Src Files :
    archfx/duo-de

Android Device Security and GSI: A Layman’s Guide

5 minute read

Published:

Android devices come with several security components that work together to protect your device and personal data. Here’s a simple explanation of who makes these components, their security implications, and how they collaborate to keep your device (data) safe.


AI Generated Image : credits to chatGPT

Key Components and Entities

When it comes to an Android device—whether it’s a mobile phone, tablet, car entertainment system, or any other form factor—there are several key components involved in its realization:

  1. Bootloader: The initial software that runs when the device powers on, responsible for starting the kernel.

  2. Linux kernel, serves as the core subsystem of the Android operating system, managing communication between hardware and software.

  3. Android system image, includes the Android operating system and essential applications. Android is open source, vendors can modify the implementation to suit their own hardware as they wish.

Each of these components is developed by different entities: the bootloader is provided by the hardware manufacturer (vendor), the Linux kernel is developed by the open-source community under the Linux Foundation, and the Android system image is provided by Google. Device manufacturers can modify the Android system image to suit their own hardware as they wish.

The Chain of Trust Among Components

The bootloader, Linux kernel, and Android system image work together to create a secure environment for your device. When the device powers on, the bootloader verifies the kernel’s integrity using cryptographic signatures. Subsequently, the kernel verifies the Android system image before loading it. This sequential verification establishes a chain of trust, ensuring that each component is authentic and has not been tampered with. Additionally, Over-The-Air (OTA) updates are signed with private keys and verified using public keys, maintaining the security and integrity of the updates applied to the system image.

Generic System Images (GSI)

When manufacturers stop providing updates for their devices, users can turn to Generic System Images (GSIs) to receive the latest Android versions. GSIs are system images with adjusted configurations for Android devices, compatible with Project Treble.

What Is a GSI? A GSI is a barebones Android OS image that can run on any device compliant with Project Treble, regardless of the manufacturer.

Who Provides It? While Google provides the official Android source code via Android Open Source Project (AOSP), it is utilized by several open-source projects to run the latest Android versions on devices abandoned by their vendors. There are more generic GSI versions, such as TrebleDroid and treble_aosp, which work on many different devices, and device-specific GSI versions, like DUO-DE, designed specifically for the Microsoft Surface Duo’s unique dual-screen foldable configuration. Often, people confuse these GSI images with Pixel ROMs; however, GSIs are implemented using the barebone Android images provided by Google.

GSI and Security

To install a GSI image on an Android device, you must unlock the device’s bootloader unless you are the vendor with access to the device’s private keys. Unlocking the bootloader disables certain trust mechanisms implemented in the bootloader. However, security features such as Android Debug Bridge (ADB) authorization continue to protect your device data if the device is lost or falls into the possession of an adversary.

Since unlocking the bootloader disables the security mechanisms it provides, the trust in the GSI is established independently. To ensure this trust, GSI maintainers use their own release keys to sign the GSI packages. These keys are similar to vendor keys. They provide the same level of security for operations on the device, preventing unauthorized modifications and maintaining the integrity of the system. Once you manually flash a GSI image to your device, GSI keys ensure the security of the following components.

  1. They ensure that over-the-air (OTA) updates are authentic and have not been tampered with. During installation, the device verifies the signature using the embedded public key.

  2. Protection of System Applications: Without the proper release keys, system applications cannot be replaced or modified.

Since the Android system of the GSI is originally from the Android, all the security features available in the lastet version of the Android is availble to the users via GSI.

Conclusion

In this guide, we’ve explored the key components that ensure the security of Android devices, including the bootloader, Linux kernel, and Android system image. We discussed how these components interact through a chain of trust, utilizing cryptographic signatures with private and public keys to verify each stage of the boot process and Over-The-Air (OTA) updates. Additionally, we discussed about Generic System Images (GSIs), highlighting their role in providing up-to-date Android versions for devices no longer receiving manufacturer updates.

Ultimately, the trustworthiness of an Android device hinges on the reliability of its manufacturers and, in the case of GSIs, the maintainers behind these open-source projects. When using a device from an unknown manufacturer, users must place a certain level of trust in that manufacturer’s commitment to security. Similarly, opting for a GSI replaces the manufacturer’s role with GSI maintainers. The advantage here is that most GSI projects are open source, allowing the public to review and contribute to their implementations, thereby enhancing transparency and security.

Key Takeaways:

  • Chain of Trust: Ensures that each component of the Android system is verified and secure, preventing unauthorized modifications.
  • GSIs as a Solution: Provide a way to keep devices secure and updated even after manufacturers cease support.
  • Open Source Benefits: GSIs benefit from community oversight, increasing the likelihood of identifying and addressing security vulnerabilities promptly.
  • Trust Considerations: Whether relying on manufacturers or GSI maintainers, users must trust that the entities managing their device’s software prioritize security and integrity.

By understanding these components and the dynamics of trust in both manufacturer-provided and community-driven updates, users can make informed decisions to maintain the security and longevity of their Android devices.

You May Also Enjoy

TinyOS🐞: Interrupts and Peripherals

9 minute read

Published:

A computer needs to communicate with the external world to perform tasks. To facilitate this, we have peripheral hardware. When these peripherals need to talk to the operating system, we have interrupts. In this episode of TinyOS🐞 tutorial series, we will be looking at interrupts and how to use them.

TinyOS🐞: Spinlocks

8 minute read

Published:

In this episode of episode of the TinyOS🐞 tutorial series, we will be looking at how to protect critical sections in processes using spinlocks.

TinyOS🐞: Preemptive Scheduling

9 minute read

Published:

In the MultiTasking episode of the TinyOS🐞 tutorial series, we implemented “Cooperative Multitasking”. Next in TimerInterrupt episode, we discussed how the RISC-V time interrupt mechanism works. If you have missed them, I highly recommend going through them before proceeding.

TinyOS🐞: TimerInterrupts

11 minute read

Published:

In the previous episode MultiTasking, we implemented a operating system with cooperative multitasking. However, without the implementation of an interruption mechanism, our system cannot support preemptive multitasking.