Android and chill: Nougat and the root question
Android is safer than ever for the people who want (and need) it to be safe. We should be happy about that.
There’s some talk about Pixel phones and root — specifically that it’s not working with any of the existing methods. All the nuts and bolts are at XDA — excellent job on that Mishaal — for those who want to dig deeper into the how and why, but I want to just talk about what it means for us.
And why it’s a really good thing. Before you grab your torches and teach me a lesson for thinking it’s good that we can’t root a Pixel phone, hear me out. I think you’ll agree when we’re finished.
This isn;t about a Pixel phone, it’s about Android 7.0 and new security methods.
Let’s start at the beginning — this isn’t about the Pixel phones, it’s about Android 7.0. There’s a very good chance this will apply to the LG V20 (nobody outside of Korea has seen the production version yet), too. It’s because of the new security methods Google has placed in Android starting with 7.0.
When Nougat boots, it checks to see if anything in the system partition has been tampered with. Google calls this Verified Boot and it’s something they also use on Chromebooks and OnHub routers. We also knew it was coming, along with a handful of other big changes on the security front. The short version of how it works — the system partitions (this is tied in tightly with Seamless Updates and Direct Boot) are verified and given a hash file. Any changes to the partition will change the crypto hash. When you boot the phone up, this hash is checked against the known “right” value, and if they don’t match your phone won’t boot. The public crypto key is stored on the boot partition and when the people who made your phone want to update (which changes the hash file) they have to verify things with their own private key to change the software. This will create a new hash file and the phone can boot. These changes also include the ramdisk (which is where systemless root worked) so modifying it is out of the picture, too. And yes, this is the short version.
What this means is new hardware designed for Android 7.0 isn’t going to boot if we try to change any files to give us root. If we change even one bit on either system partition or the ramdisk it will fail the verified boot check. There are no known root methods that will ever work with this system. Period. Very smart people will try, and if somehow they find a way Google will patch it within 30 days. And this is not an accident.
Google is always trying to beef up the security in Android. They do a pretty good job and Android, as it comes directly from the source code, is really secure. But since anyone can change any of it to their liking, much of that gets undone. One of the things this change does is fix things so that no matter what you download or what it tries to do, if it tries to inject anything that gives it elevated permissions your phone won’t start up. I love that idea, and you should, too.
Every phone that’s sold should be damn near impossible to root without custom firmware.
This means that those drive-by root exploits — both the intentional ones as well as the malware ones — all stop working if the people who made your phone update it to 7.0 or you buy a new one with Nougat installed. That means everyone who just bought their phone to chat with friends, pay for stuff at Walgreens, or even clash against other clans or catch ’em all have a lot less to worry about. The factory software (and this is the important part) is secure.
The rest of us who like to root and do “stuff” can’t do it while running the factory software, but we can still do it. With a new boot image, things can be altered so we can do whatever we want to do. Everything needed to create the Android boot image is open source and builds with no changes and little effort. Unless the Pixel phones come with a locked bootloader — and nobody thinks they will or is saying as much — you can still install your own modified software with all the root you can eat. Google truly does not care if we root the phones we bought and paid for, but they do care if we try to modify their software and make it less secure. They should, that’s the way every OEM should think. I’m sorry if that means you might have to learn how to set up fastboot or won’t be able to get an OTA, but you (and I mean the collective you which includes me, too) are not more important than anyone else who should be able to expect that the phone they bought is safe from random dumb shit they downloaded from somewhere. Get over it.
That goes for the phones that aren’t a Pixel and might not have a bootloader that can be unlocked. Yes, I mean the V20. With an unlocked bootloader rooting and everything that comes with will be trivial when all is said and done. But with a locked and encrypted bootloader, none of this applies. If the V20 ships with a dual partition setup and Verified Boot in place (and it should) with a locked-up bootloader, you might not ever be able to root it. That means LG cares about its customers more than they care about a handful of people who want to change their status bar or cheat at games or whatever we need root to do. The solution (and my advice) if you’re eyeing the V20 and will want to root it is to hold off until someone checks it out. A retail version should be in the right hands very soon. The same goes for every phone that ships with Android 7.0 or higher from now until forever.
The LG V20 should also be this secure. But will we be able to unlock the bootloader?
Getting worked up over any of it will do no good. There is no good reason why Google should make Android less secure, so us demanding it or moving to iOS (which has similar precautions in place) is silly. Adapt. If you want to root, buy phones with a bootloader that can be unlocked. Save your rage for something that deserves it, like selling phones with no headphone jack. Don’t even get me started, ’cause I’ll get stupid.
In the meantime, be good to each other. I’ll see ya next week.