Call for input on the risk of an unlocked bootloader

As many unofficial devices (and several officially supported devices) do not support re-locking the bootloader, I have tried different responses and iterations on how to explain the real-life risk to users if their device has an unlocked bootloader.

I am looking for some feedback on my latest attempt at an explanation. If you can help me focus the wording of it then we can us it as a somewhat “standard response” when people raise question or concern on the risk they face when using a device with an unlocked bootloader:

Note on the bootloader being unlocked: As with all modern Android systems, your data is encrypted and safe unless your unlock pattern / pin is compromised, which is the same regardless of having a locked or unlocked bootloader.

The theoretical risk of an unlocked bootloader is that if some malicious and technically advanced entity gains physical access to the device then you can’t be certain if they possibly tampered with the system in your absence. In that case, if you feel your device may have been compromised, after you regain control of it you should reset the device from System Recovery before booting to ensure any malicious process doesn’t steal your data after you unlock it with your pattern / pin.

To be clear, without physical access, it is not proven, as far as I am aware, that an unlocked bootloader poses greater threat to your data being compromised than a locked bootloader. Even if an entity gains physical access to your device your data is only at risk after you directly unlock it after it is returned to you.

Possibly the last 2 paragraphs could be consolidated, but I wanted to really make that point explicitly clear. Other thoughts?

One additional item I see is that some (overzealous? ) app developers might hold such a state as insecure and refuse to operate (banks, state provided apps)?

This sentence with doubled “unlocked” is not correct, isn’t it? I think the second time it hast to be locked…

While bootloader relocking prevents some physical attacks, and is also a key defense against very sophisticated remote attacks from becoming persistent: Bootloader Relocking - iodé Any overwrite to the firmware will be prevented on subsequent reboot.
This is also why autoreboot is an important security feature and can be enabled in iodéOS.

These kinds of attacks are not common: Vulnerabilities are very expensive, and several attacks must usually be chained together. If overused they will be detected, and rendered useless by security updates rolled out by the manufacturer. For this reason, targets are chosen carefully.

If you think you may be a victim of these kinds of attacks, both physical, like Cellebrite, and remote such as Pegasus and Graphite, you should choose a device whose manufacturer’s hardware allows bootloader relocking: Google Pixel, Fairphone, Shift, some Motorolas, and Braxtech. Look on this table. Though mercenary spyware like NSO’s is marketed as preventing terrorism, it seems to be more commonly used to target civil society and political opponents: politicians and their family members, lawyers, activists, judges, human rights defenders, etc. Amnesty international in conjunction with Citizen’s Lab is a great resource for more information.

That said, for the rest of us, choosing a degoogled device is probably still the best thing we can do even on a device that is not bootloader relocked: It is still an enormous improvement in privacy. Privacy is a team sport: the more people using devices freed from OS-based surveillance, the better. Much of the information that spyware manufacturers (and nation-state actors) use to find and target their victims can be purchased from commercial vendors - data brokers. Their data comes from trackers, Meta, Google, Microsoft, Apple, etc. And this is why degoogling a device whose bootloader cannot be unlocked (Sony, Samsung, OnePlus, Xiaomi) may represent a loss in individual security but will still be an enourmous improvement in privacy, and may help make your entire community more secure.

Unfortunately, Google’s Play integrity API is less about real security promises than consolidating their monopoly: Misguided developers using it will indeed prevent their apps from working on degoogled OSs, even when bootloader relocked. Iodé is part of the Unified attestation coalition which proposing an alternative: https://uattest.net/

Excellent input from @brinerustle. I do need to refactor my original statement to clarify that a zero-day vulnerability (app or system) that could enable root can be remotely applied. But also note that this zero-day can be applied equally to a locked or unlocked device: just that the locked device user will know about it after reboot since then verified boot will warn them (so for an unlocked device the user may not be aware their device is compromised upon reboot and thus would keep using it unknowingly).

The link to the Amnesty International writeup on Pegasus is great, I hadn’t seen their take on it but it is clear.

So, while all of this is good, it makes it complicated to write a very brief, clear explanation Note that brinerustle and I are discussing how to best clarify our explanation in the iodé documentation: Bootloader Relocking - iodé

In addition to @brinerustle noting that really the proper hope is in an open and privacy-respecting solution such as uattest, do know that iodéOS via microG will report as “locked” to as many apps as possible, even if the bootloader is unlocked (there are different ways that apps interrogate if the device is locked or not. Not all ways are able to be “spoofed” by microG but several are).

You could picture some scenarios:

a) Your device gets lost, is stolen or robbed. (No difference between locked or unlocked bootloader, as long as you are not forced to unlock the device/tell your PIN)
b) Your device lies on your desk at work while you are in your boss’ office and someone had time to manipulate your phone (I do not know about technical possibilities, please fill in what could happen if the bootloader wasn’t locked.)
c) Your partner is very jealous and tries to stalk you by manipulating your phone. (I do not know anything about this scenario, please fill in what could happen if the bootloader wasn’t locked.)
d) You are very famous, filthy rich or influential. Secret service wants access to your phone to blackmail you.