Replying to Avatar CΓΔSΗ ΘVΞΓΓΙDΞ

I think graphene patches most of these, which is probably why it uses the terminology “stock” to describe the pixel OS.

Unfortunately, all of this work to secure your device is for not if you can simply punch in the OEM flashing lock/unlock command in fastboot and wipe the device. Now it’s yours to reflash the stock OS on and relock your bootloader so this can’t happen again.

Yes, you can relock the bootloader with graphene, but you would be a fool to turn that switch off in developer settings. Of graphene messes up a build, you can’t even return to stock because you turned that switch off.

It’s actually fucking hilarious and I love shoving that in their faces. 🤣
Avatar
Final 1y ago

> If graphene messes up a build, you can't even return to stock because you turned that switch off.

The devices we support use two separate system partitions (A / B) and updates are installed on the other and then swapped to the other when restarted, if the update fails/is corrupt then it rolls back to the previous working install on the last-used partition. Same method is used when Google saves their users with corrupt updates.

We would want the bootloader locked else anyone can flash malicious updates on any OS. Unauthorised person factory resetting by recovery is good for us as that means the user's sensitive data is destroyed. We prefer this data destruction over the Factory Reset Protection the Stock OS wants to have.

Reply to this note

Please Login to reply.

Discussion

Avatar
CΓΔSΗ ΘVΞΓΓΙDΞ 1y ago

FRP means nothing either once you unlock the bootloader. So, if your endgame is solely to protect a person’s information and their thousand dollar device is secondary to that, I guess that’s a win? Personally, I would rather hold onto both, but that’s just me.

Avatar
Final 1y ago

It isn't in scope for us to add FRP currently since it won't guarantee you will get your device back if it was stolen. We haven't implemented it since it could also be a problem that the data forever remains in that device, at least we can encourage whoever has it to inadvertently destroy all the data.

We also had a lot of concerns by users about Find My Device functionality as some users consider being pinged by other phones to help location tracking a huge privacy issue. Both FRP and this would have to be opt-in features.