In a bid to increase the security of the Android operating system, Google introduced a new check for malware as part of the boot process in all Android devices. Until Marshmallow, Android devices ran the check as part of the boot process and in Marshmallow, the phone would warn you that your phone was compromised but would continue to let the phone boot up. In Nougat however, Google is taking this security check to the next level.
On the Android Developer’s blog, the company explains that Android Nougat strictly enforces that boot check, giving you far more than a warning. The good news is that if your phone is infected with types of malware, your phone will refuse to boot or will boot in a limited capacity mode (presumably akin to safe mode). The bad news however, is that some non-malicious corruption of data could also mean that your phone will refuse to boot up…
Android has alerted about system integrity since Marshmallow, but starting with devices first shipping with Android 7.0, we require verified boot to be strictly enforcing. This means that a device with a corrupt boot image or verified partition will not boot or will boot in a limited capacity with user consent. Such strict checking, though, means that non-malicious data corruption, which previously would be less visible, could now start affecting process functionality more.
Considering that corrupted data may not always be malicious – even a single-byte error could cause your phone to refuse to boot up – Android Nougat brings additional code to guard against corruption.
In the changes we made to dm-verity for Android 7.0, we used a technique called interleaving to allow us to recover not only from a loss of an entire 4 KiB source block, but several consecutive blocks, while significantly reducing the space overhead required to achieve usable error correction capabilities compared to the naive implementation.
For most people, the new verification process is likely to be helpful as it helps keep your device – and crucially, your data – secure, at least after you first restart the phone.
However, for those who like to use custom firmware, this could pose a problem as Google says that any device with a locked bootloader will use this to check for modifications. The bottom line is that unless your smartphone has an unlocked bootloader (either out of the box or where the OEM lets you unlock it), using custom ROMs and tinkering with your smartphone will be a lot harder with Android Nougat.
What do you think of the changes to the boot process in Android Nougat and the additional security it provides? Let us know your views in the comments below!