Comment on Android's new anti-theft features
ReversalHatchery@beehaw.org 5 months agoWhile I agree with you, the first step for user centric Android flavors regarding security is to support relocking the bootloader, with a custom (preferably the user’s own) digital signature. As long as we dont have that, an attacker could flash or just boot a custom bootloader through fastboot that does its own thing.
However that doesn’t really depend on Android system developers, I think, as the problem arises from the inferiority of almost every phone’s bootloader (chain), and probably that can only be reasonably solved by device manufacturers, because as I understand, bootloaders do a lot of heavily device specific things, so there cant really be a common (primary) bootloader, and making one for each phone is a lot of work that also involves lots of reverse engineering, and maybe the early bootloaders cant even be overwritten on some phones…
jarfil@beehaw.org 5 months ago
It’s kind of both Google’s and manufacturers responsibility. Google has made available a Dynamic System Updates feature:
source.android.com/docs/…/dynamic-system-updates
developer.android.com/topic/dsu
…but it requires manufacturer support to allow adding custom keys.
ReversalHatchery@beehaw.org 5 months ago
Hmm, this is interesting, it looks like if it was a multiboot solution