Android 7.0 devices could be harder to root, won't boot at all if the software is corrupt

In a recent post over at the Android Developers Blog, Google software engineer Sami Tolvanen revealed that devices shipping with Android 7.0 Nougat out of the box will strictly enforce verified boot. Ever since Android 4.4 KitKat, the OS has supported verified boot – albeit only through the optional dm-verity kernel feature initially – which checks for potentially unwanted rootkits that could compromise the security of the device. As of Marshmallow, Android has also begun alerting about possible system integrity issues, but nothing more.

This is about to change with the introduction of Android 7.0 Nougat – or at least as far as devices running the new OS out of the box go – with enforced system integrity boot checks, which won't allow Android to boot if the boot image or partition are corrupt. Optionally, users may be asked if they want to use a limited capacity mode.

Enforcing verified boot is definitely a step toward greater security for Android users, but it could also lead to more problems on devices suffering from software and/or hardware issues, where the possibility for disc corruptions to occur is greater. This is where a new error correction system comes into play, which is supposed to help devices recover from loss of data storage blocks to some extent.

Enforcing verified boot could potentially make it harder to install custom ROMs. This is hard enough already on devices with “hard” locked bootloaders and Android 7.0 won't help with that, which could be a good thing, depending on your point of view.

source: Android Developers Blog