is it not possible to provide a read-only partition which could be used to restore to "factory" settings... perhaps we can even use a read-only micro sd or similar card for the same purpose?
On Wed, Mar 2, 2011 at 9:46 PM, Earlence <[email protected]> wrote: > Yup, this is below Android and is vendor specific. > One way could be to leverage the TrustZone features of ARM processors > such that in the secure world, a copy of recovery data is kept. This > data is flashed at install time and only a "key" from the vendor will > allow someone to access the contents of this memory. > The user installs an app (that is provided by the vendor on a request > basis) that can communicate with this part of memory and restore the > system partition. > > Cheers, > Earlence > > On Mar 2, 4:47 pm, Jean-Baptiste Queru <[email protected]> wrote: > > This is at a level below Android, since anything that Android could do > > to keep a backup copy (or something similar) could be compromised in a > > similar fashion. The mechanisms involved, if they exist, vary from > > manufacturer to manufacturer and even from device to device. > > > > JBQ > > > > > > > > On Wed, Mar 2, 2011 at 7:37 AM, William Enck <[email protected]> wrote: > > > In the wake of all the news regarding the malware in the Android > Market, it occurred to me that there isn't a good way to *completely* > restore a phone to factory defaults. > > > > > First off, great job to Google for removing the malicious apps quickly. > The so called "kill switches" in the Android Market and App Store are great > features for handling exactly this, and obviate a lot of need for antivirus > software. > > > > > At the end of the CNN article that was slashdotted ( > http://www.cnn.com/2011/TECH/mobile/03/02/google.malware.andriod/), the > author states: > > > > > "If you've downloaded one of these apps, it might be best to take your > device to your carrier and exchange it for a new one, since you can't be > sure that your device and user information is truly secure." > > > > > If my understanding of this malware is correct, it contains an exploit > for a kernel privilege escalation vulnerability. Sans all the discussion on > this mailing list regarding forcing OEMs to push security updates, there is > still the possibility of a zero-day kernel exploit. > > > > > Which leads me to the premise of this email: Android lets me wipe all > user data, i.e., "restore to factory settings", via the user interface (or > by rebooting to recovery mode), but how do I restore the "system" partition? > > > > > Currently, the Google OTA's are frequently patches (which is great to > save bandwidth). However, these links are only public once someone (e.g., on > XDA) discovers and posts them. If my understanding of this is correct, there > are also "full" OTA images out there. > > > > > I'm not sure of the best way to achieve this goal, but it would be > beneficial for a user to restore the system partition to a known state as > well, without the need to take the phone to a cell provider store. (I recall > the T-Mobile G2 having an anti-jailbreak mechanism that would potentially > accomplish at least part of this). > > > > > Thoughts? There are some interesting trade-offs when defining the > threat model for a solution (e.g., do we trust the recovery image hasn't > been modified). > > > > > Thanks, > > > -Will > > > > > -- > > > William Enck > > > PhD Researcher > > > Department of Computer Science and Engineering > > > The Pennsylvania State University > > > [email protected] > > > > > -- > > > You received this message because you are subscribed to the Google > Groups "Android Security Discussions" group. > > > To post to this group, send email to > [email protected]. > > > To unsubscribe from this group, send email to > [email protected]. > > > For more options, visit this group athttp:// > groups.google.com/group/android-security-discuss?hl=en. > > > > -- > > Jean-Baptiste M. "JBQ" Queru > > Software Engineer, Android Open-Source Project, Google. > > > > Questions sent directly to me that have no reason for being private > > will likely get ignored or forwarded to a public forum with no further > > warning. > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
