droid.rooter
How To Advanced 7 min read

How to Unlock Bootloader on Android Devices 2026

Bootloader unlock guide 2026 — what bootloader is, brand procedures (Samsung, OnePlus, Xiaomi, Pixel, Motorola, Sony, Realme), OEM-greyed-out fixes.

By Naz N. | Published

Android bootloader unlock guide 2026 across brands
Table of Contents
  1. What is a bootloader?
  2. Locked vs unlocked bootloader
  3. Why unlock bootloader?
  4. Before you start
  5. Prerequisites
  6. Enable Developer Options
  7. Enable USB Debugging and OEM Unlocking
  8. Samsung devices
  9. Galaxy S, A, Z, Note, Tab S series
  10. OnePlus devices
  11. OnePlus 7/8/9/10/11/12/13 series
  12. Xiaomi/Redmi/POCO devices
  13. Mi Unlock Tool + 7-day waiting period
  14. Google Pixel devices
  15. Pixel 6/7/8/9 series
  16. Other brands
  17. Sony Xperia
  18. Motorola
  19. Realme
  20. Oppo and Vivo
  21. Brand-comparison summary
  22. Troubleshooting common issues
  23. Device not detected
  24. Fastboot commands not working
  25. OEM Unlocking grayed out
  26. Unlock command fails
  27. Real customer scenarios
  28. Conclusion

The bootloader is the gatekeeper between hardware and Android — the first software that runs on power-on, responsible for verifying firmware signatures and handing control to the kernel. Locking the bootloader is the foundation of Android’s verified-boot security model; unlocking it is the foundation of rooting, custom recovery installation, and custom ROM installation. This 2026 guide covers what the bootloader is, why and how to unlock it, brand-specific procedures across the major Android manufacturers, troubleshooting common issues (especially the dreaded ‘OEM Unlocking greyed out’ case), and the warranty/security trade-offs to understand before unlocking.

What is a bootloader?

The bootloader is the first software that runs when a device powers on. Its responsibilities:

  1. Initialize hardware (CPU, memory, basic peripherals)
  2. Verify firmware signatures (boot image, vendor, system on Android Verified Boot devices)
  3. Hand control to the kernel
  4. Kernel then boots Android

In Android specifically, the bootloader is implemented in code stored in a protected flash partition (typically aboot or bootloader partition). The bootloader implements Android Verified Boot (AVB) — the verified-boot model that ensures only manufacturer-signed firmware can boot.

Locked vs unlocked bootloader

StateBehaviour
LockedOnly manufacturer-signed firmware boots; AVB fully active; signature check on every boot
UnlockedAny firmware boots regardless of signature; AVB warning on each boot; modified system images can be flashed

The state is recorded in protected flash and is detectable by:

  • The bootloader itself (controls boot policy)
  • The Android system (exposed via Build properties; checked by Play Integrity)
  • Apps using Play Integrity / SafetyNet APIs (DEVICE verdict)

Why unlock bootloader?

  • Rooting — Magisk requires modifying the boot image, which the locked bootloader refuses to boot
  • Custom recovery — TWRP/OrangeFox installation requires unlocked bootloader
  • Custom ROMs — LineageOS, GrapheneOS, Pixel Experience installation requires unlocked
  • Custom kernels — performance/battery-tuned kernels require unlocked
  • Advanced backup — full Nandroid backups via TWRP require unlocked + custom recovery
  • Recovery from soft-brick — flashing stock firmware via fastboot requires unlocked on some brands
  • Manufacturer firmware downgrade — un-installing manufacturer updates often requires unlocked

Before you start

Prerequisites

  • USB-C cable (data-capable, not just charging)
  • PC with Android Platform Tools installed (adb, fastboot)
  • Brand-specific tools where required (Mi Unlock Tool for Xiaomi; Odin for Samsung)
  • Backed-up everything (photos, documents, WhatsApp, app data)
  • Stable internet (required for some manufacturer authorization steps)

Enable Developer Options

Settings → About phone → tap Build number 7 times until “You are now a developer” appears.

Enable USB Debugging and OEM Unlocking

Settings → System → Developer options:

  • Enable USB debugging
  • Enable OEM Unlocking

If OEM Unlocking is greyed out, see the troubleshooting section below.

Samsung devices

Galaxy S, A, Z, Note, Tab S series

Samsung does NOT use standard fastboot. Samsung uses Download Mode + Odin (or Heimdall on macOS/Linux).

Procedure:

  1. Settings → Developer options → enable OEM Unlocking + USB Debugging + Allow OEM unlock
  2. Connect to Wi-Fi + sign in to Google account; wait at least 7 days (Samsung anti-theft cooldown)
  3. Power off → hold Volume Down + Bixby/Power + USB cable for 2024+ models; older models use Volume Down + Volume Up + Power
  4. Download Mode screen appears (blue/yellow text on black)
  5. When prompted, long-press Volume Up to confirm OEM unlock
  6. Knox 0x1 set permanently at this moment
  7. Device factory-resets and reboots unlocked

After unlock, Samsung-specific rooting uses Odin + Magisk-patched AP firmware — see our Samsung Galaxy root guide.

OnePlus devices

OnePlus 7/8/9/10/11/12/13 series

Standard fastboot procedure.

bash 
# Settings → Developer options → enable OEM Unlocking + USB Debugging
# Reboot to fastboot
adb reboot bootloader

# Verify device detected
fastboot devices

# Unlock bootloader
fastboot oem unlock

# On-device prompt to confirm — long-press Volume Up
# Device factory-resets and reboots unlocked (3-5 minutes)

T-Mobile US carrier-locked OnePlus variants have OEM unlock disabled. See our OnePlus 12/13 guide for OxygenOS 14+ specifics.

Xiaomi/Redmi/POCO devices

Mi Unlock Tool + 7-day waiting period

Xiaomi adds a manufacturer-authorization layer beyond fastboot.

Procedure:

  1. Settings → About phone → tap MIUI/HyperOS version 7 times → enable Developer options
  2. Settings → Additional settings → Developer options → enable OEM Unlocking + USB Debugging + Mi Unlock status
  3. Bind your Mi Account to the device (Settings → Mi Account)
  4. Wait 7 days (recent firmware extends to 168+ hours; some 2026 firmware extends to 360+ hours)
  5. Download Mi Unlock Tool from en.miui.com
  6. Sign in to Mi Unlock Tool with same Mi Account
  7. Reboot device to fastboot
  8. Connect; click Unlock in Mi Unlock Tool
  9. Wait for completion; device factory-resets and unlocks

The 7-day waiting period is enforced server-side; cannot be bypassed.

Google Pixel devices

Pixel 6/7/8/9 series

The easiest brand for unlocking. Standard fastboot procedure.

bash 
adb reboot bootloader
fastboot devices
fastboot flashing unlock      # newer Pixel command
# OR
fastboot oem unlock           # older Pixel command

# On-device prompt — Volume Down to highlight Unlock; Power to confirm
# Device factory-resets and reboots unlocked

Other brands

Sony Xperia

Sony has an official unlock portal at developer.sony.com — submit IMEI, receive unlock code by email, then fastboot oem unlock 0x<code>. Some Sony Xperia models lose camera quality after unlock (DRM key invalidation affects some computational photography features) — verify per-model.

Motorola

Motorola has an official unlock portal at en-us.support.motorola.com/app/standalone/bootloader. Apply with IMEI; receive unlock code; fastboot oem unlock <code>. Cooperative process.

Realme

Realme requires In-Depth Test community-discretionary approval. Settings → About phone → version → tap version 5 times → DeepTest mode → apply. Wait ~3 days for approval. After approval, fastboot oem unlock works.

Oppo and Vivo

Most restrictive among major brands. Many models effectively unrootable on current firmware. Some older models may be unlockable via brand-specific commercial tools.

Brand-comparison summary

2026 bootloader unlock complexity by brand. Pixel/OnePlus/Motorola/Sony are cooperative. Samsung adds Knox permanence. Xiaomi adds 7-day wait. Realme adds In-Depth Test approval. Oppo/Vivo are mostly closed.
Brand Process complexity Waiting period Notes
Pixel Easy None Most cooperative; standard fastboot
OnePlus Easy None Standard fastboot; T-Mobile US locked variants exception
Motorola Easy Hours (portal) Official unlock portal; cooperative
Sony Easy Hours (portal) Official portal; some camera-DRM caveats
Samsung Moderate 7 days (anti-theft) Knox 0x1 permanent; Odin not fastboot
Xiaomi/POCO Moderate 7 days (Mi Account bind) Mi Unlock Tool required; server-side enforcement
Realme Hard ~3 days (In-Depth Test) Discretionary community approval
Oppo/Vivo Very hard Variable Most models effectively unrootable on current firmware

Troubleshooting common issues

Device not detected

  • Reinstall ADB/fastboot drivers (Windows)
  • Different USB cable (data-capable, not charging-only)
  • Different USB port (USB 2.0 sometimes more reliable than 3.0)
  • For Samsung: install Samsung USB drivers separately

Fastboot commands not working

  • Verify in fastboot mode (not recovery; not Download Mode)
  • fastboot devices should list device; if empty, driver issue
  • For Samsung: fastboot mostly does not apply; use Odin

OEM Unlocking grayed out

  • Wait 7 days from first sign-in (Samsung/some brands)
  • Check carrier-lock status (T-Mobile US Samsung not unlockable)
  • For Xiaomi: bind Mi Account first, wait 7 days
  • Corporate MDM-enrolled device — contact IT admin
  • Some regions/firmware: hard-locked, not unlockable

Unlock command fails

  • Wrong fastboot variant for brand (oem unlock vs flashing unlock)
  • Anti-theft cooldown not satisfied
  • Carrier-locked firmware
  • Tool version outdated (update fastboot/Mi Unlock Tool)

Real customer scenarios

  • Bangladesh customer + Pixel 7 + first-time unlock — easiest case; resolved in 30 minutes
  • India customer + Xiaomi Redmi Note 13 + Mi Unlock Tool — 7-day wait + tool unlock; explained timeline upfront
  • UK customer + Samsung S23 + Knox concerns — pre-flight Knox-impact discussion; customer accepted; resolved
  • Pakistan customer + Realme + In-Depth Test approval — ~4-day total elapsed; expectations set
  • EU customer + Sony Xperia + camera DRM concerns — explained DRM trade-off; customer accepted

Conclusion

Bootloader unlock is the foundational step for rooting, custom recovery, and custom ROM installation — the unlock decision determines what’s possible afterward. The complexity varies dramatically by brand: Pixel/OnePlus/Motorola/Sony are cooperative; Samsung adds Knox permanence; Xiaomi adds 7-day waiting; Realme adds In-Depth Test approval; Oppo/Vivo are mostly closed. Decide whether the trade-offs (warranty void, verified-boot weakening, brand-specific permanent losses for Samsung) are acceptable for your specific use case before proceeding. See our comprehensive bootloader unlock guide for additional brand-specific notes and our Android rooting guide for what to do after unlock. For professional service, see our Android rooting service or message us on WhatsApp (wa.me/8801748788939) or Telegram (t.me/DroidRooter).

Frequently Asked Questions

What is a bootloader?

The bootloader is the very first software that runs when a device powers on, before the Android operating system loads. It is responsible for verifying the integrity of the firmware (boot image, system, vendor partitions) and then handing control to the kernel which then boots Android. By default, Android device bootloaders are LOCKED — they only allow firmware images cryptographically signed by the device manufacturer to boot. This prevents unauthorized firmware modifications: if someone replaced your boot image with a malicious one, the locked bootloader would refuse to boot it. Locked bootloader is the foundation of Android Verified Boot (AVB), the verified-boot security model that protects against firmware-level tampering. UNLOCKING the bootloader removes this restriction — the bootloader will then boot any firmware, signed or unsigned. This is a prerequisite for rooting (which requires modifying the boot image), custom recovery installation (TWRP), and custom ROM installation. The unlock decision is significant — it weakens the device's verified-boot security model in exchange for user control.

What is the difference between locked and unlocked bootloader?

Locked bootloader: only manufacturer-signed firmware boots; verified-boot fully active; Android Verified Boot signature check enforced on every boot; certain hardware-bound features (Samsung Knox, Pixel Titan-M attestation, banking-app STRONG_INTEGRITY) work in their fully-secure mode. Unlocked bootloader: any firmware boots regardless of signature; verified-boot effectively disabled (warning shown on each boot); modified system images (Magisk-patched boot.img, custom ROMs) can be flashed; certain hardware-bound features refuse permanently or partially (Samsung Knox sets 0x1 on first unlock; banking apps may detect unlocked state via Play Integrity DEVICE verdict). The unlock state is detectable by the Android system and by apps using Play Integrity / SafetyNet APIs — even if the device is currently running stock unmodified firmware, ‘unlocked' is a separate state from ‘running unsigned firmware'. This is why Samsung Pay refuses on a relocked-and-stock-reflashed Samsung — the device passes integrity-of-current-firmware but fails has-ever-been-unlocked (Knox 0x1).

Why unlock bootloader?

Common reasons: (1) Rooting — Magisk requires patching the boot image, which the locked bootloader will refuse to boot. (2) Custom recovery — TWRP/OrangeFox installation requires unlocked bootloader. (3) Custom ROMs — installing LineageOS, GrapheneOS, Pixel Experience requires unlocked bootloader (and usually custom recovery). (4) Custom kernels — flashing custom kernels for performance/battery tuning requires unlocked. (5) Advanced backup — full Nandroid backups via TWRP require unlocked + custom recovery. (6) Manufacturer-firmware downgrade — some manufacturer firmware updates cannot be uninstalled without unlocked bootloader for forced-flash. (7) Repair scenarios — recovering from soft-bricks via flashing stock firmware via fastboot requires unlocked bootloader on some brands. The trade-off is verified-boot weakening + warranty void + banking-app implications — the same trade-offs as rooting, since rooting requires this prerequisite.

What does ‘OEM Unlocking grayed out' mean?

If the OEM Unlocking toggle in Settings → Developer options is greyed out, one of these is happening: (1) Anti-theft cooldown — some brands (notably Samsung) require the device be signed in to a Google account and connected to internet for 7 days before OEM unlock is permitted. Wait 7 days then check again. (2) Carrier-locked firmware — T-Mobile US Samsung variants, some other US/EU carrier-locked variants have OEM unlock hard-disabled in firmware. Cannot be unlocked without firmware modification (very advanced; usually a brick risk). (3) Manufacturer-policy lock — some Xiaomi/Realme regional variants require manufacturer-side authorization (Mi Unlock Tool / In-Depth Test) before OEM unlock toggle becomes available. (4) Knox-protected enterprise device — corporate-MDM-enrolled devices may have OEM unlock locked by enterprise policy. (5) Some markets/regions — extremely rare hard-lock by regional regulation (very few cases). For most consumer devices: wait 7 days, check carrier-lock status, follow brand-specific manufacturer authorization workflow.

Will unlocking bootloader void my warranty?

Manufacturer warranty: yes, in essentially all cases — bootloader unlock is the standard warranty-void trigger. Per-brand specifics: Samsung sets Knox 0x1 permanently on first unlock; Samsung Pay/Secure Folder refuse permanently regardless of relock. OnePlus unlock is reversible-policy — relock + reflash stock can restore warranty service eligibility for hardware issues, though OnePlus retains records. Xiaomi/POCO similar to OnePlus — relock + reflash often restores eligibility. Pixel: Google's policy is unlock voids warranty but Google service centres are sometimes accommodating for hardware defects; less strict than Samsung. Motorola: official policy void; practical service centres often accommodate hardware claims. EU consumer law (Sale of Goods Directive) provides hardware-defect statutory rights independent of manufacturer warranty for EU purchases — manufacturer must honour for the legal warranty period regardless of bootloader status.

Can I re-lock the bootloader after unlocking?

Yes for most brands, but with caveats: (1) Most brands support fastboot oem lock or fastboot flashing lock to re-lock. Re-locking requires reflashing stock firmware first; locking with custom firmware will brick. (2) Re-lock does NOT restore Knox to 0x0 on Samsung (Knox is hardware fuse — irreversible). (3) Re-lock typically restores Play Integrity DEVICE verdict for most apps but not Samsung Knox-bound features. (4) Some brands (Pixel) record unlock history in firmware metadata that persists across re-lock — sophisticated banking apps can sometimes detect previous-unlock state. (5) For warranty purposes, re-lock + stock reflash is sometimes useful but does not guarantee warranty service — manufacturer service centres can sometimes detect previous unlock. The right framing: re-locking is technically possible and useful for some scenarios but does not fully reverse the unlock decision — it is a partial reversal.

Android phone in fastboot mode showing bootloader unlock screen
How To Advanced 8 min read

Unlock Bootloader on Android — Brand-by-Brand Guide (2026)

Unlock the bootloader on Samsung, Xiaomi, OnePlus, Pixel and Motorola — exact steps per brand, OEM unlock waiting period, and what gets wiped in each case.

Naz N.
Read More →
Complete Android rooting guide 2026 with Magisk
How To Advanced 7 min read

Complete Android Rooting Guide 2026

Complete Android rooting guide 2026 — what root is, why root, modern Magisk method, device notes, post-root setup, banking-app reality.

Saad Bin Abdul Hai
Read More →
Xiaomi phone showing Mi Account verification lock screen
Guide Advanced 8 min read

Xiaomi Mi Account Bypass — Working Methods (2026)

Xiaomi Mi Account locked? 2026 working methods for Xiaomi, Redmi and POCO phones — what triggers it, what works in HyperOS, when DIY fails and pros help.

Naz N.
Read More →