What is an OEM unlock in Android

OEM unlock / OEM unlock

The option OEM unlock (available from Android 5000! 5.0 "Lollipop"[1], on German-speaking devices too OEM unlock or Allow bootloader unlock) is a selection box in the developer options that serves as a security function against unauthorized unlocking of the bootloader. The option (usually deactivated by default) controls whether or not the bootloader can be unlocked by an OEM routine (i.e. a procedure provided by the manufacturer to unlock the bootloader). If this is deactivated and an attempt is made to unlock the bootloader, it refuses to do so with an error message.

In addition to allowing the bootloader to be unlocked, the OEM unlock (if activated) a device protection feature: Android Factory Reset Protection, FRP for short. This makes it possible to reset a device without subsequently confirming a Google account that was previously synchronized with the device. More information about Device Protection can be found on the corresponding page in this wiki.

Technical implementation [edit | edit source]

So that a setting is available both for the bootloader and in the Android system, the value of the setting must be in a raw Format (so that the bootloader can access it even if the abstraction layers and implementations of the Android system are not available). This is also the case with the OEM unlock setting.[2] In Android there is a separate partition for this, which can save data persistently. The corresponding partition is in the system property (System property) ro.frp.pst saved.[3] The partition used differs from device to device, so on the HTC 10 the frp Partition (for F.actory R.eats P.rotection) is used[4], for Samsung devices based on a Snapdragon 625 MSM8976, the persistent Partition.[5] The block devices of the respective partitions also differ from device to device.

If the OEM-Unlock setting is changed in the developer options, the new value (1 for activated and 0 for deactivated) is written as value / content to this specified partition and can then be read out by the bootloader. The implementation for controlling the unlocking of the bootloader can thus access a value that can be changed in the Android system.

Individual evidence [edit | edit source]