Android 7.0 devices could be harder to root, won't boot at all if the software is corrupt

Android 7.0 devices could be harder to root, won't boot at all if the software is corrupt
In a recent post over at the Android Developers Blog, Google software engineer Sami Tolvanen revealed that devices shipping with Android 7.0 Nougat out of the box will strictly enforce verified boot. Ever since Android 4.4 KitKat, the OS has supported verified boot – albeit only through the optional dm-verity kernel feature initially – which checks for potentially unwanted rootkits that could compromise the security of the device. As of Marshmallow, Android has also begun alerting about possible system integrity issues, but nothing more.

This is about to change with the introduction of Android 7.0 Nougat – or at least as far as devices running the new OS out of the box go – with enforced system integrity boot checks, which won't allow Android to boot if the boot image or partition are corrupt. Optionally, users may be asked if they want to use a limited capacity mode.

Enforcing verified boot is definitely a step toward greater security for Android users, but it could also lead to more problems on devices suffering from software and/or hardware issues, where the possibility for disc corruptions to occur is greater. This is where a new error correction system comes into play, which is supposed to help devices recover from loss of data storage blocks to some extent.

Enforcing verified boot could potentially make it harder to install custom ROMs. This is hard enough already on devices with “hard” locked bootloaders and Android 7.0 won't help with that, which could be a good thing, depending on your point of view.

source: Android Developers Blog

FEATURED VIDEO

26 Comments

1. SamDH1

Posts: 419; Member since: Apr 21, 2015

It doesn't make it harder. The way the new system works is to verify from the initial OS, and keep checking it after each boot, as long as it has a locked bootloader. With root, and custom ROM's, the bootloader is unlocked by the user, and that process is not changing. So if you don't root, then you are extremely safe with this new implementation, otherwise it's just like always. Easy to root and same security we have now.

3. nh1402

Posts: 137; Member since: Oct 30, 2013

exactly, as long as the sources are available and the device has an unlocked/unlockable bootloader, you can install whatever kernel you like.

5. vincelongman

Posts: 5554; Member since: Feb 10, 2013

Agreed IMO this is a great update It brings better security for those who dont unlock their bootloader And people who do unlock their bootloader are not affected

4. Planterz

Posts: 2120; Member since: Apr 30, 2012

If I understand this correctly - and that's certainly debatable - this applies more to hacks/exploits to achieve root access, rather than flashing custom firmware through an unlocked bootloader.

6. SamDH1

Posts: 419; Member since: Apr 21, 2015

Yep exactly that, it will make the OS unbelievably secure for everyday users. And the root community is getting smaller too, because Stock Android has pretty much brought all the good stuff over now. So it's just a wonderful time to be on Android.

12. zeeBomb

Posts: 2318; Member since: Aug 14, 2014

Thank you knowledgeable user.. dang PA always trying to fragment false info! Just new methodology that's all. Scooby Doo: "phew"

2. maple_mak

Posts: 953; Member since: Dec 18, 2013

Root or security? I only choose security. Actually, root also good for some users who wants more feature, but it will let my phone become unsecured by modified ADB.

7. meanestgenius

Posts: 20999; Member since: May 28, 2014

Sounds like there *may* actually be some influence from BlackBerry concerning this. The PRIV goes through this same process.

8. sukrith2194 unregistered

There might be... Nowadays everyone is working with Googleto make Android better than what it already is!

18. PenTiltoKet

Posts: 552; Member since: May 18, 2016

Oh c'mon. THAT'S NOT TRUE AT ALL!! BB have no influence or involvement in this, and THIS IS NOT BB technology / patent!!! What Google use is GOOGLE CHROMEBOOK technology. Google already have this technology for more than 5 years on their chromebook. But, because Chromebook under sundar pichai, while android under andy rubin, these secure boot technology does not cross to android. NOW, because both chromebook and android under sundar, android start using this tech too.

19. meanestgenius

Posts: 20999; Member since: May 28, 2014

I do so love when you reply to me with your gibberish, nonsense, and flat out COMPLETELY MISINFORMED BS. I also must commend you on searching out my comments. That's some real tenacity that you're showing there! Anyway, "Questions came after it was revealed that BlackBerry's BB10.3.2 software, along with BES12, has earned STIG approval from the Defence Information Systems Agency for use at the US Department of Defence. BlackBerry hopes that Android's inferior security will change, however, and Chen revealed that the company has an internal project focusing on boosting the security credentials of Google's software. "The goal is to make the Android security level the same as BB10. There's still a gap right now, but this gap will hopefully be gone within the next six to eight months," he said." "Chen added that the gap will be closed through a combination of BlackBerry's super-secret project and the impending release of the next version of Google's software, Android 7.0 Nougat. Or, according to Chen, "Android L". "We need to add our code to it, but we also expect Android L to step up in terms of security," he said. Google has been keen to talk up the improved security credentials of Nougat, claiming that the upcoming release will deliver file-based encryption, Mediaserver hardening and automatic updates." That was taken from here: http://www.computing.co.uk/ctg/news/2465417/android-lags-bb10-in-terms-of-security-claims-blackberry-ceo-john-chen Now, I know a troll of your caliber will just dismiss the FACTS that I laid before you, but I'll ask anyway: Care to revise your statement?

20. meanestgenius

Posts: 20999; Member since: May 28, 2014

Here are some more FACTS for you: http://press.blackberry.com/en/press/2015/blackberry-works-with-google-to-enhance-mobile-security-and-user.html http://press.blackberry.com/en/press/2015/samsung-and-blackberry-bring-enterprise-services-to-knox-and-the.html BlackBerry has been working with Google AND Samsung on helping to make their software offerings more secure. However, I do know that in light of the FACTS I just dropped in your lap, you won't respond. You trolls never do, once the facts are presented.

21. PenTiltoKet

Posts: 552; Member since: May 18, 2016

talking to you is really useless. you want BB to looks like the one helping google no matter what. I just here to put some further reading for those who really want to know the truth. Google Android N include a VERIFIED BOOT, a technology that google already used for several years in Google Chromebook. How it's work? Android will have 2 BOOT partition. so if there's a problem with the current boot partition it CAN FALL BACK to the other partition. You can search the web on this technology. It's certainly BELLONGs to Google, not BB. The length other talk above by MeanestMan is just BB trying to looks good, and Google don't want to shot BB down because BB is doing the DO NO EVIL things (not talking about competitor weakness). pentiltoket (to mg you can search me on the web to see who's the troll, you or me)

23. meanestgenius

Posts: 20999; Member since: May 28, 2014

So I just posted a link PROVING that BlackBerry has an influential hand in helping make Android secure, and you think it's false an all I want to do is make BlackBerry look good? BWAHAHAHAHAHAHAHAHAHAHAHAHHAHAHAHAHAHAHAHAHAHAHAHA​HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA​HAHAHAHA!! Dude, you just PROVED that you're only out to troll BlackBerry and spread lies about them. Thank you! I rest my case. And one only needs to look up BlackBerry articles to see who's trolling and who's not.

22. PenTiltoKet

Posts: 552; Member since: May 18, 2016

This is a BETTER SOURCE, rather than bb pr hogwash you were quoting, you could see if BB have their patent on this Android N borrows Chrome OS code for “seamless” update installationhttp://arstechnica.com/gadgets/2016/05/android-n-borrows-chrome-os-code-for-seamless-update-installation/

24. meanestgenius

Posts: 20999; Member since: May 28, 2014

NOWHERE in the article you linked does it PROVE that BlackBerry doesn't have a hand in helping to make Android secure, but in the articles that I linked, THERE IS PROOF that BlackBerry is helping to secure Android. All anyone has to do is click the links I provided to see this FACT. All you did was PROVE that you're a troll that has a serious hate for BlackBerry, to the extent that you will spread lies about them.

25. ablopez

Posts: 235; Member since: Apr 15, 2014

Well said, MG. I am so sick of seeing this guy's posts. This guy is just as annoying as his other aliases that already got banned (such as wahyuwinsu). Same hatred for BB, same hatred for you and BobbyD and other BB fans, same bad English and grammar. He accuses you of everything he is doing himself and he refuses to admit it. Here's to hoping PA realizes that this guy is making multiple accounts and bans this BB troll for good.

26. meanestgenius

Posts: 20999; Member since: May 28, 2014

Thank you, ablopez. Your post was spot on. I totally agree with you.

9. torr310

Posts: 1602; Member since: Oct 27, 2011

I must have root. Life is much difficult without the root. I guess I will stay out of it until some genius cracks the root.

10. XDAdam

Posts: 276; Member since: Feb 03, 2016

This isnt 2010 anymore. Stock Android and most variations of it from OEMs have 90% of all the features and tweaks that people needed root for.

11. ibend

Posts: 6747; Member since: Sep 30, 2014

yeah right.. but I dont need all those tweak and stuff.. I only need memory&speed hack and lucky patcher (access to root folder also handy sometime)

13. RebelwithoutaClue

Posts: 5465; Member since: Apr 05, 2013

Still leaves out that 10% some people consider rooting for (like me)

14. mrmessma

Posts: 271; Member since: Mar 28, 2012

This.

15. gigi3

Posts: 32; Member since: Aug 16, 2014

What about ability to uninstall Google Chrome ? I forking hate it.

16. Alter

Posts: 201; Member since: Mar 25, 2016

Root is still very desirable for me and scores of other people.

17. PHYCLOPSH

Posts: 628; Member since: Jun 28, 2014

Security is important, but you need root to use Viper4Android, which makes your phone's sound system about 1000% more awesome. The main problem today is carriers not giving us unlock-able bootloaders like in the case of my new LG G5 (AT&T).

Latest Stories