Android 13 Is A One Way Trip For Pixel 6 Owners Due To Android 12 Bootloader Vulnerability

android 13 hero
Android 13 started rolling out to Google's Pixel devices this week, but some users are dismayed to find this is a one-way upgrade—after installing Android 13, you cannot go back to Android 12 on the Pixel 6, 6 Pro, or the new Pixel 6a. While this seems antithetical to the openness of Pixel smartphones, this comes from a commitment to security.

The new software is rolling out to phones in batches as an OTA update, but you don't have to wait. Pixel phones can take advantage of Google's policy of posting all software images and OTA files online. So, you can grab the update file for your phone and install it with Google's official tools. Doing so with the latest Pixels will pop up a warning, explaining that you cannot go back to Android 12 thanks to the Pixel's anti-roll back counter. Some Pixel owners are up in arms about this, but expert voices have chimed in to explain the situation.

Esper editor Mishaal Rahman confirmed this is due to a vulnerability in the Android 12 bootloader. Android is open source, and that means it is potentially vulnerable to "downgrade attacks." Essentially, an attacker downgrades the software to an older version that has known exploits. This is particularly dangerous in open source software like Android because the act of fixing an exploit reveals it to everyone.

twitter android 13 downgrade

According to Shawn Willden, who works on Android hardware security, anti-rollback counters (ARCs) are not a new technology. However, they are rarely implemented because doing so is complicated, and it can upset users, as we are seeing with the Android 13 rollout. An ARC is a numerical counter, usually implemented as a number of fuses that are tripped upon the installation of new software. If the counter value in a piece of code doesn't match the counter, the device will refuse to load it.

Most users aren't going to look back after upgrading to Android 13 anyway. This version makes a number of important changes, like the expansion of Material You themes, more control over the data apps can access, and the ability to sync clipboard content between devices. If you have a Pixel 4 or later, you can get Android 13 from Google's dev site and install it right now. Older Pixels don't have the same ARC setup as the Pixel 6 family, so you could unlock the bootloader and flash Android 12 (or an even earlier build) if you want. Not that you should.