It's good to have an option like that, even being a default, but there definitively need a switch to disable that if it is your own will.
It's not even necessarily that good enough against cops, because in a lot of shitty countries, even some pretending to be democratics, not disclosing or at least inputting your password might be a crime severely punished.
If I'm not wrong, there was a guy that had to stay years in jail until he would comply with the judge order to unlock his device.
Interestingly, it could also be seen the other way around; it's a potential way for Google to force deployments of system updates (potentially at the request of law enforcement). With an automatic reboot, then the update can automatically be applied without user action.
This makes no sense, Android already will reboot itself after receiving an update and being inactive for a while (generally while charging it will install the update in its secondary partition, do some verification checks and reboot if there is no user interaction).
This sounds vendor-specific and not general for Android. I've never had that happen on any device but Windows and I would be very upset if it did happen.
This is default on iOS and on many Android versions.
It's often configurable, but e.g. carrier policy or local vendors can enforce it.
To have updates automatically install overnight is the maximally desirable scenario - waiting for user approval usually result in open vulnerabilities, and if you interact with a prompt you are by definition using your device and it is therefore a much worse time than while you're asleep.
On Android, my experience has been that new major versions are often unstable / involve some risk of bricking / include feature regressions (dumbing down of multi-task in Android 13 if I remember well). Waiting for a few month before installing a major update, while not optimal for security, is necessary to make sure that the most critical bugs are fixed beforehand.
Regarding applications, today there's so many applications being always updated all the time that there's no way it's good for the flash memory to constantly rewrite it every day. Plus this often leads to random application restarts while they are updated automatically. (and non-OSS applications updates can result in unwanted changes such as more ads, random changes in UI...).
It's still possible to disable automated updates on Android and I am glad that they allow it.
Major version upgrades are a different type of upgrade altogether. They are optional while the previous major is still maintained.
Minor upgrades is what should always be automatic.
> Flash wear
No, it doesn't matter.
Total write endurance (i.e., the number of bytes written the device is designed to handle under some standard load) is usually a large multiple of the chip size itself - say, 200x-400x, so e.g. 100TB of writes for a 256GB setup. A particular workload is only really meaningful to flash wear if it is in the scale of several full storage rewrites during the lifetime of the device.
The exact write endurance depends on the exact configuration (specific chip selection, allocated reserve), but even microSD cards have wear levelling these days.
Your device is going to die or be retired with a certain flash write wear, but I find it extremely unlikely that your device will die of a flash write wear. The wear endurance is dependent on the specific flash setup.
A much larger cause of wear is app caches (e.g., streaming video continously overwriting a disk cache, browsing social media). If you take pictures, those might end up written multiple times as first the original is written, then the automatically processed version, then any edits you make, then if storage saving measures is enabled maybe its deleted and a compressed version is written, if you later open the app the original is downloaded and written again, ...
> They are optional while the previous major is still maintained.
I don't think there is such a choice on Pixel phones but I'd be happy to be proven wrong. When the next major update is available the phone just asks to update to it every few days (but won't do it without user consent). I don't think there's security updates on a given phone for old major versions when a new one is available (there likely are for older phones that don't get the major update however).
Thank you for your explanations on flash wear, makes sense. Taking a low value of 13TB endurance (64GB times 200), this is still 7GB per day for five years and I don't think app updates can consume that much.
On Android? It must be an app-specific issue because it's possible for apps to implement alarms so that they work before unlocking the device after a reboot, but I don't know the technical details behind it.
I've had that happen a few times and the alarms went off on time but they used the default alarm tune instead of the one I had selected, presumably that data was still encrypted.
I haven't had that happen on iOS, but I have woken up in the night needing my flashlight just to find my phone applying a lengthy update. I have it set to download automatically and install manually now, I believe.
I haven't had any problems in at least 7+ years, but I work in coffee and I can remember at least two instances where an Apple update made half the staff late by turning off their alarms, myself included.
I like an amber booklite, it isn't as compact but the light is better for keeping in the sleep mode. We used those as our lights to help develop our child's sleep hygiene. Cupped our hands around the light part as we puttered around.
I do, in my nightstand. In the event of an emergency where we’re without power, I do not want to waste my phone’s battery power by using it as a flashlight.
Long Press power while pressing volume down works on all Android devices I've used to date.
And that's ignoring the fact that disconnecting power, waiting a few days and then reconnecting it will inevitably let you cold boot it, too (which this would be an equivalent to - as far as I understood it)
Your are absolutely correct. I mixed it up from playing with various Android versions in 2010-2016. The long press alone got the reboot, and the volume down + power booted into the bootloader. Hence my memory with both, as I always pressed both until the bootloader was available - but you are right, long press power is enough for hard off
They should really implement a dual user / dual password system to combat those countries.
If you enter password 1 it goes into your normal account, if you enter password 2 it goes into another user account with a burner environment where you can install a few token commonly used apps for plausible deniability.
The existence of password 2 should be optional and you should not be able to tell if the system has one or two passwords configured.
I dunno, my elderly and non-tech-savvy in-laws travelled to the US (from Canada) last week and wiped their phones of social media apps and stored messages before crossing the border based on media reports around the US CBP’s handling of border crossers’ devices, so I’d say an empty phone is pretty plausible for anyone in that situation.
You can either use: separate user accounts (needs context switching) or a new private space feature. Private space was introduced with Android 15 and can hide its existence (from the launcher).
> in a lot of shitty countries, even some pretending to be democratics, not disclosing or at least inputting your password might be a crime severely punished. If I'm not wrong, there was a guy that had to stay years in jail until he would comply with the judge order to unlock his device.
This sounds a lot like the Regulation of Investigatory Powers Act 2000 in the United Kingdom, where several people have been prosecuted and imprisoned for failing to provide encryption keys.
> imprisoned for failing to provide encryption keys
This scares me, because I have plenty of old devices I no longer know the passwords for. I don't think I'm alone - plenty of people forget passwords they don't use in years.
If the police came and searched my house, they could probably find some ancient laptop or phone from a decade ago, demand I unlock it, and then put me in prison forever when I cannot do do so.
Do SMART records contain enough information to prove that the laptop had not been used in years (assuming you had a suitably effective barrister to make use of this information)? RTC (clock) drift could also give a hint that the laptop had not been connected to a time server in a while.
Also (this may be of limited consolation) the officer who compels you to disclose the key must have some idea of what data it is protecting in order to satisfy RIPA 2000 s 51(5)(a):
> The matters to be taken into account in considering whether the requirement [for proportionality] of subsection (4)(b) is satisfied in the case of any direction shall include... the extent and nature of any protected information, in addition to the protected information in respect of which the disclosure requirement is imposed, to which the key is also a key
Wouldn't you be able to argue this in court for this rare case? With a phone that can be shown to be in use constantly it would be more difficult to prove you forgot
Yeah. We dealt with a case where a guy claimed to have forgotten his mobile phone pin.
But we voted to convict after I pointed out it was the phone he’d been using every day, for years, and was quite implausible, and convenient, to forget something like that right after being arrested and asked for it.
Possibly could have gone differently if they had said they changed their 15 letter password every two weeks, but really?
What if they changed their password right after being arrested, and then forgot? Immediately after changing your password does tend to be the time most people forget their passwords.
If you get changed with a RIPA password offence it’s almost certain going to Crown Court and an (expensive!) jury trial.
CPS won’t (as a matter of policy, and also can’t afford to waste time and money) spend time trying to prosecute a forgotten password for old laptop, unless it’s connected to some other serious, evidenced, allegations.
(I was on a jury in just this situation. Reasonable doubt is a high bar and prosecutors know this).
Probably a good time as any to replace it with something purpose-built anyway. A Raspberry Pi with a directional microphone and a custom app feeding said microphone data to a service like AudD or ACRCloud could readily do the trick without any of Android's extra baggage - though I do wonder how effective those services would be at detecting songs amid a bunch of background noise like Bop Spotter does via Shazam.
Phone cameras are better than anything else you can get in the same form factor. The very expensive patents behind image processing algorithms keep good cameras out of the hobbyist world.
Same for 5G modems. A $50 phone will give you gigabit 5G, but you'll pay $500 to get that in non-phone form factor, mostly because on patents on the 5G tech which are charged differently for phones vs dedicated modems.
Perhaps, but it's also inexpensive to (properly) use one or more 18650s with a Raspberry Pi if that's what one wants to do.
I think the main advantage to using phones for random stuff is availability: We here on HN probably have a decent selection of old phones to pick from, so it doesn't cost any money at all to give a new purpose to one.
Why so dismissive of how somebody wants to re-use an old phone that you would compare them to the absurd fictitious behavior in that comic? Would you rather they become e-waste? If it fits their needs then it fits their needs regardless of the use-case that was marketed.
It's a Google Play Services update, likely explicitly to be able to push it to all (Google-using) Android phones immediately, without waiting for OS updates. This will not be a "Guess I'll get it in a few years" update.
I generally like XKCD but dislike the message in this comic. If that's that guy's workflow, they don't have to actively support it, but he should be given the option to disable updates so he can continue to use his tools in the way he sees fit.
Yeah that's fair lol. But I guess in the context of this discussion, Google can push stuff onto your phone with Google Play whether you want it or not.
This is super annoying on newer iOS for device that I use purely for development. Before it was possible just keep iPhone unlocked indefenitely, but now it reboots and boom I have to use TouchID again.
This is again Apple being Apple making things harder without option to disable it even when development mode is on.
Problem is not user activity - it just needs PIN, TouchID or FaceID. Even if you logged to device via iPhone Mirroring it's still gonna reboot, get locked after 72 hours and for me personally it breaks iPhone Mirroring half of the time too.
One physical option to bypass it on iPhone SE is to actually physically activate PIN entry and then use Voice Control command to enter the pin since it works even before first unlock. Though this is basically compromises pin and device encryption. But it's cheap since there are plenty of $2 devices that can simulate touchscreen clicks.
I just want some easier option that works and not require agent 007 setup to just run a buld of my AI-generated crap via Xcode.
Unfortunately I use Advanced Data Protection on my Apple account so I kind a need that passcode. And moving to having completely different Apple account for development is PITA.
But I think connecting a device that can be used as authentication method without choosing a defense would negate the purpose of advanced data protection of your account and other devices.
Let's say I'm not super heavy Apple service user. For me Advanced Data Protection is defence against Apple itself and ability to keep little information I share via iCloud somewhat secret: mostly another backup of some photos and few other things.
It's not like I'm trying to defend against some state actors or whatver.
Hmm, yeah that seems wrong. I don't get reboots on devices I use frequently; I think it is only supposed to kick in when the device is not in use for a long time (it is meant to stop police who have a locked device they will try to brute force into).
Are you on latest iOS? Are you stilllocking / unlocking the phone once in 3 days at least?
7 days timeout on was introduced in iOS 18, but then decreased to 3 days. I dont use this device physically - it's just a phone that always connected to power and sit on top of mac mini for debugging and running some ios exclusive apps.
And I honestly dont do anything remotely interested to the police to worry about it. Yet it all just worked and now it doesnt.
My physical ios device test harness has no pin numbers/touch id activated for any of the connected phones. I noticed early on in testing that it would require physical access to reinput the pin code even when the device was already unlocked when I would restart an XCUI test.
If you're able to have fully unlocked devices at your test setup I'd suggest giving that a shot to see if it fixes your issue around device restart.
If I remember correctly, Apple actually picked up the feature after seeing it implemented in GrapheneOS. I think some people associated with Graphene were calling on Apple to add it for security reasons.
Fair point. It's a frustrating pattern that seems to repeat, and I think partially it stems from when other brands are too thick to understand why people are choosing the competitor.
Web browsers are an immediate example that comes to mind. When everyone started switching to Chrome, the other browsers fell all over themselves to strip down into minimalism, as though it was the sparse UI that was capturing users' hearts, as opposed to the rendering speed and compatibility. So then you had all these other fat, slow browsers that took away the only thing that was still distinguishing them from Chrome.
In this case though, I guess it's about money. Why put in an SD card slot when you can instead extort your customers for a cloud storage subscription or a lucrative upsale to the higher model with more storage?
Meanwhile as a customer nothing makes me more irate than "upgrading" to something that's worse because I can't replace the battery and the OS no longer gets updates.
The minimalistic UI was kind of the original headline feature, I have to note—it’s literally in the name that the browser was to be little more but chrome around the stuff the user actually cares about, that being the web page. It’s just that the other things turned out to be more important.
In December 2024 all UN member countries voted in favor of "UN Cybercrime Treaty" which binds signatories to adopt a legislation to force you to give cops your passwords and other credentials.
Eh, I see the language "urges" in there regarding putting it into force. It would still need to pass Congress etc. and my guess is that such a provision would face massive domestic pushback.
I can only second this. I have an old iPhone with a second sim-card, because I need it from time to time. And Apple introduced this auto-reboot a bit earlier, iirc last year. The problem is that after rebooting it also disconnects from wifi, so e.g. SMS/handoff synchronization stops working until you enter a passcode. This is very annoying because it was very convenient for me to receive calls/SMS to my main iPhone.
It’s a good and reasonable feature, especially if for some reason you are afraid of state or security agencies in a place where you live, or maybe during travel. It’s still questionable, because in some states you can indeed go to jail if you don’t unlock. Yet, I really want to be able to turn it off for use-cases like mine.
Apple doesn’t like supporting the use case of multiple phones for one person. They even encourage their employees to use their personal devices and accounts.
>It’s still questionable, because in some states you can indeed go to jail if you don’t unlock. Yet, I really want to be able to turn it off for use-cases like mine.
Even if the end result is the same, anything that forces authorities to use official power over informal power is a net win.
I don't get the difference. Today after 72 hours (3 days) my phone asks me for my password and won't accept biometrics. Also, this is a problem for all the people that use them as alarm clocks. I use Alarm Clock Xtreme for example.
(At least on iOS) shutting down the phone has something to do with wiping credentials/keys from RAM from where they can potentially be dumped. A just-booted phone is fully encrypted with no keys in memory.
> Also, this is a problem for all the people that use them as alarm clocks.
Yes. But quite honestly the right solution for that would be Apple providing an alarm clock API. The alarm clock application could call it with the next scheduled alarm’s time and the os would just wake up at that time and let the application do the sound / alarm thing.
This isn’t unusual, the USA is a an exception; commonly the view is that electronically unlocking a phone or laptop is much like any other legal search, e.g. opening a garage or a locked room.
Yeh, the quoted commentary is hyperbole. My homeland (the UK) has such a law. I do think that law isn't great. But my country isn't shitty, and it's certainly a democracy.
If we start being perfectionist, we pretend there's no difference between most nations in the rights their citizens have. And that's not even remotely true.
For this use case there needs to be a reasonably quick way to erase/permanently lock a phone. Or maybe it needs to be something that is both 1. Less severe than that 2. Secure against personal inducements 3. More automatic.
So maybe something like a paired app with a friend/someone who is beyond the reach of the authorities, and if the phone isn't unlocked in a given definable period (or it can be triggered immediately), it then can't be unlocked without that person's active cooperation.
That's off the top of my head, so I'm sure there are optimizations.
This just gave me an idea: How about the phone accepting 2 password. One is the regular password and brings you into your regular account and then a dummy password that brings you into a dummy (but somewhat plausible, maybe user set up) account. That way you can still enter your normal account whenever you feel like it and if you are being pressured you just put in your "alternative password" and it just brings you to the dummy account.
But the problem is that when authority wants you to unlock your device, they kind of already know why, what they are expected to find but they would that as a more complete proof. But from external input they would expect some downloaded files or accounts (like social accounts you were connected with your phone a minute ago), some SMS they saw passing, some call logs, so connection to your known accounts...
A Veracrypt style hidden OS profile that is forensically invisible would be a better option - This would allow one to enter a password and give another "profile" or OS- that unlike current alternate profile stuff- would be solid against Cellebrite and GreyKey snooping into the device, and it'd be impossible to tell there was a hidden user/etc on it
Stories about airport security and officers demanding access your phone is one of the reasons I will never come to the US.
An (Italian) friend of mine was stuck in Newark for 8 hours after he refused access to his phone, dragged in some room and questioned for hours along his wife while split from him own kids, even though he later gave them the password (he initially said no because he thought it was out of the line, he had nothing to hide).
He left livid for Italy 16 hours later despite being free to go on with his vacation.
The Italians do the same thing. If your name matches some name or you’ve travelled to some naughty place, you’ll get picked for this sort of thing.
That said, the last time I went to Italy the customs guy looked annoyed at being awake. He asked my son’s age (he is huge but too young to use the electronic gate), then shrugged and stamped my passport with all of his strength.
Don't spread misinformation. The difference is that in Italy it is not against the law to not hand out the password to your phone -- or anything else for that matter.
In the United States, you have a fundamental right to not testify against yourself, including providing a password. You can be compelled to provide a biometric. The UK has taken a different approach and my understanding is that you can be jailed for refusing to provide a password.
Most countries recognize very different limits at a customs boundary. Is this appropriate in an age where a tiny device gives you access to all of your "papers" in many cases? I don't think so, but international law doesn't recognize our concerns with respect to that.
> Most countries recognize very different limits at a customs boundary.
In the US I've heard that boundary (the "border") encompasses ~75% of everyone living inside. It's like "within X miles of a border" and includes rivers and airports as well as the entire coastline.
I'm not up to date on these rules and who's been caught out by them, but I have repeatedly heard the claim above.
That is also true in the US. Of course they can use it as a reason to deny you access to the country if you’re a noncitizen, but you don’t have to hand it over.
Is there any country in the world that has an explicit policy saying that non-citizens don’t need to provide phone passwords on entry? I’d consider a burner phone necessary to visit any country that doesn’t have such a policy.
There is always something that can be done. Like if phone is not actually powered on for x time set by the user it automatically factory resets all data. Or if phone is out of cell service for x time like as in a faraday bag in evidence then it resets itself. Or make it so that after a reboot it can only be opened if on a certain wifi hotspot or geolocation.
Ultimately I am not a security expert or know if any of those ideas would actually work but it seems like you could add a few steps making it harder. Maybe it can be locked out and you can set a specific apple store which would require your ID before they can send a release code allowing it to be unlocked.
All of that is probably way to complicated to be worth it for a typical user but I do think there can be a way if it was truly critical.
> because in a lot of shitty countries, even some pretending to be democratics, not disclosing or at least inputting your password might be a crime severely punished
What's your point? That because it isn't useful in every country, it's not worth making available to any countries?
It's not preventing you from providing your password.
You started by saying it's a good option to have, so I don't understand the point of your second paragraph.
I was thinking this would be the final death knell to using an (unrooted) Android phone as a cheap home server. But then again, not sure if that was even possible before with all the "battery protection" logic built into Android.
>not disclosing or at least inputting your password might be a crime severely punished
And to your point, I believe it's now the case in the U.S. that you can be legally compelled to unlock a fingerprint lock, but not a pin for whatever reason.
Compiled unlock via biometrics is still somewhat contested. The general argument boils down to biometrics being something you can't really protect internally. A passcode that is only known inside of your gray matter can therefore can only be externalized via some sort of testimony. Being compelled to reveal a passcode violates your ride against compelled speech and self-inccrimination.
In US you are protected by 5th. But it seems like the question hasn't been addressed by the Supreme Court since currently the answer depends on your jurisdiction. Which inspired me to check: here in Pennsylvania, the court cannot compel you to unlock your device with the password.
But it has already been argued successfully that giving biometrics is analogous to giving blood, hair, fingerprints, standing in a lineup, providing a writing sample, or wearing certain clothes, all of which you can be compelled to do. To argue against being compelled to do or provide biometrics without using testimonial arguments would be going against a lot of case law and precedent.
There is a specific precedent where you being compelled into providing biometrics can be inadmissible, and that is where you are compelled to unlock the phone, since doing so, even with biometrics is akin to providing testimony that the phone is yours, you know how to unlock it, which finger to use, etc. (see United States v. Brown, No. 17-30191 [1]). But that doesn’t actually prevent them using your biometrics to unlock the phone, so its pretty niche.
This is a bizarre response. My comment was not a denial of legal history on biology-as-testimony, it was instead opening space for other legal or philosophical objections: autonomy, bodily integrity, possibly Fourth Amendment concerns about unreasonable searches.
But you're replying as if my comment was claiming courts haven’t treated biometrics like physical evidence. That's not what I was doing.
The reference to Brown here appears to be massively misleading: far from being niche, it complicates the biology != testimony in a way that cuts to the heart of the most common real-world application of biometric compulsion which is smartphone access; from chatgpt'ing about it it appears that it's not the only court to rule on this and it probably awaits a SCOTUS decision to resolve an existing split.
You didn't elucidate any of that, or actually make any argument, so I had no way of knowing what you were thinking. You said “being compelled to provide biometrics does not necessarily hinge on it being analogous to testimony” so I stated that there was a lot of established case law already on compelling individuals to provide analogous physical information/samples, which covers bodily autonomy, bodily integrity, and the 4th Amendment. The only contention as far as I know, is around the 5th Amendment, but if you had other information, I’d be interested to hear it.
The Supreme Court has declined multiple times to hear cases that would help settle the legal ambiguity. I don’t think United States v. Brown complicates things because the specifics on the case were not whether or not you can be compelled to provide biometrics, but whether being compelled to “unlock a device” and manipulating the device yourself constitutes protected testimony. [0] They even cited United States v. Payne [1] where the court upheld that forcibly taking your finger to unlock a phone did not violate the defendant’s Fifth Amendment rights, and at issue was only the wording of the order.
From my understanding, the current split about being compelled to provide passcodes, and to a much lesser extent biometrics, is the foregone conclusion exception stemming from the Fisher v. United States [2] case, where, as Justice White said “the existence and locations of the papers[were] a foregone conclusion and the [defendant’s physical act] adds little or nothing to the sum total of the Government’s information by conceding that he in fact has the papers… [And so] no constitutional rights [were] touched. The question [was] not of testimony but of surrender.”
This has been used in relation to court cases on biometrics and passcodes [3]. It appears that courts that rule that you can be compelled seem to look narrowly at the passcode itself i.e. the government knows you own the phone and knows you know how to unlock it, so it is a foregone conclusion to provide it. Courts that rule you cannot be compelled seem to look at the phones contents i.e. the government does not know what is on the phone so decrypting the data would be providing protected testimony, or a stricter interpretation that you cannot be compelled to disclose the contents of the mind.
Because it's an effective tactic against exploits that can't survive a reboot, which is somewhat common from my understanding. The idea being that police can confiscate your phone and just keep it on and charged until they can buy or develop an exploit targeting your current device and software.
I was admittedly confused about this distinction at one point too. It's a trade-off (although few people effected by this own phones with truly free, user-respecting soft/hardware in the first place).
Not really. Samsung was the first with this, but their reasoning had absolutely nothing to do with security. It was because their phones slowed down over time and their solution was to give users the option to reboot it at specific intervals. You could even make the argument that the Samsung solution is still the superior solution because you get to set the interval.
As the GrapheneOS docs note, the feature is better implemented in init and not in system server or the app/services layer like Google has done here? Though, I am sure Google engs know a thing or two about working around limitations that GrapheneOS developers may have hit (in keeping the timer going even after a soft reboot, where it is just the system server, and the rest of the userspace that depends on it, that's restarted).
Huh, I have GrapheneOS and I never noticed it rebooting. (And when i manually reboot, the "BIOS" prevents it from booting without acknowledging that I'm aware it's a non-Google OS, so how does it work?)
The feature is not enabled by default. Also, the boot doesn't wait for you indefinitely - it just gives you a few seconds to glance the checksum and halt it, before it proceeds automatically.
You don't have to acknowledge anything. The boot screen shows a warning which you can interrupt. If you don't do anything it'll continue to load as normal.
No. Play Services is Google's way to make Android closed source. Many new features don't get implemented in Android, but Play Services. Many apps don't work (correctly) without Play Services.
Being closed source is not the goal. Update speed, consistency across the ecosystem, and feature development speed are key reasons things are implemented via play services. Also dependency on google services, but that's not relevant here. AOSP is greatly improving in its ability to tackle these things, so the choice to implement things in play services won't be as compelling as it is today for things not ultimately tied to Google.
Play services is how Google delivers many Android updates now so that all users can get security updates without waiting for the device vendor to publish it for each device.
I’m not sure it was because they cared about security - looks more like accounting for 32-bit timestamp rollover would be very disruptive to the huge (legacy) code base and it was a quick fix to work around the problem :)
I'm pretty sure you're joking. Windows 95 crashed if you sneezed in its general direction, I'm pretty sure it would blue screen due to some edge case well before 49 days of runtime.
To this day, some programs malfunction after 2^31 milliseconds have passed since bootup, which is the halfway point. Milliseconds since bootup has just become negative, and has not rolled over yet. Just having a negative number of milliseconds is enough to mess with those programs.
As the article alludes to, Apple recently shipped the same policy to iOS so this is likely just following the precedent from them. Android developers don't pay attention to community forks.
Graphene's autoreboot has 12 different options (excluding disabling it) ranging from 72 hours down to 10 minutes and the timer is reset each time the device is unlocked. Tbh I think a 1 minute setting would actually be nice (for things like when you are going through customs, etc) but I get why they don't provide it.
The system only reboots once it has been locked for a particular duration. Setting it to 1 minute basically says: put the system into a more secure state (e.g. purge unencrypted memory) and ensure that it is ready to go when I next need it. That said, while it is not unrealistic it would be problematic since accidentally letting the phone lock (e.g. input timeout) would result in a time consuming reboot.
Its not an OS update, its a Google Play Services update .. so if they still apply you would get it
I found it strange that things like 'prettier settings screens' and 'improved connection with cars and watches' would be included in Google Play Services. Surely those things are part of the OS not part of a thing which helps you access the Play store?
I've been using a LineageOS (prev. Cyanogenmod) phone for years and have never installed any google stuff so I don't get these updates anyway.
One possible option would be to install Netguard (open source Android firewall that doesn't require root) and block Play Services.
I have that on a spare unrooted Android phone. Seems to be working so far. But I'm sure Google could bypass it if they really wanted to. I don't know if they've ever made an effort to bypass Netguard (or similar) in the past.
Not bad. If I could make a feature request it would be something like, After 3 days of being idle:
- [ ] Reboot
- [ ] Power Off
- [X] WIPE triple opt-in
Maybe there is a custom phone OS for this that makes the phone act more ephemeral and network boot off my self hosted iPXE/immich server? A dumb smart phone so to speak. An ephemeral diskless phone.
I've been fantasizing about building an iPXE netbooting phone for a while now, glad to see that I'm not the only one. Mine was sparked by seeing some journalists in my country getting arrested recently.
I think it should be doable _technically_, but I think getting the mobile radios working before the OS boots would be challenging.
If the phone can boot off a thumb-drive then people could have a keychain thumb-drive that serves the sole purpose of a minimal OS that can iPXE, boot the real OS and pull down the users contacts, apps, etc... maybe?
A long long time ago, adding Gmail to your phone via the Exchange protocol over m.google.com gives Google the ability to wipe your phone remotely, including iPhones as well. No management profile needed.
Someone may want that behavior if they were intentionally injured and kept from their phone for 3 days. The perpetrators will eventually get past the hospital security. Contents should be backed up in a safe place either way, possibly in a place that someone that cares about them may access it.
Mine randomly reboots semi-periodically already, even when it hasn't been shown as having downloaded an update.
That said, I think this is a fairly good idea, although with the encryption stuff they do, this will cause people who rarely use their phones to miss calls and alarms.
It would be easy to store alarms in an unencrypted partition or even EEPROM as they take no space. Calls is a harder problem, although in principle if the SIM doesn’t have a PIN, you should have everything you need.
I found that this saves a lot of battery. My old Motorola G5G is now sitting idle, and I had to charge it every 4-5 days. I found that if the phone is restarted and NOT unlocked, it will stay charged for more than 10 days. My best guess is that a screen unlock is required to start many of the OS-level services, which takes up all the battery.
If this is true, then the new update will save a lot of battery for those phones that are sitting idle.
I have 3 phones, for various reasons. Not SIMs, but 3 devices. The usage is radically different between them. 2 of them are used daily but even there one routinely runs out of battery and other does not dip below 80%. The third one gets used when it gets used :)
> ...the new Play Services will limit that exposure to three days, even if it's plugged in.
This will be fun to track down after a long weekend in embedded devices once this android patch number is old enough to be baked into crappy payment terminals and mall kiosks.
1) There is no developer accessible API to allow app developers to create an app to allow me to script power options (example, as an end user I want to script a restart or shut down my phone nightly).
2) Asking Google Assistant will not restart or shut down the phone.
3) Apple and Android have made it harder to shut down the phone, requiring double key press kung fu to even bring up the power menu.
One click where? Have you mapped it to the Action button on the newer phone models? Or do you launch the shortcut by tapping somewhere (widget on Control Center or elsewhere)?
Or if you're primarily reachable by an app that can't launch until AFU, the phone reboots silently and you don't realize it, and you're incommunicado.
Some time later, you need to do something on the phone, you unlock it, the app starts up, and a flood of messages pours in. Wow, some of those would've been really useful to receive in a timely fashion! Whoops!
I don't remember the PIN to my work SIM card. Can't wait to lose my work phone halfway through a conference / business trip because I haven't touched it in a while.
This won't help those of us living in countries where "elected" officials elect themselves. We haven't had a single honest election in decades (and probably won't ever have one), so measures like this are better than nothing.
You don’t vote for the police or the three letter agencies and elected officials have little power over people with guns. Yes I know both on the the state level the police are suppose to be under the command of the civil government. But no elected official wants to get on the wrong side of the police unions.
Besides most people support the police no matter what. Police know not to abuse their powers against Whites.
That plan, if implemented, may last as short as 1 election cycle. All political progress will inevitably be undone.
In contrast, technological change will forever alter the balance of power. What we should be asking is "Instead of patching society with political solutions, how about we solve fundamental problems permanently with technology?".
If you vote for the wrong people (i.e. people that want a more humane society), the billionaires will simply coup the government. Remember: they own the things that keep society running, so they have real power. We run the things that they own, so we also have power when combined together.
firstly how about fixing software which forces 'inactive hours' yet reboots even when cpu is at 100% utilisation, and software which dims or locks a mobile screen during video playback, and soft/hardware which doesn't respect user-supplied suspend/standby timeouts in their power plans, and ....
No notifications? Depends on what your definition of "asking it" is, but having to explicitly do an action to check for notifications and even phone calls seems counter-productive for a phone.
I've mused about writing a distribution license where every type of notification and update can be disabled, and any modification must follow the same license.
STFU (BSD equivalent) and STFU-O (GPL equivalent)
No LGPL equivalent because I would want even software that uses STFU-* licensed code as a library to follow the STFU-* license.
Just have to explicitly define what counts as a notification lol
I'm surprised this is something taken seriously only now by stock android. Isn't it known universally that AFU devices are insecure? What's the point of adding strict password policies, biometrics etc, if data from a stolen phone can be (relatively) trivially be exfiltrated unencrypted?
Samsung's have had some feature that lets you set days of the week for the phone to restart (IME during early morning hours) automatically. It's not perfect but it's something. iOS seems to have some unclear logic to either restart or re-request password (not biometrics).
Because they protect against different actors. A stolen phone? The thief likely just wants to strip your phone down to parts and sell the parts if there is a passcode. If there isn't anything, perhaps the thief would wipe it and sell it whole as a second hand device.
Only law enforcement cares about the difference between the AFU state and BFU state.
« This actually caused some annoyance among law enforcement officials who believed they had suspects' phones stored in a readable state, only to find they were rebooting and becoming harder to access due to this feature. »
Wouldn't the phones run out of battery after a few days anyway?
Or do they keep them plugged in?
Can I configure this? In some cases I'd want the auto-reboot to be more aggressive (for example: after 3 hours). In other cases I'd want to disable the auto-reboot entirely.
> This actually caused some annoyance among law enforcement officials who believed they had suspects' phones stored in a readable state, only to find they were rebooting and becoming harder to access due to this feature.
Lmao.
> The early sluggishness of Android system updates prompted Google to begin moving parts of the OS to Google Play Services. This collection of background services and libraries can be updated by Google automatically in the background as long as your phone is certified for Google services (which almost all are). That's why the inactivity reboot will just show up on your phone in the coming weeks with no notification. There are definitely reasons to be wary of the control Google has over Android with elements like Play Services, but it does pay off when the company can enhance everyone's security without delay.
What if just while that occurs I need to make or receive an emergency call?
Sometimes it feels like tech is going backwards. Rather than rebooting, just develop a proper method to unload/uncache, without making a device useless while that happens. Or use that multicore arch to swap the “dirty” instance with a clean one, in realtime.
I was wondering about this too, or even benign annoying situations like you were doing research and forgot it was going to reboot on schedule and now you lose your train of thought
Samsung phones have had this feature for years. But it’s not what you think. Samsung phones gave you the option to reboot at various intervals because their phones would slow down over time and their solution was to allow the user to schedule a reboot. Now it’s.a security feature.
Android ships a feature called bootchart which you can use to prove that most of the time your phone spends booting.. it is actually far from bottlenecked on storage or compute - bugs to be fixed; not worked around with even more complexity. Heck, some phones do not even stop playing their vendors fancy animated logo when they are finished before the animation is.
uhh, that's going to disrupt Briar Mailbox, which relies on an Android device to act as an always-on node. I really hope there is a way to toggle this.
If you are in a hospital- your phone will reboot to pin level. So you need to unlcok it few times and wait 3 minutes before it becomes reactive.
Then all your alarms will not work.
They add crap like this, yet the stock calendar app needs a separate appto play music to warn you. This of course breaksafter a reboot..
My grandma has a second phone as backup - it will constantly reboot and will never be ready to be used the time it is needed - as a backup. Since it will keep rebooting and requiring a pin.
Who comes up with those anti user ideas?
That we will probably
be unable to turn off (or the option to turn off will disappear after few months). Also old people will not know how to turn it off
Why would I want my phone to auto reboot without my intervention? Never mind that it’ll never make three days on a single charge even if I don’t touch it.
Maybe? Could Microsoft have a layer of third party customization between user space and kernel where MDM lives without crashing the operating system like CrowdStrike did?
It is not clear to me at all why the ‘benefits’ presented outweigh the negatives (which is _my_ device doing anything without me instructing it to). Even if you can turn it off, this is apparently enabled by default.
Law enforcement keeping hold of my phone for 3 days is simply not a realistic problem for me. Coming back to an annoyingly locked phone after forgetting it for a weekend very much is. The chances of law enforcement wanting anything with it are low enough that dealing with an extra unlock is more likely to be an impactful issue, even considering the potential impact that law enforcement or others stealing it could have.
> Coming back to an annoyingly locked phone after forgetting it for a weekend very much is.
It is?
I mean, my iPhone asks me for my passcode every 7 days anyways. And that's the only thing that happens on reboot anyways.
Also, you forget your phone for a weekend? How do you do anything during that weekend, like keep in touch with loved ones, get driving directions, pull up a boarding pass, check for delays, look up restaurants?
Easy, do what we did before mobile phones—civilization existed for thousands years and worked quite well without them (Rome built an empire sans mobile phones, so did the English). We even ran and coordinated the largest and most organized event in human history—WWII—without them!
Some of us have not yet succumbed to phone addiction (I often go for quite some days without using a phone and still have a normal life).
Hey, if you want to go back to life in Ancient Rome, with the disease and lack of medicine, the slavery, the dictatorship... I'm not going to stop you.
When you say civilization worked quite well for thousands of years, as an argument against mobile phones, I'm not sure you've quite thought your argument through... unless it's always been your dream to be a Russian serf, or an Egyptian slave?
There's no point further arguing about this matter with someone who hasn't lived through both pre and post mobile phone eras.
I'll just add this, I was amongst the first to ever own a cellular mobile phone. I owned several Motorola 'bricks' (DynaTAC) if you're old enough to know what that is, and before that I owned a mobile car phone in pre-cellular times, the nature of that tech was such that very few phone numbers were available—simply it was damed expensive and one had to be very keen to own one.
What I'm taking about is a lot more complex than your understanding (or that which you wish to admit to).
> Also, you forget your phone for a weekend? How do you do anything during that weekend, like keep in touch with loved ones, get driving directions, pull up a boarding pass, check for delays, look up restaurants?
Lmao I regularly go several days without calling family and months between any of those others.
That "something" is at least the entire userspace, so any attempt at doing so ends up being UX-equivalent to a full restart - while having a decent chance of leaving unintended trace data lying around in memory.
A full restart guarantees that everything will be wiped.
It’s not about data being wiped. It’s that neither Android nor iOS has
fully encrypted storage after you reboot and enter your credentials - biometric or passcodes.
Restart - simple with known and predictable effects, data no longer accessible, all secrets flushed no matter where they were or cached.
Turn off disk encryption, suspend all running services, overwrite all secrets in the O/S wherever they are, and then restore all that on entering password. Probably can't do anything about secrets cached by actual apps.
Complex, hard to maintain and probably buggy.
It's not even necessarily that good enough against cops, because in a lot of shitty countries, even some pretending to be democratics, not disclosing or at least inputting your password might be a crime severely punished. If I'm not wrong, there was a guy that had to stay years in jail until he would comply with the judge order to unlock his device.
It's often configurable, but e.g. carrier policy or local vendors can enforce it.
To have updates automatically install overnight is the maximally desirable scenario - waiting for user approval usually result in open vulnerabilities, and if you interact with a prompt you are by definition using your device and it is therefore a much worse time than while you're asleep.
On Android, my experience has been that new major versions are often unstable / involve some risk of bricking / include feature regressions (dumbing down of multi-task in Android 13 if I remember well). Waiting for a few month before installing a major update, while not optimal for security, is necessary to make sure that the most critical bugs are fixed beforehand.
Regarding applications, today there's so many applications being always updated all the time that there's no way it's good for the flash memory to constantly rewrite it every day. Plus this often leads to random application restarts while they are updated automatically. (and non-OSS applications updates can result in unwanted changes such as more ads, random changes in UI...).
It's still possible to disable automated updates on Android and I am glad that they allow it.
Major version upgrades are a different type of upgrade altogether. They are optional while the previous major is still maintained.
Minor upgrades is what should always be automatic.
> Flash wear
No, it doesn't matter.
Total write endurance (i.e., the number of bytes written the device is designed to handle under some standard load) is usually a large multiple of the chip size itself - say, 200x-400x, so e.g. 100TB of writes for a 256GB setup. A particular workload is only really meaningful to flash wear if it is in the scale of several full storage rewrites during the lifetime of the device.
The exact write endurance depends on the exact configuration (specific chip selection, allocated reserve), but even microSD cards have wear levelling these days.
Your device is going to die or be retired with a certain flash write wear, but I find it extremely unlikely that your device will die of a flash write wear. The wear endurance is dependent on the specific flash setup.
A much larger cause of wear is app caches (e.g., streaming video continously overwriting a disk cache, browsing social media). If you take pictures, those might end up written multiple times as first the original is written, then the automatically processed version, then any edits you make, then if storage saving measures is enabled maybe its deleted and a compressed version is written, if you later open the app the original is downloaded and written again, ...
I don't think there is such a choice on Pixel phones but I'd be happy to be proven wrong. When the next major update is available the phone just asks to update to it every few days (but won't do it without user consent). I don't think there's security updates on a given phone for old major versions when a new one is available (there likely are for older phones that don't get the major update however).
Thank you for your explanations on flash wear, makes sense. Taking a low value of 13TB endurance (64GB times 200), this is still 7GB per day for five years and I don't think app updates can consume that much.
And yes, this has actually happened to me at least twice.
I've had that happen a few times and the alarms went off on time but they used the default alarm tune instead of the one I had selected, presumably that data was still encrypted.
They all even share a unified battery charging mechanism and integrated packaging for easy portability.
I'm not sure if the idea of these pocket supercomputers will ever catch on, but it sure seems like it'd be nice.
These have existed for many decades.
(And it has been problematic for me at times when this happened.)
And that's ignoring the fact that disconnecting power, waiting a few days and then reconnecting it will inevitably let you cold boot it, too (which this would be an equivalent to - as far as I understood it)
power+volume = screenshot
There could be secret pathways but I don’t know them.
If you enter password 1 it goes into your normal account, if you enter password 2 it goes into another user account with a burner environment where you can install a few token commonly used apps for plausible deniability.
The existence of password 2 should be optional and you should not be able to tell if the system has one or two passwords configured.
It's gonna be seen as pretty implausible when you don't have constant & recent messages with your loved ones in there.
When Google does it: "Google is using it to help the FBI"
(But the iphone was hacked by the FBI...)
This sounds a lot like the Regulation of Investigatory Powers Act 2000 in the United Kingdom, where several people have been prosecuted and imprisoned for failing to provide encryption keys.
https://arstechnica.com/tech-policy/2017/08/man-in-jail-2-ye...
This scares me, because I have plenty of old devices I no longer know the passwords for. I don't think I'm alone - plenty of people forget passwords they don't use in years.
If the police came and searched my house, they could probably find some ancient laptop or phone from a decade ago, demand I unlock it, and then put me in prison forever when I cannot do do so.
Also (this may be of limited consolation) the officer who compels you to disclose the key must have some idea of what data it is protecting in order to satisfy RIPA 2000 s 51(5)(a):
> The matters to be taken into account in considering whether the requirement [for proportionality] of subsection (4)(b) is satisfied in the case of any direction shall include... the extent and nature of any protected information, in addition to the protected information in respect of which the disclosure requirement is imposed, to which the key is also a key
Possibly could have gone differently if they had said they changed their 15 letter password every two weeks, but really?
If there's an excuse for something that is difficult to disprove because it's based on the word of the person it would undermine the justice system.
Imagine if ignorance of the law was an excuse.
CPS won’t (as a matter of policy, and also can’t afford to waste time and money) spend time trying to prosecute a forgotten password for old laptop, unless it’s connected to some other serious, evidenced, allegations.
(I was on a jury in just this situation. Reasonable doubt is a high bar and prosecutors know this).
https://walzr.com/bop-spotter
Same for 5G modems. A $50 phone will give you gigabit 5G, but you'll pay $500 to get that in non-phone form factor, mostly because on patents on the 5G tech which are charged differently for phones vs dedicated modems.
I think the main advantage to using phones for random stuff is availability: We here on HN probably have a decent selection of old phones to pick from, so it doesn't cost any money at all to give a new purpose to one.
Don't think old Androids will get this update.
This is again Apple being Apple making things harder without option to disable it even when development mode is on.
Has anyone found a way to bypass it?
One physical option to bypass it on iPhone SE is to actually physically activate PIN entry and then use Voice Control command to enter the pin since it works even before first unlock. Though this is basically compromises pin and device encryption. But it's cheap since there are plenty of $2 devices that can simulate touchscreen clicks.
I just want some easier option that works and not require agent 007 setup to just run a buld of my AI-generated crap via Xcode.
Don’t set it up with a passcode in the first place?
It's not like I'm trying to defend against some state actors or whatver.
7 days timeout on was introduced in iOS 18, but then decreased to 3 days. I dont use this device physically - it's just a phone that always connected to power and sit on top of mac mini for debugging and running some ios exclusive apps.
And I honestly dont do anything remotely interested to the police to worry about it. Yet it all just worked and now it doesnt.
If you're able to have fully unlocked devices at your test setup I'd suggest giving that a shot to see if it fixes your issue around device restart.
For obvious reasons those ads are long gone...
Web browsers are an immediate example that comes to mind. When everyone started switching to Chrome, the other browsers fell all over themselves to strip down into minimalism, as though it was the sparse UI that was capturing users' hearts, as opposed to the rendering speed and compatibility. So then you had all these other fat, slow browsers that took away the only thing that was still distinguishing them from Chrome.
In this case though, I guess it's about money. Why put in an SD card slot when you can instead extort your customers for a cloud storage subscription or a lucrative upsale to the higher model with more storage?
Meanwhile as a customer nothing makes me more irate than "upgrading" to something that's worse because I can't replace the battery and the OS no longer gets updates.
In December 2024 all UN member countries voted in favor of "UN Cybercrime Treaty" which binds signatories to adopt a legislation to force you to give cops your passwords and other credentials.
https://documents.un.org/doc/undoc/gen/n24/426/74/pdf/n24426...
It’s a good and reasonable feature, especially if for some reason you are afraid of state or security agencies in a place where you live, or maybe during travel. It’s still questionable, because in some states you can indeed go to jail if you don’t unlock. Yet, I really want to be able to turn it off for use-cases like mine.
I have to have 3 devices: mine, work and a shared one for travel that crosses customs boundaries. It’s a massive pain in the ass.
Even if the end result is the same, anything that forces authorities to use official power over informal power is a net win.
Sure! Otherwise we won't be able to smoothly run our own servers on our phones: https://news.ycombinator.com/item?id=31841051
Yes. But quite honestly the right solution for that would be Apple providing an alarm clock API. The alarm clock application could call it with the next scheduled alarm’s time and the os would just wake up at that time and let the application do the sound / alarm thing.
I think you're basically calling out all the democracies, then.
If we start being perfectionist, we pretend there's no difference between most nations in the rights their citizens have. And that's not even remotely true.
So maybe something like a paired app with a friend/someone who is beyond the reach of the authorities, and if the phone isn't unlocked in a given definable period (or it can be triggered immediately), it then can't be unlocked without that person's active cooperation.
That's off the top of my head, so I'm sure there are optimizations.
Currently only available for Pixel phones, 6 and later. Offers many other security-related features.
But the problem is that when authority wants you to unlock your device, they kind of already know why, what they are expected to find but they would that as a more complete proof. But from external input they would expect some downloaded files or accounts (like social accounts you were connected with your phone a minute ago), some SMS they saw passing, some call logs, so connection to your known accounts...
An (Italian) friend of mine was stuck in Newark for 8 hours after he refused access to his phone, dragged in some room and questioned for hours along his wife while split from him own kids, even though he later gave them the password (he initially said no because he thought it was out of the line, he had nothing to hide).
He left livid for Italy 16 hours later despite being free to go on with his vacation.
Land of the free my ass.
It's extremely dangerous to condone and think that police officers are entitled to write the rules.
That said, the last time I went to Italy the customs guy looked annoyed at being awake. He asked my son’s age (he is huge but too young to use the electronic gate), then shrugged and stamped my passport with all of his strength.
Most countries recognize very different limits at a customs boundary. Is this appropriate in an age where a tiny device gives you access to all of your "papers" in many cases? I don't think so, but international law doesn't recognize our concerns with respect to that.
In the US I've heard that boundary (the "border") encompasses ~75% of everyone living inside. It's like "within X miles of a border" and includes rivers and airports as well as the entire coastline.
I'm not up to date on these rules and who's been caught out by them, but I have repeatedly heard the claim above.
Even on Schengen borders they can ask you for your phone and deny your entry if you don't comply as a non-citizen.
What's your point? That because it isn't useful in every country, it's not worth making available to any countries?
It's not preventing you from providing your password.
You started by saying it's a good option to have, so I don't understand the point of your second paragraph.
And to your point, I believe it's now the case in the U.S. that you can be legally compelled to unlock a fingerprint lock, but not a pin for whatever reason.
You don’t have to do anything for someone to hold a phone to your fingertip, or a camera to your face.
An argument against being compelled to provide biometrics does not necessarily hinge on it being analogous to testimony.
There is a specific precedent where you being compelled into providing biometrics can be inadmissible, and that is where you are compelled to unlock the phone, since doing so, even with biometrics is akin to providing testimony that the phone is yours, you know how to unlock it, which finger to use, etc. (see United States v. Brown, No. 17-30191 [1]). But that doesn’t actually prevent them using your biometrics to unlock the phone, so its pretty niche.
[1] https://law.justia.com/cases/federal/appellate-courts/ca9/17...
But you're replying as if my comment was claiming courts haven’t treated biometrics like physical evidence. That's not what I was doing.
The reference to Brown here appears to be massively misleading: far from being niche, it complicates the biology != testimony in a way that cuts to the heart of the most common real-world application of biometric compulsion which is smartphone access; from chatgpt'ing about it it appears that it's not the only court to rule on this and it probably awaits a SCOTUS decision to resolve an existing split.
The Supreme Court has declined multiple times to hear cases that would help settle the legal ambiguity. I don’t think United States v. Brown complicates things because the specifics on the case were not whether or not you can be compelled to provide biometrics, but whether being compelled to “unlock a device” and manipulating the device yourself constitutes protected testimony. [0] They even cited United States v. Payne [1] where the court upheld that forcibly taking your finger to unlock a phone did not violate the defendant’s Fifth Amendment rights, and at issue was only the wording of the order.
From my understanding, the current split about being compelled to provide passcodes, and to a much lesser extent biometrics, is the foregone conclusion exception stemming from the Fisher v. United States [2] case, where, as Justice White said “the existence and locations of the papers[were] a foregone conclusion and the [defendant’s physical act] adds little or nothing to the sum total of the Government’s information by conceding that he in fact has the papers… [And so] no constitutional rights [were] touched. The question [was] not of testimony but of surrender.”
This has been used in relation to court cases on biometrics and passcodes [3]. It appears that courts that rule that you can be compelled seem to look narrowly at the passcode itself i.e. the government knows you own the phone and knows you know how to unlock it, so it is a foregone conclusion to provide it. Courts that rule you cannot be compelled seem to look at the phones contents i.e. the government does not know what is on the phone so decrypting the data would be providing protected testimony, or a stricter interpretation that you cannot be compelled to disclose the contents of the mind.
[0] Somehow I linked to the wrong case originally https://law.justia.com/cases/federal/appellate-courts/cadc/2...
[1] https://cdn.ca9.uscourts.gov/datastore/opinions/2024/04/17/2...
[2] https://supreme.justia.com/cases/federal/us/425/391/
[3] https://www.barclaydamon.com/webfiles/Publications/Unlock-De...
I was admittedly confused about this distinction at one point too. It's a trade-off (although few people effected by this own phones with truly free, user-respecting soft/hardware in the first place).
Not really. Samsung was the first with this, but their reasoning had absolutely nothing to do with security. It was because their phones slowed down over time and their solution was to give users the option to reboot it at specific intervals. You could even make the argument that the Samsung solution is still the superior solution because you get to set the interval.
As the GrapheneOS docs note, the feature is better implemented in init and not in system server or the app/services layer like Google has done here? Though, I am sure Google engs know a thing or two about working around limitations that GrapheneOS developers may have hit (in keeping the timer going even after a soft reboot, where it is just the system server, and the rest of the userspace that depends on it, that's restarted).
They went with 2^32-1 milliseconds or about 49.7 days.
We don't talk enough about Microsoft's strong legacy of security innovations, IMHO.
https://web.archive.org/web/20041207171440/http://support.mi...
https://web.archive.org/web/20130731171959/https://sites.goo...
The minimum on GrapheneOS is 10 min and the maximum is 72 hours. It can also be disabled.
The system only reboots once it has been locked for a particular duration. Setting it to 1 minute basically says: put the system into a more secure state (e.g. purge unencrypted memory) and ensure that it is ready to go when I next need it. That said, while it is not unrealistic it would be problematic since accidentally letting the phone lock (e.g. input timeout) would result in a time consuming reboot.
---
### Google Play services v25.14 (2025-04-14)
#### Security & Privacy
• [Phone] Enables a future optional security feature, which will automatically restart your device if locked for 3 consecutive days.
I found it strange that things like 'prettier settings screens' and 'improved connection with cars and watches' would be included in Google Play Services. Surely those things are part of the OS not part of a thing which helps you access the Play store?
I've been using a LineageOS (prev. Cyanogenmod) phone for years and have never installed any google stuff so I don't get these updates anyway.
1. It's deployed to all devices and not subject to manufacturer approval for updates
2. It's easier to update without requiring user interaction or approval
3. It's closed source unlike Android so changes can't be incorporated by competitors
I have that on a spare unrooted Android phone. Seems to be working so far. But I'm sure Google could bypass it if they really wanted to. I don't know if they've ever made an effort to bypass Netguard (or similar) in the past.
Picked up a gl.inet x300b off ebay and never looked back.
- [ ] Reboot
- [ ] Power Off
- [X] WIPE triple opt-in
Maybe there is a custom phone OS for this that makes the phone act more ephemeral and network boot off my self hosted iPXE/immich server? A dumb smart phone so to speak. An ephemeral diskless phone.
I think it should be doable _technically_, but I think getting the mobile radios working before the OS boots would be challenging.
Like I could just grab your thumb drive, and put a new system on there that looks the same, and steals your password.
Some people lose or get their phone broken and start from a blank one on a regular basis.
In my case the only things that matter to me are synchronised through syncthing and radicale (a carddav/caldav server).
That said, I think this is a fairly good idea, although with the encryption stuff they do, this will cause people who rarely use their phones to miss calls and alarms.
If this is true, then the new update will save a lot of battery for those phones that are sitting idle.
This will be fun to track down after a long weekend in embedded devices once this android patch number is old enough to be baked into crappy payment terminals and mall kiosks.
Probably overall a good thing though.
> Security & Privacy
> [Phone] Enables a future optional security feature, which will automatically restart your device if locked for 3 consecutive days.
So it only "enables" a "future" "optional" feature.
1) There is no developer accessible API to allow app developers to create an app to allow me to script power options (example, as an end user I want to script a restart or shut down my phone nightly).
2) Asking Google Assistant will not restart or shut down the phone.
3) Apple and Android have made it harder to shut down the phone, requiring double key press kung fu to even bring up the power menu.
One click for me and it restarts fyi
It appears as an “app” like any other
Open it, will ask you to confirm, hit yes and it will restart
Some time later, you need to do something on the phone, you unlock it, the app starts up, and a flood of messages pours in. Wow, some of those would've been really useful to receive in a timely fashion! Whoops!
Besides most people support the police no matter what. Police know not to abuse their powers against Whites.
https://www.blackenterprise.com/white-protesters-form-human-...
In contrast, technological change will forever alter the balance of power. What we should be asking is "Instead of patching society with political solutions, how about we solve fundamental problems permanently with technology?".
firstly how about fixing software which forces 'inactive hours' yet reboots even when cpu is at 100% utilisation, and software which dims or locks a mobile screen during video playback, and soft/hardware which doesn't respect user-supplied suspend/standby timeouts in their power plans, and ....
I don't know if it'll take a fancy buzzword or what. Unobtrusive software? Silent Software?
STFU (BSD equivalent) and STFU-O (GPL equivalent)
No LGPL equivalent because I would want even software that uses STFU-* licensed code as a library to follow the STFU-* license.
Just have to explicitly define what counts as a notification lol
Samsung's have had some feature that lets you set days of the week for the phone to restart (IME during early morning hours) automatically. It's not perfect but it's something. iOS seems to have some unclear logic to either restart or re-request password (not biometrics).
This should be standard
Only law enforcement cares about the difference between the AFU state and BFU state.
Wouldn't the phones run out of battery after a few days anyway? Or do they keep them plugged in?
Lmao.
> The early sluggishness of Android system updates prompted Google to begin moving parts of the OS to Google Play Services. This collection of background services and libraries can be updated by Google automatically in the background as long as your phone is certified for Google services (which almost all are). That's why the inactivity reboot will just show up on your phone in the coming weeks with no notification. There are definitely reasons to be wary of the control Google has over Android with elements like Play Services, but it does pay off when the company can enhance everyone's security without delay.
All the more reasons to move to AOSP forks.
Not sure I'm too happy about this...
Sometimes it feels like tech is going backwards. Rather than rebooting, just develop a proper method to unload/uncache, without making a device useless while that happens. Or use that multicore arch to swap the “dirty” instance with a clean one, in realtime.
https://briarproject.org/download-briar-mailbox/
It works there better anyway, because it's integrated with the OS, and not just one privileged service.
If you are in a hospital- your phone will reboot to pin level. So you need to unlcok it few times and wait 3 minutes before it becomes reactive.
Then all your alarms will not work.
They add crap like this, yet the stock calendar app needs a separate appto play music to warn you. This of course breaksafter a reboot..
My grandma has a second phone as backup - it will constantly reboot and will never be ready to be used the time it is needed - as a backup. Since it will keep rebooting and requiring a pin.
Who comes up with those anti user ideas?
That we will probably be unable to turn off (or the option to turn off will disappear after few months). Also old people will not know how to turn it off
Not falling for it anymore. Fuck Google and the rest of Big Tech.
Why would I want my phone to auto reboot without my intervention? Never mind that it’ll never make three days on a single charge even if I don’t touch it.
The BFU state is more secure than AFU.
Even if you somehow live in a jurisdiction with a perfect justice system, that doesn't mean everyone else is.
Whos justice system? Lots of countries represented on HN. Many with questionable systems.
Law enforcement keeping hold of my phone for 3 days is simply not a realistic problem for me. Coming back to an annoyingly locked phone after forgetting it for a weekend very much is. The chances of law enforcement wanting anything with it are low enough that dealing with an extra unlock is more likely to be an impactful issue, even considering the potential impact that law enforcement or others stealing it could have.
That's what cops and spooks would like to have you think.
It's not a problem, until it suddenly is.
It is?
I mean, my iPhone asks me for my passcode every 7 days anyways. And that's the only thing that happens on reboot anyways.
Also, you forget your phone for a weekend? How do you do anything during that weekend, like keep in touch with loved ones, get driving directions, pull up a boarding pass, check for delays, look up restaurants?
Easy, do what we did before mobile phones—civilization existed for thousands years and worked quite well without them (Rome built an empire sans mobile phones, so did the English). We even ran and coordinated the largest and most organized event in human history—WWII—without them!
Some of us have not yet succumbed to phone addiction (I often go for quite some days without using a phone and still have a normal life).
When you say civilization worked quite well for thousands of years, as an argument against mobile phones, I'm not sure you've quite thought your argument through... unless it's always been your dream to be a Russian serf, or an Egyptian slave?
I'll just add this, I was amongst the first to ever own a cellular mobile phone. I owned several Motorola 'bricks' (DynaTAC) if you're old enough to know what that is, and before that I owned a mobile car phone in pre-cellular times, the nature of that tech was such that very few phone numbers were available—simply it was damed expensive and one had to be very keen to own one.
What I'm taking about is a lot more complex than your understanding (or that which you wish to admit to).
Lmao I regularly go several days without calling family and months between any of those others.
Why not flush something properly in the RAM instead to wipe the "cached" secrets?
A full restart feels like an overkill.
A full restart guarantees that everything will be wiped.
https://blogs.dsu.edu/digforce/2023/08/23/bfu-and-afu-lock-s...
Restart - simple with known and predictable effects, data no longer accessible, all secrets flushed no matter where they were or cached.
Turn off disk encryption, suspend all running services, overwrite all secrets in the O/S wherever they are, and then restore all that on entering password. Probably can't do anything about secrets cached by actual apps. Complex, hard to maintain and probably buggy.