How does this make your device more secure? I'm not trying to contradict you, in asking because I genuinely don't know.
Sent from my Nexus 4 using Tapatalk
This all come down to the fact that Android is a linux-based computer which is very powerful, but when you have root in linux, you can do anything.
Custom recoveries like CWM and TWRP allows full root access to the device. You can modify any partitions of the phone or do anything with the command line with full access, such as:
-Copying all the user datas by a simple command of: adb pull /data \output\folder (this is how you backup your stuff if your phone is bricked).
-Or bypass your lockscreen by:
[GUIDE][HOW-TO]Crack android pattern lock! - xda-developers
-Or run any malicious scripts.
I think this loophole can be closed if the custom recovery developers could find out a way to implement a passcode system to the recovery with good encryption.
With stock recovery, adb will not work. There is the "adb sideload" feature, but it only work with signed update packages (which potentially can be exploited, more below).
A good way to protect the phone from theft would be to encrypt your phone. The thief can't get at your private datas unless they can break the password.
However, the thief can create an image of your device (which required adb or root access and using the "dd" command:
see the alternative method in the bottom of this page) and try to decrypt it on a more powerful machine. So you have to make sure to not allow any external root access to your device.
The fact that you can use the dd command to image partitions is also reason why Google do not allow physical microSD card (aside from Microsoft patents, many Android manufacturers like Samsung and HTC have to pay royalty to Microsoft). The thief would have to copy the image to your internal storage first, but that is protected by the fact that you encrypted your device before hand. If you have a removable medium like sdcards, the thief would just insert an their own unencrypted sdcard to copy the files over. Also, some devices have USB OTG capability which is used to mount external flashdrives. However, having locked bootloader and stock recovery can protect you from this, since only custom recoveries have these extra features like mounting USB OTG.
In the past, with the Samsung Galaxy S, I rooted the phone by flashing an exploit package in stock recovery, bypassing the signature requirement. I'm sure Google have since improved their stock recovery to make it harder to penetrate (and that was a Samsung device anyway, we all know Samsung had several well known security exploits reported in the past). But Google created a very good security backup with the bootloader. You can simply delete your phone's recovery so it doesn't exist at all (fastboot erase recovery), then lock your bootloader. The only way to install or boot into another recovery to your phone now (on an encrypted phone that the thief can't log in) is to unlock the bootloader, which required a full wipe of your data in the process.
There is one security downside with Nexus devices is that while following the advices above you can protect your data, you can't stop the thief from unlocking the bootloader and flashing a new firmware. You can either call up your carrier and ask them to blacklist the phone's IMEI, or purposefully break the USB port of the phone and use wireless charging (as long as the thief doesn't bother to repair it with a replacement part.)
So a good anti-theft protection for your device would be to:
-Disable USB debugging. (However, Google have improved the security by popping up a toast message on the phone asking to allow USB Debugging to the connected device, so if you have Android 4.3 or newer, it's not as much of a concern if it's still enabled and you have a strong lockscreen).
-Stock recovery, locked bootloader.
-Encrypt your phone.
-Install an anti-theft program like
Cerberus. If the phone have root, Cerberus can exist in the phone even after a regular factory reset (but not a factory image flash).
The downside of this is without an unlocked bootloader you can't backup your data if the phone failed to boot. Also with encryption, it's a pain to type the decryption password each time the phone boot up since if you don't type anything soon, the phone make this endless annoying notification sound and leave the screen on, making the phone very hot. Google needs to fix that.
But an easier alternative that I mentioned to someone who asked a similar question: Just keep your phone with you at all time and carry a magnum.
Also this
BootUnlocker app can lock and unlock the Nexus bootloader without requiring a data wipe, but it needs root. So you could temporarily unlock your phone for flashing. While the bootloader is unlocked, instead of installing a custom recovery, boot into one by using your PC with the command: "fastboot boot twrp.img (or cwm.img).