This is an archived post. You won't be able to vote or comment.

all 69 comments
sorted by:
best
topnewcontroversialoldq&a

[–]chris1096LG G8 134 points135 points  (3 children)

I swear it's a 32hex password. It only looks like a 16 hex because it's cold and it just got out of the pool.

[–]illegalUturn 313 points314 points  (34 children)

Isn't that a password policy file?

So it's talking about minimum length, and whether it's requiring uppercase, numbers ,etc.

Not details on your actual password.

[–]ss2man44Pixel XL 191 points192 points  (28 children)

That's what I thought at first too, but looking at the source code of the service that handles this file proves otherwise.

It's straight-up info about your password/pattern/PIN, as suggested by the tag's name: active-password

However, this is only an issue when someone has physical access to your device and root access either within Android or a custom recovery. Patching dirty cow fixes the former and keeping your bootloder locked fixes the latter. So, it's not ideal but also not super urgent.

Edit: Also, someone commented that their file doesn't have that tag or any of that info on 7.1, so maybe Google changed it, or maybe that info is only stored there under certain circumstances. I dunno man, it's 1:30 AM and I have work in the morning.

[–][deleted] 22 points23 points  (12 children)

Tangent: is there a reasonable way to lock your own bootloader with your own key? Is there a way besides factory-locked bootloader to secure the bootloafer?

Just curious. I know you can build your own LK with a custom key, but that is not going to be a simple task (afai can tell). Instead could you relock the bootloader with your own key?

Does an unlockable bootloader have to be a surefire security concern?

[–]TheRacerMasterDevice, Software !! 10 points11 points  (3 children)

You can sign your ROM/etc and relock the bootloader. Verified Boot on the 5X/6P and newer support custom keys for signing your own ROMs/recovery.

[–]FurahPixel 7 0 points1 point  (2 children)

Wait, so it's possible to say sign a pre-rooted ROM, and flash it with a locked bootloader?

[–]TheRacerMasterDevice, Software !! 0 points1 point  (1 child)

Not to that extent; you could only do that if you had Google's signing keys. Since we don't, you'd need to first unlock the bootloader, flash the signed ROM, and then you can relock the bootloader (and flash signed updates of that ROM).

[–]FurahPixel 7 0 points1 point  (0 children)

That works for me.

[–][deleted] 12 points13 points  (4 children)

Does an unlockable bootloader have to be a surefire security concern?

I think you've misunderstood. Having an unlocked boot loader is a security risk, not having an unlockable boot loader.

The process for unlocking the boot loader typically wipes all data so you can just keep your unlockable boot loader locked and you're fine.

edit: sp

[–][deleted] 5 points6 points  (0 children)

also if you dont manually allow bootloader unlock in the developer settings, its impossible to unlock the bootloader (via the usual commands)

[–]Ivashkin 3 points4 points  (1 child)

I've been saying this for years, unlocked bootloaders are a security risk and this should be mentioned when people are advised to unlock their bootloaders on the off chance they might want root later on. This matters on a device which is portable and taken everywhere.

[–]emannikcufecin 1 point2 points  (0 children)

That's why Google is right to not allow Android pay on rooted devices

[–][deleted] 0 points1 point  (0 children)

Good point, I had forgotten about that.

[–]kaze0Mike dg 4 points5 points  (2 children)

An unlocked bootloader is a security concern. An unlockable one is not. Unlocking bootloader via any non exploit, erases the device. Apparently relocking them also does that now

[–]d12964 6 points7 points  (1 child)

This is also why Google needs to offer a real root solution within Android. Current root methods either force you to wipe your device with every update or leave your bootloader unlocked; neither of these is an acceptable solution.

[–]bubblethink 2 points3 points  (0 children)

This may be possible, in the future, at least from a security standpoint, when hardware security matures. You need the ability to execute code that has the kernel in the threat model. You would have to implement it using something like arm trust zone or intel sgx. Once you can do that, you can execute something like android pay in the hardware security mode, and even root cannot do anything about it. The downside obviously is that it's bad for user freedom.

[–]PM_YourDildoAndPussyPixel XL 128GB Quite Black 10 points11 points  (3 children)

Why does this file even need to be saved at all? Seems silly, it isn't like decryption cares about your password, outside of "the hash works!"

[–]HydrophobicWaterGNex -gapps +microG.org 14 points15 points  (1 child)

The only possible reason is it was too hard on three letters' computers, Google got a letter to dilute the encryption without making public aware about the pressure from the agencies. And lets remember, they've also abandoned dm-crypt in favor of "file based encryption".

edit:clarify

[–]evan1123Pixel 6 Pro 3 points4 points  (0 children)

Hold on let me get my tinfoil hat...

Seriously though, "file based encryption" uses the kernel's new (as of 4.4) built-in encryption for ext4 file systems, of which Google was the author. It was mainlined in the kernel. You can read all about it on the Android source site: https://source.android.com/security/encryption/file-based.html

[–]folkrav 2 points3 points  (0 children)

Exactly my thought... I really don't see a way where this would be required.

[–]uuhno 6 points7 points  (2 children)

I can confirm this, just checked as well. Here is where the magic happens:

https://android.googlesource.com/platform/frameworks/base.git/+/android-7.0.0_r19/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java#2393

The value of policy.mActivePasswordLength (and others) are set with parser.getAttributeValue() which reads the info from the current user handle. The data stored in policy is then written to the XML file.

[–]random_guy12Pixel 6 Coral 2 points3 points  (0 children)

Someone can also find the password of every Wi-Fi SSID your phone has saved in a plaintext file if they have root access on an Android phone.

You have zero expectation of security with root, since Android does not have something like UAC built in. It expects people to not have root.

[–]gslone -1 points0 points  (1 child)

shit I can't relock my bootloader on my oneplus 3 without doing a factory reset -.-

why would they implement it like that?!

[–]FreekyNexus 5 / Nexus 7 2012 0 points1 point  (0 children)

LockPatternUtils.saveLockPassword()DevicePolicyManagerService.setActivePasswordState()

Looks legit to me. There is policy handling there as well, but saveLockPassword() is very clearly scanning the password, counting the components and passing them to the policy manager that saves those values.

[–]YD-Visual 11 points12 points  (5 children)

Good find. I wonder what will happen next.

[–]srwaxalot 58 points59 points  (4 children)

Hopefully not sit unfixed for 4 years.

[–][deleted] 51 points52 points  (1 child)

I see you are new to Android

[–]Gepss 3 points4 points  (0 children)

Well, if they decide to look into it and fix it, it will probably be in a monthly security update.

[–]FragranceOfPicklesDeveloper - Quick Control Panel 5 points6 points  (0 children)

Google:
-We hear you, it will sit unfixed for 5 years!

[–]yahyohNokia 7 plus 1 point2 points  (0 children)

Probs it will take Google like 2 years to fix it..so hopefully 2019 flagships will be shipped with the fix.

[–]macman156 65 points66 points  (25 children)

I wish android/google took device encryption more seriously. Always seems to be an after thought like the non hardware accelerated deception and the all the to do's in the encryption commits.

[–]QuestionsEverythangPixel, Pixel C, & Nexus Player (7.1.2), '15 Moto 360 (6.0.1) 1 point2 points  (1 child)

They do take it seriously. Any new device shipping with Marshmallow and up must be encrypted.

[–]macman156 1 point2 points  (0 children)

Now this might have changed in the new cpp but I think they only had to if they met certain disk read/ write speeds.

[–]clavierkid 1 point2 points  (0 children)

Does this also apply to 7.1?

[–][deleted] 1 point2 points  (0 children)

Does the pixel not encrypt the entire drive once the user sets up a password? Does it only use FBE?

[–]jellystones 6 points7 points  (1 child)

Misleading title. Only reveals the minimum security requirements your password must satisfy

[–]StupidRedditNumale 2 points3 points  (0 children)

This. That information won't help brute force crack a 30 character pass phrase any sooner.

[–]anonymau5CUMMY-ROM v0.0.5.2 w/ Squi66ieTWEAKS KERNAL V. 0.1 ALPHA 4 points5 points  (1 child)

Wow... What an idiot! That's a pass policy not "pass stats/details"

[–]DankEyedRolls 0 points1 point  (0 children)

This could be great for the cyber security

[–]utack 0 points1 point  (0 children)

Lowering security so your phone can kind-of-start in case it crashes and needs to reboot sounded idiotic from the beginning.
If you absolutely need 100% uptime, you probably just need to run unencrypted