In its Android Developer’s blog, Google has explained that the company has boosted the system integrity protection in Android Nougat to prevent a compromised phone booting, or only allow it to boot in a limited capacity. This is a step up from Android Marshmallow, which carries out this check, but merely warns users and allows them to continue with the boot if they wish.
The good news, then, is that your phone will refuse to boot if infected with some types of malware, protecting your data. The bad news, says Google, is that some non-malicious data corruption may also result in a phone that won’t boot …
Android has alerted about system integrity since Marshmallow, but starting with devices first shipping with Android 7.0, we require verified boot to be strictly enforcing. This means that a device with a corrupt boot image or verified partition will not boot or will boot in a limited capacity with user consent. Such strict checking, though, means that non-malicious data corruption, which previously would be less visible, could now start affecting process functionality more.
Even a single-byte error could prevent the phone from booting. However, Android 7 includes additional code designed to guard against data-corruption.
In the changes we made to dm-verity for Android 7.0, we used a technique called interleaving to allow us to recover not only from a loss of an entire 4 KiB source block, but several consecutive blocks, while significantly reducing the space overhead required to achieve usable error correction capabilities compared to the naive implementation.
The Android Engineering team hosted a Reddit AMA yesterday providing more info on the latest version of the OS.