People here are also missing one part of the android security model. Yes, you can overwrite the system partition arbitrarily while leaving the data partition intact with an unlocked bootloader, that’s how updates work.
However, the moment you make any changes to that system partition it won’t match the developers signature and the apps on the system will throw an absolute fit. Look into building your own lineage ROM and flashing it over an official build, it’s an entire process that requires your data partition to be unlocked (ie. phone booted and pin entered) to keep your data, even without making changes.
Realistically it isn’t insecure, if you set a passcode your data is encrypted and if someone mitm attacks your rom you will immediately notice stuff breaking all over the place.
The whole bootloader locking is purely vendors trying to force you to buy new phones every few years instead of the user backporting security patches indefinitely, not any practical security for the end user.
No, because that’s not how the matching works. Stuff in your data partition, as well as app data, is signed with those keys and hashed to the device. All of those bits do that hash on their own, and they all have to match up. When you change the main system partition then it’s signature has to match with the one generated when you set up your phone initially in the data partition.
Basically you have to have access to the data partition to disable the checks or change the signature, which needs your pin/passcode/fingerprint, and if you have that you don’t even need the phone, you dump the data partition and unlock it in an emulated android environment and exfiltrate data from there as if it was the original phone.
I also want to reiterate: A locked bootloader does not stop anyone from dumping your phone, emulating it, and brute forcing it, completely bypassing any rate-limiting on password attempts. By the time a bootloader lock even comes into play you can consider your phone completely compromised.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.
6. Memes are not allowed to be posts, but are allowed in the comments.
7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.
8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.
People here are also missing one part of the android security model. Yes, you can overwrite the system partition arbitrarily while leaving the data partition intact with an unlocked bootloader, that’s how updates work.
However, the moment you make any changes to that system partition it won’t match the developers signature and the apps on the system will throw an absolute fit. Look into building your own lineage ROM and flashing it over an official build, it’s an entire process that requires your data partition to be unlocked (ie. phone booted and pin entered) to keep your data, even without making changes.
Realistically it isn’t insecure, if you set a passcode your data is encrypted and if someone mitm attacks your rom you will immediately notice stuff breaking all over the place.
The whole bootloader locking is purely vendors trying to force you to buy new phones every few years instead of the user backporting security patches indefinitely, not any practical security for the end user.
Couldn’t an attacker just make an OS image that tells the system to disregard any signature mismatch?
No, because that’s not how the matching works. Stuff in your data partition, as well as app data, is signed with those keys and hashed to the device. All of those bits do that hash on their own, and they all have to match up. When you change the main system partition then it’s signature has to match with the one generated when you set up your phone initially in the data partition.
Basically you have to have access to the data partition to disable the checks or change the signature, which needs your pin/passcode/fingerprint, and if you have that you don’t even need the phone, you dump the data partition and unlock it in an emulated android environment and exfiltrate data from there as if it was the original phone.
I also want to reiterate: A locked bootloader does not stop anyone from dumping your phone, emulating it, and brute forcing it, completely bypassing any rate-limiting on password attempts. By the time a bootloader lock even comes into play you can consider your phone completely compromised.