Off-Topic but security related...

There are at least two major Recoveries that could be installed in mobiles:
http://www.clockworkmod.com/
http://teamw.in/project/twrp2

Both could be accessed without a password.
In this situation, you can flash a ROM that is already in the sdcard or make a factory reset.
Is there a way to cooperate with recovery and make it password protected?

Hi,

don’t know, it might be possible, but that would really depend on how many users would want that cause I don’t think that would be an easy task (if possible). If requested enough, we can try to make it happen.

Filip

What we should say to the users is that without that Anti-Theft could be useless in some situations:

  1. If there is a ROM on the sdcard, it would be flash and remove anti-theft.
  2. If the user did not install as root, a factory reset will remove anti-theft.

Am I right or we’re just hiding some major facts from the users?

Unless you (we) work closely with the manufacturers, there will always be some situations where Anti-Theft is “useless”, that’s a fact.

Filip

So, let work close to manufacturers :slight_smile:

When a theft know that is useless to steal a phone with avast! you will see that robbery will reduce a lot, i.e., “now it’s useless to steal an Android phone… they’re all protected, cryptographed and so on with avast!”.

That’s not up to me to do that unfortunately and I think that just writing about it on the forum won’t help either :frowning: You have to convince some other people than me that this is important.

Filip

If you can’t do anything, who am I? :-[

Well, you have almost the same chances :slight_smile: But as I said, I think that if we get bombarded by users that they want this, something will be done in that matter I suppose.

Filip

Put in the blog and Facebook. I can translate and follow. Give Julia a change to hype this and convince the team this is the turnaround in mobile security… Give me 0.01 for each AMS Pro we sell :slight_smile:

I suggest you write Reinhard, he is always up to these kind of things :slight_smile:

Filip

Done. Thanks.

unfortunately, it is simply not possible to password protect the recovery.

An OS limitation?
What I can’t understand is that at recovery you can do very complex things and all works well. Is it that difficult (impossible ???) to have it protected by a password? I can’t believe…

I suppose we discussed this some time ago. Recovery is another part of device and beside it is quite hard to protect it by password or key; you will always have the possibility to boot in fastboot and flash new recovery image. Btw. it is not very good idea to password protect recovery image, because it is last way, how to make device usable again.

Unless you’ve got your phone stolen and have no hope of getting it back…
If a phone is unusable with other SIM card, “nobody” would stole it because it wouldn’t worth.

No. Recovery is recovery because it is dedicated to recover the system. Protecting it via password it bad idea by design. If your device is stolen, you can lock, wipe and locate it. What is bigger loss, the device or the data? Cab you imagine how the users will be “happy”, if someone will block their last way for saving the device after some upredictable error?

All the data could be backuped and are on the cloud, you can sync it back.
If does not worth to stole, you can “save” your data and your device.
Bah… Seems we think radically different in this regard.