Comments

Clive Robinson April 22, 2025 12:53 PM

@ ALL,

“Android phones will soon reboot themselves after sitting idle for three days.”

I guess “sitting idle” is a matter of view point…

The story begins much as it did for Apples iOS back in 2006 or earlier when Apple and Google decided to not just take over the “mobile phone” OS market, but as we now know turning users into product and a captive source of income via the “Walked Gardens” that were supposed to give users security.

We know that both Apple and Google failed of the security aspect as quite a few predicted.

The simple fact is the “network” side of a mobile phone is very definately not under a users control but the “Network Supplier via the SIM.

As time moved on other networking was added to mobile phones so now as a general minimum you also have 8n addition to the SIM Radio Interface,

1, WiFi
2, BlueTooth
3, USB
4, NFC

As a rule of thumb all of these are subservient to the SIM interface to the Network Service Provider.

For such a system to be “secure” requires the “Network Service Provider”(NSP) to “not exert authority”…

Put simply the NSP almost never relinquishes prime control.

Thus you have to consider what

“Sitting Idle”

Really means and I’ve yet to see notes to that effect.

So I would not say such a system is “guaranteed to work” especially with UK and Auz crypto legislation.

If you read the UK “Regulation of Investigatory Powers Act 2000″(RIPA-2000) and “snoopers charter” “Investigatory Powers Act 2016″(IPA-2016) update, you will not find any “valid defence” for an equipment provider or equipment user for such “resets” or as in the case of Signal and similar apps disappearing/self deleting files etc.

That is such things are “unlawfull” and can constitute “tampering with evidence”.

So I suspect it won’t ve long before the UK Home Office comes knocking at Googles door much as it did with Apple just a short time back.

But it has another aspect…

E2EE being “backdoored” is now becoming a “lost battle” and “See What You See”(SWYS) device “client side” “plaintext UI” scanning is being pushed as the new solution.

For SWYS to work then there has to be not just “activity” on the mobile device, it needs to “talk to the mothership”…

This would be very far from “Sitting Idle”…

So do not in any way consider this a “user safety feature” that will be either effective or be alowed to stay in place without a “Master Override”.

Law Enforcement have seen the power of such breaches of user security with the likes of EncroChat. Sufficient in the case of the UK for the NCA to perform “unlawful activities” and the woman who signed off on it to get a fairly high up “Honours Award” rather than dismissal and jail.

Ashley April 22, 2025 3:06 PM

Okay, finally! I’ve been wondering when Android would add this. It’s one of those small features that actually makes a big difference—nice to see it showing up now.

Chris April 22, 2025 3:15 PM

I used a custom Android ROM, so my phone reboots itself several times a day if the nightly build is unstable!

Uthor April 22, 2025 3:32 PM

Sweet!

Now to find out why my phone likes to reboot itself randomly overnight for (seemingly) no reason.

Sami Liedes April 22, 2025 3:50 PM

Hmm. Why reboot, couldn’t they just encrypt all memory not needed for the lock screen and tie the key to security chip approval? Probably hard to achieve, since apps are not designed to be paused indefinitely?

webbnh April 22, 2025 6:57 PM

Could someone remind me exactly how this is good?

What if I have my phone locked and in the state that I want it in? The last thing I want is for the phone itself to be able to accept software “upgrades” and then autonomously restart.

My phone and tablet already do too much stuff without my permission. Having it able to “reset” itself just brings it that much closer to being unavailable when I want it.

anon April 22, 2025 10:27 PM

I guess this means that android phones will no longer be usable as emergency phones, at least without disabling updates and turning off this feature. The last thing you want to do in an emergency is enter a passcode before it will boot far enough to make an emergency call.

ResearcherZero April 23, 2025 3:05 AM

@Sami Liedes, @anon

If the data on the device is at rest and encrypted it is much more difficult to recover useful information and read the databases and logs stored on the device. This does require that a secure enough pin is used to prevent it being easily broken. A 4 digit pin will not be enough to prevent forensic recovery. An alphanumeric pin with more characters is needed.

The phone has to restart in order for memory to be cleared and data at rest to be in an encrypted state. The idea of phones rebooting is so that data forensics cannot then recover residual data from memory. There are other tricks and exploits used to access data over a custom USB connection, such as those used by devices made by Cellbrite, to initiate data access, break the pin and then dump details from databases stored on the phone.

In order for you to access data it has to be unencrypted and then loaded into memory. The various techniques that data forensics exploit, can bypass security features by gaining data access via the USB port. This can allow various options, depending on what level of access is available due to the state of the USB port access. If you have access to a device you can force it into recovery mode and this can allow additional levels of access.

If you set the phone to only install updates over WIFI and turn off WIFI, it will not update. There is the Data Saver setting as well, but its options are limited.

It is a trade off between privacy and security, or extra functionality. Perhaps you could try an alternative operating system than the stock Google OS. Your device would not have all the bells and whistles, but you would have more control and some of these other operating systems have many more settings and configuration options than the original OS.

(you do have to understand what all of the added functions do and read the WIKI/manual)

The benefit of operating systems like Graphene OS is that you can control how USB connects and when it unlocks the data connection, as well as when and how updates take place.

There is also the ability to install Google Play in sandboxed mode. You also gain far more control over your data and what types of data apps are allowed to share, than with the original operating system – and more control over the type of mobile connections that the device makes to mobile networks. You can also install apps from the original ROM to customize your install, though you will then lose some of the added security benefit.

Understand that a device can be held until enough vulnerabilities are available as the phone is not being updated while it is held – waiting for the forensic analysis.

You can set an easy Duress Pin which will wipe and factory reset the phone if entered.

ResearcherZero April 23, 2025 3:11 AM

Another option is to have a trusted third-party remotely wipe the device if it is seized.
Obviously if you were in custody when this happened, it could not be you who did it.

Clive Robinson April 23, 2025 7:06 AM

@ ResearcherZero,

“Another option is to have a trusted third-party remotely wipe the device if it is seized.
Obviously if you were in custody when this happened, it could not be you who did it.”

Two points, one “technical” and one “human”…

Years ago on this blog @Nick P, others and myself had a series of discussions about this.

@Nick P pointed out that an “agent” be it human or mechanical would have to be not just “out of jurisdiction” to you, but in one that was actively hostile politically. He picked China I picked “China through Russia”.

In a way @Nick P predicted what the US would do with regards Julian Assange, in that they “bought of Ecuador”. My choice of adding Russia based on how cyber criminals were in effect “protected” kind of became a predictor of where Ed Snowden ended up.

The point is the US and most Western Nations have “limits” on their “might is right” attitudes.

Thus the “agent” needs to be beyond reach, but not blockable by the jurisdiction you are in. There are “technical ways” to do this but as with all things,

“The more you walk a path, the more visible it is to others eyes.”

Or more correctly it’s subject to correlation attacks simply by analysis of logs.

So what ever you do needs to be not just dynamic but adaptable.

But your second point about it can not be you if you are under restrictive detention, has an obvious flaw as far as the law is concerned and that is “conspiracy to XXX”.

One way around this is “by policy”. That is an entity to which you are beholden to –ie employer– can put in place a “general policy” to protect not you but their interests. That is your phone is a work phone that gets certain “proprietary / trade secrets” wiped at midnight then resets the phone.

Remember traditionally for an act to be illegal and subject to punishment, it generally requires “a guilty mind” and that has to be demonstrated by a prosecutor in front of a group of your peers “beyond reasonable doubt”

Which is why as you know certain politicians are desperate to get rid of “juries” and have “judges subject to leverage” as the sole arbiters of “guilt”.

Chris April 23, 2025 8:54 AM

@ResearcherZero

If you really, really think you’re in danger of being detained and having your device seized and examined by a hostile government, the best way to protect yourself might be to take the concept of automatic reboot to the extreme and implement a “dead man’s switch” beforehand whereby the device will be deleted/wiped/factory reset after a certain interval where you fail to do something that prevents it from happening.

Peter A. April 23, 2025 10:54 AM

“The only way to win is not to play”. Why take a “device” with you into a hostile area in the first place? Do you absolutely need it with the data that can hang you planted on it? Do you need it at all? You can still do most daily things without “a device”, even if it needs more work/attention/skills: paying with cash, navigating with a map or by just asking around, filing paper documents etc. etc. If you really need one at your destination, buy one there – far from the point of entry, at a random pawn shop or used electronics dealership. Dump it before returning.

Just take a pause from “the socials” and the like.

Clive Robinson April 23, 2025 2:37 PM

@ Peter A., ALL,

With regards,

“The only way to win is not to play”

The only sensible option since 1983 😉

But you and I differ slightly on,

“If you really need one at your destination, buy one there – far from the point of entry, at a random pawn shop or used electronics dealership. Dump it before returning.”

Yes you can “dump it” but that has certain “disadvantages” (which I won’t go into now).

My prefered option is to give it with a good top up of units –payed for in cash– to a charity, or back to a pawn shop etc.

That way there are no “sharp tails” on the distribution curve.

Oh and @ALL,

“Don’t be dumb enough to put apps on your Mobile or Smart Device…

Because the number that “phone home” or “the mothership” in some way is considerably greater than the ones that don’t.

Worse those apps where the developer code does not “ET phone home / mothership” all to often use a library that does etc.

Or something else is “hooky” as is the case with the “Brave Browser” (see lobste.rs for the gory details).

The few Apps that do not do an “ET” or worse are generally not “leisure Apps” and so well known that they’ve been independently checked more than once or twice.

But do not assume because you are paying for an App it’s not spying on you in some way… That extra profit can get you a nicer car to drive etc…

DH April 23, 2025 6:09 PM

Do comments submitted via Tor get auto-deleted? I’ve never once had a comment here deleted, since I don’t consider myself toxic or spammy in any way. Trying again without Tor. Below is the original comment replying to three people:

Hmm. Why reboot, couldn’t they just encrypt all memory not needed for the lock screen and tie the key to security chip approval? Probably hard to achieve, since apps are not designed to be paused indefinitely?

@Sami, I generally love the idea of RAM encryption. A lot of modern Intel and AMD server chips implement some of that, but it seems hit or miss, and it’s near impossible to find on client device CPUs on the consumer market. Same with phone SoCs and OS’s–I’m not sure total RAM encryption is implemented, but I do think modern iPhone/iOS and modern Android (at least on Pixel) have secure enclave/elements for a lot of the key material for the OS-level file-based encryption, at least. I’d still love to see total memory encryption to ideally reduce the attack surface of cold boot attacks?

But to your question, I think it’s just more simple to reboot the device to force all user applications, daemons/services, etc. to terminate and for the phone to be in a Before First Unlock (BFU) state, which has very limited system services running. It’s cleaner and there is more security assurance, I assume.

Could someone remind me exactly how this is good?
What if I have my phone locked and in the state that I want it in? The last thing I want is for the phone itself to be able to accept software “upgrades” and then autonomously restart.

@webbnh, it’s definitely a heavy-handed, forced mandate by the OS overlords at Apple and Google, I agree. It’s probably “good” for “most people.”

I think the solution is to expose this in a user setting in iOS and Android. Enable/disable. And if enabled, then allow the user to set the idle period. Reboot after 1 hour? 12 hours? 24 hours? 3 days (current setting in iOS and Android)? 7 days? Etc. I believe GrapheneOS allows the user to change the timeout period for auto-reboot.

I guess this means that android phones will no longer be usable as emergency phones, at least without disabling updates and turning off this feature. The last thing you want to do in an emergency is enter a passcode before it will boot far enough to make an emergency call.

@anon, that’s legit. I haven’t “tested” a 911 call in Before First Unlock state, but I’m pretty sure in that locked state, anybody can still dial 911 (or the appropriate emergency number for their country). I think that’s why Android moved from Full Disk Encryption to file-based encryption (same with Apple iOS) quite a few years ago–to allow basic stuff to load upon boot even before the PIN is entered.

macias April 24, 2025 8:04 AM

Wait what? So why not make it even more secure, and reboot it every single hour. Or checking in advance if you have real work to do, and if not, refuse to start.

Why not make computers, servers “more secure” and reboot them constantly.

While my primary system is Linux, I use Android very often, and it already annoys me with broken “resume” (YT player especially, but other suffer as well), but maybe Google tries to prove for good how crappy their system is.

ResearcherZero April 27, 2025 2:44 AM

@macias

If the device rebooted all the time it would be rather inconvenient. If you were working on a project or using the device for transferring files, video or photography, an online conversation or meeting and the system rebooted, it would interrupt the process.

Graphene OS for example, allows you to set how often the phone reboots, every 24 hours or 12 hours for example, even more often if you wished and were really paranoid. But if the phone were to reboot too frequently it might become a little inconvenient.

Servers are designed to stay up so that they are accessible and the data they hold can be accessed (this blog for example) and databases need to stay up so data can be synced.

There are trade offs between useful security and completely unworkable and annoying security. Besides, there are many other ways to retrieve information from devices. 😐

Apps do not listen to conversations, many regularly send screen shots to 3rd parties.

‘https://newatlas.com/computers/smartphone-listening-conversations-ads-facebook/

Data provided to government is being redirected for surveillance and law enforcement.
https://theconversation.com/from-help-to-harm-how-the-government-is-quietly-repurposing-everyones-data-for-surveillance-254690

“The collection and sale of this data has real and, in some cases, deadly implications.”

https://www.lawfaremedia.org/article/data-brokers-and-threats-to-government-employees

ResearcherZero April 29, 2025 1:41 AM

Ensuring no sensitive data is stored on your phone may be the safest option. Alternatively a Duress-pin or remote wipe may be the next best solution. If your phone is seized by a sophisticated adversary – it is very likely the data will become accessible.

The USB defenses may not be as secure as suggested, allowing bypass of mitigations…

‘https://arstechnica.com/security/2025/04/ios-and-android-juice-jacking-defenses-have-been-trivial-to-bypass-for-years/

lurker April 29, 2025 9:59 PM

My bank and my doctor, inter alia, are too intelligent and too professional to grasp the concept of separation of communications and security endpoints. Neither do they seem concerned about passing sensitive PII over a device contralled by an advertising broker.

lurker April 30, 2025 1:46 AM

@ResearcherZero
re: juice-jacking

“Special-purpose cords that disconnect data access remain a viable mitigation, …”

Those “charge-only” cords used to come in the box with many “no-usb-data” devices.
Nowadays you have to ask carefully at the right kind of supplier.

JTC May 18, 2025 5:14 PM

I thought I read once a week was sufficient for a reboot. I really don’t need Google doing any more to my phone, thanks. So tired of companies determining what THEY think WE need. At least make it an option. All of us don’t use our phones massively. I typically use mine mostly to clean out most of the email before I get home and an occasional text. I am never on social media.

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.