Android Nougat and Root/Bootloader discussion - T-Mobile Samsung Galaxy S7 Edge Questions & Answer

Some recent news about Nougat has me a bit concerned about the future of root.
http://phandroid.com/2016/07/20/android-7-0-nougat-boot-corrupt/amp/
Basically from what I am gathering is that without an unlocked bootloader root will be impossible on the newest Android version.
Thought we could start a discussion about this and see if we can gather any information about Android N security updates.

It's not looking good. In fact if you plan on rooting a device going forward you should block updates now. Nougat will effectively be the end of root for all non nexus devices and in the future maybe even Nexus devices will have no root. XDA is going to become a lonely dark corner of the Internet.
http://thehackernews.com/2016/07/android-verified-boot.html?m=1

ShrekOpher said:
It's not looking good. In fact if you plan on rooting a device going forward you should block updates now. Nougat will effectively be the end of root for all non nexus devices and in the future maybe even Nexus devices will have no root. XDA is going to become a lonely dark corner of the Internet.
http://thehackernews.com/2016/07/android-verified-boot.html?m=1
Click to expand...
Click to collapse
This looks like they’re talking about dm-verity which we already have on our phones so it won’t affect us as long as the ENG boot works on Nougat. But I don’t think it will work or that another engineering boot will be leaked for Android N. This might indeed be the end of the road for root on US Galaxy S7(E).

The article here on XDA didn't say it would be impossible, it just said that it would require more work. Depending on when Nougat comes out, the majority of us may already be on other phones and it may not be a concern for the S7. There will always be vulnerabilities, it just takes looking and some trial and error.
I only have the S7 edge for the battery capacity and Samsung Pay. How long will Samsung be the only company with MST built in? Doubtful they'll be the only ones for the remainder of smartphone existence. A lot of us may move on to other companies based on that last statement alone.
Don't let a tougher challenge bring your hopes down. Nobody thought the S5 would get a bootloader unlock method, and it did a few months ago for Verizon. Nobody thought root would be achieved so quick for the S7 (all variants at that), but it did.
Just something to keep in mind.
***Edit***
Here's the link to the article here on XDA:
http://www.xda-developers.com/stric...r-correction-to-come-with-android-7-0-nougat/

It says that "For such devices, where the bootloader will be unlocked, these new changes should not be any more of a hindrance than what it is now." So unlocked devices with unlocked bootloaders would stay rootable. The s7 was already strictly enforcing dm-verity, an engineering kernel was leaked that disabled it.

How long will Samsung be the only company with MST built in?
Click to expand...
Click to collapse
Well since Samsung bought LoopPay (sources say for 250mil) and has all of the IP for it I would say they will be the only ones with MST. That is until something similar yet better is invented.

Related

Thoughts on the coming security enhancements for 4.4

Has anyone taken a look at the new security enhancements Google has put into 4.4? It seems to me that this could go either way. While added security seems like a plus for things like malware, etc, it also could hinder development and openness as well. If device is locked before upgrading, it would seem that achieving several mods, even root, will become pretty arduous, if not next to impossible tasks. This seems to go against HTC's openness with the unlocking of bootloaders, though, so I wonder how they will handle it? I suppose in the meantime, end users should achieve s-off and unlock now before the update gets here. Any thoughts?
http://www.xda-developers.com/andro...gn=Feed:+xda-developers/ShsH+(xda-developers)
According to this, this will only affect devices from carriers that do not allow bootloaders to be unlocked (verizon) if I understood it right.
It will not affect international users as we have no need of root exploits seeing as HTC provide a boot loader unlock tool.
It will affect Verizon users if Verizon continue to lock down bootloaders though.
Sent from my HTC One using XDA Premium 4
papski2 said:
http://www.xda-developers.com/andro...gn=Feed:+xda-developers/ShsH+(xda-developers)
According to this, this will only affect devices from carriers that do not allow bootloaders to be unlocked (verizon) if I understood it right.
Click to expand...
Click to collapse
Everyone seems to forget that AT&T is now doing the same thing. So Its not just Verizon anymore.
rdw55a said:
Everyone seems to forget that AT&T is now doing the same thing. So Its not just Verizon anymore.
Click to expand...
Click to collapse
I'm pretty sure it's the other way around..att use to do it and now they allow it.
AT&T and bootloaders
a box of kittens said:
I'm pretty sure it's the other way around..att use to do it and now they allow it.
Click to expand...
Click to collapse
This is just one of the articles about AT&T and there stand on Unlocked Bootloaders.http://androidandme.com/2013/08/car...upport-unlocked-bootloaders-once-and-for-all/
I can understand why they would want to lock down a subsidized device. Guess I'll be purchasing unlocked/unlock-able devices at full price from manufacturers in the future.
If you want to mod your phone, vote with your wallet and switch to a carrier that actually cares about their customers.
The argument about buying an unlocked phone is moot on Verizon because of the CDMA network for voice.
This is all going to come to a head at some point... Especially with Verizon.
It is going to be a huge deal with HTC though in terms of getting S-OFF.....
I am still concerned that 4.4 may interfere with phones already rooted and running custom ROMs.
EtherealRemnant said:
It is going to be a huge deal with HTC though in terms of getting S-OFF.....
Click to expand...
Click to collapse
How so? The security makes exploiting the kernel and boot loader for root harder but we can already flash custom kernels, recovery and root when S-ON.
S-OFF isn't contained in the boot loader partition, like MID, tampered flag and locked flag etc it has its own partition.
As exploits are found HTC will obviously patch them which will make S-OFF harder but I'm not sure that increased boot loader security will have an impact on S-OFF.
Sent from my HTC One using XDA Premium 4
The more I look at it, if the device is unlocked and off prior to the upgrade, it should be fine, regardless of carrier. The obvious exception would be Verizon, but at least it won't be surprising to any of their customers. It's nothing new for them. I foresee an uptick in sales of international and dev edition Android phones in the future, though.
thegh0sts said:
I am still concerned that 4.4 may interfere with phones already rooted and running custom ROMs.
Click to expand...
Click to collapse
If your worried about it interfering with rooted devices I'd advise u to just wait for the devs to build 4.4 roms to flash. Roms will be available right after the OTA drops as usual so I would play it safe if you're worried. At lease Intel its known whether or not this is going to be an issue.
Sent from my HTC One using Tapatalk
monkboy24 said:
If your worried about it interfering with rooted devices I'd advise u to just wait for the devs to build 4.4 roms to flash. Roms will be available right after the OTA drops as usual so I would play it safe if you're worried. At lease Intel its known whether or not this is going to be an issue.
Sent from my HTC One using Tapatalk
Click to expand...
Click to collapse
The N5 already can be rooted. I'd say we don't have much to worry about on that front.

VZW 4.4.1: When do you think we'll see it?

So as the interwebz suggest, 4.4.1 is right around the corner for the Nexus 5/GPE devices. Considering the fact that the VZW variant of the Moto X was on the bleeding edge of the Kit Kat OTA and got it before even the Nexus 4, do you think this is a trend that will continue? I'm interested to see what bug fixes there are and if the promised camera improvements will be aimed specifically at the Nexus 5, or perhaps broader improvements to the software. What do you guys think?
I don't think 4.4.1 will aim other devices. It will include fixes for Nexus 5 only IMO.
I'm worried about the next update. What if we can't get root?
natezire71 said:
I'm worried about the next update. What if we can't get root?
Click to expand...
Click to collapse
Then you buy a developer's edition.
natezire71 said:
I'm worried about the next update. What if we can't get root?
Click to expand...
Click to collapse
This is one big reason I went for the Dev Edition... I'm too much of a tinkerer to fret over such unknowns. I mean it always comes eventually, but with Dev Editions you get instant gratification! Just need to flash stock recovery, accept the OTA, reflash custom recovery, re-root. BAM, done.
natezire71 said:
I'm worried about the next update. What if we can't get root?
Click to expand...
Click to collapse
I've been using an Android phone since 2.1.
By my quick count on Wikipedia, there have been 27 versions (including minor updates) of Android since 2.1.
I'm not aware of any Android version that was discovered to be unrootable.
I suspect you don't have to be too worried...
icon123 said:
Then you buy a developer's edition.
Click to expand...
Click to collapse
Buy me one? I don't have that kind of money.
Furthermore, I have a Motomaker custom. I don't want to lose that.
kbluhm said:
This one reason I went for the Dev Edition... I'm too much of a tinkerer to fret over such unknowns. I mean it always comes eventually, but with Dev Editions you get instant gratification!
Click to expand...
Click to collapse
I beat you by about 5 sec. But really, that's what this game has come to. If you want easy root and possibly romming, then dev editions are going to be the only way to go. Right now, I think moto is making that easier for us to do.
binary visions said:
I've been using an Android phone since 2.1.
By my quick count on Wikipedia, there have been 27 versions (including minor updates) of Android since 2.1.
I'm not aware of any Android version that was discovered to be unrootable.
I suspect you don't have to be too worried...
Click to expand...
Click to collapse
I suspect you need to do more reading. Check up on what security features KitKat brought to our MotoXs.
Edit: I'm not so much worried about If you can root it, I'm worried about having it published. Jcase only rooted 4.4 because we were able to downgrade the bootloader. If that wasn't possible, I still don't think there would be root for the MotoX (non-dev).
natezire71 said:
Buy me one? I don't have that kind of money.
Furthermore, I have a Motomaker custom. I don't want to lose that.
Click to expand...
Click to collapse
You simply sell your subsidized phone and buy a dev edition. Can't help you about the moto maker though.
natezire71 said:
I suspect you need to do more reading. Check up on what security features KitKat brought to our MotoXs.
Edit: I'm not so much worried about If you can root it, I'm worried about having it published. Jcase only rooted 4.4 because we were able to downgrade the bootloader. If that wasn't possible, I still don't think there would be root for the MotoX (non-dev).
Click to expand...
Click to collapse
I suspect I've read plenty about KitKat. I know about the security features.
Jcase rooted 4.4 using the downgrade because an existing vulnerability was available. He explicitly stated that there was another vulnerability available and he just wasn't going to develop for it/reveal it. Vulnerabilities are always discovered.
What, you think Apple hasn't been trying to quash rooting for years now?
I'm just saying, I've been in IT for a long time. Exploits are discovered, workarounds are created. Root access is gained and life moves on.
binary visions said:
I suspect I've read plenty about KitKat. I know about the security features.
Jcase rooted 4.4 using the downgrade because an existing vulnerability was available. He explicitly stated that there was another vulnerability available and he just wasn't going to develop for it/reveal it. Vulnerabilities are always discovered.
What, you think Apple hasn't been trying to quash rooting for years now?
I'm just saying, I've been in IT for a long time. Exploits are discovered, workarounds are created. Root access is gained and life moves on.
Click to expand...
Click to collapse
Of course, but what if it's never published? I'm not worried about the actual exploits. There will always be exploits. I'm only concerned with an awesome dev to publish it. Who else is working on the MotoX? So far, it seems like Hashcode and Jcase. If Jcase decides not to publish... Then what?
natezire71 said:
Of course, but what if it's never published? I'm not worried about the actual exploits. There will always be exploits. I'm only concerned with an awesome dev to publish it. Who else is working on the MotoX? So far, it seems like Hashcode and Jcase. If Jcase decides not to publish... Then what?
Click to expand...
Click to collapse
Well, there are never guarantees, of course... but given that virtually every version of Android on every phone attains root eventually, I'm just going to have some faith!
I think people may be putting too much faith in what devs can do based on what has been done.
4.4 has the potential to change things big time. dm-verity combined with a locked bootloader is going to be a beast to crack. Once a device ships from the factory with it enabled and a locked bootloader, I would not be expecting root on it anytime soon. Then you will have people asking why don't we just crack the key like they were when the GS3 came out. (answer: you will never ever crack the key. --Math)
As for using the idea that Apple has tried and never got it to stick, I'd say they haven't tried this hard.
Just as a sidenote, I don't think the SELinux and dm-verity additions in android are either bad or targeted at the modders out there. These are excellent steps in securing the OS, and shows that Google is serious about making devices trustworthy. The work they did on dm-verity is just great stuff. This is good for people who don't care about modifying their device and those who only buy devices with unlocked bootloaders, but not so good for people who have a locked bootloader, and are on either ATT or VZW, both of whom really don't want you to modify your device.
TL;DR - Buy a device with an unlocked bootloader, don't count on anything, past success is not indicative of future success.
I hope 4.4.1 brings an even better ART this time.
Seems like this update is pretty specific to the Nexus 5 as a camera fix. Not sure the Moto X will even see it.
Sent from my XT1056 using XDA Premium 4 mobile app
phippsy84 said:
Seems like this update is pretty specific to the Nexus 5 as a camera fix. Not sure the Moto X will even see it.
Sent from my XT1056 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Won't really know until the 4.4.1 source is published. Could be a lot of other stuff on the back-end that was updated/fixed that wouldn't really show up in a major changelog.
Nexus 4 received the update today too so it isn't nexus 5 specific.
imnuts said:
Won't really know until the 4.4.1 source is published. Could be a lot of other stuff on the back-end that was updated/fixed that wouldn't really show up in a major changelog.
Click to expand...
Click to collapse
Very true
Sent from my XT1056 using XDA Premium 4 mobile app
Not only the N4 but the Nexus 7 LTE. SO... probably more going on than just camera

Get ready for carrier delays!

Confirmed directly by Google -
"As such, we asked if history would repeat itself with these new carrier Nexus devices. "I don't think we're going to do that. There is carrier testing that has to happen—you can't get away from that—but we're trying to have our updates be frequent," Burke said. "I think the carriers are learning and realizing that's a feature they want. So I think these are getting more efficient and they're getting better at it."
So it sounds like carrier Nexus devices will lag behind the unlocked versions, as they will have an additional carrier testing step. The hope this year is that the carriers wise up and won't delay things too much, but the potential for a delay is there."
http://arstechnica.com/gadgets/2014...talks-to-android-execs-about-the-upcoming-os/
Don't expect quick updates on Verizon
Eh, there will be stock rooted flashable updates available. :good:
Considering how abysmal the "testing" on the 4.3+ update for the S3 was....I don't think that testing will find much of anything...and considering how quickly Samsung redid the update and it got back to consumers, that delay will only be days rather than months.
Maybe.
Easy fix.... root and rom duh.
Did you take expect anything different?
Well at least we know AT&T, T-Mobile & Sprint probably won't have delays because there were none on the Nexus 5
It's very possible that the OTA won't go out to any N6 until testing is complete. I guess we'll see when the phone starts shipping if there are different build versions for each carrier. My gut says no. Let's not be alarmists quite yet.
I wouldn't be surprised if the carrier-branded N6's have locked bootloaders that cannot be unlocked.
But that is a feature of Nexus devices....
There isn't much about this Nexus that is like the past several iterations. Don't be surprised if it has a carrier logo stamped on it too.
Who's to say the Nexus 5 didn't have delays? Let's say Google only announced the new os when it was cleared to be pushed? Moto x phones and HTC phones require testing and they seem to get software updates out pretty fast now on verizon. As Aaron Rodgers once said after getting beat by the Lions. Relax.
Just unlock and flash stock google otas?
ECrispy said:
Confirmed directly by Google -
"As such, we asked if history would repeat itself with these new carrier Nexus devices. "I don't think we're going to do that. There is carrier testing that has to happen—you can't get away from that—but we're trying to have our updates be frequent," Burke said. "I think the carriers are learning and realizing that's a feature they want. So I think these are getting more efficient and they're getting better at it."
So it sounds like carrier Nexus devices will lag behind the unlocked versions, as they will have an additional carrier testing step. The hope this year is that the carriers wise up and won't delay things too much, but the potential for a delay is there."
Don't expect quick updates on Verizon
Click to expand...
Click to collapse
The part that you bolded was written by Ars Technica, not stated by Google. Nowhere in that article does Burke confirm that updates will be delayed. In fact, he says that he basically says that he doesn't believe that what happened with the Galaxy Nexus will happen again with the Nexus 6. Read the paragraphs before and after the paragraph you quoted for context.

One good reason not to take the Android 6.0 (M) OTA

Two Words: Root Access. It seems it may be harder to root Android M than we might have thought (Though we all expected this). So as a warning to those on 5.1 (whether you took the 5.1 OTA or waited for the 5.1 rooted img) and here is why:
http://www.xda-developers.com/a-look-at-marshmallow-root-verity-complications/
Given that a BL unlocked has not come out for the Droid Turbo on 4.4.4 or 5.1, this would possibly only make it harder to do so. I would suggest prolonging the OTA for as long as possible.
This is only a suggestion, however obviously you all are free to do as you please with your devices. Just wanted to give a fair warning. Though in this article it states that root might not be possible w/o BL unlock so moforoot might not even work because we can not modify our boot images.............yet (we hope). Again decision rest on your individual shoulders but I just thought, since Android M has been confirmed ( here ) for our devices, that we should at least be informed how this is going to affect our devices in the future (regarding root access and the probability of BL unlock mainly, of course). So it might not be wise to take the 6.0 update......at least not yet.
Let me know what you guys think.
We don't even have m yet....
Sent from my XT1254 using XDA Free mobile app
Yeah, we do. It's in my notifications now to update. Just wanna see what happens
Cjzi5i5 said:
Yeah, we do. It's in my notifications now to update. Just wanna see what happens
Click to expand...
Click to collapse
That's not M. [emoji23]
Wynnded said:
That's not M. [emoji23]
Click to expand...
Click to collapse
Lol don't crush his dreams.
Sent from my XT1254 using Tapatalk
It's my understanding that what you posted may not really be that relevant.
For example, we can't root 5.1 for the Turbo. Unless of course you were already rooted on 4.4.4. Maybe rooting 6.0 is easier/possible if you're already rooted on 5.1. I've seen this same thing on other devices I've owned. If you take an update too early you can lock yourself out while people running the lower version have more options.
Flowah said:
It's my understanding that what you posted may not really be that relevant.
For example, we can't root 5.1 for the Turbo. Unless of course you were already rooted on 4.4.4. Maybe rooting 6.0 is easier/possible if you're already rooted on 5.1. I've seen this same thing on other devices I've owned. If you take an update too early you can lock yourself out while people running the lower version have more options.
Click to expand...
Click to collapse
It clearly states that to root 6.0 that changes have to be made to the boot image which turbo users 4.4.4 or otherwise can't do. You're taking offensive to a warning post, not one meant to say it's impossible (provided BL unlock becomes available for the Droid Turbo). This is all based on Motorola's confirmation of the Droid Turbo getting 6.0 and how it could affect our devices future ability to obtain root.
Cjzi5i5 said:
Yeah, we do. It's in my notifications now to update. Just wanna see what happens
Click to expand...
Click to collapse
dont worry dude.. if we get lucky we will see M by next September.
I took the 5.1 update. I'm comfortable with the fact that I'll never get root. The moment 6.0 is available, I'll update that too... knowing full well that root will never happen. Don't tell folks not to update. That's your opinion. You want to keep root, that's up to you. For those of us that it is too late, we don't care. And we'll openly take that 6.0 update... if and when it comes.
irish_711 said:
I took the 5.1 update. I'm comfortable with the fact that I'll never get root. The moment 6.0 is available, I'll update that too... knowing full well that root will never happen. Don't tell folks not to update. That's your opinion. You want to keep root, that's up to you. For those of us that it is too late, we don't care. And we'll openly take that 6.0 update... if and when it comes.
Click to expand...
Click to collapse
I, much like you, took the OTA update and don't have root and would like to have it once again if possible. However I did state numerous times that this is an opinion, my opinion, and everyone is free to do as they please with their devices.
While I had root and an unlocked bootloader on my S3, I found that the need rarely arose for me to even have to elevate privileges. I mainly rooted and unlocked because while I loved its hardware specs, I *hate* TouchWiz. I specifically got this phone because it had a relatively vanilla version of Android on it, it has fairly decent specs, it's nowhere as large as the Nexus 6, and the store I was at, didn't have any X's in stock. I was more than aware that us getting an unlocked bootloader, much less root was pretty unlikely, and I was actually pretty comfortable with it, surprisingly enough.
Sent from my XT1254 using Tapatalk
I read the article in the OP, and I don't think we have much to worry about. It seems like verity relies pretty heavily on SELinux being set to enforcing, and we already have to set it to permissive in order to get our mofo'd roms to work properly. Does this reduce the security of our devices? Of course it does, but if you really cared about device security, you wouldn't be trying to get root access to your device in the first place. When there is an epidemic of peoples' identities/accounts/money/etc. being stolen via remote attacks, that's when I'll start to care about things like that. Even Stagefright, which is extremely well-documented and unpatched on most Android phones in circulation, doesn't have a single example of a real-world attack being executed using it (as far as I know).
Root access allows me to use things like Cerberus to help combat the much more probable event of someone with physical access to my phone getting into it, so when it comes to security, I'll take less security-by-design and more security that I can choose to implement.

Will we get Oreo?

Does anyone know, or even think we will? What are your thoughts?
I wouldn't count on it. Samsung isn't the best at keeping their devices updated. If we are lucky enough to get it, it will certainly take a while. Knowing both Samsung and Verizon are slow about pushing their updates it will probably be MONTHS after other androids and even other S7s
I've seen news articles that feel we will get it. Usually Samsung will release two major OS upgrades per device. Nougat was the first. Oreo would be the second.
And not sure why you say they're not good at keeping their devices updated. I just today received the current security monthly patch and I've been getting them monthly. That's better than other devices I've had in the past (Motorola, LG).
BTW, this is my first Samsung smartphone. And so far, I've been very pleased with it. I used to root my devices in the past, but with this phone, I've had no reason to. For me, it performs well and I get sufficient battery life out of it.
I think yes.
RobGhost said:
Does anyone know, or even think we will? What are your thoughts?
Click to expand...
Click to collapse
Sure! this will be the second majority update base on source sammobile.com :highfive:

Categories

Resources