Yup, this is below Android and is vendor specific. One way could be to leverage the TrustZone features of ARM processors such that in the secure world, a copy of recovery data is kept. This data is flashed at install time and only a "key" from the vendor will allow someone to access the contents of this memory. The user installs an app (that is provided by the vendor on a request basis) that can communicate with this part of memory and restore the system partition.
Cheers, Earlence On Mar 2, 4:47 pm, Jean-Baptiste Queru <[email protected]> wrote: > This is at a level below Android, since anything that Android could do > to keep a backup copy (or something similar) could be compromised in a > similar fashion. The mechanisms involved, if they exist, vary from > manufacturer to manufacturer and even from device to device. > > JBQ > > > > On Wed, Mar 2, 2011 at 7:37 AM, William Enck <[email protected]> wrote: > > In the wake of all the news regarding the malware in the Android Market, it > > occurred to me that there isn't a good way to *completely* restore a phone > > to factory defaults. > > > First off, great job to Google for removing the malicious apps quickly. The > > so called "kill switches" in the Android Market and App Store are great > > features for handling exactly this, and obviate a lot of need for antivirus > > software. > > > At the end of the CNN article that was slashdotted > > (http://www.cnn.com/2011/TECH/mobile/03/02/google.malware.andriod/), the > > author states: > > > "If you've downloaded one of these apps, it might be best to take your > > device to your carrier and exchange it for a new one, since you can't be > > sure that your device and user information is truly secure." > > > If my understanding of this malware is correct, it contains an exploit for > > a kernel privilege escalation vulnerability. Sans all the discussion on > > this mailing list regarding forcing OEMs to push security updates, there is > > still the possibility of a zero-day kernel exploit. > > > Which leads me to the premise of this email: Android lets me wipe all user > > data, i.e., "restore to factory settings", via the user interface (or by > > rebooting to recovery mode), but how do I restore the "system" partition? > > > Currently, the Google OTA's are frequently patches (which is great to save > > bandwidth). However, these links are only public once someone (e.g., on > > XDA) discovers and posts them. If my understanding of this is correct, > > there are also "full" OTA images out there. > > > I'm not sure of the best way to achieve this goal, but it would be > > beneficial for a user to restore the system partition to a known state as > > well, without the need to take the phone to a cell provider store. (I > > recall the T-Mobile G2 having an anti-jailbreak mechanism that would > > potentially accomplish at least part of this). > > > Thoughts? There are some interesting trade-offs when defining the threat > > model for a solution (e.g., do we trust the recovery image hasn't been > > modified). > > > Thanks, > > -Will > > > -- > > William Enck > > PhD Researcher > > Department of Computer Science and Engineering > > The Pennsylvania State University > > [email protected] > > > -- > > You received this message because you are subscribed to the Google Groups > > "Android Security Discussions" group. > > To post to this group, send email to > > [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group > > athttp://groups.google.com/group/android-security-discuss?hl=en. > > -- > Jean-Baptiste M. "JBQ" Queru > Software Engineer, Android Open-Source Project, Google. > > Questions sent directly to me that have no reason for being private > will likely get ignored or forwarded to a public forum with no further > warning. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
