1. Download our Official Android App: Forums for Android!

backing up an android voids warranty?

Discussion in 'Android Apps & Games' started by smurfOnE, Oct 13, 2011.

  1. smurfOnE

    smurfOnE Well-Known Member
    Thread Starter
    Rank:
    None
    Points:
    16
    Posts:
    96
    Joined:
    May 3, 2011

    May 3, 2011
    96
    2
    16
    The only way to fully backup an android (OS, data partition, etc) is to have root access (which voids many warranties). What is the "proper", manufacturer-supported way to recover when a virus trashes everything?

    Am I missing something? Are manufacturers really expecting users to be dependant on them to recover the OS?
     

    Advertisement

  2. A.Nonymous

    A.Nonymous Android Expert
    Rank:
    None
    Points:
    213
    Posts:
    7,059
    Joined:
    Jun 7, 2010

    Jun 7, 2010
    7,059
    967
    213
    I've never heard of a case of a "virus trashing everything" on a phone. It's just not a likely scenario at all.
     
  3. John Redcorn

    John Redcorn Android Enthusiast
    Rank:
    None
    Points:
    53
    Posts:
    439
    Joined:
    May 9, 2011

    May 9, 2011
    439
    80
    53
    If you're not rooted and whatever "virus" doesn't make use of any root exploits (device specific pretty much) it can't damage the os, just your user data. You can factory reset and the phone will be like new.

    After a reset the google market should reinstall all your market apps, google sync should restore your contacts and calendar.

    You lose most game stats/saves, text messages and call logs.

    Your own personal data on your sd card you can and should be backing up yourself.
     
  4. sitlet

    Rank:
    None
    Points:
    213
    Posts:
    5,867
    Joined:
    Apr 11, 2010

    Apr 11, 2010
    5,867
    633
    213
    Yes, rooting voids your warranty. However, you can easily root, nandroid backup, then unroot, thus restoring your warranty.
     
  5. 916x10

    916x10 Android Enthusiast
    Rank:
    None
    Points:
    73
    Posts:
    491
    Joined:
    Nov 13, 2010

    Nov 13, 2010
    491
    65
    73
    Rooting is what voids the warranty, not backing up your phone.
     
  6. smurfOnE

    smurfOnE Well-Known Member
    Thread Starter
    Rank:
    None
    Points:
    16
    Posts:
    96
    Joined:
    May 3, 2011

    May 3, 2011
    96
    2
    16
    Indeed, that's the approach for cases where the virus doesn't sabotage the factory reset mechanism, or any of the libraries it depends on, and assuming there is still a means to navigate to the factory reset trigger via the gui.

    Viruses are have become sophisticated enough to take self-defense measures. Only a fool would write a virus that could so easily be removed. So assuming we want protection from a modern day virus, I believe stitlet is on the right track:

    This approach isn't perfect because the backup image itself must be rooted, which means after restoration the unrooting process must be perfectly clean and untraceable. It involves actually voiding your warranty, and then covering up the the evidence. But so far it seems the only practical way to backup the OS.

    *edit* It just occured to me that a rooted image could be restored purely to enable a working factory reset option. Then a factory reset could be performed at that point. I also found out doing a factory reset is actually a required step before getting warranty service anyway (at least with Viewsonic). I suspect unrooting would be done automatically when doing a factory reset.

    Then if possible, please answer my first question. How do you backup your phone without voiding the warranty?
     
  7. John Redcorn

    John Redcorn Android Enthusiast
    Rank:
    None
    Points:
    53
    Posts:
    439
    Joined:
    May 9, 2011

    May 9, 2011
    439
    80
    53
    The security model of android on a non-rooted phone will not allow a "virus" to survive a factory reset. (With the exception of anything that could take advantage of a root vulnerability but those would be phone specific)

    Most people do a factory reset not from within the gui/OS but from a special bootup key combo before the os loads.
     
  8. smurfOnE

    smurfOnE Well-Known Member
    Thread Starter
    Rank:
    None
    Points:
    16
    Posts:
    96
    Joined:
    May 3, 2011

    May 3, 2011
    96
    2
    16
    Sure, but if the virus blocks or sabotages the factory reset, there's no factory reset to speak of. It's too late at that point, and the virus wins.
    Even that can be sabotaged, because viruses are often diligently written to take control at boot time. Although in my case it wouldn't matter (Viewsonic does not offer this feature).

    I would also never use a security model that assumes bug-free software. Most viruses exploit unintentional defects. I'm also not yet convinced that a bug would even be necessary, because there exist *apps* that run on the phone that will root the phone. If an app can root a phone, so can a virus that has control of an app.

    With PCs, we have the comfort of firmware (i.e. BIOS) being unwritable (without playing with jumpers) -- so even the most disasterous malware can be removed by directing the BIOS to boot a DVD with an OS. Do Android phones have this option? I suspect not, if bricking (due to dangerous tinkering) is a threat -- and I hear that it is.
     
  9. smurfOnE

    smurfOnE Well-Known Member
    Thread Starter
    Rank:
    None
    Points:
    16
    Posts:
    96
    Joined:
    May 3, 2011

    May 3, 2011
    96
    2
    16
    I just found out repair from viruses are not covered by the warranty. So Viewsonic users don't even have the option of using warranty support to clean a virus that would make the factory reset trigger inaccessible.
     
  10. sitlet

    Rank:
    None
    Points:
    213
    Posts:
    5,867
    Joined:
    Apr 11, 2010

    Apr 11, 2010
    5,867
    633
    213
    Luckily there really isn't any viruses for android that you need to worry about.
     
    Crashdamage likes this.
  11. Crashdamage

    Crashdamage Android Expert
    Rank:
    None
    Points:
    643
    Posts:
    4,446
    Joined:
    Feb 25, 2011

    Feb 25, 2011
    4,446
    2,753
    643
    Mostly retired
    Kansas City, Mo.
    +1. The OP is assuming Android has Windows-like security problems. It does not.
     
  12. smurfOnE

    smurfOnE Well-Known Member
    Thread Starter
    Rank:
    None
    Points:
    16
    Posts:
    96
    Joined:
    May 3, 2011

    May 3, 2011
    96
    2
    16
    I will not follow an approach to security that hopes for "luck". Moreover, eavesdropping malware has already been shown to attack the droid. Just in the first half of this year, ~500,000-1M Android users were infected by malware.

    Of course. Only a fool believes linux is immune to malware. Linux desktops have simply benefited from a threat model of large botnets needing large numbers of nodes in the domain of desktop computing (where linux has a very small market share). Your street-unwise assumption that Android inherits the security benefits of linux desktops is very flawed, considering Android market share is over 56% in its industry. Like Windows, Android dominates in its industry, enticing malware creators to focus on it.

    Nonsense.

    Android anti-virus tools have good rationale for existing -- their need will escallate along with androids market share, and the malicious incentives to control peoples mobile phones and harvest their data. It won't be long before smartphones outnumber desktops.
     
  13. sitlet

    Rank:
    None
    Points:
    213
    Posts:
    5,867
    Joined:
    Apr 11, 2010

    Apr 11, 2010
    5,867
    633
    213
    It's not "luck", there just aren't any viruses that can attack Android.

    Malware is another story, there are malware apps, but as long as you ONLY get your apps from the Market, and stay away from brand new apps that only have a few downloads, or are from a new (unheard of) developer, you will be fine. And always check the app's permissions before you install it. For example, if you are trying to download an alarm clock, and it needs access to your Contacts, that's a red flag. But again, luckily Google is very good at taking these malware apps off the Market before too many people get them.

    And unlike a Linux desktop, an Android phone can ONLY be affected by malware if YOU install the malware app itself.
     
    Crashdamage likes this.
  14. smurfOnE

    smurfOnE Well-Known Member
    Thread Starter
    Rank:
    None
    Points:
    16
    Posts:
    96
    Joined:
    May 3, 2011

    May 3, 2011
    96
    2
    16
    Having to see it before you believe it is not a competent or diligent approach to security. Malware is designed to exploit unknown vulnerabilites not previously exploited. When you allow the attacker to be the first to demonstrate a malware propagation method, you've lost.

    This is why in the information security industry we act on theory. If an attack is theoretically possible, only a fool waits until the attack is executed before they prepare for it. You may have never seen an attack at the perimeter of your network, but that's no excuse for not having a firewall and intrusion detection system. Homeowners install locks and alarm systems on homes never before broken into (and even in neighborhoods without incident) because they don't need to be broken into in order to realize there is a risk. This street wisdom tends to get lost when laypeople approach information security.

    Certainly not. A virus is malware. Denying one malware propagation technique or another is damaging if it causes you to neglect incident response and recovery. If you're not able to recover from an incident because you could not foresee a particular method of propagation (a virus), you've made a poor judgement regardless of whether the damage is caused by a virus, a trojan, or your own misguided action.

    This is like telling a motorcyclist if they drive carefully, there's no need for a helmet. You can reduce risk but you cannot eliminate it. Smoking pot will lower your sperm count, but only a fool would then conclude that they don't need a condom after substantial smoking.

    BTW, I do not intend to be a careful user. Just as I would never buy a GSX-R1000 and then always stay below the speed limit, I'm not about to procure a highly capable device and then use it minimally. I'm the type to drive fast (wearing a helmet and armor while doing so) -- and likewise if I am going to play with potentially risky apps, I'm certainly going to be prepared for disaster.

    But even if I were as cautious with installations as you are, I still would not use that to rationalize not having backups.

    Google is most likely not inspecting every line of code that makes it into Google Market. They will weed out the obvious malware and act on reports, but I would not strictly count on them to ensure bug-free apps (assuming you believe bug-free apps exist at all; personally I don't believe it's possible to write a bug-free app more complex than "hello world"). Even if Google were to inspect every line, bugs go unnoticed. I see bugs get past code reviews on a regular basis.

    Absolute pure nonsense. Every android phone executes code and has writable persistent storage, and interfaces with a network. Installing a malicious app is only one way infect an Android phone. A legitimate app with a bug that malware can exploit would also be a means to infect an Android phone. It doesn't even have to be through an app. A basic service working for the kernel could have a bug that an attacker finds before a developer.
     

Share This Page

Loading...