Related
So um...I'm kind of shocked.
I just unlocked the bootloader on my shiny new USA GSM Galaxy Nexus from Google Play and...my data was still there when I rebooted. No Android Wizard or anything.
It's as if I did nothing, but I checked MULTIPLE times and I'm unlocked. Got the unlock icon during boot and everything.
digweed4me said:
same here on mine my data was intact
Click to expand...
Click to collapse
BlindWolf8 said:
Just relocked and unlocked again to make sure it wasn't some sort of weird fluke...looks like I'm immune. What's going on here? An unlock is supposed to wipe everything for security reasons.
Click to expand...
Click to collapse
FredFS456 said:
So all the apps, app data, virtual sdcard files, etc. were all there?
Click to expand...
Click to collapse
BlindWolf8 said:
Yessiree. Everything was still there. The phone acted as if nothing happened whatsoever, despite the onscreen warning about losing data.
Click to expand...
Click to collapse
Archpope said:
Same thing happened to me. I was prepared to start all over, but doing the 4-in-1 from the Galaxy Nexus Toolkit, I was surprised to see the only changes were an unlock symbol appearing on the screen at bootup, and Google Wallet griping about my having an insecure phone.
I may re-lock the bootloader now that I've rooted. I'm not sure if I will lose root, but I only rooted to run an adblocker anyway.
Click to expand...
Click to collapse
BlindWolf8 said:
For the record I didn't even do that. I simply did "fastboot oem unlock". I like to keep things simple.
Click to expand...
Click to collapse
uoY_redruM said:
Got mine from the play store Friday. Unlock wiped nothing..
Sent from my Galaxy Nexus using xda premium
Click to expand...
Click to collapse
BlindWolf8 said:
Figured I'd just give ya all the info so you have it:
Stock bootloader shows:
FASTBOOT MODE
PRODUCT NAME - tuna
VARIANT - maguro 16GB
HW VERSION - 9
BOOTLOADER VERSION - PRIMELA03
BASEBAND VERSION - I9250XXLA2
CARRIER INFO - NONE
SERIAL NUMBER - [REDACTED] (I can give it if it's absolutely needed)
SIGNING - production
LOCK STATE - UNLOCKED
Download/Odin Mode shows:
OMAP-Samsung HW Information
Board Name: tuna REV 9
Board Rev: HSPA - 9
Boot Type: USB MMC1
Device Type: HS
Build Date: Jan 24 2012 18:27:20
Click to expand...
Click to collapse
efrant said:
Hmmm. You do have a shipping (sorry, "production") bootloader, not an engineering one. Very interesting... Not sure why some devices wipe while others will not, upon unlocking.
Click to expand...
Click to collapse
bilalakhtar said:
There are quite many security issues that could arise from being able to unlock the bootloader without wiping all data, for example, a hacker could get past your screen lock by:
1) Battery pull, then
2) Boot into bootloader using the key combination
3) fastboot oem unlock
4) Flash an unsecure boot.img that has r/w permissions
5) Edit the right files to remove screen lock
But I still have a feeling that this behavior with USA GSM Nexi is intended. Probably because Google intended that phone to be sold only to developers who are likely going to be unlocking bootloaders anyway, and decided to simplify the process?
Click to expand...
Click to collapse
MERGED THREADS.
Mark.
bobsbbq said:
I don't think the Amazon is a USA version but an international version. If international version it will have to be shipped overseas for repair, Google Play has USA warranty. Also if you do decide to root the USA version does not wipe your device during the unlocking of bootloader like the international versions do.
Click to expand...
Click to collapse
The USA version, as any other hspa+ version, DOES wipe userdata when unlocking the bootloader.
I have the USA version from the play store. My data wasn't wiped after unlocking the bootloader. Either way, its not a big deal. Warranty matters are much more important.
Sent from my Galaxy Nexus using Tapatalk 2
bobsbbq said:
I don't think the Amazon is a USA version but an international version. If international version it will have to be shipped overseas for repair, Google Play has USA warranty. Also if you do decide to root the USA version does not wipe your device during the unlocking of bootloader like the international versions do.
Click to expand...
Click to collapse
Nobody who has purchased a play store GN has reported wipe after unlock.
Mine from the play store did NOT wipe user data after unlocking. I am running CM9 and have locked and unlocked many times without wiping data.
DOHCtor said:
The USA version, as any other hspa+ version, DOES wipe userdata when unlocking the bootloader.
Click to expand...
Click to collapse
Does NOT wipe actually. Maybe leave it to people with first hand experience to answer a question like this?
Sent from my Galaxy Nexus
ragnarokx said:
Does NOT wipe actually. Maybe leave it to people with first hand experience to answer a question like this?
Click to expand...
Click to collapse
Although it may be a bug that will be fixed in a later update so I don't know if the failure to wipe is a permanent feature. However, I can verify my GN didn't wipe either after unlocking.
ragnarokx said:
Does NOT wipe actually. Maybe leave it to people with first hand experience to answer a question like this?
Sent from my Galaxy Nexus
Click to expand...
Click to collapse
is this with the oem fastboot unlock method?
ragnarokx said:
Does NOT wipe actually. Maybe leave it to people with first hand experience to answer a question like this?
Sent from my Galaxy Nexus
Click to expand...
Click to collapse
I have 3 Play store Galaxy Nexus. They all wiped data when I unlocked bootloader. I think that's first hand experience. If it doesn't wipe the data, then that's a security risk.
Example: Just yesterday, I got tired of using CM9 and fastbooted the stock images without -w. I didn't want to go into recovery to wipe data and factory reset (because that just wipes data partition, not usb storage), so while in fastboot, I did fastboot oem lock then fastboot oem unlock. If it didn't wipe data, then my usb storage should've had a clockwordmod folder, music that I precache, and other various folders that were created from apps that were installed, and I wouldn't be introduced to the welcome screen upon bootup. Like I said, if it doesn't wipe data for you guys, then that's a security risk and you should be contacting Google. Because if you lose your phone, someone can oem unlock your phone and go through your data.
AcuraKidd said:
is this with the oem fastboot unlock method?
Click to expand...
Click to collapse
Yup.
DOHCtor said:
I have 3 Play store Galaxy Nexus. They all wiped data when I unlocked bootloader. I think that's first hand experience. If it doesn't wipe the data, then that's a security risk.
Example: Just yesterday, I got tired of using CM9 and fastbooted the stock images. I didn't want to go into recovery to wipe data and factory reset, so while in fastboot, I did fastboot oem lock then fastboot oem unlock. If it didn't wipe data, then my usb storage should've had a clockwordmod folder, music that I precache, and other various folders that were created from apps that were installed, and I wouldn't be introduced to the welcome screen upon bootup. Like I said, if it doesn't wipe data for you guys, then that's a security risk and you should be contacting Google. Because if you lose your phone, someone can oem unlock your phone and go through your data.
Click to expand...
Click to collapse
Well then your statement about "The USA version, as any other hspa+ version" is at least inaccurate. As you can see, many people's data did not wipe when they unlocked their bootloaders, so all phones/situations are not the same.
And I'm not really worried about someone unlocking my bootloader if I lose my phone - it's already unlocked If I had data that precious on my phone, I wouldn't root in the first place.
ragnarokx said:
Yup.
Well then your statement about "The USA version, as any other hspa+ version" is at least inaccurate. As you can see, many people's data did not wipe when they unlocked their bootloaders, so all phones/situations are not the same.
And I'm not really worried about someone unlocking my bootloader if I lose my phone - it's already unlocked If I had data that precious on my phone, I wouldn't root in the first place.
Click to expand...
Click to collapse
I was assuming that (maybe not the Docomo version) all GSM versions had the same hardware and if that's the case, then it's software related as to why your data's are not being wiped. Maybe the bootloader that came with the imm30d before it updated to imm76i doesn't wipe the data upon unlocking? Do me a favor, go into bootloader mode and tell me if your bootloader version is primela03.
I didn't get a chance to look at the bootloader versions when I received my Galaxy Nexus because I oem unlocked all three of them right away and fastbooted the latest takju images via flash-all.sh script on all of them just to avoid waiting for ota. I didn't want my dad and brother come to me and ask me "why is it telling me to update? What is it?"
DOHCtor said:
I was assuming that (maybe not the Docomo version) all GSM versions had the same hardware and if that's the case, then it's software related as to why your data's are not being wiped. Maybe the bootloader that came with the imm30d before it updated to imm76i doesn't wipe the data upon unlocking? Do me a favor, go into bootloader mode and tell me if your bootloader version is primela03.
I didn't get a chance to look at the bootloader versions when I received my Galaxy Nexus because I oem unlocked all three of them right away and fastbooted the latest takju images via flash-all.sh script on all of them just to avoid waiting for ota. I didn't want my dad and brother come to me and ask me "why is it telling me to update? What is it?"
Click to expand...
Click to collapse
Interesting. I did the OTA update before unlocking.
Sent from my Galaxy Nexus
Edit: you realize that flashing factory images will also wipe your device, right?
DOHCtor said:
The USA version, as any other hspa+ version, DOES wipe userdata when unlocking the bootloader.
Click to expand...
Click to collapse
Well sorry sir your wrong. At least I can say this for the first initial unlock and root using the Nexus tool kit. I have two of them and both of them did not wipe. When they booted up everything was the same as before I unlocked and rooted.
After reading some of the comments in the Tool Kit thread is is believed the USA version has a slightly different bootloader. Some think Google wanted to make it easier as they know people are going to root their phones.
There maybe other ways to unlock the bootloader which causes a wipe. But I can assure you using the tool kit doesn't.
I wont say that its not possible but I have read all the way through the play store gsm thread and not a single purchaser reported a wipe after unlock.
ragnarokx said:
Interesting. I did the OTA update before unlocking.
Sent from my Galaxy Nexus
Edit: you realize that flashing factory images will also wipe your device, right?
Click to expand...
Click to collapse
Yes, but after flashing the takju images for them, i loaded it up and did testing on the phone to make sure everything was okay. Afterwards, I would lock, unlock, and lock the bootloader again to wipe all data (including usb storage). How do I know it wipes? Because I am presented with the setup wizard again upon boot, and all the sample photos that I've taken to test the camera in the DCIM folder are gone.
Someone mention they unlocked bootloader and rooted with toolkit. For all those that did not have data wipe, which method did you guys use? I didn't use toolkit, I did it the old fashion way with setting up ADB. I'm use to doing that way since the G1 days.
edit: I'm not calling anyone a liars and this information about a no wipe bootloader unlock is all new to me. I'm just trying to find out why it's not wiping for some people...
DOHCtor said:
Yes, but after flashing the takju images for them, i loaded it up and did testing on the phone to make sure everything was okay. Afterwards, I would lock, unlock, and lock the bootloader again to wipe all data (including usb storage). How do I know it wipes? Because I am presented with the setup wizard again upon boot, and all the sample photos that I've taken to test the camera in the DCIM folder are gone.
Someone mention they unlocked bootloader and rooted with toolkit. For all those that did not have data wipe, which method did you guys use? I didn't use toolkit, I did it the old fashion way with setting up ADB. I'm use to doing that way since the G1 days.
edit: I'm not calling anyone a liars and this information about a no wipe bootloader unlock is all new to me. I'm just trying to find out why it's not wiping for some people...
Click to expand...
Click to collapse
So you have no way of knowing if your device was wiped the first time you unlocked, since you flashed factory images immediately afterwards. Could there be a difference between unlocking the first time and subsequent times? I wouldn't know because I only unlocked once.
Sent from my Galaxy Nexus
ragnarokx said:
So you have no way of knowing if your device was wiped the first time you unlocked, since you flashed factory images immediately afterwards. Could there be a difference between unlocking the first time and subsequent times? I wouldn't know because I only unlocked once.
Sent from my Galaxy Nexus
Click to expand...
Click to collapse
Then there's a possibility that all GSM Galaxy Nexus doesn't wipe the first bootloader unlock. Maybe people didn't take notice the first time they did it. Just a theory.
Can anyone that relocked and unlocked the bootloader chime in and let us know if it wiped their data?
Dohctor maybe our play store versions are later revisions idk? All I know is I also have two galaxy nexuses from play store and when unlocking boot loader it did not erase the data that I had on my phone all of my apps were still there also. Obviously play store nexuses do not wipe data upon unlockingand who knows why. Anyways I will make a video to show the non believers I have no problem doing that.... I also relocked and unlocked boot loader because I tried starting dead fresh to get google wallet to work again let's just say that if u do not wipe or reset data inside the app your beat so I thought locking boot loader and unrooting then reflashing stock image would help. It didn't .... secure element is beat on my one device. So I unlocked the "relocked" boot loader ( this is what it says when u relock it) anyways it told me it would wipe data I proceeded. Rooted again threw touch recovery on booted into recovery and there was my aokp backup waiting for me ... so unlocked relocked and unlocked again...no data loss. Pretty cool I think of it as if u have data on your phone that is that important do not root then! So it not wiping data doesn't bother me. ....all using toolkit btw
sarni84 said:
Dohctor maybe our play store versions are later revisions idk? All I know is I also have two galaxy nexuses from play store and when unlocking boot loader it did not erase the data that I had on my phone all of my apps were still there also. Obviously play store nexuses do not wipe data upon unlockingand who knows why. Anyways I will make a video to show the non believers I have no problem doing that.... I also relocked and unlocked boot loader because I tried starting dead fresh to get google wallet to work again let's just say that if u do not wipe or reset data inside the app your beat so I thought locking boot loader and unrooting then reflashing stock image would help. It didn't .... secure element is beat on my one device. So I unlocked the "relocked" boot loader ( this is what it says when u relock it) anyways it told me it would wipe data I proceeded. Rooted again threw touch recovery on booted into recovery and there was my aokp backup waiting for me ... so unlocked relocked and unlocked again...no data loss. Pretty cool I think of it as if u have data on your phone that is that important do not root then! So it not wiping data doesn't bother me. ....all using toolkit btw
Click to expand...
Click to collapse
Even if you don't root, people can get access to your data if it doesn't wipe upon unlocking the bootloader. For example; you lose or someone steals your phone and wants your data for some reason. You never unlocked or rooted your phone, it's bone stock. The thief will hook it up to his or her computer and unlock the bootloader and boot up clockwork recovery and pull all your data, including files and pictures in your usb storage (unless you enable encryption). I'm not paranoid, I telling you guys what's possible.
That sucks that relocking and unlocking the bootloader didn't wipe data for you. Don't have to make a video because I believe you. And about having a later version, that's not true. I ordered mines the first day Google made it available in the Play Store.
It sucks that Google Wallet still has that SE error. I always reset data within the app every time I switch roms. Glad my Wallet still works
I'm not a developer, just an enthusiast. Trying to understand if having an unlocked bootloader causes my device to be vulnerable to fastboot attacks? Or is my devices data still encrypted as long as i have a password? I know booting into my twrp recovery requires my password before decryption.. but can't they just fastboot boot a twrp image and gain access to my data somehow? or no? Can someone with knowledge explain?
If they have your phone in their hand yes it is a risk. They have access to all it's contents.
How hard is it to relock your bootloader? My bootloader is unlocked and my phone was rooted (i seem to have lost my root somehow maybe through an update). I am considering relocking my bootloader so that I can try Android Pay. Is this possible and is there a tutorial?
TolaSkamp said:
How hard is it to relock your bootloader? My bootloader is unlocked and my phone was rooted (i seem to have lost my root somehow maybe through an update). I am considering relocking my bootloader so that I can try Android Pay. Is this possible and is there a tutorial?
Click to expand...
Click to collapse
Of course there are tutorials, tons of them. One quick note, you should flash the latest factory image while you are unlocked to make sure everything is fully stock. No reason to save the data, just use flash-all, since relocking will wipe it all anyway. You could also just flash a kernel such as Elemental to access Android Pay.
bobby janow said:
Of course there are tutorials, tons of them. One quick note, you should flash the latest factory image while you are unlocked to make sure everything is fully stock. No reason to save the data, just use flash-all, since relocking will wipe it all anyway. You could also just flash a kernel such as Elemental to access Android Pay.
Click to expand...
Click to collapse
Thanks for the reply. I will probably just flash the Elemental kernel and leave the bootloader unlocked, thanks. I seem to have lost my root, would I need to be rooted. I really rather not have to wipe all my data.
TolaSkamp said:
Thanks for the reply. I will probably just flash the Elemental kernel and leave the bootloader unlocked, thanks. I seem to have lost my root, would I need to be rooted. I really rather not have to wipe all my data.
Click to expand...
Click to collapse
No need to be rooted. Just boot to twrp and flash the kernel. AP with then work I believe. Try it out, I'm locked so I can't say for sure but on my 5x it works.
Doesn't Android Device Manager (or something there of) have some protection against lost/stolen phones. I recall reading that once you have your Google account sync'ed to the phone, you will need your Google account password to restart the phone even after a factory reset.
robchow said:
Doesn't Android Device Manager (or something there of) have some protection against lost/stolen phones. I recall reading that once you have your Google account sync'ed to the phone, you will need your Google account password to restart the phone even after a factory reset.
Click to expand...
Click to collapse
This is easily bypassed. It will keep the honest people out, but with minimal effort someone could get past it.
Sent from my Pixel XL using Tapatalk
Here is the Android feature I was referring to about needing Google account's password:
Factory Reset Protection (FRP)
https://support.google.com/pixelphone/answer/6172890?hl=en
Am I correct that this statement "If you have Developer options turned on, you can also turn off device protection from your device's Settings app Settings. Tap Developer options and then OEM Unlocking" relates to bootloader unlock? As such, if unlocked bootloader then this FRP isn't active? Can FRP be turned on with unlocked bootloader?
superchilpil said:
This is easily bypassed. It will keep the honest people out, but with minimal effort someone could get past it.
Click to expand...
Click to collapse
Are you suggesting that FRP is easily bypassed?
I am concern about access to user data (pictures, videos, emails, app data, etc.) on my unlocked bootloader phone if phone is lost or stolen,. As I understand it, with the bootloader unlocked, one can install custom rom and thus bypass screen lock. Does this mean that with the new OS it can access the user data? Does phone being encrypted make a difference?
robchow said:
I am concern about access to user data (pictures, videos, emails, app data, etc.) on my unlocked bootloader phone if phone is lost or stolen,. As I understand it, with the bootloader unlocked, one can install custom rom and thus bypass screen lock. Does this mean that with the new OS it can access the user data? Does phone being encrypted make a difference?
Click to expand...
Click to collapse
If you don't need root lock it.
Sent from my Pixel using XDA-Developers Legacy app
robchow said:
I am concern about access to user data (pictures, videos, emails, app data, etc.) on my unlocked bootloader phone if phone is lost or stolen,. As I understand it, with the bootloader unlocked, one can install custom rom and thus bypass screen lock. Does this mean that with the new OS it can access the user data? Does phone being encrypted make a difference?
Click to expand...
Click to collapse
there is Android Device Manager to control phone remotely then you can erase it and keep your personal data safe.
:good:
robchow said:
I am concern about access to user data (pictures, videos, emails, app data, etc.) on my unlocked bootloader phone if phone is lost or stolen,. As I understand it, with the bootloader unlocked, one can install custom rom and thus bypass screen lock. Does this mean that with the new OS it can access the user data? Does phone being encrypted make a difference?
Click to expand...
Click to collapse
They would need to know your password to get into TWRP to decrypt the storage(assuming you're encrypted) They don't need to flash a custom rom to see your stuff, they can view it by connecting the phone to their computer and enable mtp mode in TWRP. If you are that concerned, you probably should lock your bootloader after making sure you are 100% stock.
I really dont see any reason for concern.
Say your phone has a password, but your bootloader is unlocked, here are the only things you can really do.....
A: Use fastboot to flash twrp. however, once they get into twrp, they will still need to know your password. And twrp will not allow
mtp or adb access until it is has decrypted.
B: Use fastboot to Flash a factory image. But once they boot the phone, it will ask for the email and password
of the original account that was on the phone, and all data will be gone.
C: Use fastboot to flash a factory image without the -w paramter. All data will still be there, and they really have gained nothing.
i dont see any real risk.
noidea24 said:
I really dont see any reason for concern.
Say your phone has a password, but your bootloader is unlocked, here are the only things you can really do.....
A: Use fastboot to flash twrp. however, once they get into twrp, they will still need to know your password. And twrp will not allow
mtp or adb access until it is has decrypted.
B: Use fastboot to Flash a factory image. But once they boot the phone, it will ask for the email and password
of the original account that was on the phone, and all data will be gone.
C: Use fastboot to flash a factory image without the -w paramter. All data will still be there, and they really have gained nothing.
i dont see any real risk.
Click to expand...
Click to collapse
No matter the path, if your data is intact they still need your pattern.
Thank you all for your input and knowledge dissemination on how a unlocked bootloader affect user data.
noidea24 said:
I really dont see any reason for concern.
Say your phone has a password, but your bootloader is unlocked, here are the only things you can really do.....
A: Use fastboot to flash twrp. however, once they get into twrp, they will still need to know your password. And twrp will not allow
mtp or adb access until it is has decrypted.
B: Use fastboot to Flash a factory image. But once they boot the phone, it will ask for the email and password
of the original account that was on the phone, and all data will be gone.
C: Use fastboot to flash a factory image without the -w paramter. All data will still be there, and they really have gained nothing.
i dont see any real risk.
Click to expand...
Click to collapse
Not using the -w parameter will keep the user data intact; understood, thank you. If that is the case, will the theft be able to access user data if user data partition is encrypted?
By removing -w even your lock screen will still be there, so no. No security concerns.
If you want it to be secure then lock your bootloader, otherwise it will be insecure. It's a trivial matter to someone knowledgeable to get into your files.
Sent from my Pixel XL using Tapatalk
superchilpil said:
If you want it to be secure then lock your bootloader, otherwise it will be insecure. It's a trivial matter to someone knowledgeable to get into your files.
Click to expand...
Click to collapse
I guess the question is how if they cannot decrypt the file system?
pcriz said:
I guess the question is how if they cannot decrypt the file system?
Click to expand...
Click to collapse
If the right person stole you're phone and wanted to waste the resources needed to decrypt the info, they could. Since it's possible, it's considered a security risk. Although let's be real. It's highly unlikely that it would ever happen. Unless you're some vip or something crazy like that.
toknitup420 said:
If the right person stole you're phone and wanted to waste the resources needed to decrypt the info, they could. Since it's possible, it's considered a security risk. Although let's be real. It's highly unlikely that it would ever happen. Unless you're some vip or something crazy like that.
Click to expand...
Click to collapse
In that case I doubt even a bootloader would matter.
pcriz said:
In that case I doubt even a bootloader would matter.
Click to expand...
Click to collapse
Yes it would. You can't access anything unless you factory reset. Then it's all gone, decrypting won't do a thing. Reset is a total wipe. Brand new device.
Sent from my Pixel using XDA-Developers Legacy app
bobby janow said:
Yes it would. You can't access anything unless you factory reset. Then it's all gone, decrypting won't do a thing. Reset is a total wipe. Brand new device.
Click to expand...
Click to collapse
I think you are missing the context of my statement. No information system is 100% impenetrable, so even with a bootloader if someone really really wanted in a system and had the means they can crack it. That's just general rule of security.
The other side of the discussion is how safe is the data. Well if you factory reset the data is plenty safe because it's wiped.
Seem what your statement is talking about is basically can someone use the phone they aquired, in that instance yes but that's also why we have insurance.
pcriz said:
I think you are missing the context of my statement. No information system is 100% impenetrable, so even with a bootloader if someone really really wanted in a system and had the means they can crack it. That's just general rule of security.
The other side of the discussion is how safe is the data. Well if you factory reset the data is plenty safe because it's wiped.
Seem what your statement is talking about is basically can someone use the phone they aquired, in that instance yes but that's also why we have insurance.
Click to expand...
Click to collapse
Well multiple things going on now. If data can be extracted from a locked bootloader device I'd like to see proof of concept. I'm not saying it can't be done.
By the time a person wiped the device you'd probably have the IMEI blacklisted so the device will be useless.
Sent from my Pixel using XDA-Developers Legacy app
bobby janow said:
Well multiple things going on now. If data can be extracted from a locked bootloader device I'd like to see proof of concept. I'm not saying it can't be done.
By the time a person wiped the device you'd probably have the IMEI blacklisted so the device will be useless.
Sent from my Pixel using XDA-Developers Legacy app
Click to expand...
Click to collapse
Data extracted from a bootloader locked device, data decrypted from an encrypted device, same argument when it comes to proof of concept.
Not to mention you realize bootloaders have been defeated before, its the whole reason bootloader bounties exist. Frankly given some of the exploits that have gotten around bootloaders, it seems in some cases defeating a boot loader would be easier than decrypting.
Every google bootloader probably has the same signed key (in relation to BL version)
pcriz said:
Data extracted from a bootloader locked device, data decrypted from an encrypted device, same argument when it comes to proof of concept.
Not to mention you realize bootloaders have been defeated before, its the whole reason bootloader bounties exist. Frankly given some of the exploits that have gotten around bootloaders, it seems in some cases defeating a boot loader would be easier than decrypting.
Every google bootloader probably has the same signed key (in relation to BL version)
Click to expand...
Click to collapse
Is it really the same thing or proof of concept? How do you extract data from a locked bootloader device even pre-decryption? Whereas if you have encrypted data then decrypting is a matter being able to hack that encryption algorithm. I see that as two distinct operations.
If you mean defeating bootloaders so you can unlock, I'm not arguing that point at all although if you recall the Samsung S4 could not be unlocked after the first firmware update no matter how much they tried. I think they were able to get around it by some other method but the bootloader was never unlocked again. (btw I have the original S4 still unlocked and never updated the firmware) The Verizon bootloader is not unlockable either on their OEM device. I'm not sure if it's possible but no one is even working on it afaik. But I digress. Even if you manage to unlock the Pixel VZW bootloader or any locked bootloader for that matter, the device is wiped clean on the unlock. So there is no data to decrypt thus making accessing it moot as far as compromising your data.
That is why I keep the bootloader locked and the oem switch off. (On my 5x since my VZW oem switch is grayed out) With a start-up pin and ADM at the ready in case it's lost I feel pretty safe storing my data on the device. Pretty safe, not perfectly safe.
bobby janow said:
Is it really the same thing or proof of concept? How do you extract data from a locked bootloader device even pre-decryption? Whereas if you have encrypted data then decrypting is a matter being able to hack that encryption algorithm. I see that as two distinct operations. )
Click to expand...
Click to collapse
You don't simply "hack an encryption algorithm", you can hypothetically "hack" or exploit a BL. That's not how it works when are you using randomly generated keys tied to the unlock method. Essentially you would need their unlock method and how it translates into the keys generated on the device.
You ask for a proof of concept, the concept of bootloader broken has been proven time and time again.
I'm still looking for am instance where a BL unlocked device has been stripped of it information and decrypted so it can be read by another device.
You could also lock your device away in a safe and it would be safer than any device created but you lose certain experiences.
Essentially your implication as I read it is this guy wide open for his data to be stolen if his bootloader is unlocked and encryption provides no protection.
pcriz said:
You ask for a proof of concept, the concept of bootloader broken has been proven time and time again.
Click to expand...
Click to collapse
No that's not what I was saying or asking. I know a bootloader can be broken and unlocked, I've seen that. The concept I was referring to was unlocking a bootloader with OEM unlock turned off and then, after unlocking it, accessing the data that was there before the unlock. That to me is the security of a locked bootloader.
pcriz said:
I'm still looking for am instance where a BL unlocked device has been stripped of it information and decrypted so it can be read by another device.
Click to expand...
Click to collapse
That would be interesting to me as well.
pcriz said:
You could also lock your device away in a safe and it would be safer than any device created but you lose certain experiences.
Click to expand...
Click to collapse
Be great on battery life too.
pcriz said:
Essentially your implication as I read it is this guy wide open for his data to be stolen if his bootloader is unlocked and encryption provides no protection.
Click to expand...
Click to collapse
Well not really. If the bootloader is unlocked then the security is compromised as far as I'm concerned. You can flash a new rom without wiping data and I'd say that would be an easy target. You'd still need to decrypt but the challenge would be multiples of easier.
But one thing I'm not entirely clear on since I'm not unlocked or rooted. Someone mentioned that you couldn't log into the phone if you don't have the proper account credentials. How exactly does that work? On my 5x I can wipe the system but keep the data intact and have full access. What am I missing?
bobby janow said:
But one thing I'm not entirely clear on since I'm not unlocked or rooted. Someone mentioned that you couldn't log into the phone if you don't have the proper account credentials. How exactly does that work? On my 5x I can wipe the system but keep the data intact and have full access. What am I missing?
Click to expand...
Click to collapse
Hello,
Do you have OEM unlock enabled?
I have an unlocked bootloader and i usually leave OEM unlock enabled. This way, when i wipe clean and want to test some features or modifications, i simply reinstall and can skip the setup part.
If OEM unlock is disabled, you'll have to add the same account used before the phone has been wiped.
Is that what you were referring to?
Cheers...
If you have no plans to root the phone is there any reason to unlock the bootloader?
It would probably break Safety net and Android pay. BUT if you're unlocked, you have ability to flash factory images. That could be beneficial something goes really bad and your device won't boot up. You're also less secure with it unlocked.
Sent from my marlin using XDA Labs
You can always lock and unlock the bootloader when you want.
I would say you should at least have the option checked on in the Developer settings.
So just in case something happened and you can't fully boot the phone. you can still get into it and unlock the bootloader and do what you need to do.
This happened to a friend of mine where something happened and couldn't fully boot and couldn't unlock bootloader cause the option was never checked.
I don't believe the unlock option stays enabled after it boots up.
I would argue why WOULDN'T you unlock the bootloader? Regardless of rooting, an unlocked bootloader is a safety net for when things go south. Phone decides to bootloop tomorrow? No big deal, flash the latest images via fastboot and start from scratch.
Sure there's the counter argument of the phone being much less secure and vulnerable in the hands of a person who is tech savvy and stole/found your device. I'm not worried about my phone being stolen so I ALWAYS unlock my bootloader.
Pain-N-Panic said:
I would argue why WOULDN'T you unlock the bootloader? Regardless of rooting, an unlocked bootloader is a safety net for when things go south. Phone decides to bootloop tomorrow? No big deal, flash the latest images via fastboot and start from scratch.
Sure there's the counter argument of the phone being much less secure and vulnerable in the hands of a person who is tech savvy and stole/found your device. I'm not worried about my phone being stolen so I ALWAYS unlock my bootloader.
Click to expand...
Click to collapse
or just flash the full OTA image without an unlocked bootloader.
mngdew said:
You can always lock and unlock the bootloader when you want.
Click to expand...
Click to collapse
Does re-locking the bootloader wipe the phone?
foosion said:
Does re-locking the bootloader wipe the phone?
Click to expand...
Click to collapse
Yes, it does. That's why you should unlock or lock the bootloader when flashing factory images.
mngdew said:
Yes, it does.
Click to expand...
Click to collapse
Thanks
mngdew said:
That's why you should unlock or lock the bootloader when flashing factory images.
Click to expand...
Click to collapse
I don't understand what you mean by this.
You have to unlock the bootloader to flash a factory image and you can eliminate the w flag so that flashing the factory image won't wipe the phone.
uicnren said:
or just flash the full OTA image without an unlocked bootloader.
Click to expand...
Click to collapse
Very true. If the phone goes into booploop due to a bad zip or whatever other reason you have a bricked device with no options to recover.
It's healthy for me to unlock my Bootloader ASAP on XDA!
Unlocking the bootloader was always the very first thing I did when I got a new phone. However, I use Android Pay all the time, and Google seems very determined to break AP for unlocked bootloaders with every new patch. Sure, someone usually finds a way to get it working again, but that sometimes takes time, and I simply use AP too much to deal with it. As long as AP won't work officially with an unlocked bootloader, mine stays locked unless I'm flashing an image, and even then, gets locked right after. Luckily, OTAs are posted by Google now, often at the same time as the Factory Images, so it hasn't really been an issue for me.
akenis said:
It would probably break Safety net and Android pay. BUT if you're unlocked, you have ability to flash factory images. That could be beneficial something goes really bad and your device won't boot up. You're also less secure with it unlocked.
Sent from my marlin using XDA Labs
Click to expand...
Click to collapse
Thank you what actually is compromised when phone is unlocked?
uicnren said:
or just flash the full OTA image without an unlocked bootloader.
Click to expand...
Click to collapse
How can you flash with a locked bootloader?
painfree said:
Thank you what actually is compromised when phone is unlocked?
Click to expand...
Click to collapse
Data?
https://www.google.com/amp/s/www.ho...unlocking-your-android-phones-bootloader/amp/
Sent from my marlin using XDA Labs
painfree said:
If you have no plans to root the phone is there any reason to unlock the bootloader?
Click to expand...
Click to collapse
If you ever contemplate going onto the Verizon network, when you first boot up after placing VZN sim into the phone,
the ability to ever unlock again is eliminated. You could relock it, but it will have the Unlock option in Developer
Option greyed out forever after that. I would unlock it maybe because of Verizon thing, but also to be able to flash factory a image in case I ever mess up the phone.
michaelbsheldon said:
If you ever contemplate going onto the Verizon network, when you first boot up after placing VZN sim into the phone,
the ability to ever unlock again is eliminated. You could relock it, but it will have the Unlock option in Developer
Option greyed out forever after that. I would unlock it maybe because of Verizon thing, but also to be able to flash factory a image in case I ever mess up the phone.
Click to expand...
Click to collapse
As long as you have the Google version it should never grey out on you at least that's how it was with the first pixels. I have Verizon I've never had it grey out.
jt3 said:
Unlocking the bootloader was always the very first thing I did when I got a new phone. However, I use Android Pay all the time, and Google seems very determined to break AP for unlocked bootloaders with every new patch. Sure, someone usually finds a way to get it working again, but that sometimes takes time, and I simply use AP too much to deal with it. As long as AP won't work officially with an unlocked bootloader, mine stays locked unless I'm flashing an image, and even then, gets locked right after. Luckily, OTAs are posted by Google now, often at the same time as the Factory Images, so it hasn't really been an issue for me.
Click to expand...
Click to collapse
This. Android Pay is pretty convenient and I always told myself I didn't need it compared to unlock+root. Wish Google would allow AP with unlocked bootloader but I can understand why they don't from a security standpoint.
Sent from my Pixel 2 XL using Tapatalk
foosion said:
Thanks
I don't understand what you mean by this.
You have to unlock the bootloader to flash a factory image and you can eliminate the w flag so that flashing the factory image won't wipe the phone.
Click to expand...
Click to collapse
When you unlock the bootloader, phone is wiped automatically.
Hi all,
Have things changed recently or is generally rooting expected to wipe the data on the phone in the process?
I need to backup appdata from the phone that is not currently rooted (from what I can gather I need to unlock bootloader too) so it sounds like the impossible task as I would wipe the data I am after in the process.
Or have I got my wires crossed somewhere?
Thanks
It's usually unlocking the bootloader, not rooting, that wipes the phone.
Telyx said:
It's usually unlocking the bootloader, not rooting, that wipes the phone.
Click to expand...
Click to collapse
Thanks Telyx, any idea if Z3+ could be rooted without unlocking bootloader? I had a mixed bag on this.