
Securing an Android Device with LineageOS - droidslave
https://medium.com/@securitystreak/securing-an-android-phone-or-tablet-c8c6166b2586
======
evanreichard
The author doesn't say to re-lock the bootloader or restore the stock
recovery. Having a indefinitely unlocked bootloader and an unsafe recovery is
a huge security risk.

After installing LineageOS you should restore the stock recovery then lock the
bootloader. It will do a factory reset. If you want to update down the road or
flash another ZIP, run the _flash_image_ binary as root with the proper
parameters to install a temporary recovery, install any update or ZIP, then
use the _flash_image_ binary again to install the stock recovery.

~~~
juliangoldsmith
What would the benefit of re-locking the bootloader be? Protection against
rootkits?

Once someone has physical access to your device, you can pretty much always
consider it to be compromised.

Also, I'd assume that the stock recovery on most phones will check the
signature of the running Android, and refuse to boot if it doesn't match the
one from the manufacturer.

