Hacker News new | past | comments | ask | show | jobs | submit login

> The idea that ROMs from questionable sources make your device safer sounds very strange to me.

The first step on Android is usually to unlock the device boot loader in order to flash a recovery that will allow to erase partitions and install a tarball of the system. I saw no tutorial suggesting to re-lock the device boot and I bet people rarely do it.

This means anyone can take the device, boot it into recovery, plug it into USB and throw some adb/fastboot commands to do anything they want. Device encryption becomes moot because neither the recovery nor the bootloader can be trusted.




You don't relock the bootloader because every lock/unlock cycle clears user data, and you might need to update recovery to update your ROM. Even if you relock the recovery, next step is the infamous "no sha1 signature found, flashing boot sector unconditionally" (which is a step up from md5!) TWRP has enough attack surface; android devices have very little physical security.


You don't relock the bootloader because every lock/unlock cycle clears user data, and you might need to update recovery to update your ROM. Even if you relock the recovery, next step is the infamous "no sha1 signature found, flashing boot sector unconditionally" (which is a step up from md5!)




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: