This is also hardware-dependent, at a level below Android. JBQ
On Wed, Mar 2, 2011 at 8:25 AM, simran <[email protected]> wrote: > is it not possible to provide a read-only partition which could be used to > restore to "factory" settings... perhaps we can even use a read-only micro > sd or similar card for the same purpose? > > On Wed, Mar 2, 2011 at 9:46 PM, Earlence <[email protected]> wrote: >> >> Yup, this is below Android and is vendor specific. >> One way could be to leverage the TrustZone features of ARM processors >> such that in the secure world, a copy of recovery data is kept. This >> data is flashed at install time and only a "key" from the vendor will >> allow someone to access the contents of this memory. >> The user installs an app (that is provided by the vendor on a request >> basis) that can communicate with this part of memory and restore the >> system partition. >> >> Cheers, >> Earlence >> >> On Mar 2, 4:47 pm, Jean-Baptiste Queru <[email protected]> wrote: >> > This is at a level below Android, since anything that Android could do >> > to keep a backup copy (or something similar) could be compromised in a >> > similar fashion. The mechanisms involved, if they exist, vary from >> > manufacturer to manufacturer and even from device to device. >> > >> > JBQ >> > >> > >> > >> > On Wed, Mar 2, 2011 at 7:37 AM, William Enck <[email protected]> wrote: >> > > In the wake of all the news regarding the malware in the Android >> > > Market, it occurred to me that there isn't a good way to *completely* >> > > restore a phone to factory defaults. >> > >> > > First off, great job to Google for removing the malicious apps >> > > quickly. The so called "kill switches" in the Android Market and App >> > > Store >> > > are great features for handling exactly this, and obviate a lot of need >> > > for >> > > antivirus software. >> > >> > > At the end of the CNN article that was slashdotted >> > > (http://www.cnn.com/2011/TECH/mobile/03/02/google.malware.andriod/), the >> > > author states: >> > >> > > "If you've downloaded one of these apps, it might be best to take your >> > > device to your carrier and exchange it for a new one, since you can't be >> > > sure that your device and user information is truly secure." >> > >> > > If my understanding of this malware is correct, it contains an exploit >> > > for a kernel privilege escalation vulnerability. Sans all the discussion >> > > on >> > > this mailing list regarding forcing OEMs to push security updates, there >> > > is >> > > still the possibility of a zero-day kernel exploit. >> > >> > > Which leads me to the premise of this email: Android lets me wipe all >> > > user data, i.e., "restore to factory settings", via the user interface >> > > (or >> > > by rebooting to recovery mode), but how do I restore the "system" >> > > partition? >> > >> > > Currently, the Google OTA's are frequently patches (which is great to >> > > save bandwidth). However, these links are only public once someone >> > > (e.g., on >> > > XDA) discovers and posts them. If my understanding of this is correct, >> > > there >> > > are also "full" OTA images out there. >> > >> > > I'm not sure of the best way to achieve this goal, but it would be >> > > beneficial for a user to restore the system partition to a known state as >> > > well, without the need to take the phone to a cell provider store. (I >> > > recall >> > > the T-Mobile G2 having an anti-jailbreak mechanism that would potentially >> > > accomplish at least part of this). >> > >> > > Thoughts? There are some interesting trade-offs when defining the >> > > threat model for a solution (e.g., do we trust the recovery image hasn't >> > > been modified). >> > >> > > Thanks, >> > > -Will >> > >> > > -- >> > > William Enck >> > > PhD Researcher >> > > Department of Computer Science and Engineering >> > > The Pennsylvania State University >> > > [email protected] >> > >> > > -- >> > > You received this message because you are subscribed to the Google >> > > Groups "Android Security Discussions" group. >> > > To post to this group, send email to >> > > [email protected]. >> > > To unsubscribe from this group, send email to >> > > [email protected]. >> > > For more options, visit this group >> > > athttp://groups.google.com/group/android-security-discuss?hl=en. >> > >> > -- >> > Jean-Baptiste M. "JBQ" Queru >> > Software Engineer, Android Open-Source Project, Google. >> > >> > Questions sent directly to me that have no reason for being private >> > will likely get ignored or forwarded to a public forum with no further >> > warning. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Android Security Discussions" group. >> To post to this group, send email to >> [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/android-security-discuss?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > -- Jean-Baptiste M. "JBQ" Queru Software Engineer, Android Open-Source Project, Google. Questions sent directly to me that have no reason for being private will likely get ignored or forwarded to a public forum with no further warning. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
