasked with troubleshooting and attempting to resolve, only to eventually being forced to revert the phones once again to stock.

All this extraneous and unnecessary support is an expense to them and yet is obviously through no fault of their own. Expense leads to reduced profits, which then often leads to increased fees (price increases), and increased efforts to lock them down.

We have all seen the OS evolving and we have also played a huge part in its evolution. What was an OS that met some of our needs initially but was not as robust and customized as we thirsted for brought with it a huge push from the developer community. As these highly innovative ideas came forth many were eventually incorporated into subsequent versions of the OS much to the appreciation of the end users.

Over time the needed revisions have diminished since updates incorporated them and so the developer crowd has dropped off from an overwhelming roar to a soft murmur over the past 6 plus years. Again, this is good for the consumer, good for the manufacturers and good for the OS collectively. However and therefore, the need for rooting, custom ROMs and such has in many peoples' opinions been virtually eliminated.

The phones and OS are now fast, powerful, highly stable, extremely robust, highly customizable, and truly in many ways are now an indispensable part of our everyday lives. What has become more important for a huge sector of the consumer base is security and so this latest evolution of proactive security is only natural. With Blackberry almost completely out of the game, it leaves a void that Google is rightly trying to capture a huge part of. Apple has its base and has also absorbed a large chunk of these left behind but there is still lots more to be assimilated and this is just a step in the right direction as far as I am concerned.

Sent from my XT1585 using Tapatalk

 

[kixfan]

If there was an app that functioned like Titanium backup without root I would have to reason to root. I'm over the custom ROM stuff. More of a pain than it's worth to me.

 

[Mustang02]

If there was an app that functioned like Titanium backup without root I would have to reason to root. I'm over the custom ROM stuff. More of a pain than it's worth to me.

Curious to know what apps you need TiBu for?



Sent from my Nexus 5X using Tapatalk

 

[kixfan]

Curious to know what apps you need TiBu for?



Sent from my Nexus 5X using Tapatalk

I used to use it to backup all my apps and data. I have never had good luck restoring from any cloud backups. I tried using LG Backup on my phone but it only seemed to restore the apps not the data and only a few apps not all of them. I have games that don't backup to the cloud. I also used it to freeze and uninstall AT&T bloatware. I can disable them but not remove them now.

 

[pc747]

Year after year we are needing less root apps. Those apps that was a must when I rooted back in the day; SetCPU, tibu, root explorer, greenify, Xposed, etc, I no longer need, use, or miss (I now use root explorer as a file manager after I dumped ES).

As phones are getting better we are no longer needing to overclock, save battery life (unless you are running nougat right now), or add functionality. Where I had a list of "must have" rooted apps back in the day, I can't even think of one rooted app that i must have. In fact I don't even see needing to unlock my bootloader anymore.

Sent from my Nexus 6P using Tapatalk

 

[Narsil]

To me, it all boils down to who actually owns the device. If I own the device, then I should have ABSOLUTE and total administrative rights on my device. Period. End of discussion. If Verizon or (in my case) Huawei owns the device then I should not pay full price for the device because I am only leasing it.

Who would buy a PC on which they didn't have admin rights? It's ridiculous.

 

[pc747]

To me, it all boils down to who actually owns the device. If I own the device, then I should have ABSOLUTE and total administrative rights on my device. Period. End of discussion. If Verizon or (in my case) Huawei owns the device then I should not pay full price for the device because I am only leasing it.

Who would buy a PC on which they didn't have admin rights? It's ridiculous.

Oh I agree, the moment Google starts preventing people from unlocking the bootloader I might as well go Apple. Just because I don't do it anymore does not mean they should take away that option.

Sent from my Nexus 6P using Tapatalk

 

[FoxKat]

To me, it all boils down to who actually owns the device. If I own the device, then I should have ABSOLUTE and total administrative rights on my device. Period. End of discussion. If Verizon or (in my case) Huawei owns the device then I should not pay full price for the device because I am only leasing it.

Who would buy a PC on which they didn't have admin rights? It's ridiculous.

I hear your argument and it mostly makes sense if you look at only that piece, however there are other complicating factors that change the picture and make it both reasonable and even warranted.

For instance, you buy a car. It's engine is capable of making the car go maybe 120mph off the factory line for you, however that same car can have its maximum speed raised to maybe 150mph simply by changing a chip on board however the only persons that are legally allowed to do so are law enforcement. The governor was put in place to protect both you and other innocent drivers on the road from your car becoming a danger. It's perhaps not the best analogy but here is a case where you are prevented from modifying your car, the car you paid money for due to how that modification could impact others. Another one would be modifying a semi-automatic rifle that you bought and paid for and own completely into fully automatic. The same issue of laws, rights and repercussions exist.

The argument is that modifying your phone could potentially negatively impact the network you are licensing the right to use it on and that would result in a negative experience for others and an undue burden on the network provider.

Sent from my XT1585 using Tapatalk

 

[Narsil]

My problem with your argument, FoxKat, is that I keep hearing that so very few people even root their phones anymore that we rooters have no collective pull with the manufacturers and carriers. So which is it? Are there so few of us that do it at all that we have no influence with manufacturers and carriers or is there such a vast army of rooters that the minority of us who cause problems are so many that they are bringing mighty Big Red's network to its proverbial knees? I don't see how there can simultaneously be enough moron rooters to cause problems AND so few rooters period that we have no influence.

I think the real issue is that of control. Verizon wants absolute and total control over everything on their network, including their clients' devices. I don't think they have any moral right to dictate what people do with their own devices.

 

[FoxKat]

My problem with your argument, FoxKat, is that I keep hearing that so very few people even root their phones anymore that we rooters have no collective pull with the manufacturers and carriers. So which is it? Are there so few of us that do it at all that we have no influence with manufacturers and carriers or is there such a vast army of rooters that the minority of us who cause problems are so many that they are bringing mighty Big Red's network to its proverbial knees? I don't see how there can simultaneously be enough moron rooters to cause problems AND so few rooters period that we have no influence.

I think the real issue is that of control. Verizon wants absolute and total control over everything on their network, including their clients' devices. I don't think they have any moral right to dictate what people do with their own devices.

OK, I understand your point and also why you'd feel that way. Truth is there is a much smaller "army" of rooters and modders out there than there were perhaps at the height of this revolution, 2012-2014 would be my guess. Still there are a significant number even here, and all you have to do is visit sites like XDA to see that it's still alive and vibrant in many respects.

As for why Verizon would want their phones locked down as mentioned, I have to step back and ask that question of myself. How does Verizon benefit from locking phones down? Do they somehow get a "kick" out of "control[ing]" their customers? To have that opinion it seems one would have to view Verizon as a "person" with an ego and perhaps a sadistic mentality, rather than a "company" with engineers who know how these phones impact their network, board of directors who are responsible for managing the company for the best possible profitability and for the ultimate benefit of the shareholders, and that the motivation behind this so-called "control" has everything to do with keeping the network secure and running with as few problems as possible. Could it be that they somehow get more money from us if our phones are not rooted...absurd, I know (well, not really if you consider tethering or increased operating costs), but you see where I'm going with this. So then what is the real reason or reasons behind this?

We as consumers (mostly), don't know all that's involved in how these phones communicate over the network but given the extreme complexity, and with these being mobile communication devices given the constantly changing and incredible dynamics of the network it's easily conceivable that a modification of one phone (or a whole traunch of users who may adopt such modifications), could cause a disruption or disturbance of the operation of their network, even if only in one local cell site or if only for a fraction of the bandwidth. It's even more conceivable that it could cause a major interruption of service over a wide area. Remember, Verizon advertises themselves as "the most reliable" network.

I will say that MOST modifications do nothing with respect to the cellular communications portion of the phones' operation, but are mainly for more freedom to customize the user experience and enhance its functionality and capabilities, so any that are modifying the phone in a manner that could impart effects in communications are likely very few. Still, any service disruptions translate into troubleshooting support by highly skilled and highly paid technicians required to root out (no pun intended), the cause and make any changes they can put into effect to resolve the problem. This translates into reduced profits.

Another side to this that I have said before is technical support at the end-user level and I know that people have modified their phones, suffered some kind of technical issues and rather than giving consideration to the modifications as the cause they instead got on the phone and attempted to troubleshoot the problems with Verizon. Imagine the frustration the support reps experience when after spending what could be even an hour or more of troubleshooting finally discover the phone is operating on a modded version of the OS and that eventually it's determined to be the cause. That is time that they were being paid to provide "free" technical support at the expense of Verizon, lost revenue they can't possibly recover.

We can't dismiss the possibility that they are trying to further prevent people from circumventing the safeguards put in place to stop people from tethering their phones to laptops and such. Clearly the use of excessive data is an issue with them and we see the UDP plans being put under even greater pressure in the hopes of moving away from excessive data use. With a rooted phone, you can go in and change an "entitlement" value and suddenly your phone which before would actually check with Verizon's network to make sure you were paying the $30/month fee for Mobile Hotspot, will now completely bypass that and you can use it to provide unimpeded internet service to laptops, desktops, virtually any WIFI devices in the home or workplace that you decide you want service for but don't want to carry a separate plan for.

Sometimes we all have to step outside our own shoes for a moment and give some consideration to the feelings of others. How would we feel if it were our company and through mods our customers were afflicting us with greater expense and increased technical issues?

Finally let's not forget they MUST provide a reliable 911 service and I know for a fact that SOME of the modifications I've seen flush through the modding community actually prevented the phones from making 911 calls. I know that my OWN phone would stall and freeze, many times being unable to do anything for sometimes minutes at a time while running mashups of Android, and that it eventually caused me to have to go back to stock. You only have to search to quickly find people running "nightly releases" who complain of no cellular service, spotty service, call interruptions, and more. FORTUNATELY there were no reports I'm aware of where that inability resulted in harm to persons or property but with terrorism now in the forefront of the news and a plank of the election of our next president it's got to be a part of this consideration.

Imagine if a modded phone couldn't make a call during a terrorist attack and as a result more lives were lost than if they were able to reach first responders? Is any life OK to lose? It is not perhaps a "moral right" to dictate what people do with "their" phones, but instead it's a "moral obligation" to protect them from the consequences of unexpected failure.

From Cyanogenmod's own website;

"
CyanogenMod 9 - 10.2 build tags
CyanogenMod 9 through 10.2 were qualified with tags: Experimental, Nightly, Release Candidate, and Stable. The Snapshot tag was added with the introduction of M builds in CyanogenMod 10.2. These tags were meant to indicate a build's suitability for general use.

• Nightly: usually generated every 24 hours, experimental, newest features, unstable
• Experimental: testing version requested by device maintainers to evaluate specific changes
• M Snapshot: milestone snapshot, more stable than a nightly but potentially some issues
• Release Candidate: last builds before stable release, few minor issues, mostly stable, and safe for daily use
• Stable: most stable version available, all or nearly all issues resolved"

In this example, someone running a "nightly" release (deemed "unstable"), or even a "release candidate" or "stable" version could easily suffer compete failure of the phone and if it happens at the most inopportune time it could result in loss of life. Notice it says ratings are to indicate a build's "suitability for GENERAL use"? I would bet if you asked him directly whether ANY of his versions were suitable for "EMERGENCY" use he would say no, and tell you that only an OEM version of the OS should be trusted to perform under all circumstances. And of course, if it doesn't, and you're running a modded version of the OS, and then had to sue them for compensation due to losses for its failure during a crisis you would most certainly lose.

 

[cr6]

Vehicles, guns, rooting, & terrorism? ROFL!
#AnalogiesGoneWild!


S5 tap'n

 

[FoxKat]

Vehicles, guns, rooting, & terrorism? ROFL!
#AnalogiesGoneWild!


S5 tap'n

Sorry, couldn't resist...

 

[FoxKat]

All kidding aside, does it make sense to say that preventing us from rooting and unlocking bootloaders is just Verizon wanting to "control" us? There HAS to be some legitimate reason or reasons for this that make good economical, legal, moral, responsible sense and it surely isn't customer domination.