https://www.reddit.com/r/androidapps/comments/1cscmu8/app_th...
My Xiaomi phone had a feature where it would boot the phone shortly before any alarms would go off, so you could shut it down before bed and barely drain the battery in the mean time. Still required manual shutdowns, though.
1) Keep the alarm data in an insecure location so that app can work before login. (A read only cache is fine)
2) Let me _choose_ if some other apps can live in the insecure storage partition too. E.G. Google Voice comes to mind along with any basic carrier integration stuff you'd rather just have even on a fully locked phone. (Why GV in unlocked? It interacts with the insecure phone network anyway, so that's not exactly holding much back. Maybe make message history harder to get to with a still locked device.)
Set it sufficiently low, and it's a pretty good option to ensure keys are evicted and if you use a SIM pin, it's even better.
Sadly GrapheneOS is only available on recent Pixel devices. I know I'm probably the only one that still cares about these features, but I won't buy a phone that requires me to hot-glue a USB dock to it just to get 3.5mm and microSD if I can simply buy a Sony instead :/
Locking and disabling biometrics are good ways to add a quick layer of protection, but rebooting makes it incredibly difficult for exploit kits and other hacking tools to dump the contents of a phone's storage.
I'm thinking this may just be a bug (how often does a real world iPhone get zero available networks of any kind? Probably not enough for that use case to be tested thoroughly for days) but with how hard law enforcement is panicking about this, maybe it should be a feature. If they care this much, I don't think their expensive hacking subscription they've bought is working anymore, so it's probably working around some pretty bad vulnerabilities in iOS.
Edit: wrong link
I know mobile networks keep lists of stolen devices, but they can't be used at all? Like all possible recovery modes demand authentication?
Newer phones for, I want to say maybe the last 5 years, yeah.
If it's turned off and you don't have the code to boot it, you can't access any kind of bootloader or recovery mode, it just shows a screen with an obfuscated email that is required to unlock it or something similar.
Gone are the days of just being able to do a factory reset.
Obviously, the logic board is locked to the owner's Apple account, but so is the display, battery, camera, and selfie camera. Basically the only thing you can reuse is the metal frame of the phone.
Phones are still stolen (since the cost of theft is $0) but stolen phones are worth closer to $5 than $1000.
That being said, I have heard of a weird automation someone made where it would open an app as soon as they went to the Home Screen. It took some thinking for them to deactivate it because the shortcut was really fast to activate.
Makes no sense.
This is absolutely some kind of non-technical user superstition style claim born from a little bit of paranoia that Apple hates cops because they don’t roll over easy (though they do follow subpoenas they are technically capable of following).
You can also ask Siri to reboot or turn off your phone, Siri will ask you to confirm you want to do the action, but it doesn't take too long to do. Just in case you don't want to reach for your phone for what ever reason.
Some keys can still be read, and depending on the exploit they use a lot of data could be extracted. BFU + good passcode is always the way to go.
"Before first unlock", for those like me who weren't familiar with this particular acronym.
Iphones have 2 states when it comes to encryption:
Before First Unlock (BFU) - everything is encrypted. The most difficult state to hack.
After First Unlock (AFU) - data isn’t fully encrypted. Maybe it's for performance reasons. In this state exploits exist which police can use to get data.
Your suggestion of getting to the 'slide to power off' screen does NOT hardlock the phone (it does not put it in BFU).
It just means it requires a passcode. However, since it is in AFU mode, data can be exfiltrated with the right tools.
You should definitely power it down to be secure.
Apple “helping criminals“ is a gold mine.
I can’t read the full article, but I’d be surprised if the cops didn’t manage to claim how this is somehow related to fentanyl in there somewhere.
Or heck, if the phone thinks the cellular modem isn’t working (like the phone in a faraday cage), some watchdog might just timeout and reboot.
In any case, the idea that they’re randomly networking and intentionally rebooting to thwart this specific law enforcement attack seems pretty unlikely.
Apple‘s stance is to build strong encryption so that they can’t access customers data. What they have refused to do is weaken that encryption so that they could start complying with future requests or sign tampered with firmware that would allow the decryption without user authorization.
1. Your backups are encrypted in transit and at rest. You have a key, Apple also has one.
2. You can optionally ask Apple to get rid of its key to your backup. (https://support.apple.com/en-us/108756)
So sit around in a less secure state for weeks and months and only when externally triggered reboot? That's a stupid feature and makes no sense. If you were to base any partial security measure off of how long a device has been powered up and locked, then just use a timer. Why wait for another phone to wander by?
Though the digital forensics lab claims they were all in airplane mode with one inside a faraday box, so how are they communicating with each other? This suggests incompetence on their part, perhaps not actually putting them in airplane mode or not understanding that bluetooth/wifi can be enabled (and may enable themselves) separately from the cellular radio.
At most an iPhone may be able to broadcast a Bluetooth message saying “anybody out there?“. I don’t even know if that’s possible. I’m sure Apple‘s white paper has the answer but I don’t remember it.
The 'Find My' network uses all iPhones/iPads/Macs (unless disabled) to locate said devices and other items over Bluetooth LE.
> The Find My network is an encrypted, anonymous network of hundreds of millions of Apple devices that can help find your stuff, even when it’s offline. Nearby devices securely send the location of your missing device to iCloud, so you can find it in Find My. It’s all anonymous and encrypted to protect everyone’s privacy. — https://support.apple.com/en-au/104978
It’s like an automated ARP response packet that’s automatically transmitted occasionally without needing to hear a request.
And if it reboots on the cops Apple probably considers that a plus.
My guess (and this is just a complete random guess), its a bug not a feature, prob to do with Find My, all the phones are prob airplane mode and they are all trying to talk to each other (and to the mothership) regarding Find My and are crashing out.
I wonder if that's all this is. Probably a memory leak somewhere or some other bug.
I don't think Google is in this same category at all. Didn't they just recently give nest door unlock codes to LEO without even asking for a warrant?
Apple and Google are on different planets when it comes to user privacy.
If you are not looking at a phone all day, you may not have noticed that the power was out to them over some weekend.
Law enforcement seems to be reading the behavior into the iPhone, which is understandable. They’ve see it before.
The real concern is how law enforcement seems to create these bright lines between “legitimate” and “illegitimate” security.
Shutting down when an attack is suspected is a reasonable security feature.