Google released Android 13 to the stable channel, which means you can finally upgrade your Pixel phone from Android 12 without having to join the beta. For those who own a Pixel 6a, 6, or 6 Pro, there is no way back, though. Google warns that once you upgrade your new Pixel phone to Android 13, you will no longer be able to flash an earlier version of the OS on it. That’s because the bootloader is updated along with the OS.

When the Android 13 update hit, we quickly spotted a new warning on the Google Developer website that hosts all Android releases for Pixel and Nexus phones. It reads,

Warning: The Android 13 update for Pixel 6, Pixel 6 Pro, and the Pixel 6a contains a bootloader update that increments the anti-roll back version. After flashing an Android 13 build on these devices you will not be able to flash older Android 12 builds.

Google remained cryptic on what exactly the reasoning is for this, and we haven’t heard back from the company after reaching out to it. However, thanks to some digging from Esper.io’s Mishaal Rahman, we have an idea of what's going on. The Android Flash Tool, which offers a mostly automated way to quickly flash Android builds on your Pixel phone, has a more extensive description of the issue at hand. It reads,

WARNING - If this is FLASHED you CANNOT go back to an old Android build

Your device is running a vulnerable version of the bootloader. After flashing this build your device's anti-roll back counter will be incremented to prevent previous vulnerable versions of the bootloader from being flashed on the device in the future. This will prevent flashing existing Android 12 releases.

As stated in this more detailed warning, Google has found a vulnerability in the Pixel 6 series’ bootloader, which forced it to upgrade this underlying software along with the stable Android 13 release. Normally, flashing an older version of Android could then override the new bootloader with an older one. In this case, though, Google removed the option to downgrade to prevent the vulnerable, potentially dangerous bootloader from ever gracing a Pixel 6 unit again.

You could say that it’s the personal risk of anyone advanced enough to tinker with their Android phone. The thing is that an attacker could use a yet-to-be-discovered Android kernel exploit to downgrade a phone to an insecure Android version, reboot into it, and use that version to install a permanent exploit.

Google is preventing this by using anti-rollback counters (ARCs) that are part of the hardware. As we understand, ARCs are achieved by adding a numeric counter based on fuses to the hardware, with its value being determined by the number of fuses that have been blown. When this method is used, the phone compares its numeric value to the one of the software that is supposed to be booted, and when the number is lower, the device refuses to load the software. Many manufacturers don't use this feature as it complicates testing and has the potential to alienate users, but Google is doing what is right in the name of security here. This is explained in much greater detail by Shawn Willden on Twitter, Tech Lead for Android hardware-backed security subsystems.

Unfortunately, the deployment of ARCs for the Pixel 6 series has a serious side effect for developers that use an AOSP build on their devices. When they upgrade, they need to ensure that they flash Android 13 to both boot slots. Otherwise, their devices may be permanently bricked and not usable anymore if the Android 13 boot fails and the phone tries to fall back to the Android 12 build on the other slot.

It looks like Google may offer a solution after all this backlash. Shawn Willden claims that Google is working on Android 12 images that come with the new, more secure bootloader.