
Google Taking Aim at Device Modders in Android 4.4 KitKat - anon1385
http://www.xda-developers.com/android/google-taking-aim-at-device-modders-in-android-4-4-kitkat/
======
quink
Just as a hypothetical example, let's say I want to hook up a Wiimote to an
Android device.

The Wiimote cannot enter a code and hit enter, but apart from that it's a
normal Bluetooth device. Pre-Android 4.2, it was perfectly fine to connect it.
Bluetooth uses the code '000000' for this and a third party application can
hook through.

With Android 4.2 and 4.3, the ability to connect Bluetooth devices to connect
without using a code determined by the phone was removed. It was possible to
root the phone and set it to a specific MAC address for the Bluetooth
interface, from which the Bluetooth code was generated, so that this Bluetooth
code would be '000000' and the Wiimote would connect correctly.

Now with Android 4.4 the answer is going to effectively be 'forget it'...

I'm sorry but if what seems to become the most ubiquitous operating system out
there cannot connect to probably the most ubiquitous gamepad in recent memory
(and quite a few others that exhibit the same problem), using a standard that
both of these devices support, then that's just a tad ridiculous. Especially
if it's something as simple as this that was supported in the past.

And that's just one example.

Sure, I'm also going to complain about the fact that "it's my device, I want
to use it as I want". But when you actually see the reasons coming through
behind this you might understand why rooting might not be such an unreasonable
request - it makes things like that, things that should work, work.

~~~
aray
Right now there's two ways to root some devices -- though the bootloader
(unlock), which allows you to securely do the changeover. And root exploits,
which are security holes in the operating system and can be used to
persistently write insecure/root functionality on the filesystem.

The former can only be done by you (the device owner), but in theory the
latter can be done by any manner of malicious applications. dm-verity only
addresses the latter.

You should still be free to unlock and flash your own ROM to your hearts
content. This includes flashing rooted images that have whatever bluetooth
functionality.

~~~
makomk
Of course, the reason root exploits are so popular as a way of unlocking
devices is because most Android devices don't have unlockable bootloaders. I
mean, I guess technically Google aren't stopping people from unlocking their
devices, they're just giving the device manufacturers and phone networks a
more robust way of doing so, but that doesn't really make much difference to
the end user...

Also, at least on ChromeOS unlocking the bootloader disables playback of DRMed
content.

~~~
quink
Unlocking the bootloader nominally both voids the warranty and requires a
complete wipe of everything on the phone.

~~~
aray
Requiring a wipe is _by design_. If an attacker steals your phone, whats to
prevent them from flashing a new system partition that lets them read off all
the existing data? You can backup most (all?) of your data manually, then
unlock and restore the data. Otherwise unlocking would be essentially the
easiest attack vector to owning a device without the user knowing.

------
tytso
If people are modding their phone by loading a new kernel as well as the
modified file system, they won't have a problem. So for people with unlocked
bootloaders, this isn't a problem; and if a handset doesn't allow the
bootloader to be unlocked, refuse to buy it! There are plenty of perfectly
good (and in my opinion, superior) choices out there which allow for the
bootloader to be unlocked. All of the Nexus devices, for example....

There is another advantage of using a locked down file system --- you may not
be able to use a rootkit to break root and then modify the file system, but
some unfriendly adversary, such as the FBI or the NSA, won't be able to do it
to your phone without your knowledge, either. I would think that's worth the
inconvenience of making sure you buy a phone with an unlockable bootloader.
(Since unlocking the phone requires a wipe of the disk, you don't have to
worry about the FBI/NSA doing this to access your data on the phone without
your knowledge.)

~~~
jaegerpicker
The nexus devices do not support verzion's lte network, so in the end you are
left paying 650-900 for a developer version. That's fine for me, I'm a mobile
developer but not many who aren't directly making money off of the device
would be willing to make the same choice.

~~~
naner
_you are left paying 650-900 for a developer version_

The Nexus 5 is $350-$400. The Nexus 4 was even cheaper. I got mine for $200
when the sold off their remaining inventory.

Also most of us don't _need_ Verizon.

~~~
cma
He means to get 4g on Verizon w an unlocked boot loader you end up paying for
the dev edition.

~~~
thinkmassive
That's incorrect though. The Verizon Galaxy Nexus has an unlocked bootloader
and works fine on their LTE network.

------
mtgx
It seems every headline could be interpreted in 2 ways, and I've seen a bunch
of them lately:

1\. a) "Evil Google Tries to Take Control of Android"

    
    
       b) "Google Tries to Standardize Android and Fix Fragmentation"
    

2\. a) "Google Taking Aim at Device Modders in Android 4.4 KitKat"

    
    
       b) "Google Trying to Make Android as Secure and Unhackable as ChromeOS"
    

Doesn't it make sense for Google to try and stop rooting through
vulnerabilities, just like Apple tries to stop jailbreaking with every update?

From what I understand, rooting should still be possible if the bootloader is
unlockable (which it is for Nexus devices, HTC's devices, and I think Sony's
too). Samsung and a few others, on the other hand, don't let you unlock the
bootloader. So maybe we should take it up to them, and demand unlockable
bootloaders, so we can modify our devices, instead of asking Google to turn a
blind eye to Android exploits.

~~~
k-mcgrady
>> "Doesn't it make sense for Google to try and stop rooting through
vulnerabilities, just like Apple tries to stop jailbreaking with every
update?"

The problem is that Apple doesn't position iOS as 'open'. Google does. That's
been one of their big selling points for years.

~~~
kelnos
Google positioning its OS as "open" doesn't mean they have to make it easier
for script kiddies and hackers to find vulnerabilities in your phone and
exploit them. The fact that it makes it harder for modders to (legitimately)
root some (some!) phones is unfortunate, but I think is just going to have to
be a casualty in the name of better device security.

As another poster said, we should be taking this up with the Samsungs who ship
devices with non-unlockable bootloaders.

~~~
atmosx
Being _open_ in this context is like being _pregnant_ , you either are or not.
You can't be _half-pregnant_ or half-open.

The remark about the script-kiddie able to _find_ vulnerabilities is
ridiculous for a wide variety of reasons. Script-kiddies are not able to find
vulnerabilities in any kind of system. Computer hackers obsessed with security
do that and (most of the times) it's not easy by any means, i.e. Saurik.

~~~
fastball
Firstly, you meant "e.g.", not "i.e."

In addition, I'm not sure what Saurik, the creator of Cydia, has to do with
this discussion at all.

Finally, and most importantly, you don't seem to understand the current mobile
market. Most users are the end-all-be-all of end users. Many people I know
think that most of the apps on the iOS App Store are developed by Apple.
People install apps without thinking. Tons of personal information is stored
on your phone and in these apps, such as contacts and banking information.

Google/Android is open in the sense that Android is open source, so
hypothetically anyone can hack on it.

 _You_ are the person who is half-pregnant. You want the normal end user
experience, where you don't have to worry about compiling the operating system
yourself, but you want it to be "hackable". That is not the definition of
open. That is the definition of insecure. Because most Android users are not
sophisticated computer users like yourself, a hackable operating system is
just a bad idea.

If you want an OS that you can do whatever you want with, and is incredibly
insecure, then fork Android and have at it. Do that, instead of complaining
whenever Google makes changes that you don't understand and affect your
somewhat specific and not very common use case.

~~~
anon1385
>In addition, I'm not sure what Saurik, the creator of Cydia, has to do with
this discussion at all.

He has found various security bugs in Android (most recent example:
[http://www.saurik.com/id/19](http://www.saurik.com/id/19) from the other day)
and he is also the developer of
[http://www.cydiaimpactor.com](http://www.cydiaimpactor.com)

atmosx's point was that it isn't 'skiddies' who are finding these security
holes, it's experienced developers and security researchers.

------
aray
There seems to be a lot of confusion and misinformation about what dm-verity
actually does in this thread. It's the same verified boot mechanism that's
used by ChromeOS[1].

This just guarantees that on a locked, signed device (i.e. you haven't
unlocked it to flash custom ROMs), the filesystem there is the one that's
supposed to be there. Things that would be caught by this are (as the original
documentation says[2]) rootkits and other persistent exploits.

You should still be able to unlock and flash your device; this is supposed to
make it harder for a malicious app to root and own your (locked & signed)
device persistently without you knowing.

[1] [http://www.chromium.org/chromium-os/chromiumos-design-
docs/v...](http://www.chromium.org/chromium-os/chromiumos-design-
docs/verified-boot)

[2] [http://source.android.com/devices/tech/security/dm-
verity.ht...](http://source.android.com/devices/tech/security/dm-verity.html)

~~~
saurik
If I cannot unlock my device, modify its software, and then relock it and
continue to use the modified software, that is serious issue: you should not
run your Devi e normally with an unlocked bootloader as there is then no
protection against someone picking up your device, booting it into fastboot,
and flashing new software (which normally is protected against as the unlock
process erases all your data). This does not actually seem to verify things at
this level, though (and thereby does not seem similar to the ChromeOS
mechanism).

------
barrkel
My standard procedure when I get a new android device is to (a) unlock the
bootloader, and (b) install su & SuperSU, i.e. get root.

Normally the latter involves modifying the base filesystem. If I understand it
right, this will prevent the normal rooting procedure and force the need to
install a different kernel just to get root. Which isn't great, as I have no
desire to run a non-stock kernel; they come out later with stable builds, they
may have issues finding all the right drivers for the phone, etc.

I may be mistaken, and if root can still be gotten without switching the
kernel, then everything is OK. Otherwise, this is a big dent in the
desireability of Android to me; root is incredibly useful for doing things
outside the constrained sandbox, like mounting encrypted file systems, or
syncing the clock to an NTP server (!).

~~~
mindslight
Well if the manufacturer isn't violating the GPL, you should be able to easily
rebuild the stock kernel without this verification. But of course, that's a
big 'if'.

I'd still love to see a significant kernel contributor step up to the plate
and force the issue that locked bootloaders violate even GPL2. Of course all
of these issues would be more straightforward if Linux had simply moved to
GPL3 while it still could have.

------
philjackson
Tl;dr "To re-iterate, if you are able to change the kernel your device uses,
this feature will not be a concern. It’s possible to either disable dm-verity
in the kernel, or to set it up to use your own keys to authenticate the system
hash. For users who choose to buy carrier-branded devices and accept a locked
bootloader, but find a way to root the device, take heed of this warning. It’s
not at all unlikely (in my technical opinion) for this to happen on future
devices. If you want the ability to modify the software on your phone, I’d
avoid anything with a locked bootloader, and ensure you can modify the kernel
(to disable or modify the dm-verity signatures)."

~~~
IBM
So just 90% of all Android phones sold.

~~~
eli
90% of people don't want root exploits on their phone either. Let's hope it's
the same 90%!

------
glogla
There's great amount of very talented people hacking on Android devices. The
best thing we can hope for is that Google makes Android so anti-consumer,
anti-developer and anti-hacker, that they all move Firefox OS or some other
mobile GNU/Linux variant that's not Android.

This goes for manufacturers as well.

~~~
gibwell
That's unlikely when so many people in the tech sphere (PG included) paint
Google as an 'open' benevolent company fighting the 'evil' of everyone else.

~~~
christianmann
That seems to have changed over the last few years.

~~~
gibwell
A little, but they are still regarded as 'better than the others' by those who
for some reason desire that Google obtain a monopoly over search _and_ the OS.

------
m_ram
Excluding Nexus devices, which manufacturers are currently hacker-friendly
(i.e. let you to unlock the bootloader without exploits)?

~~~
topbanana
Sony let me unlock my Xperia Z. They also release the drivers to their
hardware to the open source community. Well worth supporting this effort when
you next choose a handset.

[http://unlockbootloader.sonymobile.com/](http://unlockbootloader.sonymobile.com/)

------
fidotron
People really need to remind themselves that rooting Android devices is fairly
stupid if you actually intend on using them for anything. You're essentially
turning off any of the security on the platform.

It's also separate from the question of being able to install your own OS
build, which is of far greater importance.

~~~
betterunix
That would be a fine argument if the "security" of the platform did not
include _attempts to stop people from doing normal, useful things_. Why should
I not be allowed to tether my phone, when the technology is there and I am
already paying outrageous amounts for my data plan? Why should I have to pay
my carrier _even more_ just to have software features enabled? Why should I
not be allowed to use my phone on another network?

See, "security" in this context is really about securing the carrier _from_
users and those who might threaten users.

------
habosa
I love the Android dev community so I'm sad to see that the job is getting
harder, but I don't think that implementing a verified boot mechanism is
necessarily an anti-modder move by Google. They've implemented security like
this to great effect on Chrome OS, which is one of the most secure operating
systems you can get out of the box. It would be great for the __average
__person to know that their Android phone is super-secure, and it would
encourage the penetration of Android into enterprise and military
applications, where security is a huge concern.

------
vsviridov
When I read the heading I thought, cool more things to make modders' lives
easier.

Boy was I wrong :(

~~~
mathrawka
In general the term "Taking Aim" refers to putting something in your target
and shooting it... i.e. killing it.

