Related
I have seen quite of few people screw up their devices by not knowing what they are doing. So I am making this thread to simply tell people not familiar with fastboot what they should and should not do.
1. Fastboot oem unlock will unlock your bootloader and do a complete wipe of your device. As far as I know the only way for something to go wrong here is if you're device is low on battery and shuts off during the process. Either plug it in or have a "good" amount of juice left in your battery. To be 100 percent sure plug it in.
Before I get into oem lock IMHO you should only use this command for one thing only. Getting the device ready to send into motorola for the LGT upgrade or a another warranty repair or some sort. When done properly it is completely safe but there is no reason to do to go back to "stock".
2. Fastboot oem lock. Do not issue this command unless you are absolutely sure you have the correct software on your device. The correct software is what you get from the motodev site for your device. You need the official sofware images for your specific device AND REGION. If it is not released then DO NOT re-lock the device. If you have a OTA installed you will need to flash back to the motodev images first.
All this info is all ready on the forums in various threads already but I wanted to put in one place since I noticed quite a few users botch up the devices trying to update to 3.1 The last thing we need are a bunch of people bricking the devices and sending them in moto. I suspect if enough people do it they will end up changing their minds on the entire encrypted bootloader situation.
I know you have to unlock to flash "non-stock" images, but do you have to unlock if you are only going to flash the "stock" motodev images?
If I am currently just unlocked, not rooted do I need to lock in order to get the 3.1 update?
ccogan said:
If I am currently just unlocked, not rooted do I need to lock in order to get the 3.1 update?
Click to expand...
Click to collapse
NO. the update only checks for stock files, not lock or unlock.
Blaisun said:
I know you have to unlock to flash "non-stock" images, but do you have to unlock if you are only going to flash the "stock" motodev images?
Click to expand...
Click to collapse
before you can flash anything you will need to unlock the bootloader.
how to lock the bootloader????
albundy2010 said:
I have seen quite of few people screw up their devices by not knowing what they are doing. So I am making this thread to simply tell people not familiar with fastboot what they should and should not do.
1. Fastboot oem unlock will unlock your bootloader and do a complete wipe of your device. As far as I know the only way for something to go wrong here is if you're device is low on battery and shuts off during the process. Either plug it in or have a "good" amount of juice left in your battery. To be 100 percent sure plug it in.
Before I get into oem lock IMHO you should only use this command for one thing only. Getting the device ready to send into motorola for the LGT upgrade or a another warranty repair or some sort. When done properly it is completely safe but there is no reason to do to go back to "stock".
2. Fastboot oem lock. Do not issue this command unless you are absolutely sure you have the correct software on your device. The correct software is what you get from the motodev site for your device. You need the official sofware images for your specific device AND REGION. If it is not released then DO NOT re-lock the device. If you have a OTA installed you will need to flash back to the motodev images first.
All this info is all ready on the forums in various threads already but I wanted to put in one place since I noticed quite a few users botch up the devices trying to update to 3.1 The last thing we need are a bunch of people bricking the devices and sending them in moto. I suspect if enough people do it they will end up changing their minds on the entire encrypted bootloader situation.
Click to expand...
Click to collapse
Question for you, how do I go about entering this command? My knowledge is basic. I have unrooted, restocked a Nexus 7. Trying to do oem lock without being able to use the screen. Cannot enable USB debugging because the screen is nonoperational. Any advice?
Hi,
Running an unlocked bootloader is quite risky assuming someone has physical access to your phone.
It's extremely easy simply to put it into fastboot mode, flash a recovery (cwm/twrp) and then adb will provide root access to all data.
This is mitigated by encrypting the device, however, I haven't been successful in doing this (http://forum.xda-developers.com/showthread.php?p=48848592) on this particular phone although it works without any issues on nexus phones.
For the people with unlocked bootloaders, do you simply don't care about someone getting physical access or is there anything that can be done?
Also, did someone manage to successfully encrypt the phone (using the standard settings -> security -> encrypt phone) or is everyone running unencrypted?
Having a remote wipe capability is next to useless assuming the thief will power off the phone immediately (before you have a chance to issue the remote wipe).
An unlocked bootloader is mandatory for running Cyanogenmod so that's that.
Thank you.
A thief (if he had the knowledge or the inclination), could steal a locked bootloader phone (without encryption) and simply flash an ftf and untick "wipe data". He would then have full access to the data on the phone by rooting and flashing a recovery for LB. So locked bootloader is cold comfort really
Sent from my C6603 using xda app-developers app
i think the best to happen is to have passwords , when entering fastboot or flashtool , a password should pop up to access the fastboot or flash tool connection , and when entering recovery , a password should also pop up , it is so much secure to get these , but i think it is so hard to make it work or even impossible
You're right, a locked bootloader is indeed a false security.
At the end, encryption is needed but on this phone, it doesn't seem to work and no one tried using it apart from me...
I have my BL locked and I ensure that USB debugging is off, seeing as most rooting solutions required USB debugging I should be good for the average criminal. So the only way to have access to my data...(obviously SD card is immediately compromised with physical access) would be to guess my unlock code. Otherwise, a full wipe of the phone would be required for it to be usable but that should delete all my accounts off the device.
(At least this is what I tell myself to sleep better at night lol)
SmallsXD said:
I have my BL locked and I ensure that USB debugging is off, seeing as most rooting solutions required USB debugging I should be good for the average criminal. So the only way to have access to my data...(obviously SD card is immediately compromised with physical access) would be to guess my unlock code. Otherwise, a full wipe of the phone would be required for it to be usable but that should delete all my accounts off the device.
(At least this is what I tell myself to sleep better at night lol)
Click to expand...
Click to collapse
Getting all your data is as trivial as flashing a custom recovery for locked bootloaders which will provide direct root access.
It probably takes less than a few minutes.
Like they say, there's nothing more dangerous than the sense of false security.
Its not just having a Locked bootloader but also having USB Debugging off, 3rd Party App installs off as that alone would dramatically reduce the number of compatible tools to achieve root access to your device. As far as I know you have to be rooted in most cases to install custom recoveries or at least that is what most instructions say. Remember security is hardly ever a complete solution, its about making it not worth the effort.
For the average person/criminal it is not worth their time to access my data as it is actually worthless to them, As I said the SD card is already taken as soon.
My antitheft software will be lingering with a Data Wipe command, I would have changed the account information stored, I never stored Billing information. So my risk level is very low and not worth any more effort on my end.
As stated, Im speaking from a personal perspective and not a "best practice" one.
The real problem is we like to unlock everything and tick every security risk option and then complain when things get patched that make our device more secure, like all the root exploits.
BL unlocked - Any compilable kernel can now run
USB Debugging - Access from PC's to send commands to your device
Installs from unknown sources - Allows installations of root apps and other apps
All things we need set to do some great things with our devices but how many of us actually look back at these setting once we enable them. It is the equivalent to taking off a door to get the fancy new furniture inside but never putting it back on when we are done.
elias234 said:
i think the best to happen is to have passwords , when entering fastboot or flashtool , a password should pop up to access the fastboot or flash tool connection , and when entering recovery , a password should also pop up , it is so much secure to get these , but i think it is so hard to make it work or even impossible
Click to expand...
Click to collapse
Suppose i have encrypted my device, i.e., it asks for password before booting up...
Q1 So, is it still possible to access the fastboot or recovery mode? Will entering the recovery or fastboot mode would require the password?
Q2 If no, how can i prevent access to fastboot and recovery mode with an unlocked bootloader?
While I am an advocate for device customization and modifications, I also believe there is an inherent need for locked bootloaders. When we unlock a BL and leave it that way so we can run custom ROMs, root etc, we sacrafice the security it provides allowing our devices to be tampered with or redistributed after a theft. I've seen the PSA advising people not relock their bootloaders on anything except stock. That is entirely true for Verizon and EE pixels that were never intended to be unlocked in first place. However I believe its entirely possible to boot properly self signed images on unlockable devices after re-locking.
Now, I'm not saying we should go around re-locking bootloaders with custom firmware installed there's a process. I've done a bit of reading on verified boot. I am interested in utilizing the "YELLOW STATE" so we can run self signed boot images using an "embedded certificate" along with dm-verity disabled. The problem is how can we self sign our boot images allowing boot to continue without compiling from source?
https://source.android.com/security/verifiedboot/verified-boot.html
https://mjg59.dreamwidth.org/31765.html
I found some information & maybe a more experienced DEV can shed some light on if its possible with our Pixel devices. That's really the goal of this thread, to start a discussion which I think is extremely important & hopefully turn into a guide or tool. We shouldn't completely sacrafice security to utilize root or custom ROMs. On my N5X I have a locked bootloader and modified boot/system with Allow OEM unlock disabled. Difference with our Pixels and Nougat BLs is verified boot is strictly enforced.
Please excuse me if this thread seems jumbled or all over the place. I really do want help with this idea tho to help inform and keep us secure. Any input is appreciated.
Well if anybody is interested in re-locking their boot loader with a custom ROM and kernel in place I basically figured out how
Refer to this post
If anybody plans to attempt this and has ANY questions or concerns regarding re-locking their bootloaders in a custom state please don't hesitate to post here. I successfully re-locked my bootloader with custom ROM and Kernel. I also modified TWRP in my kernel to only start via locked down adb with key access. This allows my pixel to be highly secure and still recoverable. Might start a new post highlighting my proceedures and research on this subject.
I still wouldn't do this. What's the point? You will still pass safety net with custom kernel.
As for security you, your device still needs to be decrypted to use TWRP. It should still be as secure. I guess someone can wipe your device if they get ahold of it but that's not really a security risk.
Risk is still huge locking your device with a custom OS.
Sent from my Pixel using Tapatalk
milan187 said:
I still wouldn't do this. What's the point? You will still pass safety net with custom kernel.
As for security you, your device still needs to be decrypted to use TWRP. It should still be as secure. I guess someone can wipe your device if they get ahold of it but that's not really a security risk.
Risk is still huge locking your device with a custom OS.
Sent from my Pixel using Tapatalk
Click to expand...
Click to collapse
It has nothing to do with passing safety net. TWRP can only access the data after the pin is input, true, but leaving a device with an unlocked boot loader leaves the ability to flash modified boot images (a huge attack vector). This is to keep your device yours if it falls into a theives hands. You can not have device protection features on a unlocked Allow OEM unlock device. You're right there is risk but being careful can alleviate the risk. I do this because I want my phone to be a trackable paper weight if somebody takes it. I have established my own chain of trust outside of googles. I have even modified my TWRP side of boot.img to only start with my PC using adb-keys.
Which risk is greater. The risk of losing an unlocked device and it falling into the hands of someone that knows what to do or bricking it relocking it.
I vote the latter.
Its not re-locking that bricks... Its disabling the allow OEM unlock in dev options & screwing with stuff afterwards that may cause a bootloop. As long as you have a signed boot image in place with TWRP or stock recovery that uses your own keys the risk is minimal.
Simple rule... With a locked boot loader on a device where verification is strictly enforced always leave that option ticked if modifying anything.
I'm sorry but people are misinformed. Locking the boot loader doesn't brick if you have a custom ROM in place any more than a stock ROM. Its screwing with things or using a poorly dev'd ROM. If you are like me and can set something up the way you like once and not screw with it you'll be fine. If you do wanna screw with something remember to check allow OEM unlock in dev opts. Don't uncheck until you're 100% sure. It really is that simple.
If you are leaving the toggle open what have you accomplished when it gets stolen? They just issue the fastboot command to unlock it. Yea, it wipes data at that point. But I honestly can't think of anything on my phone that is confidential.
When I'm out n about and using my phone normally (i.e. not modding, flashing etc) I put the toggle to off. If I'm planning on changing anything I toggle it back on & if something causes a bootloop (most probably user error) I can recover. I don't think most people who steal phones care about data either but I keep a lot of keys, passwords etc to networks in my devices storage. I admit its not for everybody, just a way to be more secure and protect a $700+ investment. My phones bootloader isn't just locked, its locked with a persistent root ssh backdoor integrated into system so I can maintain control in the event.
want to re-lock my boot loader ?
Geofferey said:
Well if anybody is interested in re-locking their boot loader with a custom ROM and kernel in place I basically figured out how
Refer to this post
If anybody plans to attempt this and has ANY questions or concerns regarding re-locking their bootloaders in a custom state please don't hesitate to post here. I successfully re-locked my bootloader with custom ROM and Kernel. I also modified TWRP in my kernel to only start via locked down adb with key access. This allows my pixel to be highly secure and still recoverable. Might start a new post highlighting my proceedures and research on this subject.
Click to expand...
Click to collapse
hey,
I as well as plenty of others thought I was clever unlocking it as I mainly wanted to unlock it from EE UK network , its not been touched since ,no custom rooms or root but after reading people are trying to Re-lock it and getting bricked im too scared too try lol its only phone ive got ? Appreciate any help please x
---------- Post added at 10:57 AM ---------- Previous post was at 10:21 AM ----------
sally76 said:
hey,
I as well as plenty of others thought I was clever unlocking it as I mainly wanted to unlock it from EE UK network , its not been touched since ,no custom rooms or root but after reading people are trying to Re-lock it and getting bricked im too scared too try lol its only phone ive got ? Appreciate any help please x
Click to expand...
Click to collapse
Sorry Duhhhh !! Custom u said lol
Geofferey said:
Well if anybody is interested in re-locking their boot loader with a custom ROM and kernel in place I basically figured out how
Refer to this post
If anybody plans to attempt this and has ANY questions or concerns regarding re-locking their bootloaders in a custom state please don't hesitate to post here. I successfully re-locked my bootloader with custom ROM and Kernel. I also modified TWRP in my kernel to only start via locked down adb with key access. This allows my pixel to be highly secure and still recoverable. Might start a new post highlighting my proceedures and research on this subject.
Click to expand...
Click to collapse
Geofferey, Do you happen to know if these commands are still right with LOS 17.1 / Android 10?
(Or does anyone else know?)
PS: Sorry everyone for pumping such an old thread
nullstring2 said:
Geofferey, Do you happen to know if these commands are still right with LOS 17.1 / Android 10
Click to expand...
Click to collapse
Unfortunately no. Now there is avbtool and the process is actually a bit more complicated. Somebody wrote a guide on how to use it externally for another device but I couldn't even follow. I actually find it easier to get the sources for whatever ROM it is I'm trying to sign and set the signing params in config before build.
Here is the guy who did it usually avbtool externally
https://forum.hovatek.com/thread-32664.html
Many instructions here
https://android.googlesource.com/platform/external/avb/+/master/README.md
Geofferey said:
...but I couldn't even follow. /QUOTE]
Well, thats an intimidating introduction, but I'll take look.
That guide appears to be talking about mediatek CPUs which makes it a little confusing.
Any hint on how to get the vbmeta signing key for the google pixel?
Click to expand...
Click to collapse
nullstring2 said:
Any hint on how to get the vbmeta signing key for the google pixel?
Click to expand...
Click to collapse
If you mean how to make your own key to perform signing then
Code:
openssl genrsa -des3 -out avb.pem 2048
If you're asking how to get the same key that Google used to sign vbmeta, it ain't ever gonna happen.
Geofferey said:
Well if anybody is interested in re-locking their boot loader with a custom ROM and kernel in place I basically figured out how
Refer to this post
If anybody plans to attempt this and has ANY questions or concerns regarding re-locking their bootloaders in a custom state please don't hesitate to post here. I successfully re-locked my bootloader with custom ROM and Kernel. I also modified TWRP in my kernel to only start via locked down adb with key access. This allows my pixel to be highly secure and still recoverable. Might start a new post highlighting my proceedures and research on this subject.
Click to expand...
Click to collapse
Is there ANY way to do this on Xperias or LGs?
Geofferey said:
It has nothing to do with passing safety net. TWRP can only access the data after the pin is input, true, but leaving a device with an unlocked boot loader leaves the ability to flash modified boot images (a huge attack vector). This is to keep your device yours if it falls into a theives hands. You can not have device protection features on a unlocked Allow OEM unlock device. You're right there is risk but being careful can alleviate the risk. I do this because I want my phone to be a trackable paper weight if somebody takes it. I have established my own chain of trust outside of googles. I have even modified my TWRP side of boot.img to only start with my PC using adb-keys.
Click to expand...
Click to collapse
It has ALL to do with safetynet/play integrity.
I wouldn't care to leave my bootloader unlocked otherwise.
But I want a rom that passes all security standards without "tricks".
*I know this must have been answered before, I am sorry for playing the newbie, but I couldn't find this anywhere.
I need to know exactly what is at stake for rooting my device, what would I lose access to, and what not.
I've read somewhere that you lose DRM or something like that, is that meaning I will not be able to watch Netflix download and go, or Google Play Music, etc? what does it means?
LionLorena said:
*I know this must have been answered before, I am sorry for playing the newbie, but I couldn't find this anywhere.
I need to know exactly what is at stake for rooting my device, what would I lose access to, and what not.
I've read somewhere that you lose DRM or something like that, is that meaning I will not be able to watch Netflix download and go, or Google Play Music, etc? what does it means?
Click to expand...
Click to collapse
You will lose your warranty because you have to unlock your bootloader but if anything goes wrong you can always relock your bootloader and take your phone to a service center and claim your warranty they don't even check it in most cases other than that everything works fine
Sent from my Moto G4 Plus using Tapatalk
prajwal2001 said:
You will lose your warranty because you have to unlock your bootloader but if anything goes wrong you can always relock your bootloader and take your phone to a service center and claim your warranty they don't even check it in most cases other than that everything works fine
Sent from my Moto G4 Plus using Tapatalk
Click to expand...
Click to collapse
And apart from that, do I lose anything else?
Some guy said I would lose access to that extra anti theft security from Google that works kinda like iCloud, is it true?
LionLorena said:
And apart from that, do I lose anything else?
Some guy said I would lose access to that extra anti theft security from Google that works kinda like iCloud, is it true?
Click to expand...
Click to collapse
Nothing else only warranty
Sent from my Moto G4 Plus using Tapatalk
LionLorena said:
And apart from that, do I lose anything else?
Some guy said I would lose access to that extra anti theft security from Google that works kinda like iCloud, is it true?
Click to expand...
Click to collapse
Provided you're still on the stock ROM, I don't think rooting affects your anti-theft protection (I recall it's called Factory Reset Protection?). Even if you've enabled OEM unlocking in Developer Options, someone resetting your phone would still need your Google credentials to use the device. Also, if you're logged into your device at the time, you could still locate and wipe your phone via Android Device Manager.
Of course, with an unlocked bootloader and custom recovery (as is generally required to root), someone could still flash a custom ROM and bypass those protections and, also, could in theory still access your data. (but only if they have physical access to your device)
As for DRM, I'm not sure but some apps have been/are now detecting the presence of root and will refuse to work (Snapchat, Pokemon Go, some banking apps come to mind) or for other devices, Android Pay and other security dependent features may not work. I recall magisk, a root manager, does have the ability to mask root from those apps, as well as pass SafetyNet, which is Google's security/anti-tamper detection. Your experience may vary. However, some apps require root access to function properly (e.g. kernel managers, battery monitors) just as to how they function, it's entirely up to you if you see yourself using those rooted apps on a regular enough basis. The root managers available (e.g. SuperSU, magisk) are supported and work well, just ensure you're using the latest versions, and if you're on stock Nougat, to flash a custom kernel prior to rooting (since the stock kernel won't permit modifications, if I recall).
Overall, in my view, you're trading security and warranty (as mentioned by prajwal2001) for convenience/flexibility by rooting - the flexibility alone to flash what you wish is what interested me in rooting my device, if anyone else has any other comments, feel free to add.
echo92 said:
Provided you're still on the stock ROM, rooting shouldn't disable your anti-theft protection (which I recall is Factory Reset Protection). Even if you've enabled OEM unlocking in Developer Options, someone resetting your phone would still need your Google credentials to use the device. Of course, with an unlocked bootloader and custom recovery (as is generally required to root), someone could still flash a custom ROM and bypass those protections and, also, could in theory still access your data. (but only if they have physical access to your device)
As for DRM, I'm not sure but some apps have been/are now detecting the presence of root and will refuse to work (Snapchat, Pokemon Go, some banking apps come to mind) or for other devices, Android Pay and other security dependent features may not work. I recall magisk, a root manager, does have the ability to mask root from those apps, as well as pass SafetyNet, which is Google's security/anti-tamper detection. Your experience may vary. However, some apps require root access to function properly (e.g. kernel managers, battery monitors) just as to how they function, it's entirely up to you if you see yourself using those rooted apps on a regular enough basis. The root managers available (e.g. SuperSU, magisk) are supported and work well, just ensure you're using the latest versions, and if you're on stock Nougat, to flash a custom kernel prior to rooting (since the stock kernel won't permit modifications, if I recall).
Overall, in my view, you're trading security and warranty (as mentioned by prajwal2001) for convenience/flexibility by rooting - the flexibility alone to flash what you wish is what interested me in rooting my device, if anyone else has any other comments, feel free to add.
Click to expand...
Click to collapse
Hm I see.
That's a pretty big downside
I guess I will pass root for now, I was only wanting to do to use the ADB via USB OTG and boot disk creator.
Thanks everyone for all the information!
LionLorena said:
Hm I see.
That's a pretty big downside
I guess I will pass root for now, I was only wanting to do to use the ADB via USB OTG and boot disk creator.
Thanks everyone for all the information!
Click to expand...
Click to collapse
That's fair enough - there's nothing stopping you from rooting your device, then performing what you need, before unrooting your device. (Just curious, does what you want to do require root, or are there other non-root methods?)
However, this will still involve you voiding your warranty (via unlocking your bootloader), and may also involve re-flashing your stock firmware to remove the custom recovery (and relock your bootloader, if you wish, though this won't recover your warranty, sadly). Honestly though, it's your device, up to you what you wish to do
echo92 said:
That's fair enough - there's nothing stopping you from rooting your device, then performing what you need, before unrooting your device. (Just curious, does what you want to do require root, or are there other non-root methods?)
However, this will still involve you voiding your warranty (via unlocking your bootloader), and may also involve re-flashing your stock firmware to remove the custom recovery (and relock your bootloader, if you wish, though this won't recover your warranty, sadly). Honestly though, it's your device, up to you what you wish to do
Click to expand...
Click to collapse
Yeah the warranty is not on top of my mind right now, my concern are the other issues it may cause, such apps not working, and security issues.
Like, I had a Sony Xperia Play back some years and past a week I root it, and past 2 weeks it was on Cyanogenmod.
I had Bricked that device countless times and had somehow fixed, I had also replaced several internal components as well, but back then there were no DRM stuff and all, so the rooting part is not what I fear, is just this new wave of side effects regarding it.
LionLorena said:
Yeah the warranty is not on top of my mind right now, my concern are the other issues it may cause, such apps not working, and security issues.
Like, I had a Sony Xperia Play back some years and past a week I root it, and past 2 weeks it was on Cyanogenmod.
I had Bricked that device countless times and had somehow fixed, I had also replaced several internal components as well, but back then there were no DRM stuff and all, so the rooting part is not what I fear, is just this new wave of side effects regarding it.
Click to expand...
Click to collapse
There is no DRM to lose on Motorola devices. On Sony devices, what you said is applicable. As for apps that refuse to work with root access, you can simply switch to Magisk, and enabled hiding root access from all apps.
zeomal said:
There is no DRM to lose on Motorola devices. On Sony devices, what you said is applicable. As for apps that refuse to work with root access, you can simply switch to Magisk, and enabled hiding root access from all apps.
Click to expand...
Click to collapse
That's motivating.
And I've found a topic that says I don't even need to flash the custom recovery, I can simply hot boot it and do my stuff and keep the stock recovery.
LionLorena said:
That's motivating.
And I've found a topic that says I don't even need to flash the custom recovery, I can simply hot boot it and do my stuff and keep the stock recovery.
Click to expand...
Click to collapse
There's no real point of not changing the stock recovery, unless you are planning to stick with a rooted stock ROM. If you keep the stock recovery, you'll be able to enable OTA stock updates.
From a security standpoint, if your device is lost, it becomes much easier for an attacker to breach your system and much harder for you to protect it. However, according to most security principles, once your device is lost from you, it's no longer your device, anyway.
zeomal said:
There's no real point of not changing the stock recovery, unless you are planning to stick with a rooted stock ROM. If you keep the stock recovery, you'll be able to enable OTA stock updates.
From a security standpoint, if your device is lost, it becomes much easier for an attacker to breach your system and much harder for you to protect it. However, according to most security principles, once your device is lost from you, it's no longer your device, anyway.
Click to expand...
Click to collapse
The OTA updates are one of the reasons, yes.
And yes, from that point of view you are right.
I'm currently using some tracking solutions such as Cerberus, and disabling some features while the phone screen is locked, such as quick settings, and power off menu.
Also the extra layer of security imposed by Google version of iCloud, passes me some sense of safety.
The main thing that bothers me related to custom recovery is that the attacker can replace my software entirely.
While with stock I can have some time to recover the device using the tactics. Enabled.
And root could potentially aid me in that, I could add Cerberus to /system and etc.
You lose security. Every person with knowledge can access to your phone through TWRP, use the File Manager to erase files.key (this erases your gesture or PIN of lock screen) and can see all your info. If you unlock bootloader, every person can flash TWRP and do this steps.
alaindupus said:
You lose security. Every person with knowledge can access to your phone through TWRP, use the File Manager to erase files.key (this erases your gesture or PIN of lock screen) and can see all your info. If you unlock bootloader, every person can flash TWRP and do this steps.
Click to expand...
Click to collapse
thats why i'm thinking 3 times before doing it.
I wish to root my phone(XT1686) but intend to keep the stock ROM(no bootloader unlock).
Is there any advantage in doing so? And will OTA updates be affected?
yourSAS said:
I wish to root my phone(XT1686) but intend to keep the stock ROM(no bootloader unlock).
Is there any advantage in doing so? And will OTA updates be affected?
Click to expand...
Click to collapse
It is not possible to root without unlocking the bootloader on this device...
If you don't have a specific reason to root, don't do it.
And once rooted, you cannot accept any OTA... most likely case if you do it will just fail, worst possible case it bricks (which can happen but is extremely rare).
To answer the question in your title, about the advantages of rooting...
Rooting gives you near full access to your device, and thus the ability to customize it beyond the options provided to you via the default interface. Also, some apps provide additional features on rooted phones. For example, some security programs recommend rooting your device so that it can more forcefully integrate itself with the device to protect against malware, hacking, etc. I tend to install a security package that works better on a rooted device, as well as make use of features that tend to only work on a rooted device, such as folder mounting from the internal SD card to the external one. Also, allows me to access system files that are unavailable otherwise, allowing me to customize certain sounds (or copy them at least).
If you decide you want to root your device, make sure you understand the steps to take BEFORE trying it. That means when you come across a guide on how to do it, make sure you get all the files that will be required and reading through the instructions step by step. If any of the steps sound like it will leave you lost on what to do, then DO NOT do any of it. Also, make sure you read the comments for the guide as well, looking for any mention of issues encountered and consider if you might encounter those issues as well. For example, if it causes issues for devices that use a particular carrier and you use that same carrier, you might want to leave well enough alone. Compare your phone version numbers with what others report having issues with (kernel, baseband, build, etc). Anything that someone has an issue with where their phone somehow matches up with yours in some way, take that as a sign to investigate deeper, so as to avoid having any issues yourself.
For the most part, unless you have a need or desire for a feature/function that requires rooting your device, don't mess with it. I'm not kidding, as one mistake can leave you without a working phone and without any options for returning/replacing it.
Thanks for the replies & warnings.
I'm not a noob so I know the risks of rooting. So maybe I should have rephrased it-
What are the advantages of rooting Moto G5 plus specifically?
Say like in terms of mods and other stuff? Also, is it possible to unroot once rooted- I mean to ask if it's possible to revert the state to factory mode with bootloader locked and stock ROM so that device will be eligible for OTA updates again?
yourSAS said:
Thanks for the replies & warnings.
I'm not a noob so I know the risks of rooting. So maybe I should have rephrased it-
What are the advantages of rooting Moto G5 plus specifically?
Say like in terms of mods and other stuff? Also, is it possible to unroot once rooted- I mean to ask if it's possible to revert the state to factory mode with bootloader locked and stock ROM so that device will be eligible for OTA updates again?
Click to expand...
Click to collapse
Bootloader lock is not relevant to OTA's. You might be able to relock, but the fact it was once unlocked cannot be hidden, it will always be very clear that it was unlocked.
Unrooting is easy, the issue arises undoing what you did with root, undoing them all depends what you changed.
I don't know of any reasons specific to this device to root.
acejavelin said:
Bootloader lock is not relevant to OTA's. You might be able to relock, but the fact it was once unlocked cannot be hidden, it will always be very clear that it was unlocked.
Click to expand...
Click to collapse
If the OEM knows I've unlocked bootloader, why will it push OTAs to my phone even though I've locked bootloader on my end? So isn't bootloader lock status relevant for OTA?
yourSAS said:
If the OEM knows I've unlocked bootloader, why will it push OTAs to my phone even though I've locked bootloader on my end? So isn't bootloader lock status relevant for OTA?
Click to expand...
Click to collapse
No, the status of your bootloader is not relevant... Moto will notify you of an available update and happily attempt to apply it regardless if your bootloader is locked or not.
What matters is if the boot or system partitions is changed, if there is ANY change to those, among other things like if the radio version or recovery versions don't match or the partition table is changed, the update will fail. If you flash any custom recovery it will fail as well.
On this subject I mention a slight con which is that some banking or financial apps might complain to you if they detect root. I have maybe 10 different bank and credit apps installed and all work flawlessly except 1. The Huntington Bank app wont allow me to use fingerprint login but otherwise the app is fully functional like mobile deposits. Just wanted to mention to be aware.