It's good to have an option like that, even being a default, but there definitively need a switch to disable that if it is your own will.
It's not even necessarily that good enough against cops, because in a lot of shitty countries, even some pretending to be democratics, not disclosing or at least inputting your password might be a crime severely punished.
If I'm not wrong, there was a guy that had to stay years in jail until he would comply with the judge order to unlock his device.
rvnx 7 days ago [-]
Interestingly, it could also be seen the other way around; it's a potential way for Google to force deployments of system updates (potentially at the request of law enforcement). With an automatic reboot, then the update can automatically be applied without user action.
kokada 7 days ago [-]
This makes no sense, Android already will reboot itself after receiving an update and being inactive for a while (generally while charging it will install the update in its secondary partition, do some verification checks and reboot if there is no user interaction).
kqr 7 days ago [-]
This sounds vendor-specific and not general for Android. I've never had that happen on any device but Windows and I would be very upset if it did happen.
arghwhat 7 days ago [-]
This is default on iOS and on many Android versions.
It's often configurable, but e.g. carrier policy or local vendors can enforce it.
To have updates automatically install overnight is the maximally desirable scenario - waiting for user approval usually result in open vulnerabilities, and if you interact with a prompt you are by definition using your device and it is therefore a much worse time than while you're asleep.
Krssst 6 days ago [-]
> maximally desirable
On Android, my experience has been that new major versions are often unstable / involve some risk of bricking / include feature regressions (dumbing down of multi-task in Android 13 if I remember well). Waiting for a few month before installing a major update, while not optimal for security, is necessary to make sure that the most critical bugs are fixed beforehand.
Regarding applications, today there's so many applications being always updated all the time that there's no way it's good for the flash memory to constantly rewrite it every day. Plus this often leads to random application restarts while they are updated automatically. (and non-OSS applications updates can result in unwanted changes such as more ads, random changes in UI...).
It's still possible to disable automated updates on Android and I am glad that they allow it.
arghwhat 5 days ago [-]
> Major upgrades
Major version upgrades are a different type of upgrade altogether. They are optional while the previous major is still maintained.
Minor upgrades is what should always be automatic.
> Flash wear
No, it doesn't matter.
Total write endurance (i.e., the number of bytes written the device is designed to handle under some standard load) is usually a large multiple of the chip size itself - say, 200x-400x, so e.g. 100TB of writes for a 256GB setup. A particular workload is only really meaningful to flash wear if it is in the scale of several full storage rewrites during the lifetime of the device.
The exact write endurance depends on the exact configuration (specific chip selection, allocated reserve), but even microSD cards have wear levelling these days.
Your device is going to die or be retired with a certain flash write wear, but I find it extremely unlikely that your device will die of a flash write wear. The wear endurance is dependent on the specific flash setup.
A much larger cause of wear is app caches (e.g., streaming video continously overwriting a disk cache, browsing social media). If you take pictures, those might end up written multiple times as first the original is written, then the automatically processed version, then any edits you make, then if storage saving measures is enabled maybe its deleted and a compressed version is written, if you later open the app the original is downloaded and written again, ...
Krssst 5 days ago [-]
> They are optional while the previous major is still maintained.
I don't think there is such a choice on Pixel phones but I'd be happy to be proven wrong. When the next major update is available the phone just asks to update to it every few days (but won't do it without user consent). I don't think there's security updates on a given phone for old major versions when a new one is available (there likely are for older phones that don't get the major update however).
Thank you for your explanations on flash wear, makes sense. Taking a low value of 13TB endurance (64GB times 200), this is still 7GB per day for five years and I don't think app updates can consume that much.
TylerE 6 days ago [-]
I hate overnight updates because a dialed one means I have no alarm and will be hours late for work.
And yes, this has actually happened to me at least twice.
dns_snek 6 days ago [-]
On Android? It must be an app-specific issue because it's possible for apps to implement alarms so that they work before unlocking the device after a reboot, but I don't know the technical details behind it.
I've had that happen a few times and the alarms went off on time but they used the default alarm tune instead of the one I had selected, presumably that data was still encrypted.
kokada 4 days ago [-]
Android actually have a special mode for apps that needs to work after a reboot (e.g.: while the FS encryption is still locked), and Alarms is one of the apps that uses this special mode. I don't remember how it is called though so sorry for the lack of sources, you will have to trust me on this one.
The amount of misinformation in this thread is huge though. I generally read every changelog for major Android updates and the amount of engineering going on is amazing. People just assumes that a few things doesn't work while they do.
Unless of course OP is using a custom alarm app this may be true, but then it is the app fault and not Android.
I haven't had that happen on iOS, but I have woken up in the night needing my flashlight just to find my phone applying a lengthy update. I have it set to download automatically and install manually now, I believe.
Talanes 6 days ago [-]
I haven't had any problems in at least 7+ years, but I work in coffee and I can remember at least two instances where an Apple update made half the staff late by turning off their alarms, myself included.
speerer 6 days ago [-]
What's the link between coffee and iOS?
fingerlocks 6 days ago [-]
Coffee shop workers on the morning shift wake up at 4am.
natebc 6 days ago [-]
Everybody in the coffee shop had an iPhone?
6 days ago [-]
Projectiboga 6 days ago [-]
I like an amber booklite, it isn't as compact but the light is better for keeping in the sleep mode. We used those as our lights to help develop our child's sleep hygiene. Cupped our hands around the light part as we puttered around.
nradov 6 days ago [-]
You don't keep a real flashlight next to your bed?
nkrisc 6 days ago [-]
I do, in my nightstand. In the event of an emergency where we’re without power, I do not want to waste my phone’s battery power by using it as a flashlight.
saagarjha 6 days ago [-]
Why would you when you have a phone?
dataflow 6 days ago [-]
I think it was supposed to be a sarcastic question.
mvdtnz 6 days ago [-]
That's a weird thing to ask.
johnisgood 6 days ago [-]
Only if there was a typo. :)
sneak 6 days ago [-]
You don’t keep a real camera next to your bed? What about a two-way radio? MP3 player?
ssl-3 6 days ago [-]
I keep all of those things next to my bed.
They all even share a unified battery charging mechanism and integrated packaging for easy portability.
I'm not sure if the idea of these pocket supercomputers will ever catch on, but it sure seems like it'd be nice.
pabs3 6 days ago [-]
You don't need a flashlight, the phone screen is more than bright enough late at night.
mjmas 6 days ago [-]
an ereader even more so
johnisgood 6 days ago [-]
E-reader without e-ink? Might as well use a tablet. I have an attachable light thing for my e-reader as it does not omit any significant light.
nkrisc 6 days ago [-]
I would consider an alarm clock, which has far fewer failure modes in this regard. You can even get ones with a battery backup.
These have existed for many decades.
Krasnol 6 days ago [-]
What Android version do you use where it doesn't happen`?
rat9988 6 days ago [-]
Never happened on my samsung.
ssl-3 6 days ago [-]
I've woken up to a rebooted Samsung phone.
(And it has been problematic for me at times when this happened.)
silisili 6 days ago [-]
On every Android I've had, Samsung included, it's an option. I believe they're all enabled by default, but can be disabled.
rixed 7 days ago [-]
Except that on most phone you can already reboot the device if you long-press some button, can't you?
BurningFrog 7 days ago [-]
You can always turn it off and on, AFAIK.
ffsm8 7 days ago [-]
Long Press power while pressing volume down works on all Android devices I've used to date.
And that's ignoring the fact that disconnecting power, waiting a few days and then reconnecting it will inevitably let you cold boot it, too (which this would be an equivalent to - as far as I understood it)
londons_explore 6 days ago [-]
That key combo is screenshot on android 14...
ffsm8 6 days ago [-]
The force power of happens after something like 30s, the screenshot should be pretty much instant
NooneAtAll3 6 days ago [-]
long power press = force reboot
power+volume = screenshot
ffsm8 6 days ago [-]
Your are absolutely correct. I mixed it up from playing with various Android versions in 2010-2016. The long press alone got the reboot, and the volume down + power booted into the bootloader. Hence my memory with both, as I always pressed both until the bootloader was available - but you are right, long press power is enough for hard off
dheera 6 days ago [-]
They should really implement a dual user / dual password system to combat those countries.
If you enter password 1 it goes into your normal account, if you enter password 2 it goes into another user account with a burner environment where you can install a few token commonly used apps for plausible deniability.
The existence of password 2 should be optional and you should not be able to tell if the system has one or two passwords configured.
dataflow 6 days ago [-]
> install a few token commonly used apps for plausible deniability
It's gonna be seen as pretty implausible when you don't have constant & recent messages with your loved ones in there.
Marsymars 5 days ago [-]
I dunno, my elderly and non-tech-savvy in-laws travelled to the US (from Canada) last week and wiped their phones of social media apps and stored messages before crossing the border based on media reports around the US CBP’s handling of border crossers’ devices, so I’d say an empty phone is pretty plausible for anyone in that situation.
ponorin 6 days ago [-]
You can either use: separate user accounts (needs context switching) or a new private space feature. Private space was introduced with Android 15 and can hide its existence (from the launcher).
mjmas 6 days ago [-]
it would be better for plausible deniability if it just had all your apps minus a few hidden ones, but keeping the rest with all their data.
joseda-hg 6 days ago [-]
Some alternate ROMs already have this, duress mode I think it's called
VWWHFSfQ 7 days ago [-]
It's already trivial to reboot a locked android phone
nine_k 6 days ago [-]
When it's sitting in a locked steel drawer, with no connectivity, and no way to touch it?
rtpg 6 days ago [-]
At least on iOS an update requires an explicit unlock, is this not the case on Android?
There could be secret pathways but I don’t know them.
resource_waste 6 days ago [-]
When Apple does it: "Brilliant! Love the security! Walled Prison!! Wooo"
When Google does it: "Google is using it to help the FBI"
(But the iphone was hacked by the FBI...)
gf000 6 days ago [-]
If the user data is properly encrypted, then that still won't give access to any important information until the key is entered by the user.
markus_zhang 7 days ago [-]
I actually think this is the reason. But I think Android has an option to disable auto update?
mystified5016 7 days ago [-]
This is the real reason
oarsinsync 7 days ago [-]
> in a lot of shitty countries, even some pretending to be democratics, not disclosing or at least inputting your password might be a crime severely punished. If I'm not wrong, there was a guy that had to stay years in jail until he would comply with the judge order to unlock his device.
This sounds a lot like the Regulation of Investigatory Powers Act 2000 in the United Kingdom, where several people have been prosecuted and imprisoned for failing to provide encryption keys.
> imprisoned for failing to provide encryption keys
This scares me, because I have plenty of old devices I no longer know the passwords for. I don't think I'm alone - plenty of people forget passwords they don't use in years.
If the police came and searched my house, they could probably find some ancient laptop or phone from a decade ago, demand I unlock it, and then put me in prison forever when I cannot do do so.
seabass-labrax 6 days ago [-]
Do SMART records contain enough information to prove that the laptop had not been used in years (assuming you had a suitably effective barrister to make use of this information)? RTC (clock) drift could also give a hint that the laptop had not been connected to a time server in a while.
Also (this may be of limited consolation) the officer who compels you to disclose the key must have some idea of what data it is protecting in order to satisfy RIPA 2000 s 51(5)(a):
> The matters to be taken into account in considering whether the requirement [for proportionality] of subsection (4)(b) is satisfied in the case of any direction shall include... the extent and nature of any protected information, in addition to the protected information in respect of which the disclosure requirement is imposed, to which the key is also a key
Braxton1980 6 days ago [-]
Wouldn't you be able to argue this in court for this rare case? With a phone that can be shown to be in use constantly it would be more difficult to prove you forgot
andylynch 6 days ago [-]
Yeah. We dealt with a case where a guy claimed to have forgotten his mobile phone pin.
But we voted to convict after I pointed out it was the phone he’d been using every day, for years, and was quite implausible, and convenient, to forget something like that right after being arrested and asked for it.
Possibly could have gone differently if they had said they changed their 15 letter password every two weeks, but really?
oarsinsync 6 days ago [-]
What if they changed their password right after being arrested, and then forgot? Immediately after changing your password does tend to be the time most people forget their passwords.
Braxton1980 5 days ago [-]
Possible but how would you prove that?
If there's an excuse for something that is difficult to disprove because it's based on the word of the person it would undermine the justice system.
Imagine if ignorance of the law was an excuse.
andylynch 6 days ago [-]
If you get changed with a RIPA password offence it’s almost certain going to Crown Court and an (expensive!) jury trial.
CPS won’t (as a matter of policy, and also can’t afford to waste time and money) spend time trying to prosecute a forgotten password for old laptop, unless it’s connected to some other serious, evidenced, allegations.
(I was on a jury in just this situation. Reasonable doubt is a high bar and prosecutors know this).
joak 7 days ago [-]
It's good to be able to disable this option: I use old Android phones as servers and don't want them to reboot every 3 days.
MattSayar 7 days ago [-]
Completely agree, I don't want this to disrupt the Bop Spotter
Probably a good time as any to replace it with something purpose-built anyway. A Raspberry Pi with a directional microphone and a custom app feeding said microphone data to a service like AudD or ACRCloud could readily do the trick without any of Android's extra baggage - though I do wonder how effective those services would be at detecting songs amid a bunch of background noise like Bop Spotter does via Shazam.
londons_explore 6 days ago [-]
Phone cameras are better than anything else you can get in the same form factor. The very expensive patents behind image processing algorithms keep good cameras out of the hobbyist world.
Same for 5G modems. A $50 phone will give you gigabit 5G, but you'll pay $500 to get that in non-phone form factor, mostly because on patents on the 5G tech which are charged differently for phones vs dedicated modems.
jamespo 6 days ago [-]
$50 ?
MattSayar 6 days ago [-]
I think half the value of the phone here is the built-in battery
6 days ago [-]
ssl-3 6 days ago [-]
Perhaps, but it's also inexpensive to (properly) use one or more 18650s with a Raspberry Pi if that's what one wants to do.
I think the main advantage to using phones for random stuff is availability: We here on HN probably have a decent selection of old phones to pick from, so it doesn't cost any money at all to give a new purpose to one.
prmoustache 6 days ago [-]
You can power a raspberry pi with that battery though.
hamburglar 6 days ago [-]
I think it’s already disrupted. The last entry is from November.
Why so dismissive of how somebody wants to re-use an old phone that you would compare them to the absurd fictitious behavior in that comic? Would you rather they become e-waste? If it fits their needs then it fits their needs regardless of the use-case that was marketed.
TulliusCicero 6 days ago [-]
Eventually, the android phones of today will be old android phones.
xethos 7 days ago [-]
It's a Google Play Services update, likely explicitly to be able to push it to all (Google-using) Android phones immediately, without waiting for OS updates. This will not be a "Guess I'll get it in a few years" update.
MiddleEndian 6 days ago [-]
I generally like XKCD but dislike the message in this comic. If that's that guy's workflow, they don't have to actively support it, but he should be given the option to disable updates so he can continue to use his tools in the way he sees fit.
simonh 6 days ago [-]
The comic doesn’t say anything about mandatory updates, and it’s EMACS. The user can install whatever version they like.
MiddleEndian 6 days ago [-]
Yeah that's fair lol. But I guess in the context of this discussion, Google can push stuff onto your phone with Google Play whether you want it or not.
SXX 7 days ago [-]
This is super annoying on newer iOS for device that I use purely for development. Before it was possible just keep iPhone unlocked indefenitely, but now it reboots and boom I have to use TouchID again.
This is again Apple being Apple making things harder without option to disable it even when development mode is on.
Has anyone found a way to bypass it?
crazysim 7 days ago [-]
Do you think it's possible to jiggle it ala mouse jigglers and USB jigglers?
SXX 7 days ago [-]
Problem is not user activity - it just needs PIN, TouchID or FaceID. Even if you logged to device via iPhone Mirroring it's still gonna reboot, get locked after 72 hours and for me personally it breaks iPhone Mirroring half of the time too.
One physical option to bypass it on iPhone SE is to actually physically activate PIN entry and then use Voice Control command to enter the pin since it works even before first unlock. Though this is basically compromises pin and device encryption. But it's cheap since there are plenty of $2 devices that can simulate touchscreen clicks.
I just want some easier option that works and not require agent 007 setup to just run a buld of my AI-generated crap via Xcode.
crazysim 7 days ago [-]
Issue is, you kinda have a agent 007, sort of setup with the advanced data protection thing. I think you need an appropriate solution.
SXX 7 days ago [-]
But all I want is "Please dont reboot my phone! Very please!" setting in options.
Yeul 6 days ago [-]
I can understand Apple on this. They make phones for the general public not HN and many people are stupid enough never to run updates.
No joke btw I already testing setup with auto clicker from AliExpress and Assistive Touch automation...
layer8 7 days ago [-]
> I have to use TouchID again.
Don’t set it up with a passcode in the first place?
SXX 7 days ago [-]
Unfortunately I use Advanced Data Protection on my Apple account so I kind a need that passcode. And moving to having completely different Apple account for development is PITA.
elashri 7 days ago [-]
But I think connecting a device that can be used as authentication method without choosing a defense would negate the purpose of advanced data protection of your account and other devices.
SXX 7 days ago [-]
Let's say I'm not super heavy Apple service user. For me Advanced Data Protection is defence against Apple itself and ability to keep little information I share via iCloud somewhat secret: mostly another backup of some photos and few other things.
It's not like I'm trying to defend against some state actors or whatver.
elashri 6 days ago [-]
But this still weaken your defense against apple or whomever you are trying to defend against.
layer8 6 days ago [-]
Why not have the option, though?
elashri 6 days ago [-]
I don't understand option to do what, you can disable advanced data protection for sure. What do you suggest here ?
Spooky23 6 days ago [-]
Why not disable advanced data protection, as such an option would make the device vulnerable to simple data compromises.
7 days ago [-]
7 days ago [-]
saagarjha 6 days ago [-]
Keep an app running?
SXX 6 days ago [-]
Might be I did something wrong, but even with YouTube video running via iPhone Mirroring device still went to reboot.
saagarjha 6 days ago [-]
Hmm, yeah that seems wrong. I don't get reboots on devices I use frequently; I think it is only supposed to kick in when the device is not in use for a long time (it is meant to stop police who have a locked device they will try to brute force into).
SXX 6 days ago [-]
Are you on latest iOS? Are you stilllocking / unlocking the phone once in 3 days at least?
7 days timeout on was introduced in iOS 18, but then decreased to 3 days. I dont use this device physically - it's just a phone that always connected to power and sit on top of mac mini for debugging and running some ios exclusive apps.
And I honestly dont do anything remotely interested to the police to worry about it. Yet it all just worked and now it doesnt.
cameroncairns 6 days ago [-]
My physical ios device test harness has no pin numbers/touch id activated for any of the connected phones. I noticed early on in testing that it would require physical access to reinput the pin code even when the device was already unlocked when I would restart an XCUI test.
If you're able to have fully unlocked devices at your test setup I'd suggest giving that a shot to see if it fixes your issue around device restart.
saagarjha 6 days ago [-]
I would try running an app from Xcode (which instructs it to never lock). While the app is in the foreground I don't think it should lock…
Spooky23 6 days ago [-]
It seems weird. I can’t get iOS to reliably auto update and reboot overnight when I want it to.
7 days ago [-]
nativeit 7 days ago [-]
Considering this is all about Android adopting a very similar feature, it doesn’t sound like “Apple being Apple”…
Mountain_Skies 7 days ago [-]
It's Apple being a trailblazer and leading the industry. Sometimes that lead is in a bad direction.
OneDeuxTriSeiGo 7 days ago [-]
If I remember correctly, Apple actually picked up the feature after seeing it implemented in GrapheneOS. I think some people associated with Graphene were calling on Apple to add it for security reasons.
dagmx 7 days ago [-]
The rest of the industry are adults and can be responsible for their own decisions though.
anonymars 7 days ago [-]
Doesn't seem like it. I remember when Samsung ads mocked Apple for the camera notch and removing the headphone jack.
For obvious reasons those ads are long gone...
dagmx 6 days ago [-]
Sure, but my point is that blaming Apple for another brands decision to follow is just weird.
anonymars 6 days ago [-]
Fair point. It's a frustrating pattern that seems to repeat, and I think partially it stems from when other brands are too thick to understand why people are choosing the competitor.
Web browsers are an immediate example that comes to mind. When everyone started switching to Chrome, the other browsers fell all over themselves to strip down into minimalism, as though it was the sparse UI that was capturing users' hearts, as opposed to the rendering speed and compatibility. So then you had all these other fat, slow browsers that took away the only thing that was still distinguishing them from Chrome.
In this case though, I guess it's about money. Why put in an SD card slot when you can instead extort your customers for a cloud storage subscription or a lucrative upsale to the higher model with more storage?
Meanwhile as a customer nothing makes me more irate than "upgrading" to something that's worse because I can't replace the battery and the OS no longer gets updates.
mananaysiempre 6 days ago [-]
The minimalistic UI was kind of the original headline feature, I have to note—it’s literally in the name that the browser was to be little more but chrome around the stuff the user actually cares about, that being the web page. It’s just that the other things turned out to be more important.
SXX 7 days ago [-]
I'm 99% sure that Android version will be toggagle via Developer Options.
subscribed 6 days ago [-]
No, Apple adopted GrapheneOS feature 3 years after it was first introduced there.
nickslaughter02 6 days ago [-]
> in a lot of shitty countries
In December 2024 all UN member countries voted in favor of "UN Cybercrime Treaty" which binds signatories to adopt a legislation to force you to give cops your passwords and other credentials.
The UN isn't a world government, it has no power to affect your nation's laws. If your legislature legislates this into existence, it's on them.
Spoom 6 days ago [-]
Eh, I see the language "urges" in there regarding putting it into force. It would still need to pass Congress etc. and my guess is that such a provision would face massive domestic pushback.
ololobus 6 days ago [-]
I can only second this. I have an old iPhone with a second sim-card, because I need it from time to time. And Apple introduced this auto-reboot a bit earlier, iirc last year. The problem is that after rebooting it also disconnects from wifi, so e.g. SMS/handoff synchronization stops working until you enter a passcode. This is very annoying because it was very convenient for me to receive calls/SMS to my main iPhone.
It’s a good and reasonable feature, especially if for some reason you are afraid of state or security agencies in a place where you live, or maybe during travel. It’s still questionable, because in some states you can indeed go to jail if you don’t unlock. Yet, I really want to be able to turn it off for use-cases like mine.
sneak 6 days ago [-]
Apple doesn’t like supporting the use case of multiple phones for one person. They even encourage their employees to use their personal devices and accounts.
Spooky23 6 days ago [-]
That is very reasonable advice for the vast majority of people.
I have to have 3 devices: mine, work and a shared one for travel that crosses customs boundaries. It’s a massive pain in the ass.
Talanes 6 days ago [-]
>It’s still questionable, because in some states you can indeed go to jail if you don’t unlock. Yet, I really want to be able to turn it off for use-cases like mine.
Even if the end result is the same, anything that forces authorities to use official power over informal power is a net win.
redbell 6 days ago [-]
> but there definitively need a switch to disable that if it is your own will
I don't get the difference. Today after 72 hours (3 days) my phone asks me for my password and won't accept biometrics. Also, this is a problem for all the people that use them as alarm clocks. I use Alarm Clock Xtreme for example.
xrisk 7 days ago [-]
(At least on iOS) shutting down the phone has something to do with wiping credentials/keys from RAM from where they can potentially be dumped. A just-booted phone is fully encrypted with no keys in memory.
krisoft 7 days ago [-]
> Also, this is a problem for all the people that use them as alarm clocks.
Yes. But quite honestly the right solution for that would be Apple providing an alarm clock API. The alarm clock application could call it with the next scheduled alarm’s time and the os would just wake up at that time and let the application do the sound / alarm thing.
h4x0rr 7 days ago [-]
The phone doesn't accept biometrics but is still in AFU state. Encryption keys are in memory.
6 days ago [-]
closewith 6 days ago [-]
> a lot of shitty countries, even some pretending to be democratics,
I think you're basically calling out all the democracies, then.
hbrav 6 days ago [-]
Yeh, the quoted commentary is hyperbole. My homeland (the UK) has such a law. I do think that law isn't great. But my country isn't shitty, and it's certainly a democracy.
If we start being perfectionist, we pretend there's no difference between most nations in the rights their citizens have. And that's not even remotely true.
epolanski 6 days ago [-]
Stories about airport security and officers demanding access your phone is one of the reasons I will never come to the US.
An (Italian) friend of mine was stuck in Newark for 8 hours after he refused access to his phone, dragged in some room and questioned for hours along his wife while split from him own kids, even though he later gave them the password (he initially said no because he thought it was out of the line, he had nothing to hide).
He left livid for Italy 16 hours later despite being free to go on with his vacation.
Land of the free my ass.
SoftTalker 6 days ago [-]
Ok, but try refusing the requests of border authorities in any country and see how far you get before you find yourself escorted to a back room.
epolanski 6 days ago [-]
I've visited 45 countries in my life and I've never ever been even asked once to even show the contents of my bag, let alone access to my phone.
izacus 6 days ago [-]
That doesn't change the fact that once you will be asked about that, your refusal will mean a flight back home at best.
jajko 6 days ago [-]
The point is, no normal country globally asks those from any normal tourist. Adding ever for those in the back.
epolanski 5 days ago [-]
Not if it's against the local laws.
It's extremely dangerous to condone and think that police officers are entitled to write the rules.
izacus 5 days ago [-]
The border officials have wide discretion to deny non-citizen entry in most countries for whatever reason they choose.
4 days ago [-]
7bit 6 days ago [-]
Talking out of your ass
Spooky23 6 days ago [-]
The Italians do the same thing. If your name matches some name or you’ve travelled to some naughty place, you’ll get picked for this sort of thing.
That said, the last time I went to Italy the customs guy looked annoyed at being awake. He asked my son’s age (he is huge but too young to use the electronic gate), then shrugged and stamped my passport with all of his strength.
7bit 6 days ago [-]
Don't spread misinformation. The difference is that in Italy it is not against the law to not hand out the password to your phone -- or anything else for that matter.
Spooky23 6 days ago [-]
In the United States, you have a fundamental right to not testify against yourself, including providing a password. You can be compelled to provide a biometric. The UK has taken a different approach and my understanding is that you can be jailed for refusing to provide a password.
Most countries recognize very different limits at a customs boundary. Is this appropriate in an age where a tiny device gives you access to all of your "papers" in many cases? I don't think so, but international law doesn't recognize our concerns with respect to that.
genewitch 5 days ago [-]
> Most countries recognize very different limits at a customs boundary.
In the US I've heard that boundary (the "border") encompasses ~75% of everyone living inside. It's like "within X miles of a border" and includes rivers and airports as well as the entire coastline.
I'm not up to date on these rules and who's been caught out by them, but I have repeatedly heard the claim above.
umanwizard 6 days ago [-]
That is also true in the US. Of course they can use it as a reason to deny you access to the country if you’re a noncitizen, but you don’t have to hand it over.
izacus 6 days ago [-]
You're mistaking laws that hold for citizens and rules that hold for immigration and thus spreading misinformation.
Even on Schengen borders they can ask you for your phone and deny your entry if you don't comply as a non-citizen.
matheusmoreira 6 days ago [-]
Buy a travel phone specifically meant to be opened by them.
7bit 6 days ago [-]
There's enough places in the world where this isn't necessary, so no, thank you.
Marsymars 5 days ago [-]
Is there any country in the world that has an explicit policy saying that non-citizens don’t need to provide phone passwords on entry? I’d consider a burner phone necessary to visit any country that doesn’t have such a policy.
andylynch 6 days ago [-]
This isn’t unusual, the USA is a an exception; commonly the view is that electronically unlocking a phone or laptop is much like any other legal search, e.g. opening a garage or a locked room.
gcanyon 7 days ago [-]
For this use case there needs to be a reasonably quick way to erase/permanently lock a phone. Or maybe it needs to be something that is both 1. Less severe than that 2. Secure against personal inducements 3. More automatic.
So maybe something like a paired app with a friend/someone who is beyond the reach of the authorities, and if the phone isn't unlocked in a given definable period (or it can be triggered immediately), it then can't be unlocked without that person's active cooperation.
That's off the top of my head, so I'm sure there are optimizations.
dsr_ 7 days ago [-]
GrapheneOS offers hardening before first unlock, and an optional distress code that wipes the storage rather than unlocking.
Currently only available for Pixel phones, 6 and later. Offers many other security-related features.
dominojab 6 days ago [-]
[dead]
hypeatei 7 days ago [-]
You might get even more charges for doing that, though. Destroying evidence, obstruction or some made up charge.
gcanyon 7 days ago [-]
Sure, I'm just saying there's a way to put unlocking the phone in the hands of someone who at least is not under the control of a hostile authority.
NekkoDroid 7 days ago [-]
This just gave me an idea: How about the phone accepting 2 password. One is the regular password and brings you into your regular account and then a dummy password that brings you into a dummy (but somewhat plausible, maybe user set up) account. That way you can still enter your normal account whenever you feel like it and if you are being pressured you just put in your "alternative password" and it just brings you to the dummy account.
greatgib 7 days ago [-]
It would be a kind of duress password.
But the problem is that when authority wants you to unlock your device, they kind of already know why, what they are expected to find but they would that as a more complete proof. But from external input they would expect some downloaded files or accounts (like social accounts you were connected with your phone a minute ago), some SMS they saw passing, some call logs, so connection to your known accounts...
exe34 7 days ago [-]
you'll get rubber hosed just in case.
LWIRVoltage 6 days ago [-]
A Veracrypt style hidden OS profile that is forensically invisible would be a better option - This would allow one to enter a password and give another "profile" or OS- that unlike current alternate profile stuff- would be solid against Cellebrite and GreyKey snooping into the device, and it'd be impossible to tell there was a hidden user/etc on it
6 days ago [-]
scarface_74 6 days ago [-]
There is nothing any technology company can do to protect against rubber hose decryption.
14 6 days ago [-]
There is always something that can be done. Like if phone is not actually powered on for x time set by the user it automatically factory resets all data. Or if phone is out of cell service for x time like as in a faraday bag in evidence then it resets itself. Or make it so that after a reboot it can only be opened if on a certain wifi hotspot or geolocation.
Ultimately I am not a security expert or know if any of those ideas would actually work but it seems like you could add a few steps making it harder. Maybe it can be locked out and you can set a specific apple store which would require your ID before they can send a release code allowing it to be unlocked.
All of that is probably way to complicated to be worth it for a typical user but I do think there can be a way if it was truly critical.
6 days ago [-]
crazygringo 7 days ago [-]
> because in a lot of shitty countries, even some pretending to be democratics, not disclosing or at least inputting your password might be a crime severely punished
What's your point? That because it isn't useful in every country, it's not worth making available to any countries?
It's not preventing you from providing your password.
You started by saying it's a good option to have, so I don't understand the point of your second paragraph.
glenstein 7 days ago [-]
>not disclosing or at least inputting your password might be a crime severely punished
And to your point, I believe it's now the case in the U.S. that you can be legally compelled to unlock a fingerprint lock, but not a pin for whatever reason.
baby_souffle 7 days ago [-]
Compiled unlock via biometrics is still somewhat contested. The general argument boils down to biometrics being something you can't really protect internally. A passcode that is only known inside of your gray matter can therefore can only be externalized via some sort of testimony. Being compelled to reveal a passcode violates your ride against compelled speech and self-inccrimination.
intrasight 7 days ago [-]
In US you are protected by 5th. But it seems like the question hasn't been addressed by the Supreme Court since currently the answer depends on your jurisdiction. Which inspired me to check: here in Pennsylvania, the court cannot compel you to unlock your device with the password.
sneak 6 days ago [-]
Biometrics aren’t testimony.
You don’t have to do anything for someone to hold a phone to your fingertip, or a camera to your face.
glenstein 6 days ago [-]
You have to be actively physically cooperative for both of those things.
An argument against being compelled to provide biometrics does not necessarily hinge on it being analogous to testimony.
542354234235 5 days ago [-]
But it has already been argued successfully that giving biometrics is analogous to giving blood, hair, fingerprints, standing in a lineup, providing a writing sample, or wearing certain clothes, all of which you can be compelled to do. To argue against being compelled to do or provide biometrics without using testimonial arguments would be going against a lot of case law and precedent.
There is a specific precedent where you being compelled into providing biometrics can be inadmissible, and that is where you are compelled to unlock the phone, since doing so, even with biometrics is akin to providing testimony that the phone is yours, you know how to unlock it, which finger to use, etc. (see United States v. Brown, No. 17-30191 [1]). But that doesn’t actually prevent them using your biometrics to unlock the phone, so its pretty niche.
This is a bizarre response. My comment was not a denial of legal history on biology-as-testimony, it was instead opening space for other legal or philosophical objections: autonomy, bodily integrity, possibly Fourth Amendment concerns about unreasonable searches.
But you're replying as if my comment was claiming courts haven’t treated biometrics like physical evidence. That's not what I was doing.
The reference to Brown here appears to be massively misleading: far from being niche, it complicates the biology != testimony in a way that cuts to the heart of the most common real-world application of biometric compulsion which is smartphone access; from chatgpt'ing about it it appears that it's not the only court to rule on this and it probably awaits a SCOTUS decision to resolve an existing split.
542354234235 5 days ago [-]
You didn't elucidate any of that, or actually make any argument, so I had no way of knowing what you were thinking. You said “being compelled to provide biometrics does not necessarily hinge on it being analogous to testimony” so I stated that there was a lot of established case law already on compelling individuals to provide analogous physical information/samples, which covers bodily autonomy, bodily integrity, and the 4th Amendment. The only contention as far as I know, is around the 5th Amendment, but if you had other information, I’d be interested to hear it.
The Supreme Court has declined multiple times to hear cases that would help settle the legal ambiguity. I don’t think United States v. Brown complicates things because the specifics on the case were not whether or not you can be compelled to provide biometrics, but whether being compelled to “unlock a device” and manipulating the device yourself constitutes protected testimony. [0] They even cited United States v. Payne [1] where the court upheld that forcibly taking your finger to unlock a phone did not violate the defendant’s Fifth Amendment rights, and at issue was only the wording of the order.
From my understanding, the current split about being compelled to provide passcodes, and to a much lesser extent biometrics, is the foregone conclusion exception stemming from the Fisher v. United States [2] case, where, as Justice White said “the existence and locations of the papers[were] a foregone conclusion and the [defendant’s physical act] adds little or nothing to the sum total of the Government’s information by conceding that he in fact has the papers… [And so] no constitutional rights [were] touched. The question [was] not of testimony but of surrender.”
This has been used in relation to court cases on biometrics and passcodes [3]. It appears that courts that rule that you can be compelled seem to look narrowly at the passcode itself i.e. the government knows you own the phone and knows you know how to unlock it, so it is a foregone conclusion to provide it. Courts that rule you cannot be compelled seem to look at the phones contents i.e. the government does not know what is on the phone so decrypting the data would be providing protected testimony, or a stricter interpretation that you cannot be compelled to disclose the contents of the mind.
I was thinking this would be the final death knell to using an (unrooted) Android phone as a cheap home server. But then again, not sure if that was even possible before with all the "battery protection" logic built into Android.
Heh, my first thought was “Don't they do this already?”, but apparently GrapheneOS was ahead of the curve there. Nice.
illiac786 6 days ago [-]
Still ahead of the curve, as it can be disabled on grapheneOS while it apparently won’t bee possible in Android ;)
kernal 6 days ago [-]
> GrapheneOS was ahead of the curve there
Not really. Samsung was the first with this, but their reasoning had absolutely nothing to do with security. It was because their phones slowed down over time and their solution was to give users the option to reboot it at specific intervals. You could even make the argument that the Samsung solution is still the superior solution because you get to set the interval.
hackernewds 6 days ago [-]
How would an OS taking over your hardware would be ahead of the curve or nice?
throwaway314155 6 days ago [-]
Because it's an effective tactic against exploits that can't survive a reboot, which is somewhat common from my understanding. The idea being that police can confiscate your phone and just keep it on and charged until they can buy or develop an exploit targeting your current device and software.
I was admittedly confused about this distinction at one point too. It's a trade-off (although few people effected by this own phones with truly free, user-respecting soft/hardware in the first place).
ignoramous 7 days ago [-]
> This is a Google Play Services update
As the GrapheneOS docs note, the feature is better implemented in init and not in system server or the app/services layer like Google has done here? Though, I am sure Google engs know a thing or two about working around limitations that GrapheneOS developers may have hit (in keeping the timer going even after a soft reboot, where it is just the system server, and the rest of the userspace that depends on it, that's restarted).
amelius 7 days ago [-]
Huh, I have GrapheneOS and I never noticed it rebooting. (And when i manually reboot, the "BIOS" prevents it from booting without acknowledging that I'm aware it's a non-Google OS, so how does it work?)
daneel_w 7 days ago [-]
The feature is not enabled by default. Also, the boot doesn't wait for you indefinitely - it just gives you a few seconds to glance the checksum and halt it, before it proceeds automatically.
rahen 6 days ago [-]
It's enabled on mine, at least. By default, it reboots after 18 hours without being unlocked.
daneel_w 5 days ago [-]
Perhaps it's a recent change. My install of GrapheneOS is from August last year.
edent 7 days ago [-]
You don't have to acknowledge anything. The boot screen shows a warning which you can interrupt. If you don't do anything it'll continue to load as normal.
morpheuskafka 6 days ago [-]
That’s weird. I wouldn’t expect Play Services to handle a system function like rebooting unrelated to any Google services.
usr1106 6 days ago [-]
No. Play Services is Google's way to make Android closed source. Many new features don't get implemented in Android, but Play Services. Many apps don't work (correctly) without Play Services.
surajrmal 6 days ago [-]
Being closed source is not the goal. Update speed, consistency across the ecosystem, and feature development speed are key reasons things are implemented via play services. Also dependency on google services, but that's not relevant here. AOSP is greatly improving in its ability to tackle these things, so the choice to implement things in play services won't be as compelling as it is today for things not ultimately tied to Google.
ffpip 6 days ago [-]
Play services is how Google delivers many Android updates now so that all users can get security updates without waiting for the device vendor to publish it for each device.
sva_ 7 days ago [-]
Samsung has also had this feature for ages.
SG- 6 days ago [-]
not for security tho, it was for bloat/fixing random issues like a typical Win95 daily reboot.
NotPractical 6 days ago [-]
Typical lazy Ars reporting. The feature originates from GrapheneOS, not iOS.
kernal 6 days ago [-]
No, the feature first appeared on Samsung phones to fix their bloat / slowdown issues. Now it’s suddenly a security feature.
7 days ago [-]
udev4096 7 days ago [-]
They stole the idea from GrapheneOS and shipped a barely half-baked version with hardcoded time. GrapheneOS has configurable time for it since years
iancarroll 7 days ago [-]
I would guess the more likely inspiration would be Apple recently adding this to iOS, if GrapheneOS had it for years and they didn’t add it...
lysace 7 days ago [-]
I'd claim that Microsoft pioneered this time limit security concept with Windows 95 almost 30 years ago.
They went with 2^32-1 milliseconds or about 49.7 days.
We don't talk enough about Microsoft's strong legacy of security innovations, IMHO.
yalok 6 days ago [-]
I’m not sure it was because they cared about security - looks more like accounting for 32-bit timestamp rollover would be very disruptive to the huge (legacy) code base and it was a quick fix to work around the problem :)
IshKebab 6 days ago [-]
It was a joke.
philistine 6 days ago [-]
I'm pretty sure you're joking. Windows 95 crashed if you sneezed in its general direction, I'm pretty sure it would blue screen due to some edge case well before 49 days of runtime.
To this day, some programs malfunction after 2^31 milliseconds have passed since bootup, which is the halfway point. Milliseconds since bootup has just become negative, and has not rolled over yet. Just having a negative number of milliseconds is enough to mess with those programs.
rvba 6 days ago [-]
More like "innovation" that makes all those machines in factories break every 49 days.
surajrmal 6 days ago [-]
As the article alludes to, Apple recently shipped the same policy to iOS so this is likely just following the precedent from them. Android developers don't pay attention to community forks.
throawayonthe 6 days ago [-]
[dead]
mcraiha 7 days ago [-]
Can you set the time to one minute?
OneDeuxTriSeiGo 7 days ago [-]
Graphene's autoreboot has 12 different options (excluding disabling it) ranging from 72 hours down to 10 minutes and the timer is reset each time the device is unlocked. Tbh I think a 1 minute setting would actually be nice (for things like when you are going through customs, etc) but I get why they don't provide it.
devrandoom 7 days ago [-]
Not against it, but I'm genuinely curious what the use case would be for that?
67593874748 7 days ago [-]
Could be useful in a scenario where you won't be using your phone often and really want to maximize battery life.
gf000 6 days ago [-]
A reboot will eat a lot more energy than a proper suspend.
amelius 7 days ago [-]
I guess as a prank, just like setting the language to Chinese for English speakers.
ThePowerOfFuet 7 days ago [-]
Why would you want it to auto-reboot after one minute?
The minimum on GrapheneOS is 10 min and the maximum is 72 hours. It can also be disabled.
udev4096 7 days ago [-]
No, that is unrealistic. Please stop trolling
II2II 7 days ago [-]
How so?
The system only reboots once it has been locked for a particular duration. Setting it to 1 minute basically says: put the system into a more secure state (e.g. purge unencrypted memory) and ensure that it is ready to go when I next need it. That said, while it is not unrealistic it would be problematic since accidentally letting the phone lock (e.g. input timeout) would result in a time consuming reboot.
gumbojuice 7 days ago [-]
It's not great news for my old phone used for wifi at our guesthouse (let's a few security cams and our smart lock get online)
wizzwizz4 7 days ago [-]
You should be able to switch this off, if you notice it being enabled, so (now you know about it) it should be a one-time downtime.
devrandoom 7 days ago [-]
I skimmed through the docs, couldn't see anything about soaking disabling it.
• [Phone] Enables a future optional security feature, which will automatically restart your device if locked for 3 consecutive days.
devrandoom 7 days ago [-]
Wow I'm blind. Thanks and apologies.
rixed 7 days ago [-]
Same here, using several old androids as hotspots here and there.
They stopped receiving updates long ago though, so I'm not worried.
clort 7 days ago [-]
Its not an OS update, its a Google Play Services update .. so if they still apply you would get it
I found it strange that things like 'prettier settings screens' and 'improved connection with cars and watches' would be included in Google Play Services. Surely those things are part of the OS not part of a thing which helps you access the Play store?
I've been using a LineageOS (prev. Cyanogenmod) phone for years and have never installed any google stuff so I don't get these updates anyway.
aftbit 7 days ago [-]
They've been moving more and more into Google Play Services because:
1. It's deployed to all devices and not subject to manufacturer approval for updates
2. It's easier to update without requiring user interaction or approval
3. It's closed source unlike Android so changes can't be incorporated by competitors
wishfish 6 days ago [-]
One possible option would be to install Netguard (open source Android firewall that doesn't require root) and block Play Services.
I have that on a spare unrooted Android phone. Seems to be working so far. But I'm sure Google could bypass it if they really wanted to. I don't know if they've ever made an effort to bypass Netguard (or similar) in the past.
Rebelgecko 6 days ago [-]
Its an anti fragmentation measure
1832 6 days ago [-]
Also bad news for my megayacht (use's an old android phone to monitor location and detect movement)
pengaru 7 days ago [-]
I used to do something similar for the security cams at my desert property.
Picked up a gl.inet x300b off ebay and never looked back.
LinuxBender 7 days ago [-]
Not bad. If I could make a feature request it would be something like, After 3 days of being idle:
- [ ] Reboot
- [ ] Power Off
- [X] WIPE triple opt-in
Maybe there is a custom phone OS for this that makes the phone act more ephemeral and network boot off my self hosted iPXE/immich server? A dumb smart phone so to speak. An ephemeral diskless phone.
dist-epoch 7 days ago [-]
The WIPE is doable with a custom "management app", which has the permission to wipe the phone. Maybe such a thing already exists.
kccqzy 6 days ago [-]
A long long time ago, adding Gmail to your phone via the Exchange protocol over m.google.com gives Google the ability to wipe your phone remotely, including iPhones as well. No management profile needed.
mapkkk 6 days ago [-]
I've been fantasizing about building an iPXE netbooting phone for a while now, glad to see that I'm not the only one. Mine was sparked by seeing some journalists in my country getting arrested recently.
I think it should be doable _technically_, but I think getting the mobile radios working before the OS boots would be challenging.
LinuxBender 6 days ago [-]
If the phone can boot off a thumb-drive then people could have a keychain thumb-drive that serves the sole purpose of a minimal OS that can iPXE, boot the real OS and pull down the users contacts, apps, etc... maybe?
gf000 5 days ago [-]
Without a verified boot chain, security would be greatly compromised.
Like I could just grab your thumb drive, and put a new system on there that looks the same, and steals your password.
al_borland 7 days ago [-]
A wipe seems extreme. An unexpected trip to the hospital could leave someone with a wiped phone when they come to.
criddell 7 days ago [-]
If that’s something you are worried about, don’t choose that option.
Krasnol 6 days ago [-]
Is there a person on this planet where an unexpected hospital visit could not happen?
prmoustache 6 days ago [-]
I think a wipe is not necessarily that much of an issue.
Some people lose or get their phone broken and start from a blank one on a regular basis.
In my case the only things that matter to me are synchronised through syncthing and radicale (a carddav/caldav server).
xboxnolifes 6 days ago [-]
Wrong question. It's not about the chance of having a wipe. But if the having the wipe is worth happening on some false positives.
6 days ago [-]
LinuxBender 6 days ago [-]
Someone may want that behavior if they were intentionally injured and kept from their phone for 3 days. The perpetrators will eventually get past the hospital security. Contents should be backed up in a safe place either way, possibly in a place that someone that cares about them may access it.
Suppafly 6 days ago [-]
Mine randomly reboots semi-periodically already, even when it hasn't been shown as having downloaded an update.
That said, I think this is a fairly good idea, although with the encryption stuff they do, this will cause people who rarely use their phones to miss calls and alarms.
morpheuskafka 6 days ago [-]
It would be easy to store alarms in an unencrypted partition or even EEPROM as they take no space. Calls is a harder problem, although in principle if the SIM doesn’t have a PIN, you should have everything you need.
28304283409234 6 days ago [-]
Except that after a reboot of my Android phone, it still asks confirmation to activate my SIM (even though it has no PIN).
morepork 6 days ago [-]
Probably vendor specific whether it works, but alarms and calls should still work before unlocking/decrypting in "direct boot" mode
vishnuharidas 7 days ago [-]
I found that this saves a lot of battery. My old Motorola G5G is now sitting idle, and I had to charge it every 4-5 days. I found that if the phone is restarted and NOT unlocked, it will stay charged for more than 10 days. My best guess is that a screen unlock is required to start many of the OS-level services, which takes up all the battery.
If this is true, then the new update will save a lot of battery for those phones that are sitting idle.
chowells 7 days ago [-]
Everything except a very minimal core is kept on an encrypted partition. Until the password is provided, most things can't launch.
emrah 7 days ago [-]
A phone sitting idle is very unusual though, a very edge case
kshacker 6 days ago [-]
I have 3 phones, for various reasons. Not SIMs, but 3 devices. The usage is radically different between them. 2 of them are used daily but even there one routinely runs out of battery and other does not dip below 80%. The third one gets used when it gets used :)
rvba 6 days ago [-]
Witout the pin u lock of simcard... nobody can call you?
graypegg 7 days ago [-]
> ...the new Play Services will limit that exposure to three days, even if it's plugged in.
This will be fun to track down after a long weekend in embedded devices once this android patch number is old enough to be baked into crappy payment terminals and mall kiosks.
Probably overall a good thing though.
tripdout 7 days ago [-]
I don't think those would be likely to have Play Services, though.
cubefox 7 days ago [-]
The Ars article seems to be inaccurate. Here is what the release notes say:
> Security & Privacy
> [Phone] Enables a future optional security feature, which will automatically restart your device if locked for 3 consecutive days.
So it only "enables" a "future" "optional" feature.
hnburnsy 6 days ago [-]
So the phone will reboot it self, but...
1) There is no developer accessible API to allow app developers to create an app to allow me to script power options (example, as an end user I want to script a restart or shut down my phone nightly).
2) Asking Google Assistant will not restart or shut down the phone.
3) Apple and Android have made it harder to shut down the phone, requiring double key press kung fu to even bring up the power menu.
gxs 6 days ago [-]
FWIW on iPhone you can just create a shortcut to restart the phone
One click for me and it restarts fyi
AnonC 6 days ago [-]
One click where? Have you mapped it to the Action button on the newer phone models? Or do you launch the shortcut by tapping somewhere (widget on Control Center or elsewhere)?
gxs 5 days ago [-]
Just create a shortcut and select an icon
It appears as an “app” like any other
Open it, will ask you to confirm, hit yes and it will restart
FeistySkink 7 days ago [-]
How is this going to work with SIM cards that need a PIN? I'll be just unreachable until I notice the reboot?
myself248 6 days ago [-]
Or if you're primarily reachable by an app that can't launch until AFU, the phone reboots silently and you don't realize it, and you're incommunicado.
Some time later, you need to do something on the phone, you unlock it, the app starts up, and a flood of messages pours in. Wow, some of those would've been really useful to receive in a timely fashion! Whoops!
switch007 7 days ago [-]
Locking the SIM is considered part of the feature on GrapheneOS AIUI
vultour 6 days ago [-]
I don't remember the PIN to my work SIM card. Can't wait to lose my work phone halfway through a conference / business trip because I haven't touched it in a while.
danielEM 6 days ago [-]
Google saying they gonna reboot my phone for my safety - not suspicious at all ;)
est 6 days ago [-]
One thing to consider is for SIM with a PIN lock, after reboot there won't be any signal unless you input the PIN everytime.
kernal 6 days ago [-]
Samsung phones have had this feature for years. But it’s not what you think. Samsung phones gave you the option to reboot at various intervals because their phones would slow down over time and their solution was to allow the user to schedule a reboot. Now it’s.a security feature.
fguerraz 7 days ago [-]
How about instead of patching up our societies with technology we vote for the right people / laws for once?
homebrewer 7 days ago [-]
This won't help those of us living in countries where "elected" officials elect themselves. We haven't had a single honest election in decades (and probably won't ever have one), so measures like this are better than nothing.
scarface_74 6 days ago [-]
You don’t vote for the police or the three letter agencies and elected officials have little power over people with guns. Yes I know both on the the state level the police are suppose to be under the command of the civil government. But no elected official wants to get on the wrong side of the police unions.
Besides most people support the police no matter what. Police know not to abuse their powers against Whites.
That plan, if implemented, may last as short as 1 election cycle. All political progress will inevitably be undone.
In contrast, technological change will forever alter the balance of power. What we should be asking is "Instead of patching society with political solutions, how about we solve fundamental problems permanently with technology?".
dagmx 7 days ago [-]
Does passing laws against a crime/overreach completely stop it happening?
recursive 7 days ago [-]
How about both?
tehjoker 6 days ago [-]
If you vote for the wrong people (i.e. people that want a more humane society), the billionaires will simply coup the government. Remember: they own the things that keep society running, so they have real power. We run the things that they own, so we also have power when combined together.
teddyh 7 days ago [-]
This feudal system is too oppressive! Let’s put a good king on the throne!
bigyabai 7 days ago [-]
The "right people" aren't represented by either side of America's bipartisan system. Good luck with your mass popular movement.
booleandilemma 7 days ago [-]
I just want software that will do nothing user-observable without me explicitly asking it to. No pop-ups, no suggestions, no automatic anything.
I don't know if it'll take a fancy buzzword or what. Unobtrusive software? Silent Software?
TheBicPen 6 days ago [-]
No notifications? Depends on what your definition of "asking it" is, but having to explicitly do an action to check for notifications and even phone calls seems counter-productive for a phone.
layer8 7 days ago [-]
Inert software. Inertware?
MiddleEndian 6 days ago [-]
I've mused about writing a distribution license where every type of notification and update can be disabled, and any modification must follow the same license.
STFU (BSD equivalent) and STFU-O (GPL equivalent)
No LGPL equivalent because I would want even software that uses STFU-* licensed code as a library to follow the STFU-* license.
Just have to explicitly define what counts as a notification lol
pabs3 6 days ago [-]
Respectful software.
bobsmooth 7 days ago [-]
This is a terrible idea for an internet connected device.
mystified5016 7 days ago [-]
Good software
kranke155 7 days ago [-]
Not shit software
627467 7 days ago [-]
I'm surprised this is something taken seriously only now by stock android. Isn't it known universally that AFU devices are insecure? What's the point of adding strict password policies, biometrics etc, if data from a stolen phone can be (relatively) trivially be exfiltrated unencrypted?
Samsung's have had some feature that lets you set days of the week for the phone to restart (IME during early morning hours) automatically. It's not perfect but it's something. iOS seems to have some unclear logic to either restart or re-request password (not biometrics).
This should be standard
kccqzy 6 days ago [-]
Because they protect against different actors. A stolen phone? The thief likely just wants to strip your phone down to parts and sell the parts if there is a passcode. If there isn't anything, perhaps the thief would wipe it and sell it whole as a second hand device.
Only law enforcement cares about the difference between the AFU state and BFU state.
firstly how about fixing software which forces 'inactive hours' yet reboots even when cpu is at 100% utilisation, and software which dims or locks a mobile screen during video playback, and soft/hardware which doesn't respect user-supplied suspend/standby timeouts in their power plans, and ....
rixed 7 days ago [-]
« This actually caused some annoyance among law enforcement officials who believed they had suspects' phones stored in a readable state, only to find they were rebooting and becoming harder to access due to this feature. »
Wouldn't the phones run out of battery after a few days anyway?
Or do they keep them plugged in?
aftbit 7 days ago [-]
They keep them plugged in
frozenlettuce 6 days ago [-]
Bad idea, as some people use old Android phones as IOT devices
yellowapple 6 days ago [-]
Can I configure this? In some cases I'd want the auto-reboot to be more aggressive (for example: after 3 hours). In other cases I'd want to disable the auto-reboot entirely.
ant6n 6 days ago [-]
Reminds me of ms windows. Except it reboots, no matter what’s running - for example if ms office is open with some unsaved changes.
doright 6 days ago [-]
I use microG instead of Google Play Services (for YouTube Vanced) so I wonder if they will implement an equivalent feature.
kevincox 6 days ago [-]
Yeah, this should be an OS feature, not a feature in a proprietary framework.
wiseowise 7 days ago [-]
> This actually caused some annoyance among law enforcement officials who believed they had suspects' phones stored in a readable state, only to find they were rebooting and becoming harder to access due to this feature.
Lmao.
> The early sluggishness of Android system updates prompted Google to begin moving parts of the OS to Google Play Services. This collection of background services and libraries can be updated by Google automatically in the background as long as your phone is certified for Google services (which almost all are). That's why the inactivity reboot will just show up on your phone in the coming weeks with no notification. There are definitely reasons to be wary of the control Google has over Android with elements like Play Services, but it does pay off when the company can enhance everyone's security without delay.
All the more reasons to move to AOSP forks.
67593874748 7 days ago [-]
Google locking features behind the closed source, proprietary Play Services is "more reason to move to AOSP"?
bigyabai 7 days ago [-]
You don't need Play Services for this feature to work. The design is not proprietary or even hard to reverse-engineer.
surajrmal 6 days ago [-]
The reason it is implemented in play services is likely because of how much easier it is for them to ship the feature to the most phones possible.
SwayamDas 6 days ago [-]
This is better actually, it will prevent bot farming or screen enabled activity that are in set and forget mode.
panny 6 days ago [-]
Why would it reboot instead of just power off?
subscribed 6 days ago [-]
So you could still answer a phone call or have your phone reachable for "find my phone".
iggldiggl 6 days ago [-]
Doesn't work if the SIM is pin-locked, too, though.
rvba 6 days ago [-]
Another shitty idea that makes life harder:
If you are in a hospital- your phone will reboot to pin level. So you need to unlcok it few times and wait 3 minutes before it becomes reactive.
Then all your alarms will not work.
They add crap like this, yet the stock calendar app needs a separate appto play music to warn you. This of course breaksafter a reboot..
My grandma has a second phone as backup - it will constantly reboot and will never be ready to be used the time it is needed - as a backup. Since it will keep rebooting and requiring a pin.
Who comes up with those anti user ideas?
That we will probably
be unable to turn off (or the option to turn off will disappear after few months). Also old people will not know how to turn it off
erelong 6 days ago [-]
sounds good as opt-in configurable feature, but like it could have unforeseen consequences if forced on all users?
chmod775 6 days ago [-]
I don't touch my phone for days at a time. It's just sitting there on my desk most days.
Not sure I'm too happy about this...
nubinetwork 6 days ago [-]
Android theft protection already locks my phone constantly, usually because I pick up my phone before unlocking it...
alex_suzuki 6 days ago [-]
I imagine this is going to disrupt some Continous Integration setups that have fixed testing phones.
roflmaostc 6 days ago [-]
But it says "unused"? If it's used for CI it shouldn't break.
thund 6 days ago [-]
What if just while that occurs I need to make or receive an emergency call?
Sometimes it feels like tech is going backwards. Rather than rebooting, just develop a proper method to unload/uncache, without making a device useless while that happens. Or use that multicore arch to swap the “dirty” instance with a clean one, in realtime.
erelong 6 days ago [-]
I was wondering about this too, or even benign annoying situations like you were doing research and forgot it was going to reboot on schedule and now you lose your train of thought
t1234s 6 days ago [-]
Is it even possible to recover data in BFU state without knowing the pin?
bobsmooth 7 days ago [-]
I misread this as reformat and was concerned for a sec. This is a good idea.
greyjoyduck 6 days ago [-]
My samsung rebooting in the middle of writing this comment
jonathanstrange 7 days ago [-]
Thanks, No. I'd like to opt out of this.
amelius 7 days ago [-]
Can't it run two OSes, so the booting becomes instantaneous? (Like swapping graphics buffers, but now with the entire OS)
edelbitter 7 days ago [-]
Android ships a feature called bootchart which you can use to prove that most of the time your phone spends booting.. it is actually far from bottlenecked on storage or compute - bugs to be fixed; not worked around with even more complexity. Heck, some phones do not even stop playing their vendors fancy animated logo when they are finished before the animation is.
surajrmal 6 days ago [-]
Does it take into consideration thermal and power? Doing too much too quickly can be bad for both, so sometimes it's worthwhile to go slower.
5 days ago [-]
m-p-3 6 days ago [-]
uhh, that's going to disrupt Briar Mailbox, which relies on an Android device to act as an always-on node. I really hope there is a way to toggle this.
If you need to use Briar Mailbox, you're likely better off with GrapheneOS where this feature can be turned off.
It works there better anyway, because it's integrated with the OS, and not just one privileged service.
m-p-3 6 days ago [-]
To be honest, I kinda hope they'll offer it as a Linux service at some point, not super thrilled at running an old Android device as a server.
userbinator 6 days ago [-]
More "security" bullshit when all they want to do is secure their control over us.
Not falling for it anymore. Fuck Google and the rest of Big Tech.
Beijinger 7 days ago [-]
Pff. Windows does this since decades. No? I vaguely remember this nag screens after unauthorized updates.
Aeolun 7 days ago [-]
Wait, why is this presented as a good thing?
Why would I want my phone to auto reboot without my intervention? Never mind that it’ll never make three days on a single charge even if I don’t touch it.
alistairSH 7 days ago [-]
It’s pretty well spelled out in the article…
The BFU state is more secure than AFU.
jillyboel 7 days ago [-]
For when it's sitting in an evidence baggy in the police station connected to a charger waiting for forensics
Aeolun 7 days ago [-]
If that is a good thing what does that imply about my activities (or what an utter failure your justice system is)?
gruez 7 days ago [-]
>or what an utter failure your justice system is
Even if you somehow live in a jurisdiction with a perfect justice system, that doesn't mean everyone else is.
edoceo 7 days ago [-]
No implication, it's a standard feature.
Whos justice system? Lots of countries represented on HN. Many with questionable systems.
saagarjha 6 days ago [-]
I guarantee you that regardless of where you live your justice system is abusing the same access.
jillyboel 7 days ago [-]
The goal of a security system is to keep adversaries out
WD-42 7 days ago [-]
Just be glad it’s not windows, which does it every 3 hours.
recursive 7 days ago [-]
Topical joke 25 years ago
scarface_74 6 days ago [-]
Says someone who has never had to deal with corporate installed malware - ie MDM software.
recursive 4 days ago [-]
You're not wrong. Seems hard to blame on MS though.
scarface_74 4 days ago [-]
Maybe? Could Microsoft have a layer of third party customization between user space and kernel where MDM lives without crashing the operating system like CrowdStrike did?
recursive 4 days ago [-]
Well, that's a good question, but over my head. I'll settle for kind of blaming them a little bit.
crazygringo 7 days ago [-]
It's very clearly explained in the article.
Aeolun 7 days ago [-]
It is not clear to me at all why the ‘benefits’ presented outweigh the negatives (which is _my_ device doing anything without me instructing it to). Even if you can turn it off, this is apparently enabled by default.
Law enforcement keeping hold of my phone for 3 days is simply not a realistic problem for me. Coming back to an annoyingly locked phone after forgetting it for a weekend very much is. The chances of law enforcement wanting anything with it are low enough that dealing with an extra unlock is more likely to be an impactful issue, even considering the potential impact that law enforcement or others stealing it could have.
wiseowise 7 days ago [-]
> Law enforcement keeping hold of my phone for 3 days is simply not a realistic problem for me.
That's what cops and spooks would like to have you think.
67593874748 7 days ago [-]
> Law enforcement keeping hold of my phone for 3 days is simply not a realistic problem for me.
It's not a problem, until it suddenly is.
subscribed 6 days ago [-]
Especially with the glaring example unfolding right in front of our eyes.
andybak 7 days ago [-]
This is not not the question you originally asked. Indeed it's a much better question.
crazygringo 7 days ago [-]
> Coming back to an annoyingly locked phone after forgetting it for a weekend very much is.
It is?
I mean, my iPhone asks me for my passcode every 7 days anyways. And that's the only thing that happens on reboot anyways.
Also, you forget your phone for a weekend? How do you do anything during that weekend, like keep in touch with loved ones, get driving directions, pull up a boarding pass, check for delays, look up restaurants?
hilbert42 7 days ago [-]
"How do you do anything during that weekend, …?"
Easy, do what we did before mobile phones—civilization existed for thousands years and worked quite well without them (Rome built an empire sans mobile phones, so did the English). We even ran and coordinated the largest and most organized event in human history—WWII—without them!
Some of us have not yet succumbed to phone addiction (I often go for quite some days without using a phone and still have a normal life).
crazygringo 7 days ago [-]
Hey, if you want to go back to life in Ancient Rome, with the disease and lack of medicine, the slavery, the dictatorship... I'm not going to stop you.
When you say civilization worked quite well for thousands of years, as an argument against mobile phones, I'm not sure you've quite thought your argument through... unless it's always been your dream to be a Russian serf, or an Egyptian slave?
hilbert42 5 days ago [-]
There's no point further arguing about this matter with someone who hasn't lived through both pre and post mobile phone eras.
I'll just add this, I was amongst the first to ever own a cellular mobile phone. I owned several Motorola 'bricks' (DynaTAC) if you're old enough to know what that is, and before that I owned a mobile car phone in pre-cellular times, the nature of that tech was such that very few phone numbers were available—simply it was damed expensive and one had to be very keen to own one.
What I'm taking about is a lot more complex than your understanding (or that which you wish to admit to).
lupusreal 7 days ago [-]
> Also, you forget your phone for a weekend? How do you do anything during that weekend, like keep in touch with loved ones, get driving directions, pull up a boarding pass, check for delays, look up restaurants?
Lmao I regularly go several days without calling family and months between any of those others.
7 days ago [-]
imcritic 7 days ago [-]
Isn't this stupid?
Why not flush something properly in the RAM instead to wipe the "cached" secrets?
A full restart feels like an overkill.
crote 7 days ago [-]
That "something" is at least the entire userspace, so any attempt at doing so ends up being UX-equivalent to a full restart - while having a decent chance of leaving unintended trace data lying around in memory.
A full restart guarantees that everything will be wiped.
7 days ago [-]
scarface_74 6 days ago [-]
It’s not about data being wiped. It’s that neither Android nor iOS has
fully encrypted storage after you reboot and enter your credentials - biometric or passcodes.
scarface_74 7 days ago [-]
It’s not just the RAM. Android devices and iOS devices are not that secure after first unlock (AFU).
The system is provably fully encrypted after a restart.
subscribed 6 days ago [-]
It also terminates almost all malware and makes sure the device is encrypted and the keys cannot be extracted.
MattPalmer1086 7 days ago [-]
Not really.
Restart - simple with known and predictable effects, data no longer accessible, all secrets flushed no matter where they were or cached.
Turn off disk encryption, suspend all running services, overwrite all secrets in the O/S wherever they are, and then restore all that on entering password. Probably can't do anything about secrets cached by actual apps.
Complex, hard to maintain and probably buggy.
Rendered at 06:04:36 GMT+0000 (Coordinated Universal Time) with Vercel.
It's not even necessarily that good enough against cops, because in a lot of shitty countries, even some pretending to be democratics, not disclosing or at least inputting your password might be a crime severely punished. If I'm not wrong, there was a guy that had to stay years in jail until he would comply with the judge order to unlock his device.
It's often configurable, but e.g. carrier policy or local vendors can enforce it.
To have updates automatically install overnight is the maximally desirable scenario - waiting for user approval usually result in open vulnerabilities, and if you interact with a prompt you are by definition using your device and it is therefore a much worse time than while you're asleep.
On Android, my experience has been that new major versions are often unstable / involve some risk of bricking / include feature regressions (dumbing down of multi-task in Android 13 if I remember well). Waiting for a few month before installing a major update, while not optimal for security, is necessary to make sure that the most critical bugs are fixed beforehand.
Regarding applications, today there's so many applications being always updated all the time that there's no way it's good for the flash memory to constantly rewrite it every day. Plus this often leads to random application restarts while they are updated automatically. (and non-OSS applications updates can result in unwanted changes such as more ads, random changes in UI...).
It's still possible to disable automated updates on Android and I am glad that they allow it.
Major version upgrades are a different type of upgrade altogether. They are optional while the previous major is still maintained.
Minor upgrades is what should always be automatic.
> Flash wear
No, it doesn't matter.
Total write endurance (i.e., the number of bytes written the device is designed to handle under some standard load) is usually a large multiple of the chip size itself - say, 200x-400x, so e.g. 100TB of writes for a 256GB setup. A particular workload is only really meaningful to flash wear if it is in the scale of several full storage rewrites during the lifetime of the device.
The exact write endurance depends on the exact configuration (specific chip selection, allocated reserve), but even microSD cards have wear levelling these days.
Your device is going to die or be retired with a certain flash write wear, but I find it extremely unlikely that your device will die of a flash write wear. The wear endurance is dependent on the specific flash setup.
A much larger cause of wear is app caches (e.g., streaming video continously overwriting a disk cache, browsing social media). If you take pictures, those might end up written multiple times as first the original is written, then the automatically processed version, then any edits you make, then if storage saving measures is enabled maybe its deleted and a compressed version is written, if you later open the app the original is downloaded and written again, ...
I don't think there is such a choice on Pixel phones but I'd be happy to be proven wrong. When the next major update is available the phone just asks to update to it every few days (but won't do it without user consent). I don't think there's security updates on a given phone for old major versions when a new one is available (there likely are for older phones that don't get the major update however).
Thank you for your explanations on flash wear, makes sense. Taking a low value of 13TB endurance (64GB times 200), this is still 7GB per day for five years and I don't think app updates can consume that much.
And yes, this has actually happened to me at least twice.
I've had that happen a few times and the alarms went off on time but they used the default alarm tune instead of the one I had selected, presumably that data was still encrypted.
The amount of misinformation in this thread is huge though. I generally read every changelog for major Android updates and the amount of engineering going on is amazing. People just assumes that a few things doesn't work while they do.
Unless of course OP is using a custom alarm app this may be true, but then it is the app fault and not Android.
Edit: accordingly to ChatGPT the feature is the WorkManager: https://developer.android.com/topic/libraries/architecture/w.... I can't confirm this but looks correct to me after a quick look at its documentation.
They all even share a unified battery charging mechanism and integrated packaging for easy portability.
I'm not sure if the idea of these pocket supercomputers will ever catch on, but it sure seems like it'd be nice.
These have existed for many decades.
(And it has been problematic for me at times when this happened.)
And that's ignoring the fact that disconnecting power, waiting a few days and then reconnecting it will inevitably let you cold boot it, too (which this would be an equivalent to - as far as I understood it)
power+volume = screenshot
If you enter password 1 it goes into your normal account, if you enter password 2 it goes into another user account with a burner environment where you can install a few token commonly used apps for plausible deniability.
The existence of password 2 should be optional and you should not be able to tell if the system has one or two passwords configured.
It's gonna be seen as pretty implausible when you don't have constant & recent messages with your loved ones in there.
There could be secret pathways but I don’t know them.
When Google does it: "Google is using it to help the FBI"
(But the iphone was hacked by the FBI...)
This sounds a lot like the Regulation of Investigatory Powers Act 2000 in the United Kingdom, where several people have been prosecuted and imprisoned for failing to provide encryption keys.
https://arstechnica.com/tech-policy/2017/08/man-in-jail-2-ye...
This scares me, because I have plenty of old devices I no longer know the passwords for. I don't think I'm alone - plenty of people forget passwords they don't use in years.
If the police came and searched my house, they could probably find some ancient laptop or phone from a decade ago, demand I unlock it, and then put me in prison forever when I cannot do do so.
Also (this may be of limited consolation) the officer who compels you to disclose the key must have some idea of what data it is protecting in order to satisfy RIPA 2000 s 51(5)(a):
> The matters to be taken into account in considering whether the requirement [for proportionality] of subsection (4)(b) is satisfied in the case of any direction shall include... the extent and nature of any protected information, in addition to the protected information in respect of which the disclosure requirement is imposed, to which the key is also a key
Possibly could have gone differently if they had said they changed their 15 letter password every two weeks, but really?
If there's an excuse for something that is difficult to disprove because it's based on the word of the person it would undermine the justice system.
Imagine if ignorance of the law was an excuse.
CPS won’t (as a matter of policy, and also can’t afford to waste time and money) spend time trying to prosecute a forgotten password for old laptop, unless it’s connected to some other serious, evidenced, allegations.
(I was on a jury in just this situation. Reasonable doubt is a high bar and prosecutors know this).
https://walzr.com/bop-spotter
Same for 5G modems. A $50 phone will give you gigabit 5G, but you'll pay $500 to get that in non-phone form factor, mostly because on patents on the 5G tech which are charged differently for phones vs dedicated modems.
I think the main advantage to using phones for random stuff is availability: We here on HN probably have a decent selection of old phones to pick from, so it doesn't cost any money at all to give a new purpose to one.
Don't think old Androids will get this update.
This is again Apple being Apple making things harder without option to disable it even when development mode is on.
Has anyone found a way to bypass it?
One physical option to bypass it on iPhone SE is to actually physically activate PIN entry and then use Voice Control command to enter the pin since it works even before first unlock. Though this is basically compromises pin and device encryption. But it's cheap since there are plenty of $2 devices that can simulate touchscreen clicks.
I just want some easier option that works and not require agent 007 setup to just run a buld of my AI-generated crap via Xcode.
Don’t set it up with a passcode in the first place?
It's not like I'm trying to defend against some state actors or whatver.
7 days timeout on was introduced in iOS 18, but then decreased to 3 days. I dont use this device physically - it's just a phone that always connected to power and sit on top of mac mini for debugging and running some ios exclusive apps.
And I honestly dont do anything remotely interested to the police to worry about it. Yet it all just worked and now it doesnt.
If you're able to have fully unlocked devices at your test setup I'd suggest giving that a shot to see if it fixes your issue around device restart.
For obvious reasons those ads are long gone...
Web browsers are an immediate example that comes to mind. When everyone started switching to Chrome, the other browsers fell all over themselves to strip down into minimalism, as though it was the sparse UI that was capturing users' hearts, as opposed to the rendering speed and compatibility. So then you had all these other fat, slow browsers that took away the only thing that was still distinguishing them from Chrome.
In this case though, I guess it's about money. Why put in an SD card slot when you can instead extort your customers for a cloud storage subscription or a lucrative upsale to the higher model with more storage?
Meanwhile as a customer nothing makes me more irate than "upgrading" to something that's worse because I can't replace the battery and the OS no longer gets updates.
In December 2024 all UN member countries voted in favor of "UN Cybercrime Treaty" which binds signatories to adopt a legislation to force you to give cops your passwords and other credentials.
https://documents.un.org/doc/undoc/gen/n24/426/74/pdf/n24426...
It’s a good and reasonable feature, especially if for some reason you are afraid of state or security agencies in a place where you live, or maybe during travel. It’s still questionable, because in some states you can indeed go to jail if you don’t unlock. Yet, I really want to be able to turn it off for use-cases like mine.
I have to have 3 devices: mine, work and a shared one for travel that crosses customs boundaries. It’s a massive pain in the ass.
Even if the end result is the same, anything that forces authorities to use official power over informal power is a net win.
Sure! Otherwise we won't be able to smoothly run our own servers on our phones: https://news.ycombinator.com/item?id=31841051
Yes. But quite honestly the right solution for that would be Apple providing an alarm clock API. The alarm clock application could call it with the next scheduled alarm’s time and the os would just wake up at that time and let the application do the sound / alarm thing.
I think you're basically calling out all the democracies, then.
If we start being perfectionist, we pretend there's no difference between most nations in the rights their citizens have. And that's not even remotely true.
An (Italian) friend of mine was stuck in Newark for 8 hours after he refused access to his phone, dragged in some room and questioned for hours along his wife while split from him own kids, even though he later gave them the password (he initially said no because he thought it was out of the line, he had nothing to hide).
He left livid for Italy 16 hours later despite being free to go on with his vacation.
Land of the free my ass.
It's extremely dangerous to condone and think that police officers are entitled to write the rules.
That said, the last time I went to Italy the customs guy looked annoyed at being awake. He asked my son’s age (he is huge but too young to use the electronic gate), then shrugged and stamped my passport with all of his strength.
Most countries recognize very different limits at a customs boundary. Is this appropriate in an age where a tiny device gives you access to all of your "papers" in many cases? I don't think so, but international law doesn't recognize our concerns with respect to that.
In the US I've heard that boundary (the "border") encompasses ~75% of everyone living inside. It's like "within X miles of a border" and includes rivers and airports as well as the entire coastline.
I'm not up to date on these rules and who's been caught out by them, but I have repeatedly heard the claim above.
Even on Schengen borders they can ask you for your phone and deny your entry if you don't comply as a non-citizen.
So maybe something like a paired app with a friend/someone who is beyond the reach of the authorities, and if the phone isn't unlocked in a given definable period (or it can be triggered immediately), it then can't be unlocked without that person's active cooperation.
That's off the top of my head, so I'm sure there are optimizations.
Currently only available for Pixel phones, 6 and later. Offers many other security-related features.
But the problem is that when authority wants you to unlock your device, they kind of already know why, what they are expected to find but they would that as a more complete proof. But from external input they would expect some downloaded files or accounts (like social accounts you were connected with your phone a minute ago), some SMS they saw passing, some call logs, so connection to your known accounts...
What's your point? That because it isn't useful in every country, it's not worth making available to any countries?
It's not preventing you from providing your password.
You started by saying it's a good option to have, so I don't understand the point of your second paragraph.
And to your point, I believe it's now the case in the U.S. that you can be legally compelled to unlock a fingerprint lock, but not a pin for whatever reason.
You don’t have to do anything for someone to hold a phone to your fingertip, or a camera to your face.
An argument against being compelled to provide biometrics does not necessarily hinge on it being analogous to testimony.
There is a specific precedent where you being compelled into providing biometrics can be inadmissible, and that is where you are compelled to unlock the phone, since doing so, even with biometrics is akin to providing testimony that the phone is yours, you know how to unlock it, which finger to use, etc. (see United States v. Brown, No. 17-30191 [1]). But that doesn’t actually prevent them using your biometrics to unlock the phone, so its pretty niche.
[1] https://law.justia.com/cases/federal/appellate-courts/ca9/17...
But you're replying as if my comment was claiming courts haven’t treated biometrics like physical evidence. That's not what I was doing.
The reference to Brown here appears to be massively misleading: far from being niche, it complicates the biology != testimony in a way that cuts to the heart of the most common real-world application of biometric compulsion which is smartphone access; from chatgpt'ing about it it appears that it's not the only court to rule on this and it probably awaits a SCOTUS decision to resolve an existing split.
The Supreme Court has declined multiple times to hear cases that would help settle the legal ambiguity. I don’t think United States v. Brown complicates things because the specifics on the case were not whether or not you can be compelled to provide biometrics, but whether being compelled to “unlock a device” and manipulating the device yourself constitutes protected testimony. [0] They even cited United States v. Payne [1] where the court upheld that forcibly taking your finger to unlock a phone did not violate the defendant’s Fifth Amendment rights, and at issue was only the wording of the order.
From my understanding, the current split about being compelled to provide passcodes, and to a much lesser extent biometrics, is the foregone conclusion exception stemming from the Fisher v. United States [2] case, where, as Justice White said “the existence and locations of the papers[were] a foregone conclusion and the [defendant’s physical act] adds little or nothing to the sum total of the Government’s information by conceding that he in fact has the papers… [And so] no constitutional rights [were] touched. The question [was] not of testimony but of surrender.”
This has been used in relation to court cases on biometrics and passcodes [3]. It appears that courts that rule that you can be compelled seem to look narrowly at the passcode itself i.e. the government knows you own the phone and knows you know how to unlock it, so it is a foregone conclusion to provide it. Courts that rule you cannot be compelled seem to look at the phones contents i.e. the government does not know what is on the phone so decrypting the data would be providing protected testimony, or a stricter interpretation that you cannot be compelled to disclose the contents of the mind.
[0] Somehow I linked to the wrong case originally https://law.justia.com/cases/federal/appellate-courts/cadc/2...
[1] https://cdn.ca9.uscourts.gov/datastore/opinions/2024/04/17/2...
[2] https://supreme.justia.com/cases/federal/us/425/391/
[3] https://www.barclaydamon.com/webfiles/Publications/Unlock-De...
Not really. Samsung was the first with this, but their reasoning had absolutely nothing to do with security. It was because their phones slowed down over time and their solution was to give users the option to reboot it at specific intervals. You could even make the argument that the Samsung solution is still the superior solution because you get to set the interval.
I was admittedly confused about this distinction at one point too. It's a trade-off (although few people effected by this own phones with truly free, user-respecting soft/hardware in the first place).
As the GrapheneOS docs note, the feature is better implemented in init and not in system server or the app/services layer like Google has done here? Though, I am sure Google engs know a thing or two about working around limitations that GrapheneOS developers may have hit (in keeping the timer going even after a soft reboot, where it is just the system server, and the rest of the userspace that depends on it, that's restarted).
They went with 2^32-1 milliseconds or about 49.7 days.
We don't talk enough about Microsoft's strong legacy of security innovations, IMHO.
https://web.archive.org/web/20041207171440/http://support.mi...
https://web.archive.org/web/20130731171959/https://sites.goo...
The minimum on GrapheneOS is 10 min and the maximum is 72 hours. It can also be disabled.
The system only reboots once it has been locked for a particular duration. Setting it to 1 minute basically says: put the system into a more secure state (e.g. purge unencrypted memory) and ensure that it is ready to go when I next need it. That said, while it is not unrealistic it would be problematic since accidentally letting the phone lock (e.g. input timeout) would result in a time consuming reboot.
---
### Google Play services v25.14 (2025-04-14)
#### Security & Privacy
• [Phone] Enables a future optional security feature, which will automatically restart your device if locked for 3 consecutive days.
I found it strange that things like 'prettier settings screens' and 'improved connection with cars and watches' would be included in Google Play Services. Surely those things are part of the OS not part of a thing which helps you access the Play store?
I've been using a LineageOS (prev. Cyanogenmod) phone for years and have never installed any google stuff so I don't get these updates anyway.
1. It's deployed to all devices and not subject to manufacturer approval for updates
2. It's easier to update without requiring user interaction or approval
3. It's closed source unlike Android so changes can't be incorporated by competitors
I have that on a spare unrooted Android phone. Seems to be working so far. But I'm sure Google could bypass it if they really wanted to. I don't know if they've ever made an effort to bypass Netguard (or similar) in the past.
Picked up a gl.inet x300b off ebay and never looked back.
- [ ] Reboot
- [ ] Power Off
- [X] WIPE triple opt-in
Maybe there is a custom phone OS for this that makes the phone act more ephemeral and network boot off my self hosted iPXE/immich server? A dumb smart phone so to speak. An ephemeral diskless phone.
I think it should be doable _technically_, but I think getting the mobile radios working before the OS boots would be challenging.
Like I could just grab your thumb drive, and put a new system on there that looks the same, and steals your password.
Some people lose or get their phone broken and start from a blank one on a regular basis.
In my case the only things that matter to me are synchronised through syncthing and radicale (a carddav/caldav server).
That said, I think this is a fairly good idea, although with the encryption stuff they do, this will cause people who rarely use their phones to miss calls and alarms.
If this is true, then the new update will save a lot of battery for those phones that are sitting idle.
This will be fun to track down after a long weekend in embedded devices once this android patch number is old enough to be baked into crappy payment terminals and mall kiosks.
Probably overall a good thing though.
> Security & Privacy
> [Phone] Enables a future optional security feature, which will automatically restart your device if locked for 3 consecutive days.
So it only "enables" a "future" "optional" feature.
1) There is no developer accessible API to allow app developers to create an app to allow me to script power options (example, as an end user I want to script a restart or shut down my phone nightly).
2) Asking Google Assistant will not restart or shut down the phone.
3) Apple and Android have made it harder to shut down the phone, requiring double key press kung fu to even bring up the power menu.
One click for me and it restarts fyi
It appears as an “app” like any other
Open it, will ask you to confirm, hit yes and it will restart
Some time later, you need to do something on the phone, you unlock it, the app starts up, and a flood of messages pours in. Wow, some of those would've been really useful to receive in a timely fashion! Whoops!
Besides most people support the police no matter what. Police know not to abuse their powers against Whites.
https://www.blackenterprise.com/white-protesters-form-human-...
In contrast, technological change will forever alter the balance of power. What we should be asking is "Instead of patching society with political solutions, how about we solve fundamental problems permanently with technology?".
I don't know if it'll take a fancy buzzword or what. Unobtrusive software? Silent Software?
STFU (BSD equivalent) and STFU-O (GPL equivalent)
No LGPL equivalent because I would want even software that uses STFU-* licensed code as a library to follow the STFU-* license.
Just have to explicitly define what counts as a notification lol
Samsung's have had some feature that lets you set days of the week for the phone to restart (IME during early morning hours) automatically. It's not perfect but it's something. iOS seems to have some unclear logic to either restart or re-request password (not biometrics).
This should be standard
Only law enforcement cares about the difference between the AFU state and BFU state.
firstly how about fixing software which forces 'inactive hours' yet reboots even when cpu is at 100% utilisation, and software which dims or locks a mobile screen during video playback, and soft/hardware which doesn't respect user-supplied suspend/standby timeouts in their power plans, and ....
Wouldn't the phones run out of battery after a few days anyway? Or do they keep them plugged in?
Lmao.
> The early sluggishness of Android system updates prompted Google to begin moving parts of the OS to Google Play Services. This collection of background services and libraries can be updated by Google automatically in the background as long as your phone is certified for Google services (which almost all are). That's why the inactivity reboot will just show up on your phone in the coming weeks with no notification. There are definitely reasons to be wary of the control Google has over Android with elements like Play Services, but it does pay off when the company can enhance everyone's security without delay.
All the more reasons to move to AOSP forks.
If you are in a hospital- your phone will reboot to pin level. So you need to unlcok it few times and wait 3 minutes before it becomes reactive.
Then all your alarms will not work.
They add crap like this, yet the stock calendar app needs a separate appto play music to warn you. This of course breaksafter a reboot..
My grandma has a second phone as backup - it will constantly reboot and will never be ready to be used the time it is needed - as a backup. Since it will keep rebooting and requiring a pin.
Who comes up with those anti user ideas?
That we will probably be unable to turn off (or the option to turn off will disappear after few months). Also old people will not know how to turn it off
Not sure I'm too happy about this...
Sometimes it feels like tech is going backwards. Rather than rebooting, just develop a proper method to unload/uncache, without making a device useless while that happens. Or use that multicore arch to swap the “dirty” instance with a clean one, in realtime.
https://briarproject.org/download-briar-mailbox/
It works there better anyway, because it's integrated with the OS, and not just one privileged service.
Not falling for it anymore. Fuck Google and the rest of Big Tech.
Why would I want my phone to auto reboot without my intervention? Never mind that it’ll never make three days on a single charge even if I don’t touch it.
The BFU state is more secure than AFU.
Even if you somehow live in a jurisdiction with a perfect justice system, that doesn't mean everyone else is.
Whos justice system? Lots of countries represented on HN. Many with questionable systems.
Law enforcement keeping hold of my phone for 3 days is simply not a realistic problem for me. Coming back to an annoyingly locked phone after forgetting it for a weekend very much is. The chances of law enforcement wanting anything with it are low enough that dealing with an extra unlock is more likely to be an impactful issue, even considering the potential impact that law enforcement or others stealing it could have.
That's what cops and spooks would like to have you think.
It's not a problem, until it suddenly is.
It is?
I mean, my iPhone asks me for my passcode every 7 days anyways. And that's the only thing that happens on reboot anyways.
Also, you forget your phone for a weekend? How do you do anything during that weekend, like keep in touch with loved ones, get driving directions, pull up a boarding pass, check for delays, look up restaurants?
Easy, do what we did before mobile phones—civilization existed for thousands years and worked quite well without them (Rome built an empire sans mobile phones, so did the English). We even ran and coordinated the largest and most organized event in human history—WWII—without them!
Some of us have not yet succumbed to phone addiction (I often go for quite some days without using a phone and still have a normal life).
When you say civilization worked quite well for thousands of years, as an argument against mobile phones, I'm not sure you've quite thought your argument through... unless it's always been your dream to be a Russian serf, or an Egyptian slave?
I'll just add this, I was amongst the first to ever own a cellular mobile phone. I owned several Motorola 'bricks' (DynaTAC) if you're old enough to know what that is, and before that I owned a mobile car phone in pre-cellular times, the nature of that tech was such that very few phone numbers were available—simply it was damed expensive and one had to be very keen to own one.
What I'm taking about is a lot more complex than your understanding (or that which you wish to admit to).
Lmao I regularly go several days without calling family and months between any of those others.
Why not flush something properly in the RAM instead to wipe the "cached" secrets?
A full restart feels like an overkill.
A full restart guarantees that everything will be wiped.
https://blogs.dsu.edu/digforce/2023/08/23/bfu-and-afu-lock-s...
Restart - simple with known and predictable effects, data no longer accessible, all secrets flushed no matter where they were or cached.
Turn off disk encryption, suspend all running services, overwrite all secrets in the O/S wherever they are, and then restore all that on entering password. Probably can't do anything about secrets cached by actual apps. Complex, hard to maintain and probably buggy.