PSA: Enable This Hidden Setting Before Modding Anything on Android

Enable This Hidden Setting Before Modding Anything on Android

If you've ever rooted an Android device in the past or installed a custom recovery, you're surely familiar with the term "unlocked bootloader." But if all of this sounds like gibberish to you, some major changes in Android have made it to where you should definitely get familiar with the concepts.

Enabling a single Android setting called "OEM unlocking" has the potential to prevent your device from falling victim to complete software failure, and it only takes a minute to turn this on. If you'd like to know why this option can cause your device to become bricked, I'll explain it all below.

Background Info: Kill Switch Law & Factory Reset Protection

In August of 2014, the state of California signed SB-962—the so-called "Smartphone Kill Switch" law—and this had some major repercussions on Android. From that point on, all new devices would need to have extra security measures implemented to be in compliance with this law, and more importantly, to be eligible for sale in America's most populous state.

To make sure they were in compliance, Google implemented a new Android feature called Factory Reset Protection, which ensures that even if a device is fully wiped, it cannot be used unless the original owner signs in with their account credentials. However, devices with unlockable bootloaders were still vulnerable considering that someone could unlock the bootloader, which would allow them to use fastboot commands to flash factory images and bypass Factory Reset Protection.

So to bolster FRP on devices with unlockable bootloaders like the Nexus series, Google added a hidden setting within Android that prevents bootloader unlocking and makes fastboot flashing impossible unless it's enabled. This setting is called "OEM unlocking," and it works because you need to sign in to Android with your pattern, PIN, or password to enable it before you can flash anything with fastboot.

Why Enabling 'OEM Unlocking' Can Save You from a Bricked Device

While the "OEM unlocking" setting being turned off by default does indeed have some security benefits, it comes with one major risk. If an over-the-air firmware update does not install properly for any reason, you'd be left with a completely bricked device.

The failed update would mean that you couldn't get into Android, which in turn would mean that you couldn't enable "OEM unlocking." With this setting still disabled, not even a smartphone repair shop could get your device back up and running.

On the other hand, if you have "OEM unlocking" enabled, a failed update is no big deal. You (or a repair technician) could simply unlock the device's bootloader and flash the factory images using fastboot, which would then overwrite the corrupt update and restore your firmware to working order.

Failed firmware updates are not exactly commonplace, but the risk is real. In fact, a corrupt update file recently left many Nexus 5 and Nexus 7 owners with devices that failed to boot—but luckily these devices were released before California SB-962 went into effect, so they weren't equipped with the extra Factory Reset Protection options.

How to Enable 'OEM Unlocking'

If you'd like to prevent the disastrous scenario described above, it's a relatively simple process. For starters, you'll need to enable the hidden "Developer options" menu by heading to About phone (or About tablet) in Settings, then tapping the "Build number" entry 7 times in rapid succession.

From there, simply head to the "Developer options" menu, then toggle the switch next to the "OEM unlocking" entry to enable it. Once you've done that, you can rest a lot easier knowing that a failed update no longer has the potential to render your device useless.

Keep in mind, though, that having the "OEM unlocking" option enabled is technically less secure. Theoretically, a tech-savvy thief could fully wipe your device with this option enabled, which means you would no longer be able to track the device's location using Android Device Manager. But the rest of Android's security measures would still be in place, so no one could access your data without your pattern, PIN, or password.

What are your thoughts on this situation? Is Factory Reset Protection more trouble than it's worth? Let us know in the comment section below, or drop us a line on Android Hacks' Facebook or Twitter, or on Gadget Hacks' Facebook, Google+, or Twitter.

Hot Deal: Set up a secure second phone number and keep your real contact details hidden with a yearly subscription to Hushed Private Phone Line for Android/iOS, 83%–91% off. It's a perfect second-line solution for making calls and sending texts related to work, dating, Craigslist sales, and other scenarios where you wouldn't want to give out your primary phone number.

17 Comments

thanks very nicely explained

Would a better idea not be to switch the OEM bootloader prior to installing an update and then locking it afterwards?

That would definitely be a safer option in terms of security, but if anything other than a firmware update were to brick your phone, you could still be locked out. You're right, though, that's a good approach, because 99% of the potential problems would come from OTA updates.

Thanks, Dallas, for a very helpful article.

However I have an ASUS ZenPad z380kl with Android 6.0.1.

My Developer Options are visible but there is no item called "OEM Unlocking"

I have been trying all day to root this device but to no avail. Any help would be appreciated.

That means your phones bootloader is locked. Just do a research on how to unlock it.

Hi, I own a LG G4 H810, and when I mark the corresponding "Unlock OEM" option, leave the "Developer Options" menu and go back to it, I find that "Unlock OEM" is again disabled. Does it mean that my bootloader is locked too? Or what could be the reason for this to happen?

men.. i have a VIVO 1606 marshmallow.. its says its harder to unlock bootloader.. i try many rooting apps..reading other furoms on how to root this device.. but by accident upon trying a lot rooting apps.. now i have my OEM unlock in developers option.. at last i can root now my device

Samsung phones work different with each model you might need to look up your phone model to see if it's possible to unlock your bootloader. What I also seen is that oem unlock option seems to be available on 7.0 to the most current version of Android

Hi Dallas

I know this article is old, but what you described here is exactly what has happened to my S7. What can I do? My phone just stopped working after an update. If I cant then flash it, is there anyway other way to get it back?

Adb sideload the latest ota for your device, assuming you can still enter recovery mode.

There is no other way to be able to get into Android the best is that you can do is contact Samsung for a replacement.

Hi Dallas I have done all the above correctly but on restart/reboot sequence while using Kingroot it is back locked out again so root fails. I have decided to root the phone only because it is no longer being recognised by any computer as usb device and my upgrade is 7 months away. It's a cheapo little Pixi 4 4.5.4 5017x bought for convenience and a long hospital stay . At £30 it wasn't a huge amount if it was lost/stolen. I s there a work around or should I just ask to take my upgrade early? The dismal 4g memory is the killer, even using the SD as install to isn't enough .

I currently use nexus 6 and my boot loader is already unlocked
I can't switch buttons

How do I get to turn it on?

Hi @dallasthomas & @nick_c ...and everyone else. :)

I have a Galaxy Note 8 (SM-N950F). I installed the Pie/One Ui OTA update, I think it was about 2 months ago now.

There's a few things here and there which need addressing but overall I much prefer it to Oreo and think Samsung have done a pretty good job.

Anyway... I know this thread was created back in January '16 and the last post by @nickc was at least 5 months ago, but after reading your post Nick and with my Note8 updated to One Ui recently I thought that I should ask if anyone knows of any problems with unlocking the bootloader on a Note 8 which is carrier unlocked?

Since I just saw this thread today for the first time but then saw it was outdated I'd initially thought of starting a new thread or going elsewhere to ask but maybe someone who knows is still following the thread?

Anyone?

Many thanks in advance,

Drew. :)

Share Your Thoughts

  • Hot
  • Latest