Android Oreo’s Rollback Protection Will Block OS Downgrades, but it can be Disabled
Google recently rebranded a number of their security features for Android as Google Play Protect. We see the company constantly trying to rebrand various products and services it offers, but it makes sense in this case since these individual features were never really packaged under one umbrella. Now there has been some added emphasis on increased security with the new Android Oreo update in a number of ways, with an interesting change being what Google is calling Rollback Protection.
In this instance, Rollback is referring to downgrading the Android Oreo operating system. For your average user, this really isn’t going to hinder their everyday life but it does add an additional requirement for enthusiasts who want more control over their devices. You can find some technical details about the feature here, but the overall goal is to help keep your smartphone or tablet safe against vulnerabilities that have already been patched.
As you likely already know, security updates are not added on top of the current version of Android. So you can’t use an official version of Android from an OEM that was released last year and expect it to have the latest security patches added to it. Not always, but in some cases this means that if you downgrade to an older version of Android then you are opening yourself up to malicious attacks since those vulnerabilities are no longer patched.
This feature has been added to the Verified Boot process and it will literally prevent the operating system from booting if it detects it has been downgraded to an earlier version. Thankfully, Google is aware that us enthusiasts have a number of reasons as to why we would want to downgrade our current version of Android. So to help us out, Google has added a way for us to disable this protection so that we can downgrade if we really need to. Ron from Ars Technica writes that if we disable this feature then it “will trigger the usual slew of boot-up warning messages” so there isn’t any confusion as to what we have done.
Via: Android Police Source: Ars Technica