Android has always been one of the most customizable mobile Operating System available but the new Android OS – Android 7.0 Nougat, all this is about to change. In a recent post over at the Android Developers Blog, Google software engineer Sami Tolvanen revealed that devices shipping with Android 7.0 Nougat out of the box will strictly enforce verified boot.
Ever since Android 4.4 KitKat, the OS has supported verified boot – albeit only through the optional dm-veritykernel feature initially – which checks for potentially unwanted rootkits that could compromise the security of the device. As of Marshmallow, Android has also begun alerting about possible system integrity issues, but nothing more.
This is about to change with the introduction of Android 7.0 Nougat – or at least as far as devices running the new OS out of the box go – with enforced system integrity boot checks, which won’t allow Android to boot if the boot image or partition are corrupt. Optionally, users may be asked if they want to use a limited capacity mode.
Here’s what the Android Developer blog explains: “This means that a device with a corrupt boot image or verified partition will not boot or will boot in a limited capacity with user consent. Such strict checking, though, means that non-malicious data corruption, which previously would be less visible, could now start affecting process functionality more.”
Enforcing verified boot is definitely a step toward greater security for Android users, but it could also lead to more problems on devices suffering from software and/or hardware issues, where the possibility for disc corruptions to occur is greater. This is where a new error correction system comes into play, which is supposed to help devices recover from loss of data storage blocks to some extent.
Strictly enforcing verified boot could also make it tougher for you to tweak your Android Operating System (especially with locked bootloader) using custom ROMs, mods, and kernels. This is hard enough already on devices with “hard” locked bootloaders and Android 7.0 won’t help with that, which for most users the strict verified boot would be helpful, however, for some, it’s bad news.
Since this involves circumventing the locked bootloader, verified boot process will detect any changes, making it harder for users to play with their devices when Nougat rolls around. Enforcing strict verified boot in Android Nougat is a good idea, because most users root their devices with custom firmware but forget to take important security measures, which leaves their devices open to malicious software and rootkits.
Will you still upgrade to Android 7.0 Nougat knowing it may be the end to rooting and general Android customization? What do you think of the additional security Google provides to the boot process in Android Nougat?