It looks like Google is cracking down on corrupt software with the next Android version, at least a little bit. Nougat will perform a check at boot to see if the software is corrupt, and if so, the new Android version will boot the smartphone into a sort of safe-mode.
According to the Android Developer Blog, this is a safeguard for your smartphone. This safe-mode will prevent viruses and malware from taking advantage of corrupt software.
Here’s how Google explains it:
“Starting with devices first shipping with Android 7.0, we require verified boot to be strictly enforcing. This means that a device with a corrupt boot image or verified partition will not boot or will boot in a limited capacity with user consent.”
What does this mean for custom software makers? Well, we won’t know for sure until Nougat’s official launch, but if Nougat detects a single byte of corruption, it’ll essentially refuse to boot up:
“By default, Android verifies large partitions using the dm-verity kernel driver, which divides the partition into 4 KiB blocks and verifies each block when read, against a signed hash tree. A detected single byte corruption will therefore result in an entire block becoming inaccessible when dm-verity is in enforcing mode, leading to the kernel returning EIO errors to userspace on verified partition data access.”
It’s neat that Google is cracking down on vulnerabilities, but there’s definitely a big worry of what this means for the developer community. The good news is that this seems to only apply to locked bootloaders on devices that are running Nougat. That said, handsets with unlocked bootloaders will be able to function as they have all along.
On the other hand, this can be kind of strange, as they’re essentially shoving custom developers aside here and opting for almost a total control of Android.
source: Android Developers Blog