Unlocked bootloaders and custom recoveries on Nexus devices


If you have ever rooted your Nexus device then you probably know that you first have to unlock your bootloader if you want to flash a new factory image or custom ROM. So here’s the famous:

fastboot oem unlock

fastboot oem unlock

Security issues

When unlocking your bootloader however your whole device data is wiped. But why is that? Actually when the bootloader is unlocked then you open all doors to the device. Even when your phone is locked with a pin code someone could still boot into the bootloader, flash a custom recovery, and from here be able to access your device data.

BootUnlocker to the rescue!

Ideally you unlock your bootloader, flash a new Nexus factory image and then re-lock your bootloader again. However if you need to flash another factory image two weeks later then you have to unlock your bootloader again and your device is first wiped before you can flash a new image.

But there’s an app for that! BootUnlocker allows to to lock/unlock your bootloader without the need to wipe your data. From a security perspective of course that makes only sense if you have applied a pin code, unlock pattern, or a similar protection.

https://play.google.com/store/apps/details?id=net.segv11.bootunlocker

Currently the app doesn’t work on all Nexus devices yet. Among the supported devices are the Galaxy Nexus, Nexus 4, or Nexus 10. The Nexus 7 is not supported because Asus have implemented some more security to their devices and don’t allow to modify the bootloader this easily.

But wait… what about Custom ROMs?

Typically you are using a custom recovery (ClockworkMod being the standard) which you are using for flashing your ROMs, framework modifications or be it only the latest Superuser binaries.

But unlike official factory images Custom ROMs can not be flashed from the bootloader. A custom recovery is needed that allows you to flash unsigned files.

Now even when you lock your bootloader (after flashing a Custom ROM) then you still got your doors wide open because everyone could just boot into recovery mode and use it to access your device.

I’m not saying this is so much of a critical issue and that you should immediately stop using custom ROMs but at least you should be aware of what you are doing! If you lose your Android phone then chances are good that a thief does not know about custom recoveries and the like. Nevertheless it still would be great if the device was more secure!

Possible solutions

Usually you are using the fastboot tool to flash a custom recovery:

fastboot flash recovery your_recovery_image

Alternatively the tool allows you to directly boot a custom recovery (without flashing it permanently). So you can boot into the recovery, do your business like usual, but on the next reboot you are back to the stock recovery:

fastboot boot your_recovery_image

This command only works if your bootloader is unlocked, but unfortunately it’s more complicated for you to access your recovery. Gone are the times when you could quickly boot into recovery to flash a zip!

Call for more security to Custom recoveries

In an ideal world you would have the best security together with the best possible freedom for yourself! It would be nice if you could use a Custom recovery but rely on the security that not everyone can use it! So here’s my call to all recovery developers:

Please add some kind of protection level to your custom recoveries! On every PC you can setup a password to protect CMOS settings so you can too! Adding a password protection would be so much of a better feature than big ugly styled touch buttons! Thank you!

Advertisements

New app for Android 4.2 tablets with Multi user support, special limited sale now!!


Today I proudly announce my newest app! User Manager is a tool to enhance the multiple user experience on Android 4.2 tablets.

Maybe you are sharing your tablets with your kids and you have already downloaded a couple of games. Or maybe you have setup an account that you are using for your job only. One of the limitations is that you need to login with your Google account(s) and re-install all apps for each account. But if you do this then your GMail, Google Plus, Calendar and such can be used by other users as well.

User Manager is a central administration tool that allows you to manage the apps for each user account. You can browse the apps that are installed for each user and then change their status from “Uninstalled” to “Installed”, or “Installed” to “Disabled”.
User Manager

There are some limitations and requirements on how you can use this app:

Of course your tablet needs to run Android 4.2 Jelly Bean. Currently this is only the Nexus 7 and Nexus 10 but more and more tablets will appear with multiple users support. Google does not enable multi user support on phones so obviously you can’t use User Manager on them. However there’s hope that some custom ROMs will add multi user support to phones!

Like you can already guess this app needs root access in order to perform the changes. One downside currently is that you need to reboot your device for the changes to take effect. You can delay the reboot if you first need to do something else, but beware: the Android system might overwrite the changes after some time.

User Manager works with both free and paid apps. So theoretically you can add a new user without setting up a Google account (or use an entirely different Google account) and share previously installed apps between them. However some apps (especially games) are protected with a licensing mechanism and only work if you are using the right Google account.

LIMITED SALE!!!

I’m introducing the app with a special price! You can get it for only $0.99 / 0,50 ‚ā¨ but only for a limited time. When the app has improved and more features have been added then it will be sold for regular price.

You can purchase the app from Google Play:

https://play.google.com/store/apps/details?id=com.ramdroid.usermanagerpro

User Manager

New options available for ADB Toggle


In the newest version of ADB Toggle (1.2) you can now configure more options for the automatic mode… well if you have bought the license key for the PRO version that is ūüėČ

Additional options for automatic mode

Previously the automatic mode was only toggling USB-debugging when you plugged the USB cable. Alternatively you can now toggle when you turn off the screen. So in this mode USB-debugging will always be disabled if you turn off your screen, and re-enabled if your screen is unlocked.

If you still prefer to toggle when plugging the USB cable then there’s an additional option as well: when you unplug your phone from your PC or docking station then ADB Toggle can automatically lock your screen as well.

New scheduled mode

That’s not all! In the new version you can also setup a scheduled mode instead.

So for instance you can setup USB-debugging to be always enabled during your working hours. In the evenings and when you go party in the weekend you can be sure that USB-debugging is always disabled!

One more thing

Besides the usual stability and performance improvements I’d like to announce that ADB Toggle is now also available in a German version!

Download from Google Play

But enough of this blabbering, just hit the “Update” button in Play Store, or if you are new to ADB Toggle go ahead and scan this code to download the free version from Google Play:

You can also use the direct link:

https://play.google.com/store/apps/details?id=com.ramdroid.adbtoggle

Rooting your brand new Google Nexus 7


Introduction

The Nexus 7 is already available in the US for some time now. Two days ago (Monday August 27th) Google officially started to sell the device in some European countries as well. One day after placing the order I had already received my parcel. This is an amazingly quick service, thanks a lot Google! After playing around with it for a while (to make sure everything is working fine) I have rooted my Nexus 7 today. While I was at it I decided to sum up everything in this little guide. So here we go…

* Please note I don’t take any responsibility for possible damages!

Download required binaries

1. You need to install the Android SDK (or at least the “fastboot” and “adb” tools) on your PC. When playing around with Android devices and root you probably have it already. Otherwise, a quick Google search will point you to a download for the operating system you are using.

2. Download ClockworkMod recovery. There are maybe other recoveries available but I prefer to use the original one. There are two versions available, one for touch and one for non-touch. I see no reason why you would not want the Touch-recovery, so just go to http://www.clockworkmod.com/rommanager, scroll down to the Google Nexus 7, and download the touch recovery.

3. In the meanwhile SuperSu (instead of SuperUser) is used on many Android 4.x devices. I prefer SuperSu as well. Just go to the official thread on xda (http://forum.xda-developers.com/showthread.php?t=1538053) and in the first post you will spot a “CWM installable ZIP” called¬†CWM-SuperSU-v0.95.zip¬†and that’s what we need.

Prepare your device

1. The Nexus 7 comes with Android 4.1 however there’s also an update available for 4.1.1 so make sure that you have installed this prior to rooting. If you are rooted then OTAs might not install and you have to flash them manually.

2. Enable USB debugging mode. This is needed so you can access your Nexus 7 from your PC. Go to Settings –> Developer options and toggle USB debugging.

Unlocking your Nexus 7

The Nexus 7 is a Google developer device and that means that you can easily unlock the bootloader. When unlocking then your whole device is erased so it’s good advise to do this while your device is still fresh so you don’t need to re-install too much stuff. On your PC open a command line terminal and go into the directory where you have placed “fastboot” and “adb”, then type the following:

adb reboot bootloader

When your Nexus 7 is in bootloader mode then continue:

fastboot oem unlock

This will show a warning that all your data is erased. Confirm it and when it’s finished then flash ClockworkMod in the next step.

Install ClockworkMod

From your PC just type:

fastboot flash recovery recovery-clockwork-touch-6.0.1.0-grouper.img

Hint: When you are on Linux then you have to call fastboot as “su”.

Then change into recovery mode. Use the volume rockers to select “recovery” and hit the power button to confirm.

We can’t flash anything from here because the device has just been erased by the unlock command. So we first need to boot up. Select “Reboot” in the recovery. ClockworkMod will ask you to disable the stock recovery. Confirm with YES. If you are not doing this then CWM will be overwritten the next time you reboot.

Install SuperSu

When Android has fully booted up then go into Settings and enable USB debugging again. Then type from your PC:

adb push CWM-SuperSU-v0.95.zip /sdcard/

Yes “sd card” is right. Actually the Nexus 7 doesn’t have a SD card but for app compatibility the internal memory is usually still known as “sd card” nevertheless!

Reboot back into recovery:

adb reboot recovery

Now in the recovery select “Install zip from sd card”, browse to¬†CWM-SuperSU-v0.95.zip and confirm. Reboot back to Android and you’re done.

Congratulations: You’re rooted!

Now your Nexus 7 is rooted. Feel free to go ahead and install¬†ADB Toggle¬†and¬†App Quarantine ūüėČ

ADB Toggle can now reboot your phone into recovery


I have added a new feature into ADB Toggle that offers you all the common reboot options. When you need to reboot more frequently then you can use the new home screen widget!

For the reboot options (normal, recovery and bootloader)¬†ADB Toggle¬†require the REBOOT permission. This permission is only granted by the Android system when the app is registered as system application. If you have installed the previous version of¬†ADB Toggle then the system does not grant the reboot permission yet, therefore the system application needs to be updated. You don’t have to do anything to make this work.¬†ADB Toggle updates itself (followed by a reboot) when you try to use the reboot features.

Here the reboot options are explained in detail:

1. Fast reboot

This option does not fully reboot your device, it only restarts the Android system. This reboot option is not provided by the Android system and is only working with root access. It’s the same reboot method that is also used internally by¬†ADB Toggle when you install or remove the system app.

2. Normal reboot

This option performs a full device reboot. Before restarting the device Android makes sure that all processes and services are closed properly. Obviously this takes little more time than the fast reboot option but it’s the recommended way if you need to reboot under normal conditions.

3. Reboot into recovery

When you need to make a NANDROID backup or want to flash the newest Jelly Bean ROM then you are probably using ClockworkMod recovery or one of the newer custom recoveries with touch support. People with a serious flash addiction might love the quick access from the home screen widget.

4. Reboot into bootloader

You need to reboot into bootloader mode when you need to have fastboot access. Fastboot is a tool which is used to unlock/lock the bootloader on Nexus devices. Furthermore you can use it to flash custom recoveries or restore stock images.

App Quarantine: issues with Root access


Update 25/08/2012:

In the newest versions of App Quarantine (1.25) and App Quarantine Pro (2.5) ¬†root access works now more reliable. However, if you still have an out-dated version of SuperUser then App Quarantine doesn’t work anymore.¬†I used to have some ‘bloat’ code that did some kind of ‘special care’ for the SuperUser app. However this did lead to issues on other devices. In the meanwhile¬†SuperUser¬†doesn’t need this ‘special care’ anymore. So if App Quarantine¬†doesn’t work anymore then just call the¬†SuperUser app, swipe left to the ‘Info’ tab and tap ‘check for updates’:

Now App Quarantine will work again. If you still have issues with SuperUser then please read on and learn what else you can do.

Issues with SuperUser app

I’m receiving more and more reports from users that updated their phone from Android 2.3 to 4.0 and then were unable to use¬†App Quarantine anymore. The “Failed to get root access!” message appears on the screen:

Furthermore, their phones are all rooted properly and all other root apps are still working fine!¬†Of course I have Android 4 running on my own devices (Galaxy Nexus, Motorola Xoom) and I can’t reproduce the error! Almost 6.000 active users are successfully running App Quarantine on Android 4 as well so this is a issue that only happens on some “selected” devices.

The solution!

But there’s a solution to the problem thanks to a nice user who helped to assist me in trying out few things on his phone. In the end we found out it’s just as easy as using the¬†SuperSu app instead of¬†SuperUser.¬†So tell me: why are other root apps still working with SuperUser and why is this damn¬†App Quarantine not working?

What’s going on behind the scenes?

So to explain this issue I have to go into some technical details! If you feel uncomfortable with this then just skip this chapter ! ūüėČ

When a app is disabled or enabled using App Quarantine (or any other freeze app in the market) then a command line tool is used that is part of every Android installation. Obviously this only works when called with superuser privileges. But this tool is not a normal Linux command like for instance all the stuff you get in the busybox collection. It’s slightly more complicated as it first needs to start a new Dalvik instance (like every Android app does as well). This is needed so the tool can access the Android framework. For doing all this the tool relies on a few dependencies. Unfortunately some of these dependencies have changed on newer Android 4 ROMs and it seems the SuperUser¬†app (well, actually the associated¬†su binary) can’t handle this anymore.

You can easily test it on your own and open a terminal emulator on your phone (I’m always using https://play.google.com/store/apps/details?id=jackpal.androidterm) and then type the following:

su
pm disable com.google.earth (or any other app you’d like to test with)

When succeeded then it will say “Package¬†com.google.earth new state: disabled” and when you’re launching App Quarantine you’ll see it got moved into the list of quarantined apps. With the “corrupt” SuperUser dependencies the command will crash and drop some strange error message, hence the app is not getting disabled at all.

Now on the other hand the newly developed¬†SuperSu (which also comes with its own¬†su binary) was developed by Chainfire (a well recognized member on xda-developers) in order to solve some of the problems that seems like they can’t be solved with the¬†SuperUser app. One of these improvements is that it can solve such dependencies just fine!

SuperSu Рthe Superuser access management tool of the future

As you are still reading this you probably want to know more about SuperSu – and no, I’m not getting paid by Chainfire for doing this! ūüėČ

While SuperUser was developed in the early days of Android, SuperSu is brand new and developed from scratch! It’s based on the needs and experiences that were learned when “playing around with root” and now provides a cleaner and more reliable solution for managing root access on your Androids!

You can read all the details in the official thread on xda-develoers here:

http://forum.xda-developers.com/showthread.php?t=1538053

SuperSu installation guide

Please be aware that I’m not responsible for any damanges in case something is wrong on your phone or with SuperSu!

1. if you have ClockworkMod then first do a nandroid backup (just in case)

2. Install SuperSu from Google Play: https://play.google.com/store/apps/details?id=eu.chainfire.supersu

DO NOT remove the SuperUser app (yet)!

3. Run it, and let it install itself. Then try App Quarantine again. When this is successful (and your other root apps are playing fine as well) then you can remove SuperUser.

4. In case you want to uninstall SuperSU¬†and revert back to SuperUser then you first have to run the¬†original SuperUser app and restore root access by choosing the ‚Äúupdate su¬†binary‚ÄĚ option in the settings. You should first test and confirm that your¬†‚Äėold‚Äô Superuser access is working again before uninstalling SuperSu,¬†otherwise you might lose root access!

ADB Toggle now allows other root apps to use it


Probably you already know that App Quarantine has recently added support for ADB Toggle.

App Quarantine is freezing unwanted apps and therefore it needs USB debug settings enabled. This setting however is rather dangerous and you should not have it enabled all the time.

App Quarantine uses the ADB Toggle Access Library to enable USB debug settings before freezing an app, and disables it when finished.

If you are an Android developer and your app needs USB debug settings as well, then please don’t ask your users to have it enabled all the time! Instead add support for ADB Toggle and you’re all set.

Read more details about the implementation on Github:

https://github.com/ramdroid/AdbToggleAccessLib