Rollback Protection Mandatory for Devices Launching with Android 9
Android v9.0 or Android Pie was released today. It was reported by XDA that Google has made rollback protection, a feature first introduced in Android Oreo as an optional feature to be mandatory for all devices shipping with Android Pie out of the box. The feature is made possible by Android Verified Boot 2.0.
Rollback protection prevents your phone from booting if it detects that the device was downgraded to an earlier, unapproved version of Android that has been deemed insecure because of any security vulnerability whatsoever. The VBMeta data structure, which holds the hash for the boot partition and hashtree metadatas for system and vendor partitions, uses a rollback index to reject images that have an older rollback index. This will increase the security of the device as it prevents unauthorised versions of Android OS, potentially with vulnerabilities to not find their way into users’ devices.
Rollback protection is already present on devices like the Google Pixel 2, Razer Phone, and OnePlus 6 but not on many other devices like the Samsung Galaxy S9.
Android Verified Boot doesn’t really affect most custom ROM users although it does add an extra layer of security you have to work around in some instances. For instance, according to XDA, “flashing a Generic System Image requires disabling AVB. Modifying certain partitions like vendor on the OnePlus 6 requires disabling AVB as well, as I recently learned. Properly implemented AVB 2.0 makes it possible for custom boot images to work with a locked bootloader. “
Even though the new implementation won’t affect people who are looking to install custom ROMs in their devices as it is usually done to upgrade the device to a newer version of Android, we’re still unsure how the community will take it. Let us know your thoughts on the comments.