Related
Does it present any security issues to unlock a bootloader without rooting? I don't mean if you lose your phone, I mean is there a security issue with any apps you install?
That's always a risk. Read playstore comments before installing anything.
Has nothing to do with being rooted or not...or boot loader state.
Sent from my Moto X cellular telephone...
Cozume said:
Does it present any security issues to unlock a bootloader without rooting? I don't mean if you lose your phone, I mean is there a security issue with any apps you install?
Click to expand...
Click to collapse
You could have asked at AC and I would answer it over there.
Unlocking bootloader and/or running custom recovery is a big risk. When you unlocked bootloader, all the partitions in your phone can be accessed and modified. I can flash custom recovery to your phone. Custom recovery give full root access to the phone. It is then easily possible to copy all your data from the phone and also disable the lock for your phone. Although if you encrypt your phone, then custom recovery will require the password to give access to the /data partition, which is where all the user datas are. I guess if someone is determine enough, then they can make an image copy of your phone and try to decrypt it.
If you want to keep your data safe, disable USB Debugging (because exploits can be used with ADB to gain access to the phone), use stock recovery and lock bootloader. However, if the phone brick then you can't get back your data in the phone.
eksasol said:
Unlocking bootloader and/or running custom recovery is a big risk. When you unlocked bootloader, all the partitions in your phone can be accessed and modified.
Click to expand...
Click to collapse
but can an app do this? And if so, what permissions would the app need to do this. Also, I am not talking about flashing a custom recovery; just an unlocked bootloader.
eksasol said:
If you want to keep your data safe, disable USB Debugging (because exploits can be used with ADB to gain access to the phone), use stock recovery and lock bootloader.
Click to expand...
Click to collapse
but can an app do harm to your phone if you have USB debugging enabled? I know a person who finds your phone can. I am asking about apps.
Cozume said:
but can an app do this? And if so, what permissions would the app need to do this. Also, I am not talking about flashing a custom recovery; just an unlocked bootloader.
Click to expand...
Click to collapse
If the phone isn't root, then probably not, unless there is some security holes it can exploit. With root it is possible to modify the whole system. Motorola and HTC have an extra layer to prevent simple root to modify the system partition, but as you can see, just visit dev section if you want to remove it.
but can an app do harm to your phone if you have USB debugging enabled? I know a person who finds your phone can. I am asking about apps.
Click to expand...
Click to collapse
It is possible for apps to get access to sensitive data and change system settings with USB Debugging enabled. Helium required it turned on to make backup of your contacts, sms and apps data for example.
If you have an older Android phone, you don't need to do anything except to enable USB Debugging and run a program to install root. But we're trusting apps like SuperUser and SuperSU to control apps access to root, so that's a layer of protection. But KitKat is much safer now.
You don't need root to install malware and virus to your phone. Just download an infected app or use unreliable app stores like Aptoide. Also if you have the option "Unknown sources" enabled, which almost all of us do, the app can utilize it to automatically install other apps in the background.
Point I'm trying to make is, if the phone have unlocked bootloader, or even locked bootloader with custom recovery, and someone else have a hold of it, then all bets are off.
eksasol said:
If the phone isn't root, then probably not, unless there is some security holes it can exploit. With root it is possible to modify the whole system.
Click to expand...
Click to collapse
great, that is what I want to know. I knew a human being in possession of your phone could do more damage if it were unlocked, which is why I got rid of the bootloader unlocked warning message.
BTW - do you know if flashing the original kit kat boot logo to replace the bootloader warning message presents a problem for accepting the OTA update to 4.4.2?
eksasol said:
Motorola and HTC have an extra layer to prevent simple root to modify the system partition, but as you can see, just visit dev section if you want to remove it.
Click to expand...
Click to collapse
Ok so then on my Moto X, since flashing a new logo doesn't even require root, it shouldn't have affected any system files and then it would be safe to take the OTA after removing the bootloader unlocked warning?
eksasol said:
It is possible for apps to get access to sensitive data and change system settings with USB Debugging enabled. Helium required it turned on to make backup of your contacts, sms and apps data for example.
Click to expand...
Click to collapse
good to know!
eksasol said:
But we're trusting apps like SuperUser and SuperSU to control apps access to root, so that's a layer of protection.
Click to expand...
Click to collapse
ok, that is how I understand it. Unless I give the app access to root through SuperSU, it can't.
eksasol said:
But KitKat is much safer now.
Click to expand...
Click to collapse
why is this?
eksasol said:
Also if you have the option "Unknown sources" enabled, which almost all of us do, the app can utilize it to automatically install other apps in the background.
Click to expand...
Click to collapse
thanks, Amazon app store required that to be enabled to load apps from their app store.
Cozume said:
great, that is what I want to know. I knew a human being in possession of your phone could do more damage if it were unlocked, which is why I got rid of the bootloader unlocked warning message.
Click to expand...
Click to collapse
BTW - do you know if flashing the original kit kat boot logo to replace the bootloader warning message presents a problem for accepting the OTA update to 4.4.2?
Ok so then on my Moto X, since flashing a new logo doesn't even require root, it shouldn't have affected any system files and then it would be safe to take the OTA after removing the bootloader unlocked warning?
Click to expand...
Click to collapse
That depend on the checking that the dev put in the OTA package. On the Nexus device, if you are missing any original system APK, modify the radio partition, modify GPS setting file, or modify the build.prop, etc, the OTA will fail. So I assume the same with Moto X OTA. The safest bet is to make sure all the partition are original first (except the /data partition where your data resides) before receiving an OTA.
ok, that is how I understand it. Unless I give the app access to root through SuperSU, it can't.
Click to expand...
Click to collapse
Yes. The actual component of root isn't the SuperSU app, but a 'su' binary. Without the SuperSU app, anything can have full fledged root access. You need SuperSU to control that access.
why is this?
Click to expand...
Click to collapse
For many reason, I'm not a developer so I can only talk about what I know and seen from a user perspective. It used to be that you can flash an exploited update.zip to modify the stock recovery of Android, in order to make it ignore the package signatures, so the recovery could flash any package without the correct signature. Now there are no such exploits for latest stock recovery. With USB Debugging enabled in Android 4.3 or newer, it would not even allow access when connected to a PC unless you accept to trust that PC in a pop up dialog in the phone, I'm not sure if it's mean the phone is totally invulnerable to exploits (like memory overflow), you'll have to ask someone smarter. Also apps like Framaroot that I just linked won't work anymore.
eksasol said:
That depend on the checking that the dev put in the OTA package. On the Nexus device, if you are missing any original system APK, modify the radio partition, modify GPS setting file, or modify the build.prop, etc, the OTA will fail. So I assume the same with Moto X OTA. The safest bet is to make sure all the partition are original first (except the /data partition where your data resides) before receiving an OTA. My guess is if you tried it with modified logo it will either fail or overwrite it.
Click to expand...
Click to collapse
OK, I think I am going to unroot and flash back to stock just to be sure.
Thanks again! I would hit the thanks button but I used up all my thanks today and it won't let me.
Cozume said:
OK, I think I am going to unroot and flash back to stock just to be sure.
Thanks again! I would hit the thanks button but I used up all my thanks today and it won't let me.
Click to expand...
Click to collapse
You already gave me enough thanks at AC.
eksasol said:
You already gave me enough thanks at AC.
Click to expand...
Click to collapse
what is your user name there?
Cozume said:
what is your user name there?
Click to expand...
Click to collapse
someguy
Why so paranoid? Have you read any posts on xda of such things....I haven't.
If you are sideloading apps the risk increases for sure. But apps on the play store would have tonnes of comments about it if the app was screwing up the system.
Sent from my Moto X cellular telephone...
eksasol said:
someguy
Click to expand...
Click to collapse
ok great!
kj2112 said:
Why so paranoid? Have you read any posts on xda of such things....I haven't.
If you are sideloading apps the risk increases for sure. But apps on the play store would have tonnes of comments about it if the app was screwing up the system.
Click to expand...
Click to collapse
I am just trying to understand how all of this works.
Okay one thing why are you trying to unlock the bootloader without rooting?? Or did I read everything wrong? And yes unlocking the bootloader allows you to write to every partition of the phone. Except when HTC and you're s-on you have to manually flash the boot.img via fastboot. But with moto. There is no point in unlocking the bootloader if you're not doing anything. Two it voids your warranty. Three it can disable functions on your phone like features, camera options I think and yeah etc. But if you follow instructions you won't have any problems ever rooting or shouldn't if you semi have a brain and know how to follow instructions if not well you can somewhat brick :$ I don't mess with moto much but I have. Sorry this thread was in my latest and scrolling through xda. Lol. You can unlock you're phone straight from the moto website. But if you're not rooting. Eh no point.
Sent from my Rezound using xda-developers app. CyanogenMod 11. S-off
I just read this thread, particularly page 2 why we can't relock the Motorola bootloader (yet it seems), unlike Nexus devices, I think it's really bad for security.
edit: link: http://forum.xda-developers.com/showthread.php?t=2575586&page=2
pball52998 said:
Okay one thing why are you trying to unlock the bootloader without rooting??
Click to expand...
Click to collapse
I rooted but a friend of mine is unlocked but not rooted. She wanted to be unlocked because it wipes your device so wanted to do it before she got the phone all set up. She is afraid of rooting. Anyhow, maybe she shouldn't have unlocked but she did.
pball52998 said:
There is no point in unlocking the bootloader if you're not doing anything. Two it voids your warranty.
Click to expand...
Click to collapse
She has the dev ed so it doesn't void her warranty. And she may want to Wifi tether in the future so I told her she needs to unlock and root for that so get the dev ed. She did and unlocked but is afraid to go any further.
pball52998 said:
You can unlock you're phone straight from the moto website. But if you're not rooting. Eh no point.
Click to expand...
Click to collapse
It increases the phone's resale value to unlock it.
eksasol said:
I just read this thread, particularly page 2 why we can't relock the Motorola bootloader (yet it seems), unlike Nexus devices, I think it's really bad for security.
Click to expand...
Click to collapse
I thought I saw a thread where someone could relock the Moto X bootloader.
And what about this?
Re-Lock Your Bootloader
It should just be a command like fastboot_oem_lock or something but idk. And two if she has the dev edition. Root that thing!!! XD that's what it's for!! Just install twrp via goo manager. Wipe factory reset all that good stuff. After making a back up. Notice after backing up. Then flashing rom and gapps In that order. I mean its a lot easier than htc rezound or htc one, htc in general and such lol.
Sent from my crappy apple iPad.....
pball52998 said:
Wipe factory reset all that good stuff. After making a back up.
Click to expand...
Click to collapse
well, I didn't wipe and do a factory reset when I rooted so I guess I did it wrong, lol! That is what she is afraid of - not doing it right and messing up her phone.
And I don't have a backup, but do I really need one if I can flash the factory images?
Hello everyone,
I'm back to a nexus 6 after a very short stint with a 6+.
A little background for my questions: This is the very first time that I rooted a phone. I'm rooting to only install these 3 apps:
adaway
titanium backup
greenify
I do not plan on using any custom ROMs or kernels.
I see from all the guides and tutorials that people also create a custom recovery whenever they root. I haven't done that yet and wasn't sure if I had to. I would like to maintain the stock recovery that I have currently so that I can go back to stock if I unRoot. My questions are:
1. Am I wrong in thinking that I can still use the stock recovery if I unRoot?
2. When a new OTA comes out and I flash it (since I'm rooted an no longer can install them automatically), will that also upgrade my still stock recovery properly?
3. Following up on the previous question, when I upgrade manually because I'm rooted, would that be a fresh install where I have to go in and configure things the way I like them again (system settings, apps and their settings, root the phone again, etc)?
Thanks in advance!
LordGrahf said:
Hello everyone,
I'm back to a nexus 6 after a very short stint with a 6+.
A little background for my questions: This is the very first time that I rooted a phone. I'm rooting to only install these 3 apps:
adaway
titanium backup
greenify
I do not plan on using any custom ROMs or kernels.
I see from all the guides and tutorials that people also create a custom recovery whenever they root. I haven't done that yet and wasn't sure if I had to. I would like to maintain the stock recovery that I have currently so that I can go back to stock if I unRoot. My questions are:
1. Am I wrong in thinking that I can still use the stock recovery if I unRoot?
2. When a new OTA comes out and I flash it (since I'm rooted an no longer can install them automatically), will that also upgrade my still stock recovery properly?
3. Following up on the previous question, when I upgrade manually because I'm rooted, would that be a fresh install where I have to go in and configure things the way I like them again (system settings, apps and their settings, root the phone again, etc)?
Thanks in advance!
Click to expand...
Click to collapse
1. No, you're not wrong. Recovery will stay stock and can be used normally
2. You can't simply flash the new OTA. This will not work manually nor automatically.
3. All you need to do is not flash the user data image and you will not loose your data, settings etc. You will loose root however. See bellow.
Google posts android stock images for each device typically before OTA hits your phone. That's what you want to grab and use for the update. Just make sure you don't run the automatic scripts that come with those images because you need to avoid flashing user data image.
OTA zip file does you no good unless you get your system back to unmodified stock.
Thank you sir!
obsanity said:
1. No, you're not wrong. Recovery will stay stock and can be used normally
2. You can't simply flash the new OTA. This will not work manually nor automatically.
3. All you need to do is not flash the user data image and you will not loose your data, settings etc. You will loose root however. See bellow.
Google posts android stock images for each device typically before OTA hits your phone. That's what you want to grab and use for the update. Just make sure you don't run the automatic scripts that come with those images because you need to avoid flashing user data image.
OTA zip file does you no good unless you get your system back to unmodified stock.
Click to expand...
Click to collapse
Based on the OP, it sounds like he has only rooted. Thus, the OTA will work fine. No need to flash image files.
Edit: I see that at least one other member has stated that an unroot still did not allow OTAs to function. That's a bit strange and unique. Not sure what root is modifying to prevent the OTA.
I'm kinda curious myself. I had no idea root killed OTA's. Maybe I wouldn't have done that if I knew that. I'm very new to the Nexus device. It's my 1st. I unlocked the bootloader and rooted already.
Sent from Mark's Nexus 6
crowbarman said:
Edit: I see that at least one other member has stated that an unroot still did not allow OTAs to function. That's a bit strange and unique. Not sure what root is modifying to prevent the OTA.
Click to expand...
Click to collapse
This is pretty scary. So you can unroot and GI back to stock and still can't update in anyway?
I have always side-loaded OTAs, I have never flashed anything.
After installing an OTA, on the next reboot, Android takes some time to optimize all your apps. Does this also happen after flashing a new system image? Thanks!
LordGrahf said:
This is pretty scary. So you can unroot and GI back to stock and still can't update in anyway?
Click to expand...
Click to collapse
not sure what you mean by GI, but according to some others, after uninstalling root via SuperSU an OTA will still not install. This should not be the case unless the boot or recovery images are modified. Easily fixed by following the procedures above to fastboot the stock images on your phone.
kjnangre said:
I have always side-loaded OTAs, I have never flashed anything.
After installing an OTA, on the next reboot, Android takes some time to optimize all your apps. Does this also happen after flashing a new system image? Thanks!
Click to expand...
Click to collapse
Yes, it behaves exactly the same.
crowbarman said:
Based on the OP, it sounds like he has only rooted. Thus, the OTA will work fine. No need to flash image files.
Edit: I see that at least one other member has stated that an unroot still did not allow OTAs to function. That's a bit strange and unique. Not sure what root is modifying to prevent the OTA.
Click to expand...
Click to collapse
Root on Lollipop is not what it used to be. There are files that need to be modified in order to allow root. That's why this time OTA will fail if you are rooted.
Un-rooting however, will allow OTA as long as it is done properly and all traces are covered up and returned to stock. If it does fail after you have un-rooted, go back to the developer of that un-root method and let the know they missed something.
Here is the best way to un-root. Flash all of the old stock images besides user data image.
obsanity said:
Root on Lollipop is not what it used to be. There are files that need to be modified in order to allow root. That's why this time OTA will fail if you are rooted.
Un-rooting however, will allow OTA as long as it is done properly and all traces are covered up and returned to stock. If it does fail after you have un-rooted, go back to the developer of that un-root method and let the know they missed something.
Here is the best way to un-root. Flash all of the old stock images besides user data image.
Click to expand...
Click to collapse
That makes sense. Is there a manual root procedure or list of required modifications for root out there? I did some precursors searches but Came up empty. Can't tell what's missing in SuperSU unroot without those details.
crowbarman said:
That makes sense. Is there a manual root procedure or list of required modifications for root out there? I did some precursors searches but Came up empty. Can't tell what's missing in SuperSU unroot without those details.
Click to expand...
Click to collapse
Explanation from Chainfire:
https://plus.google.com/113517319477420052449/posts/S5zoKTzKUW1
obsanity said:
Explanation from Chainfire:
https://plus.google.com/113517319477420052449/posts/S5zoKTzKUW1
Click to expand...
Click to collapse
Thanks for this. A good read, but I'm surprised nobody has demanded more details than 'patched the policies in SELinux'. Not that I don't trust Chain fire (I do) , but who really knows what has been done to our phones?
crowbarman said:
Thanks for this. A good read, but I'm surprised nobody has demanded more details than 'patched the policies in SELinux'. Not that I don't trust Chain fire (I do) , but who really knows what has been done to our phones?
Click to expand...
Click to collapse
That's the problem with Chainfire's work... he does not release source.
Again, best un-root method is to flash original images less user data.
obsanity said:
That's the problem with Chainfire's work... he does not release source.
Again, best un-root method is to flash original images less user data.
Click to expand...
Click to collapse
Thanks for sharing this info. Its a bit concerning tbh. Is there a cleaner way to root other than using superSU?
LordGrahf said:
Thanks for sharing this info. Its a bit concerning tbh. Is there a cleaner way to root other than using superSU?
Click to expand...
Click to collapse
I'm afraid not but Chainfire's is probably the cleanest possible. Koush was the one with an open source solution but he hasn't updated his to 5.0 yet.
obsanity said:
I'm afraid not but Chainfire's is probably the cleanest possible. Koush was the one with an open source solution but he hasn't updated his to 5.0 yet.
Click to expand...
Click to collapse
There is an argument that publishing the method would allow Google to close it that much quicker, I suppose.
crowbarman said:
Thanks for this. A good read, but I'm surprised nobody has demanded more details than 'patched the policies in SELinux'. Not that I don't trust Chain fire (I do) , but who really knows what has been done to our phones?
Click to expand...
Click to collapse
The base changes and reasoning for those changes are actually documented on my website. Specific policy adjustments are present in plain text in the supolicy executable, as any hex editor will show you. Those who really wanted to know rather than whine about OSS, know.
By far most policy adjustments just drop audit log output for contexts that are already permissive, though.
All that information is still completely useless unless you understand SELinux in detail and how it's implemented on Android, though.
I assume that the encryption doesn't get in the way of being able to flash the images?
When I went from 5.0 to 5.0.1 on my old Nexus 5 all I did was flash the two new 5.0.1 images I extracted from the full factory image, then re-rooted. This is far cleaner than reverting back to the previous image then doing an OTA. I've not had to update my N6 yet so I don't know if my method will work still, but I hope it does.
Chainfire said:
The base changes and reasoning for those changes are actually documented on my website. Specific policy adjustments are present in plain text in the supolicy executable, as any hex editor will show you. Those who really wanted to know rather than whine about OSS, know.
By far most policy adjustments just drop audit log output for contexts that are already permissive, though.
All that information is still completely useless unless you understand SELinux in detail and how it's implemented on Android, though.
Click to expand...
Click to collapse
Thanks for the additional information.
I did spend a fair amount of time reading your documentation but failed to utilize a hex editor. I am not 'whining' about the lack of open source, rather, simply mildly surprised, but your website aptly describes the challenges with 5.0. Many are used to various root methods being available.
Your solution is fine with me.. I love your work.
Edit: I thought I'd add that the discussion has devolved from the OP, which was whether an OTA can be applied after uninstalling root. The answer was no, due to the unknowns about what still might be modified following the uninstall via SuperSU.
Hi,
I have a Nexus 6 that I am going to start using for work.
My work has a policy that they do not allow rooted devices.
I rooted my Nexus 6 simply to get LED LightFlow to trigger the hidden LED.
When I rooted I used the Nexus Root Toolkit from Wugfresh. I did not use a Custom Recovery and I kept the stock OS (5.0.1 LRX22C)
I really would rather not have to do a wipe/reset if I don't have to. I just need the device unrooted to adhear to company policy.
(and ideally to be able to get the 5.1 OTA when it is released later this month)
D.
GADGTGUY said:
Hi,
I have a Nexus 6 that I am going to start using for work.
My work has a policy that they do not allow rooted devices.
I rooted my Nexus 6 simply to get LED LightFlow to trigger the hidden LED.
When I rooted I used the Nexus Root Toolkit from Wugfresh. I did not use a Custom Recovery and I kept the stock OS (5.0.1 LRX22C)
I really would rather not have to do a wipe/reset if I don't have to. I just need the device unrooted to adhear to company policy.
(and ideally to be able to get the 5.1 OTA when it is released later this month)
D.
Click to expand...
Click to collapse
Um how will you work know? do they have software they put on the phones? also if your worried just use root cloak. It hides root from set apps.
You can flash the images from the Google Stock image file, and skip userdata - that will restore your phone to stock, without wiping data. Look at the stickies in the general forum for N6
the_rooter said:
Um how will you work know? do they have software they put on the phones? also if your worried just use root cloak. It hides root from set apps.
Click to expand...
Click to collapse
They push a BES client that checks. They already told me they know the phone is rooted. (big brother)
jj14 said:
You can flash the images from the Google Stock image file, and skip userdata - that will restore your phone to stock, without wiping data. Look at the stickies in the general forum for N6
Click to expand...
Click to collapse
Thanks for this info....
I just noticed that in SuperSU there is a feature called: Full unroot
Can I simply do this and presto... the phone is unrooted?
Since I kept the stock OS and didn't put a custom recovery on the phone... do you think this might do the trick?
D.
GADGTGUY said:
I just noticed that in SuperSU there is a feature called: Full unroot
Can I simply do this and presto... the phone is unrooted?
Since I kept the stock OS and didn't put a custom recovery on the phone... do you think this might do the trick?
D.
Click to expand...
Click to collapse
It may - but it still won't get you direct OTA (since OTA now checks for any change to system files)
GADGTGUY said:
[snip]I just noticed that in SuperSU there is a feature called: Full unroot
Can I simply do this and presto... the phone is unrooted?
Since I kept the stock OS and didn't put a custom recovery on the phone... do you think this might do the trick?
D.
Click to expand...
Click to collapse
Just to echo what jj14 said. The "Full unroot" option in SuperSU will remove root, but it won't (at least it hadn't on the last version of it that I tried) revert one file that root modifies, so, while you won't have root, and the BES client should work, the update checks the entire file system, so it will fail. A quick flash of only the system.img file using fastboot will remove root and leave everything else untouched.
Thanks for all the advice guys!
I appreciate the assistance... this is why this community rocks!
D.
I should have paid closer attention to the Nexus Root Toolkit from WugFresh.
There is a built in option that unroots without a refresh.
D'oh
D.
GADGTGUY said:
I should have paid closer attention to the Nexus Root Toolkit from WugFresh.
There is a built in option that unroots without a refresh.
D'oh
D.
Click to expand...
Click to collapse
Many of us would recommend you learn fastboot commands manually rather than relying on toolkits. This helps you get out of trouble when things go wrong. That said, its too late now
I've unlocked the bootloader and rooted the phone with the help of the Nexus Root Toolkit by WugFresh.
I now have it setup just how I want it and I don't want an OTA to kill root or change anything so something stops working (phone isn't for me, but I've set it up just right for someone with special needs).
I've read conflicting information on whether or not an OTA will actually install on a rooted phone or not. Some things say that it won't if you've changed anything at all while others say it might be possible.
Is there some system file I can rename or something to ensure the phone doesn't get a system update unless I do it manually?
LaTropa64 said:
I've unlocked the bootloader and rooted the phone with the help of the Nexus Root Toolkit by WugFresh.
I now have it setup just how I want it and I don't want an OTA to kill root or change anything so something stops working (phone isn't for me, but I've set it up just right for someone with special needs).
I've read conflicting information on whether or not an OTA will actually install on a rooted phone or not. Some things say that it won't if you've changed anything at all while others say it might be possible.
Is there some system file I can rename or something to ensure the phone doesn't get a system update unless I do it manually?
Click to expand...
Click to collapse
no matter how many times you will try to update via ota, you will not be able to. if any files change from stock, any at all, you wont be able to install an ota. especially with root.
LaTropa64 said:
I've unlocked the bootloader and rooted the phone with the help of the Nexus Root Toolkit by WugFresh.
I now have it setup just how I want it and I don't want an OTA to kill root or change anything so something stops working (phone isn't for me, but I've set it up just right for someone with special needs).
I've read conflicting information on whether or not an OTA will actually install on a rooted phone or not. Some things say that it won't if you've changed anything at all while others say it might be possible.
Is there some system file I can rename or something to ensure the phone doesn't get a system update unless I do it manually?
Click to expand...
Click to collapse
Root solved your problem ha ha
simms22 said:
no matter how many times you will try to update via ota, you will not be able to. if any files change from stock, any at all, you wont be able to install an ota. especially with root.
Click to expand...
Click to collapse
And sometimes, even if one is 100% stock, those pesky OTAs won't install.
cam30era said:
And sometimes, even if one is 100% stock, those pesky OTAs won't install.
Click to expand...
Click to collapse
right. any system file changes prevent install.
Awesome. Thanks.
Will it even attempt to install an update, and if so, does it only attempt once and then give up so you don't get stuck in a loop?
Install a custom recovery. Done. OTAs require the stock recovery in order to flash files.
LaTropa64 said:
Awesome. Thanks.
Will it even attempt to install an update, and if so, does it only attempt once and then give up so you don't get stuck in a loop?
Click to expand...
Click to collapse
itll only attemp if you let it(it needs your approval to update), otherwise itll only tell you that an update is available. if you let it, itll try, but fail. if you boot up, youll be where you were before.
Apparently I rooted it incorrectly because it was able to update. I just got a call and the phone had rebooted and went through optimizing X of X apps and now many of the tasker profiles I had set are no longer working.
It wouldn't have optimized a bunch of apps if it hadn't updated the OS, or no?
LaTropa64 said:
Apparently I rooted it incorrectly because it was able to update. I just got a call and the phone had rebooted and went through optimizing X of X apps and now many of the tasker profiles I had set are no longer working.
It wouldn't have optimized a bunch of apps if it hadn't updated the OS, or no?
Click to expand...
Click to collapse
you can always look at your android version in aboy phone, to see if it updated or not.
LaTropa64 said:
Apparently I rooted it incorrectly because it was able to update. I just got a call and the phone had rebooted and went through optimizing X of X apps and now many of the tasker profiles I had set are no longer working.
It wouldn't have optimized a bunch of apps if it hadn't updated the OS, or no?
Click to expand...
Click to collapse
You'll find update or not optimizing apps happens a lot especially if you clear cache etc...
Your fine otas can't install with root
Just flash twrp it will cone in handy incase you brick it one day you'll have twrp to fastboot fix or sideload a rom to recover from.
ONE NOTE: Never ever ever relock your bootloader with the toolkit you'll be screwed. Always leave bootlaoder unlocked. I just had to rma manufacturer phone replacement I relock mine with toolkit and couldn't flash stock firmware or oem unlock again.
Sent from my LGMS769 using XDA Free mobile app
simms22 said:
you can always look at your android version in aboy phone, to see if it updated or not.
Click to expand...
Click to collapse
I'll take a look the next time I get over there. It's not my phone, I just set it up for someone with accessibility issues and wanted it to stay the same as the day I set it up but apparently it's not done that.
This is the place to discuss anything and everything related to SuperSU and SafetyNet / Android Pay.
To clarify, I am not currently actively doing any development on having SuperSU pass SafetyNet detection, or having Android Pay work; the same way I put no effort into beating other root detection methods such as various enterprise security tools.
In case any SuperSU-rooted device passes SafetyNet, that is a bug in SafetyNet, not a feature of SuperSU.
While I may not agree with Google's stance, I'm not about to go messing with payment systems. Is it possible though? Probably yes.
This thread has been created because you guys simply cannot stop talking about this, so these posts can now go here, where I don't ever have to see them.
Will v2.50 cause Android Pay not to work in 6.0? If so, I am guessing there is no way around it?
0.0 said:
Will v2.50 cause Android Pay not to work in 6.0? If so, I am guessing there is no way around it?
Click to expand...
Click to collapse
Root is a no no with android pay and I think custom ROMs are also out at the moment
Sent from my A0001 using Tapatalk
Pure Drive GT said:
Hey, thanks for your continued support for root on Android, was just wondering, is google making it harder to achieve decent root privileges, as in they don't want rooted devices or are they just unrelatedly changing up things which forces you guys to adapt?
On another note, is there any progress on root without the modded boot? This is by no means an ETA, just wanted to know if you think it's possible or the situation looks rather dire.
Thanks again for your many efforts!
Click to expand...
Click to collapse
Well, just look at Android Pay, it will not allow one to add a credit card if it detects the device is rooted. So yeah, Google definitely wants to stop root, or at least make sure there is a strong dissuasion towards same. It's not a bad thing persae, as Google is just making the devices more secure for the masses. We 'power users' are lucky to have those such as Chainfire working so hard to get us what they can.
mdamaged said:
Well, just look at Android Pay, it will not allow one to add a credit card if it detects the device is rooted. So yeah, Google definitely wants to stop root, or at least make sure there is a strong dissuasion towards same. It's not a bad thing persae, as Google is just making the devices more secure for the masses. We 'power users' are lucky to have those such as Chainfire working so hard to get us what they can.
Click to expand...
Click to collapse
Many banking and financial apps restrict access on rooted devices; it's not just Google.
It makes sense in some ways: root access allows running things in the background to either circumvent, monitor, or interrupt program transactions. They're being paranoid, and I don't blame them.
I don't like the Google Pay concept (or Apple's either); like every other encryption or security system, it's destined to eventually be hacked.
mdamaged said:
Well, just look at Android Pay, it will not allow one to add a credit card if it detects the device is rooted. So yeah, Google definitely wants to stop root, or at least make sure there is a strong dissuasion towards same. It's not a bad thing persae, as Google is just making the devices more secure for the masses. We 'power users' are lucky to have those such as Chainfire working so hard to get us what they can.
Click to expand...
Click to collapse
Yep, I was able to add my debit card but not credit.
VZW LG G4
mdamaged said:
Well, just look at Android Pay, it will not allow one to add a credit card if it detects the device is rooted. So yeah, Google definitely wants to stop root, or at least make sure there is a strong dissuasion towards same. It's not a bad thing persae, as Google is just making the devices more secure for the masses. We 'power users' are lucky to have those such as Chainfire working so hard to get us what they can.
Click to expand...
Click to collapse
http://www.androidpolice.com/2015/0...hy-android-pay-doesnt-support-rooted-devices/
shaggyskunk said:
Yet the Note 5 has been rooted for at least a couple of weeks
Click to expand...
Click to collapse
On Lollipop... And you also have to unlock your bootloader to do that, right? If yes, then you will trip the KNOX, and that mean you will loose some of your device functionality (Samsung Pay for example), without option to take it back. On the Nexus on the other hand, when you want to use Android Pay on Nexus, you can restore your phone to completely stock condition, without any trace of previously used root.
Also, all of this is completely irrelevant to carried device users, since they have a locked bootloaders.
Srandista said:
On Lollipop... And you also have to unlock your bootloader to do that, right? If yes, then you will trip the KNOX, and that mean you will loose some of your device functionality (Samsung Pay for example), without option to take it back. On the Nexus on the other hand, when you want to use Android Pay on Nexus, you can restore your phone to completely stock condition, without any trace of previously used root.
Also, all of this is completely irrelevant to carried device users, since they have a locked bootloaders.
Click to expand...
Click to collapse
I believe that it's only at&t and Verizon that locks the bootloader - And none in Canada and many other Countries.
Sent From my SM-N910W8 Running SlimRemix V5.1
Had an interesting event, on 2.52.
I unchecked "Enable Superuser" in Settings, to attempt to use Android Pay (Android Pay still wouldn't work). Then, when I rechecked "Enable Superuser", the re-installation of the binary failed, and I was prompted to reboot to try again. However, then I got a boot loop (never even got the opportunity to enter my encryption code). The only way I was able to boot was to re-flash the modified boot.img and re-install SuperSU from the zip (no idea whether both steps were necessary).
I have a Marshmallow Nexus 6, encrypted. For what it's worth, I was previously rooted on 5.1.1, and, after updating to 6.0 and until I re-rooted, I always got a "Your device is corrupt" message on startup, despite being all stock.
NYZack said:
Had an interesting event, on 2.52.
I unchecked "Enable Superuser" in Settings, to attempt to use Android Pay (Android Pay still wouldn't work). Then, when I rechecked "Enable Superuser", the re-installation of the binary failed, and I was prompted to reboot to try again. However, then I got a boot loop (never even got the opportunity to enter my encryption code). The only way I was able to boot was to re-flash the modified boot.img and re-install SuperSU from the zip (no idea whether both steps were necessary).
I have a Marshmallow Nexus 6, encrypted. For what it's worth, I was previously rooted on 5.1.1, and, after updating to 6.0 and until I re-rooted, I always got a "Your device is corrupt" message on startup, despite being all stock.
Click to expand...
Click to collapse
Root doesn't have to be enabled for pay to fail. Any time the system partition is modified pay will not work. There was an xda news article on it. A quick Google search involving Android pay and root should find it.
Lrs121 said:
Root doesn't have to be enabled for pay to fail. Any time the system partition is modified pay will not work. There was an xda news article on it. A quick Google search involving Android pay and root should find it.
Click to expand...
Click to collapse
I also found that having an unlocked bootloader will stop Pay working. When MM released I decided to go fully back to stock but kept the bootloader unlocked so I could flash MM. Pay still failed, so I've given up and gone rooted again.
Sent from my Nexus 6 using Tapatalk
Ch3vr0n said:
@Chainfire if you actually are able to pull off fully working stable root WITHOUT modifying the /system does that mean you MIGHT have opened the door into having root AND still being able to get OTA's?
Click to expand...
Click to collapse
osm0sis said:
Yup, all you'd need to do is reflash stock kernel to pass the boot partition EMMC check, or, we could automate restoring the previous stock kernel, flashing the OTA and then injecting the new stock kernel with root after flashing (à la AnyKernel2 or MultiROM). So many exciting possibilities there where custom recoveries are concerned.
Click to expand...
Click to collapse
Chainfire said:
Honestly it's not so different from using FlashFire to flash re-flash system, then OTA, then re-root. But it is easier, yes.
Click to expand...
Click to collapse
This is indeed exciting. However, I noticed that @Chainfire posted this downside on Google+ :
Andrew Morykin 12:24
This should retain Android Pay, right?
Click to expand...
Click to collapse
Chainfire 12:58
+Andrew Morykin if it does, then it's by accident and not by design, and Android Pay will be updated to block it.
Click to expand...
Click to collapse
https://plus.google.com/+Chainfire/posts/aJbqUZ8PEP4
also, I was confused by this:
Chainfire said:
- I have not tested with encrypted devices
Click to expand...
Click to collapse
http://forum.xda-developers.com/showpost.php?p=63197935
Aren't
Nexus 6P / angler
angler-mdb08k-boot-systemless.zip
Click to expand...
Click to collapse
and
Nexus 5X / bullhead
bullhead-mdb08i-boot-systemless.zip
Click to expand...
Click to collapse
encrypted out of the box?
dabotsonline said:
This is indeed exciting. However, I noticed that @Chainfire posted this downside on Google+ :
Click to expand...
Click to collapse
How is that a downside?
It's exactly the same with every other form of root you will ever see. They don't want to support Android Pay (and some other stuff) on rooted devices. If we find a root that allows it, they will update their system to detect and block it. That cat and mouse game will not end as long as Google doesn't want Android Pay on rooted devices.
Maybe someone will make apps/modules that help circumvent this, but it certainly will not be me.
also, I was confused by this:
Aren't
Nexus 6P / angler
and
Nexus 5X / bullhead
encrypted out of the box?
Click to expand...
Click to collapse
Still can't test what I don't have.
russlowe73 said:
Factory images
Click to expand...
Click to collapse
So basically I have to go back to 100% stock using ADB, and then flash the new SuperSU stuff with any custom ROM? If so, what are the benefits of this other than getting Android Pay while rooted?
I'm not sure if anyone has specifically mentioned this, but Android Pay still works with this form of root on the Nexus 6!!
efrant said:
Starting with Android 5.0, OTA updates are now block-based rather than file-based, so any modification to the system partition will cause the OTA to fail, even mounting the system partition as r/w.
Click to expand...
Click to collapse
Just to add to this, it's a whole-partition /system patch OTA if the device launched with Lollipop or later, anything that launched with KitKat is still receiving the old file-based patch OTAs. Modifying Settings.apk would likely trip either method for a lot of OTAs though, since it's a pretty central component.
galaxyuserx said:
I use Galaxy s6 G9200 HK with Kernel compiled by me, but i have problem with root 5.1.1 and i think in future too 6.0
These root method is integrated in kernel source or i can integrate with those "boot.img systemless" my selfcompiled kernel?(repack boot.img with kernel compiled by me)
Is possible to work this new root method to android 5.1.1?
I have problem with gain root when i use kernel compiled by me ( STOCK kernel have too this problem BOOTLOOPs and FREEZEs on boot system) and i don't know how slove it :/
I found on chineese forums root integrated in boot.img it working good and isn't comunicat "KERNEL is not SEandroid enforced" but when i try integrate my kernel with this boot.img error with boot system :/
Click to expand...
Click to collapse
Yup, it's all ramdisk changes so should be workable on any version of Android. Chainfire left instructions outlining the ramdisk changes in the WIP thread if you want to give it a try.
phishfi said:
I'm not sure if anyone has specifically mentioned this, but Android Pay still works with this form of on the Nexus 6!!
Click to expand...
Click to collapse
Yup, seems to be the case with most banking and root-detecting apps... for now.
Can someone with the non-system SU use this app: https://play.google.com/store/apps/details?id=com.cigital.safetynetplayground and post the results?
This app is supposed to do the SafetyNet checks cleanly, the same way Android Pay does them.
Would be interesting to see if it succeeds on devices with this new supersu version.
secguy said:
Can someone with the non-system SU use this app: https://play.google.com/store/apps/details?id=com.cigital.safetynetplayground and post the results?
This app is supposed to do the SafetyNet checks cleanly, the same way Android Pay does them.
Would be interesting to see if it succeeds on devices with this new supersu version.
Click to expand...
Click to collapse
Just ran it and it passed.
Went ahead and installed su on a stock nexus 5, so far working well, android pay does not work but that was me being stupid and changing the host file and dpi before setting it up
I do notice a little input lag after this, not enough to even make me consider removing root, but it is noticeable, anybody else with this?