Android Oreo feature spotlight: Rollback Protection, a new part of Verified Boot, won't allow you to start a downgraded OS

Android Police

By Ryne Hager

Published Sep 5, 2017

This flew under our radar back at I/O, but it's big news. On compatible devices, the new Verified Boot changes in Android 8.0 Oreo will prevent a device from booting should it be rolled back to an earlier firmware. The new feature is called Rollback Protection. So if your phone is flashed with older software, you (and your data) are protected from whatever potential security vulnerabilities may have been present in earlier versions.

For 99% of users, the new Rollback Protection is great news. If a phone is lost or stolen, it further decreases the number of potential attacks which could be used to gain access, providing better safety for your data.

The full technical details behind Rollback Protection's operation are available here, but if you want the TL;DR, we have an overly-simplified explanation. It's only present on "compatible devices," and we don't quite know what that means yet. It's based on a number called a Rollback Index which is incremented as flaws are patched. Your device stores the last seen number in tamper-evident memory, and it compares that number against the current firmware. If the number in firmware is lower than the number stored in memory, it won't boot. If the memory's been tampered with, it (presumably) won't boot. And, since the number is cryptographically signed, it should be hard to spoof a higher number.

There might be a small subset of users that aren't too excited about this little speed bump: those who ROM. Part of bringing an older device over to a well-maintained ROM like LineageOS is to increase security, at least in a small way. And, since some devices are locked down tight, this could interfere with downgrading for exploit-based bootloader unlocking methods. The benefits are almost certainly worth the cost, though. Anyone interested in using a ROM should probably just buy a device with an unlockable bootloader to begin with.

According to Ars Technica's Ron Amadeo, Rollback Protection can also be disabled, if you so choose. Just like unlocking your bootloader, you'll just be greeted by a pile of warnings on boot, and an obvious loss of security. As a side-note, the bootloader unlocking process has been "hardened" as well, and it now requires direct user interaction with the bootloader to work.

All these features come together to further increase user security, making your data that much safer in the hands of Android 8.0 Oreo.

Source: Google, ArsTechnica