backing up an android voids warranty?

[smurfOnE]

The only way to fully backup an android (OS, data partition, etc) is to have root access (which voids many warranties). What is the "proper", manufacturer-supported way to recover when a virus trashes everything?

Am I missing something? Are manufacturers really expecting users to be dependant on them to recover the OS?

 

[A.Nonymous]

I've never heard of a case of a "virus trashing everything" on a phone. It's just not a likely scenario at all.

 

[John Redcorn]

If you're not rooted and whatever "virus" doesn't make use of any root exploits (device specific pretty much) it can't damage the os, just your user data. You can factory reset and the phone will be like new.

After a reset the google market should reinstall all your market apps, google sync should restore your contacts and calendar.

You lose most game stats/saves, text messages and call logs.

Your own personal data on your sd card you can and should be backing up yourself.

 

[sitlet]

Yes, rooting voids your warranty. However, you can easily root, nandroid backup, then unroot, thus restoring your warranty.

 

[916x10]

Rooting is what voids the warranty, not backing up your phone.

 

[smurfOnE]

If you're not rooted and whatever "virus" doesn't make use of any root exploits (device specific pretty much) it can't damage the os, just your user data. You can factory reset and the phone will be like new.

After a reset the google market should reinstall all your market apps, google sync should restore your contacts and calendar.

You lose most game stats/saves, text messages and call logs.

Your own personal data on your sd card you can and should be backing up yourself.

Indeed, that's the approach for cases where the virus doesn't sabotage the factory reset mechanism, or any of the libraries it depends on, and assuming there is still a means to navigate to the factory reset trigger via the gui.

Viruses are have become sophisticated enough to take self-defense measures. Only a fool would write a virus that could so easily be removed. So assuming we want protection from a modern day virus, I believe stitlet is on the right track:

Yes, rooting voids your warranty. However, you can easily root, nandroid backup, then unroot, thus restoring your warranty.

This approach isn't perfect because the backup image itself must be rooted, which means after restoration the unrooting process must be perfectly clean and untraceable. It involves actually voiding your warranty, and then covering up the the evidence. But so far it seems the only practical way to backup the OS.

*edit* It just occured to me that a rooted image could be restored purely to enable a working factory reset option. Then a factory reset could be performed at that point. I also found out doing a factory reset is actually a required step before getting warranty service anyway (at least with Viewsonic). I suspect unrooting would be done automatically when doing a factory reset.

Rooting is what voids the warranty, not backing up your phone.

Then if possible, please answer my first question. How do you backup your phone without voiding the warranty?

 

[John Redcorn]

Indeed, that's the approach for cases where the virus doesn't sabotage the factory reset mechanism, or any of the libraries it depends on, and assuming there is still a means to navigate to the factory reset trigger via the gui.

Viruses are have become sophisticated enough to take self-defense measures. Only a fool would write a virus that could so easily be removed. So assuming we want protection from a modern day virus, I believe stitlet is on the right track:

The security model of android on a non-rooted phone will not allow a "virus" to survive a factory reset. (With the exception of anything that could take advantage of a root vulnerability but those would be phone specific)

Most people do a factory reset not from within the gui/OS but from a special bootup key combo before the os loads.

 

[smurfOnE]

The security model of android on a non-rooted phone will not allow a "virus" to survive a factory reset. (With the exception of anything that could take advantage of a root vulnerability but those would be phone specific)

Sure, but if the virus blocks or sabotages the factory reset, there's no factory reset to speak of. It's too late at that point, and the virus wins.

Most people do a factory reset not from within the gui/OS but from a special bootup key combo before the os loads.

Even that can be sabotaged, because viruses are often diligently written to take control at boot time. Although in my case it wouldn't matter (Viewsonic does not offer this feature).

I would also never use a security model that assumes bug-free software. Most viruses exploit unintentional defects. I'm also not yet convinced that a bug would even be necessary, because there exist *apps* that run on the phone that will root the phone. If an app can root a phone, so can a virus that has control of an app.

With PCs, we have the comfort of firmware (i.e. BIOS) being unwritable (without playing with jumpers) -- so even the most disasterous malware can be removed by directing the BIOS to boot a DVD with an OS. Do Android phones have this option? I suspect not, if bricking (due to dangerous tinkering) is a threat -- and I hear that it is.

 

[smurfOnE]

I just found out repair from viruses are not covered by the warranty. So Viewsonic users don't even have the option of using warranty support to clean a virus that would make the factory reset trigger inaccessible.

 

[sitlet]

I just found out repair from viruses are not covered by the warranty. So Viewsonic users don't even have the option of using warranty support to clean a virus that would make the factory reset trigger inaccessible.

Luckily there really isn't any viruses for android that you need to worry about.

 

[Crashdamage]

Luckily there really isn't any viruses for android that you need to worry about.

+1. The OP is assuming Android has Windows-like security problems. It does not.

 

[smurfOnE]

Luckily there really isn't any viruses for android that you need to worry about.

I will not follow an approach to security that hopes for "luck". Moreover, eavesdropping malware has already been shown to attack the droid. Just in the first half of this year, ~500,000-1M Android users were infected by malware.

+1. The OP is assuming Android has Windows-like security problems.

Of course. Only a fool believes linux is immune to malware. Linux desktops have simply benefited from a threat model of large botnets needing large numbers of nodes in the domain of desktop computing (where linux has a very small market share). Your street-unwise assumption that Android inherits the security benefits of linux desktops is very flawed, considering Android market share is over 56% in its industry. Like Windows, Android dominates in its industry, enticing malware creators to focus on it.

It does not.

Nonsense.

Android anti-virus tools have good rationale for existing -- their need will escallate along with androids market share, and the malicious incentives to control peoples mobile phones and harvest their data. It won't be long before smartphones outnumber desktops.

 

[sitlet]

I will not follow an approach to security that hopes for "luck".

It's not "luck", there just aren't any viruses that can attack Android.

Moreover, eavesdropping malware has already been shown to attack the droid. Just in the first half of this year, ~500,000-1M Android users were infected by malware.

Malware is another story, there are malware apps, but as long as you ONLY get your apps from the Market, and stay away from brand new apps that only have a few downloads, or are from a new (unheard of) developer, you will be fine. And always check the app's permissions before you install it. For example, if you are trying to download an alarm clock, and it needs access to your Contacts, that's a red flag. But again, luckily Google is very good at taking these malware apps off the Market before too many people get them.

Of course. Only a fool believes linux is immune to malware. Linux desktops have simply benefited from a threat model of large botnets needing large numbers of nodes in the domain of desktop computing (where linux has a very small market share). Your street-unwise assumption that Android inherits the security benefits of linux desktops is very flawed, considering Android market share is over 56% in its industry. Like Windows, Android dominates in its industry, enticing malware creators to focus on it.

And unlike a Linux desktop, an Android phone can ONLY be affected by malware if YOU install the malware app itself.

 

[smurfOnE]

It's not "luck", there just aren't any viruses that can attack Android.

Having to see it before you believe it is not a competent or diligent approach to security. Malware is designed to exploit unknown vulnerabilites not previously exploited. When you allow the attacker to be the first to demonstrate a malware propagation method, you've lost.

This is why in the information security industry we act on theory. If an attack is theoretically possible, only a fool waits until the attack is executed before they prepare for it. You may have never seen an attack at the perimeter of your network, but that's no excuse for not having a firewall and intrusion detection system. Homeowners install locks and alarm systems on homes never before broken into (and even in neighborhoods without incident) because they don't need to be broken into in order to realize there is a risk. This street wisdom tends to get lost when laypeople approach information security.

Malware is another story,

Certainly not. A virus is malware. Denying one malware propagation technique or another is damaging if it causes you to neglect incident response and recovery. If you're not able to recover from an incident because you could not foresee a particular method of propagation (a virus), you've made a poor judgement regardless of whether the damage is caused by a virus, a trojan, or your own misguided action.

there are malware apps, but as long as you ONLY get your apps from the Market, and stay away from brand new apps that only have a few downloads, or are from a new (unheard of) developer, you will be fine.

This is like telling a motorcyclist if they drive carefully, there's no need for a helmet. You can reduce risk but you cannot eliminate it. Smoking pot will lower your sperm count, but only a fool would then conclude that they don't need a condom after substantial smoking.

BTW, I do not intend to be a careful user. Just as I would never buy a GSX-R1000 and then always stay below the speed limit, I'm not about to procure a highly capable device and then use it minimally. I'm the type to drive fast (wearing a helmet and armor while doing so) -- and likewise if I am going to play with potentially risky apps, I'm certainly going to be prepared for disaster.

But even if I were as cautious with installations as you are, I still would not use that to rationalize not having backups.

And always check the app's permissions before you install it. For example, if you are trying to download an alarm clock, and it needs access to your Contacts, that's a red flag. But again, luckily Google is very good at taking these malware apps off the Market before too many people get them.

Google is most likely not inspecting every line of code that makes it into Google Market. They will weed out the obvious malware and act on reports, but I would not strictly count on them to ensure bug-free apps (assuming you believe bug-free apps exist at all; personally I don't believe it's possible to write a bug-free app more complex than "hello world"). Even if Google were to inspect every line, bugs go unnoticed. I see bugs get past code reviews on a regular basis.

And unlike a Linux desktop, an Android phone can ONLY be affected by malware if YOU install the malware app itself.

Absolute pure nonsense. Every android phone executes code and has writable persistent storage, and interfaces with a network. Installing a malicious app is only one way infect an Android phone. A legitimate app with a bug that malware can exploit would also be a means to infect an Android phone. It doesn't even have to be through an app. A basic service working for the kernel could have a bug that an attacker finds before a developer.