[HN Gopher] Unlocking the Pixel 9 bootloader breaks some Pixel A...
___________________________________________________________________
Unlocking the Pixel 9 bootloader breaks some Pixel AI apps
Author : edward
Score : 65 points
Date : 2024-08-27 18:16 UTC (4 hours ago)
(HTM) web link (liliputing.com)
(TXT) w3m dump (liliputing.com)
| glitchc wrote:
| Does it start working again if you re-lock the bootloader?
| flutas wrote:
| Yes*
|
| * re-locking wipes your device to a factory state
| glitchc wrote:
| In that case it sounds like a software protection product has
| been applied to the AI-based applications. That product is
| doing a simple check that should be fairly easy to hypass
| through other means.
| flutas wrote:
| Nah, it's doing a server side check for the devices TEE
| keys before letting it launch the models. Something that,
| at least publicly, can't be bypassed. Even with something
| like TrickyStore to fake the TEE keys.
| glitchc wrote:
| A local phone reset won't touch the TEE keys though. It
| doesn't sound that sophisticated.
| SushiHippie wrote:
| Not on GrapheneOS, you are able to re-lock it after
| installing GraphenOS (and you should), I think it just wipes
| the user data, but definitely not to a factory state
| semi-extrinsic wrote:
| Sounds like a win-win scenario?
| complaintdept wrote:
| Yeah I'm not seeing a downside to this.
| jsheard wrote:
| This isn't unprecedented, Sony used to encrypt most of their
| phones image processing stack with a key which was deleted
| forever if you unlocked the bootloader, making the camera
| permanently perform much worse even if you re-locked the
| bootloader later. Likewise with Winevine DRM, unlocking the
| bootloader will break L1 playback, either forever or until you
| re-lock depending on the device.
|
| I'm guessing this is Google similarly trying to stop people
| extracting their local models by not letting unlocked devices
| access them. I wonder if they'll also crack down on porting the
| Pixel Camera app to non-Pixel devices, people have been doing
| that forever because the processing is better than many devices
| native camera apps.
| treyd wrote:
| That this is legal is crazy to me. Such a strong reason to
| split up the hardware and software sides of the businesses.
| alphabettsy wrote:
| Why would it be illegal?
|
| I'm not saying it's right, but what would the law look like
| making it illegal and what would the impact be positive and
| negative?
| bakugo wrote:
| > Why would it be illegal for a manufacturer to retain full
| control of what you do on your device after they've
| supposedly sold it to you?
|
| The fact that this question even needs to be asked at all
| shows just how dire the state of consumer rights in tech
| is.
| idle_zealot wrote:
| > what would the law look like making it illegal
|
| How about "you can't sell a tool that actively works
| against the interests of the customer"?
| flutas wrote:
| > I'm guessing this is Google similarly trying to stop people
| extracting their local models by not letting unlocked devices
| access them.
|
| It seems like it's not even that thought out. Google allows the
| devices to fully download the models...just not run them?
|
| If you want the models, here ya go:
| https://pastebin.com/jh4YG5jX
|
| That's every file the app downloads on launch.
|
| EDIT: Seemingly I'm wrong. Someone below in another comment
| stated that they are not allowing the device to download the
| Gemini Nano model and that's what the failure is from.
| gruez wrote:
| But are they encrypted?
| flutas wrote:
| I'm not super well versed in TF, so I have no real clue.
|
| But the files seemingly all have headers. Maybe TF offers
| an encrypted "inside the file" while having the headers not
| encrypted, but unless they do it doesn't look like it.
| DownrightNifty wrote:
| Oh wow, that's interesting, thanks for sharing. I was
| experimenting with the Pixel Recorder app, which calls into
| the AICore system service, which calls into the Protected
| Download API to download its models. Based on the URLs
| ("pixelai-models" vs "aicore-models") it looks like Pixel
| Screenshots is doing its own thing and not using AICore.
| flutas wrote:
| It does the same thing re: hooking, but downloads most (if
| not all?) of the models, only at the end does it fail with
| "precondition check failed" from the server which aicore
| just repeats.
|
| I haven't gotten further in it to figure out what it's
| bailing out on, aside from the request going to google
| using the trusted dl service and failing. It could be the
| same model call and they are being oddly protective over
| gemini nano.
| chimeracoder wrote:
| Unlocking the bootloader has long broken a lot of functionality.
| Play Integrity (formerly known as SafetyNet) provides three
| levels of checks, and increasingly apps are requiring the phone
| to pass the second level in order to use the app.
|
| Until last year, it was possible to spoof the second level
| (though not the third), with an unlocked bootloader, but Google
| started cracking down on that _hard_ and it 's essentially a game
| of whack-a-mole. Because the spoofing requires finding the
| fingerprint for a supported device that hasn't yet been banned
| (of which there are a finite number), it's a losing battle.
|
| That said, unlocking the bootloader on Pixel devices is less
| useful than it used to be, because of an expansion between what
| the base device already does and a degradation of what an
| unlocked and/or rooted device can do. There are fewer custom ROMs
| than there were a decade ago, and (unlocked) Pixel devices get
| rapid updates with long official support.
|
| Rooting the device used to give you the ability to install custom
| adblockers and bypass screenshot restrictions, but Android now
| has better support for DNS-based adblocking built in, and they've
| now cut off the main loopholes that allowed people to screenshot
| apps that block access. I think it's now impossible to screenshot
| an app if the app has blocked screenshots[0]. Ironically, it's
| easier to screenshot or get videos of apps on iOS than of those
| same apps on Android - I don't know if that's because developers
| don't bother to implement the blocking APIs on iOS or some other
| reason, but more than once I've ended up having to pull out a
| backup iPhone in order to screenshot/record something I couldn't
| on a Pixel device.
|
| Pixel phones already don't include most of the bloatware that
| comes with other devices, and the remaining stuff is built in and
| can't really be removed without impacting the core functionality
| of the device. So root access gets you a lot less than it used
| to, for Pixel devices.
|
| [0] In the spirit of classic bash, I am asserting that it's
| impossible, half hoping that someone will take that as an
| opportunity to correct me:
| https://web.archive.org/web/20230711000352/bash.org/?152037
| lofaszvanitt wrote:
| Are you not allowed to take screenshots of specific apps? Not
| gonna buy this phone then :(.
| treyd wrote:
| It's a general Android feature that I believe is _meant_ to
| be used to make exfil of sensitive data harder.
| HeatrayEnjoyer wrote:
| It's an Android API, not specific to this phone.
| josephcsible wrote:
| If that's a deal breaker, then what phone would you buy?
| Every Android phone supports FLAG_SECURE (which is such an
| Orwellian name), and iOS has its own equivalent API:
| https://github.com/JayantBadlani/ScreenShield
| lofaszvanitt wrote:
| Well, the phone should keep my own needs above everything
| else, and no app maker should hamstring me on MY OWN phone.
| Somehow I have the feeling certain phone makers are sitting
| on the horse backwards.
| josephcsible wrote:
| I agree with you. I don't want app developers to stop me
| from being able to screenshot whatever I want on my own
| phone. I just don't know what to do about it.
| fsflover wrote:
| Switch to GNU/Linux phones. Works for me.
| tgsovlerkhgsel wrote:
| Well, if you're willing to do that, you could just say
| "don't use such apps then"... which isn't helpful if it's
| for your bank, or your government...
| fsflover wrote:
| Most apps work with Waydroid. If somebody forces you into
| the duopoly, you should start complaining and switch
| banks...
| throwaway48540 wrote:
| Where do I complain about the EU regulation that caused
| the banks to implement this requirement? Should I switch
| continents?
| jazzyjackson wrote:
| Imagine my surprise when I tried to take a screenshot on
| Apple Vision Pro of how cool it was to watch Apple TV while
| chopping vegetables, only to find that Franklin had been
| replaced by a black box.
| rchaud wrote:
| Things like this are why physical media + open video
| formats and players will always be a superior choice to
| streaming apps.
| mmmlinux wrote:
| Go try to take a screen shot of Netflix.
| lofaszvanitt wrote:
| That's a non issue... on a PC :D.
| rchaud wrote:
| That's because Netflix hasn't forced Microsoft, Google
| and Apple to enable these blocks on their OSes and
| browsers...for now.
| lofaszvanitt wrote:
| I think Chrome gives back black screens if you try to do
| so.
| jsheard wrote:
| They absolutely have, Windows, Android and Apples
| platforms all have the concept of "secure" framebuffers
| which appear as black rectangles if you attempt to
| screenshot or record them. Netflix and similar will only
| serve you high res video if your system supports that
| protection amongst others, otherwise they'll restrict you
| to something like 720p.
| MindSpunk wrote:
| Yeah but Netflix won't serve you 4k on a PC unless you
| use Edge (not even chrome iirc) or their windows app.
| Screenshot those and you'll get black rectangles.
| fragmede wrote:
| it's okay to be wrong about something
| tveita wrote:
| An unlocked bootloader is the only way to take a local backup
| of app data now, afaik, since they've made the adb backup tool
| more and more useless - and phone transfers too.
|
| So you can either have no banking app, lose all your data when
| your Pixel glitches out, or (recommended option) upload all
| your data to the cloud for the voyeurs at Google to perv at.
| RobotToaster wrote:
| > half hoping that someone will take that as an opportunity to
| correct me
|
| Well, you can use another pixel to take a photo of the
| screen...
| commercialnix wrote:
| I'll gladly finance at 4x the cost (so like around $5,000) to
| purchase an alternative Pixel for a fully open source bootloader
| with physically compartmentalized chips with open interfaces and
| a less sleek device.
|
| I don't give a shit about Ai slop.
| fsflover wrote:
| Sounds a bit like Librem 5.
| codethief wrote:
| Is it just the unlocking or do those apps also look at the exact
| keys securing the boot chain & OS? In other words, what if I
| install GrapheneOS and lock the bootloader again?
| flutas wrote:
| I've personally looked into the Pixel Screenshots check.
|
| It appears that they are doing server side verification of the
| devices TEE[1] keys plus bootloader checks, either of which
| will trip it.
|
| This can be spoofed using leaked keys (that get revoked fairly
| quick), but in this case it seems they are also verifying that
| the keys are the keys for their Pixel 9 devices.
|
| [1]: https://source.android.com/docs/security/features/trusty
| DownrightNifty wrote:
| I took a brief look into it, and they use the Google Private
| Compute Services Protected Download API to download the Gemini
| Nano model, which uses remote attestation to cryptographically
| ensure that your device is running the stock ROM:
| https://github.com/google/private-compute-services/tree/mast...
|
| I'm not sure why they do that, tbh, since Gemini Nano is now
| part of Chrome, and you can download it without remote
| attestation. If you were dedicated enough, you could probably
| force the AICore system app on a rooted device into using the
| Gemini Nano model you downloaded from Chrome. I briefly
| attempted this but it proved too annoying so I gave up.
|
| Edit: It appears Pixel Screenshots works differently than Pixel
| Recorder, which is what I was looking into.
|
| https://news.ycombinator.com/item?id=41373011
| rchaud wrote:
| > Pixel Screenshots [...] which lets you capture screenshots that
| are analyzed by Google's Gemini Nano on-device AI and saved in a
| searchable index, allowing you to ask Google for information
| about things you saved days, weeks, or months ago..
|
| Sounds like a benefit, to be honest. I take a lot of screenshots.
| It's never occurred to me to "ask Google" about something I
| screenshotted. I don't hoard screenshots, they're actively used
| for _something_ , maybe an idea for a creative project, or a
| quote I liked. Once they're logged somewhere, I delete the
| screenshot, as it's no longer necessary.
|
| This feature also sounds suspiciously similar to Windows Recall.
___________________________________________________________________
(page generated 2024-08-27 23:01 UTC)