security - how to add a custom lock for the recovery and/or bootloader?

Unlocking the bootloader and/or the recovery is very popular discussion across many devices. But doing so exposes a very obvious and inevitable issue with security!

An unlocked recovery means that no matter how secure you make your android lock screen, someone can easily reset phone to restore the phone to a fully functional (and lockless/insecure) state and the worst part, they don't have to erase your data(meaning they can access all your personal files and folders)!

It is almost hilarious! In fact if the phone supports insertion of external SD cards, you can even flash your own software into the phone and maybe bypass the lock screen without wiping any data.

For example: One possible loophole is using the 'Tasker' app which has a feature that can temporarily disable the keyguard. And the best part is that Tasker can be flashed using the recovery!

So is there any method by which I could add a security measure that prevents complete access to my recovery and/or boot loader that will make my phone less insecure?!

Expected answer: Method by which a custom pin/password must be entered before entering the bootloader/recovery. So that my bootloader/recovery is still technically unlocked but simply requires authentication to use (this also ensures that conventional unlocking methods won't work as the phone is not really locked!). This also means that one does not have to lose root access to ensure security!

Answer

Even if it would be doable, consider a few things making it extremely unlikely:

1. in that early stage, the touchscreen is not yet initialized – so how would you input your PIN/password/pattern to unlock the bootloader before firing up the custom recovery?



2. another risk introduced this way: if you break your display, you are effectively knocked-out: even if the problem described above could be worked around, that work-around would be rendered useless at this place.

True, there are things like touch-based custom recoveries. So technically, that would be the place to make it possible: Once the recovery is initialized, it could ask for a code to unlock before offering its real services. This might even include a "fallback mode" for a broken screen using e.g. shake-patterns (accelerometer-based) or NFC (if applyable). But that's nothing we can solve here at this site: you will have to contact the resp. developers for this (twrp and/or clockworkmod, to name two examples).