Google is using the boiling frog method to exclude power users and custom ROMS from android.
A new feature in Android 8.0 Oreo, called "Rollback Protection" and included in the "Verified Boot" changes, will prevent a device from booting should it be rolled back to an earlier firmware. The detailed information is here.
As it rejects an image if its "rollback index" is inferior than the one in "tamper evident storage", any attempts to install a previous version of the official, signed ROM will make the device unbootable. Much like iOS (without the rollback grace period) or the extinct Lumias. It is explained in the recommended boot workflow and notes below, together with some other "smart" ideas.
Now, this might seem like a good idea at first, but let's just just imagine this on a PC. It would mean no easy roll back from windows 10 to 7 after a forced installation, and doing that or installing linux would mean a unreasonably complex bootloader unlocking, with all your data wiped. Add safetynet to the mix, and you would also be blocked from watching netflix or accessing your banking sites if you dared to install linux or rollback windows.
To add insult to injury, unlocked devices will stop booting for at least 10 seconds to show some paternalist message on how unlocking is bad for your health - "If the device has a screen and buttons (for example if it's a phone) the warning is to be shown for at least 10 seconds before the boot process continues."
Now, and knowing that most if not all android bootloaders have vulnerabilities/backdoors, how can this be defended, even with the "security/think of the children" approach? This has no advantages other than making it hard for users to install ROMs or to revert to a previous official ROM to restore missing functionality.
(Score: 5, Insightful) by Taibhsear on Wednesday September 06, @03:02PM (4 children)
That is the advantage. You didn't make the mistake of thinking this was for the customers, did you?
(Score: 0) by Anonymous Coward on Wednesday September 06, @03:18PM (1 child)
The problem is that Google's main customers here are not the end users, but are instead the phone manufacturers. This is a good feature for the real customers.
(Score: 0) by Anonymous Coward on Wednesday September 06, @03:47PM
FTFY
What this is a precursor to is "we're going to do something to you that you will want to undo, but you won't be able to undo."
(Score: 2) by Pino P on Wednesday September 06, @03:25PM (1 child)
I think the purported idea is that when the user buys a used Android device and performs a factory reset, the device is actually reset. Otherwise, the previous owner could put in a fake reset routine that leaves spyware chosen by the previous owner installed on the device. The peace of mind associated with "reset means reset" benefits Android device owners.
The anti-downgrade is to appease major movie and television distributors so that they don't withdraw works that they control from Google Play. This benefits Android device owners through not having to additionally buy and carry an iPod touch on which to buy or rent movies on iTunes Store.
(Score: 0) by Anonymous Coward on Wednesday September 06, @03:55PM
... in a world of consumers.
Sit quietly, and watch another miniseries, mkay?
(Score: 4, Interesting) by jmorris on Wednesday September 06, @03:07PM (4 children)
This means no more android devices for me. Unable to unlock the bootloader and replace the defective software means no more "android compatible hardware" in exactly the same way the Microsoft secure boot lockdown eliminated all Windows "tablet" form factor hardware.... other than, paradoxially, the Surface which isn't a "tablet."
Folks, the screws are being turned from all directions out of the big Evil tech companies and they are all being turned in the direction of a boot stomping down on a human face, forever. As tech people the "end users" look to it is our duty to speak out, to warn. Hell, that word itself becoming industry standard should have been a warning, remember the old joke about only two industries who call their customers "users"? Addict them and then abuse them. Google's business model in a nutshell.
(Score: 3, Insightful) by Grishnakh on Wednesday September 06, @03:32PM (2 children)
This means no more android devices for me.
So what are you going to use then? An Apple? Did you not notice how they already do the exact same thing? (And worse, there's *never* been a possibility of having an open-source ROM for an iPhone, unlike Android devices.) Microsoft is out since they've finally abandoned the Windows Phone platform. Is Blackberry still around?
Yeah, Google is definitely evil. But they're no more evil than Apple, and really a little less AFAICT (though this is a lot like arguing over who's worse, Hitler or Stalin).
As tech people the "end users" look to it is our duty to speak out, to warn.
Oh bullshit.
1) First, who's "we"? A bunch of us are complicit in this, and are happy fanboys and sycophants of Apple and Microsoft and (to a lesser extent IMO) Google. I see strong support for Microsoft and Apple in particular all the time on tech forums like this. Only a fraction of us tech people actually believe the way you do, though admittedly the proportion is probably far higher here on SN than on someplace like HN (there's a lot of MS lovers on there, likely many employees). But SN is a *puny* site compared to other tech forums; there's FAR more posts in a day on HN than here, and that site doesn't even have much political talk on it the way this site does.
2) Those of us who agree with your sentiment *have* been speaking out. No one listens, and says we're crazy. When our predictions come true, they just say "oh, that sucks" and continue on supporting these big evil tech companies instead of changing their ways, because that's too inconvenient.
Honestly, at this point, I'm not sure what can be done. You can try to support efforts like LineageOS as long as they're able to operate, and stick with older hardware that works with that. But that'll only work for so long; hardware gets old and breaks (these are mobile devices after all), and spare parts and replacements get harder and harder to find. Maybe someone needs to start a company making comparable phones in China with mostly open-source software that can have alternative ROMs loaded (the radio firmware probably can't be open-source, but that's OK; we don't really care about that, just like we don't usually care about the firmware on a WiFi radio in our PC, we just want it to work with Linux), and which can somehow use the Google Play store and load Android apps, even if that's against Google's policies. But the market for this is likely to be small, and dealing with the constant technical roadblocks likely to be erected by Google would be a full-time job for multiple people.
(Score: 0) by Anonymous Coward on Wednesday September 06, @03:58PM
I've never needed or used any mobile device. Behaving like they are a necessity is part of the problem that allows companies to be so abusive in that sector.
(Score: 2) by jmorris on Wednesday September 06, @03:59PM
Apple? Oh Hell no! Don't know yet. Probably have to research and lock in a "last" phone soon and wait to see what happens. One of the "Free / Open Source" phone projects might ship product for a non-insane price. Ok, not likely but the list of options dwindles. A burner phone or MiFi + a tablet is an option for mobile computing. Been seeing the "secure computing"[1] problem getting worse now for a decade, looks like it is nearing the terminal stage. The idea is to leave us no viable choices, the question is whether enough people care enough to fight that future.
And tie this fight to the one companies like Google and Apple are waging against "wrong think" in other areas, expect any serious[2] project to liberate hardware to be demonitized, banned from PayPal, etc. If they are willing to wield those weapons against political opponents, expect it against economic threats with even greater fury.
The quiet efforts to ensure zero existing hardware makers are willing to build hardware with an unlockable boot will be exactly like Microsoft's worst years of hammering any OEM who dared to offer a machine without the Microsoft Tax. Seriously, in a "free market" one vendor would offer a "special edition" of one of their handsets with an unlocked boot simply because the phone space is crowded and it would be a moderate seller. This will not happen even though the project would consist of screen printing a cute logo onto the case, putting a sticker on the retail box and a day of coding effort. Not one has appeared to date, not one will appear. The recent entries in the Nexus line is close but no cigar and it appears those days are done anyway.
[1] Secure computing has always been a loaded term. Secure from who? Secured for who? Always left unstated, almost always hostile to the actual end customer.
[2] Serious, not some three guy operation that probably won't succeed or ship overpriced underpowered hardware three years two years late and five years out of date. Diverting opposition safely into such efforts is a win.
(Score: 0) by Anonymous Coward on Wednesday September 06, @03:59PM
—1984, Chapter 3.
(Score: 2, Insightful) by Anonymous Coward on Wednesday September 06, @03:08PM
The main reason i love android is because i can go between versions as i see fit. I use 7.1.2 Nougat on my trusty S5, but i can roll back to 4.4.4 if i so desire. This is probably the most idiotic move Google has made with Android, ever.
(Score: 3, Informative) by EvilSS on Wednesday September 06, @03:11PM
(Score: 2, Informative) by Anonymous Coward on Wednesday September 06, @03:37PM (1 child)
I'd say maternalist—after all, we call it the Nanny state, not the Daddy State.
How about we compromise:
AUTHORITARIAN
Reply to This
(Score: 0) by Anonymous Coward on Wednesday September 06, @03:45PM
My dad would say "Suck it, up son! Be a man, now, and take responsibility!" It was my mother who doted, and worried, and tried to think for me.
(Score: 4, Insightful) by wonkey_monkey on Wednesday September 06, @03:42PM
Err... no it doesn't.
(Score: 0) by Anonymous Coward on Wednesday September 06, @03:44PM
Verified boot checks for known vulnerabilities before it will boot. So when your no longer supported version gets tagged it will brick it and you can go buy a new device. For the children of course.
(Score: 2, Disagree) by rigrig on Wednesday September 06, @03:46PM
Basically it protects the vast majority people from someone downgrading their phone to a less secure OS version.
Note that this only prevents LOCKED phones from booting with a downgraded OS.
If you want to install a custom OS, select a tinker-friendly manufacturer:
On my phone the "unreasonably complex bootloader unlocking" consists of enabling the "Enable OEM unlock" setting, rebooting into fastboot and running fastboot oem unlock on a connected PC.
The only time I reboot my phone is after installing an OS update, and I don't really mind getting a warning that someone has tampered with my device.
Except for the vast majority of users who don't know anything about installing custom ROMs, where this prevents the downgrading of a phone's OS to a version with known vulnerabilities.
