Is Google Pixel actually good for privacy? - eviltoast

I hear many people say that the Google Pixel is good for privacy, but is it?

I’m asking this because I find it weird, of all the companies, Google having the most “privacy”.

  • drspod@lemmy.ml
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    I can’t go back to a phone where I can’t re-lock my bootloader after installing a custom ROM

    Is this something that only certain models of phone are capable of doing? Or is it a new Android/hardware feature that only new phones have?

    • CatWhoMustNotBeNamed@geddit.social
      link
      fedilink
      arrow-up
      6
      arrow-down
      1
      ·
      edit-2
      1 year ago

      It requires a flashed rom with a valid (key signature? Crap, forget what it’s called).

      If you flash an unsigned kernel and try to boot lock, it’ll brick.

      I get from an absolute security perspective why this is deemed important, I just feel there’s a bit too much focus on it, as if an unlocked bootloader is really that insecure. It would still take tremendous effort to get the encryption key for storage, so it’s pretty effectively secure still.

      • newIdentity@sh.itjust.works
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        With unlocked bootloader you can dump the data and brute force the password. With locked bootloader on pixel devices, you can’t even do that.

        • CatWhoMustNotBeNamed@geddit.social
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          From what I’ve read, that doesn’t really work - you’d need the encryption key, not the pin/password, because of how the encryption platform works.

          Again, it’s been a while, and this isn’t my field. I just remember being properly surprised at how little I understood - that the pin/password are merely keys to accessing the encryption key, and it’s all tied together in validating during hoot. Like you can’t image the system and drop it in another phone if it’s been encrypted, even if you have the pin - the encryption system on the different hardware would calculate things incorrectly (I did this once, dropped an encrypted image on a duplicate phone. That was fun trying to figure out why it wouldn’t work).

          There’s more to the puzzle that’s frankly above my pay grade, but last time I read about how to get into an encrypted phone, (even boot unlocked) required the expertise and tools of certain types of folks. Not your average “haxxor”.

          Granted, that expertise and those tools are getting closer to us every day…

          • newIdentity@sh.itjust.works
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            I thought the security chip was being disabled when unlocking the bootloader but apparently it just skips image validation.

            So basically you can flash anything (which kinda is what you want). You could theoretically also modify the system files to being able to bruteforce your pincode.

            Unlocking the bootloader also makes your device less secure in other ways. When there’s a root exploit in Android verified boof safes you from it being exploited.

            • CatWhoMustNotBeNamed@geddit.social
              link
              fedilink
              arrow-up
              2
              ·
              1 year ago

              Good point about root exploit. It’s a potential.

              Thing is, every Linux server and windows box suffers the same risk… But we don’t hear “the sky is falling” about those… Because it’s considered a measured risk and security is layered. As it should be.

              Hell, people still run windows laptops unencrypted today - which is far worse than an unlocked bootloader on Android.

    • Vik@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      1 year ago

      It’s specific to the bootloader of a given device. Most devices don’t seem to support being locked with custom OS images using self signed keys.