Google gives developers a way to sidestep Android 13’s one-way update

The Pixel 6 Pro.

Enlarge / The Pixel 6 Pro. (credit: Ron Amadeo)

With the rollout of Android 13 to the Pixel 6 and 6a, Google posted an interesting warning on the system image website: Once you flash Android 13, you can never go back to the old version. That's still the case for anyone wanting a fully functional phone, but now, Google has posted an Android 12 "developer support image" that will let developers roll back their phones even after upgrading. The "developer" branding on the image means it's not fully functional, but it will be good enough for app testing.

The reason for Google's one-way Android 13 update is a bootloader vulnerability. The bug is in the Pixel 6, 6 Pro, and 6a, so only those Pixels got a one-way update. Android 13 has a fix for the bootloader vulnerability, and to stop attackers from rolling back a device to get around the patch, the company triggered anti-rollback protection on the Pixel 6 and 6a. Anti-rollback protection blows a physical fuse inside the phone SoC. There are several of these fuses, and each OS version has a count of how many blown fuses it expects. If the number is too high, that means Google has flagged that OS as insecure and out of date, and it will no longer boot.

This "developer support image" is new territory for Google. The company says this special image of Android 12 fixes the bootloader bug and has the fuse counter incremented so it will still boot. It won't get any automatic updates, though, and it's not Compatibility Test Suite (CTS)‑approved. The CTS is a check that promises an OS is unmodified, not rooted, and secure, and some banking apps and online games require passing this check in order to work. You'll also have to do a full wipe of a device if you ever want to go back to the normal, "public" builds and updates.

Read 1 remaining paragraphs | Comments



https://ift.tt/a2pRx5b

Comments