this post was submitted on 15 Apr 2025

69 points (98.6% liked)

Android

18862 readers

75 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

💡Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.

Support, technical, or app related questions belong in: [email protected]

For fresh communities, lemmy apps, and instance updates: [email protected]

💬Matrix Chat

💬Telegram channels / chats

📰Our communities below

Rules

Stay on topic: All posts should be related to the Android OS or ecosystem.
No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to [email protected].
Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to [email protected].
No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.
No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.
No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.
No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.
No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.
No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!
No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

See thread

Chat and More

founded 2 years ago

MODERATORS

[email protected]

Google rolling out auto-restart security feature to Android (9to5google.com)

submitted 4 days ago by [email protected] to c/[email protected]

31 comments fedilink hide all child comments

top 31 comments

sorted by: hot top controversial new old

[–] [email protected] 35 points 4 days ago

You say security, I say memory leak fixer

[–] [email protected] 13 points 4 days ago (2 children)

CalyxOS has this too. Choose between 1 and 72 hours.

[–] [email protected] 10 points 4 days ago

GrapheneOS has had it at least a year or so. For that matter it could be pulled from there.

[–] [email protected] 5 points 4 days ago (1 children)

Ive got mine set to 8, so it usually does it while I'm asleeo

[–] [email protected] 3 points 4 days ago* (last edited 4 days ago) (1 children)

Yeah, I have mine set to 12 to be a little less tight. Not so short that it reboots on a regular basis, but I think 12 hours would be pretty short for a thief to get my phone to a cracker in time. (assuming they even have access to tools to crack modern calyxos) I always power off my phone off going through customs.

[–] [email protected] 6 points 4 days ago (1 children)

Sadly, it seems todays law allows them to force you to unlock it, otherwise they straight up treat you as a terrorist. At least in UK it seems (source: Britannica youtuber getting detained when returning home to UK)

[–] [email protected] 5 points 3 days ago

Yeah, my main concern is visiting US customs as a US citizen, there they can't (legally) punish US citizens for not unlocking their phones, aside from a few hours dentention/"enhanced interrogation".

Not sure what the laws are in Sweden and Denmark, where I usually fly into the EU from, but usually they don't search phones at borders. Swedish police are more inclined to just look you up in the residence database and get a warrant for a home visit, I believe.

Other countries would risk a diplomatic incident from Sweden if they used force to make me unlock my phone 🤷

[–] [email protected] 8 points 4 days ago

Already a thing on my phone, update happens and i wake up to my apps not being open.

[–] [email protected] 6 points 4 days ago (1 children)

Use "free" Google services so that any pseudo-governmental entity can get full access to your mails, backups, photos, contacts, location ... but worry about stuff in device memory. Yes. A sane approach.

[–] [email protected] 1 points 3 days ago (1 children)

Google is one of the most security focused companies believe it or not.

[–] [email protected] 0 points 3 days ago (1 children)

If you chose to trust them. Here's a dum-dum, kid. Enjoy your mama's cookies.

[–] [email protected] 2 points 10 hours ago (1 children)

Security and privacy are not the same thing. For that matter, neither is anonymity.

[–] [email protected] 0 points 7 hours ago

Not like I give a shit about which between importance when I have to take some jackass I don't know's word about what one of those, as if it makes a difference, important software is doing on "my" computer.

Fuck that. I know better. It's not my computer. And you think I'm gonna buy some gorram nonsense about the difference between which is which of those trinaries.

You're not listening. You're running your mouth about some shit that is completely irrelevant to the point in hand.

I'l trust Google about as soon as I'll trust that other pedophile nerd who never really wrote anything himself and just stole, swindled, underpaid suckers, etc.

Yeah, okay. It's okay though. This time, you can preach to me about more shit I already know that has absolutely zero philosophical value and expect me to not be snippy again in return to your condescending narcissism.

[+] [email protected] -16 points 4 days ago (6 children)

This sounds less like security

And more like a backdoor

[–] [email protected] 51 points 4 days ago (1 children)

Leaving your keys in memory is the weakness that could potentially let authorities into your phone. This could harm people. If your phone has rebooted, and you haven't logged in yet, there are no keys in memory. That means your data is encrypted at rest.

For the sake of comparison, this was also implemented in iOS 18.

[–] [email protected] 25 points 4 days ago (1 children)

Thanks for the voice of sanity. There are so many people freaked out by basic security measures that it boggles the mind.

[–] [email protected] 29 points 4 days ago (1 children)

Google has broken trust so often, so severely, that it's the default to not trust anything they do, ever.

If they can, they absolutely will leverage basic security measures for their own benefit. And, it isn't like there's no press by governments to backdoor all the things.

So it shouldn't boggle the mind at all. This is what happens when oligarchs and their servants run amok, nobody can trust anything.

[–] [email protected] 12 points 4 days ago (1 children)

GrapheneOS offers such an auto-reboot feature (18 hours by default, but the users can set it between 10 minutes and 72 hours), while the iPhone picked up something similar with iOS 18.1 (Inactivity Reboot) last year.

I was referring primarily to things that are known to be good security practices and widely known and used already. Keeping data more secure at rest goes with the "don't trust anything or anyone" goal, and if not doing it on Android due to said trust or lack thereof, then GrapheneOS offers it too at least.

[–] [email protected] 7 points 4 days ago

Oh, I get it. I'm looking at switching to graphene despite it needing a Google phone.

I'm just saying that people see Google and changes in an article, it's not weird for them to immediately assume something hinky is going on

[–] [email protected] 28 points 4 days ago (1 children)

The before first unlocked state is considered more secure, file/disk encryption keys are in a hardware security module and services aren't running so there is less surface for an attack . When a phone is taken for evidence, it gets plugged into power and goes in a faraday bag. This keeps the phone in an after first unlock state where the encryption keys are in memory and more services that can be attacked are running to gain access.

[–] [email protected] 9 points 4 days ago (1 children)

So hourly reboot is what you're saying

[–] [email protected] 17 points 4 days ago

Depending on your threat model

[–] [email protected] 6 points 3 days ago

Google can already push apps to your phone at will via their remote installation service. How does this create or open a backdoor?

[–] [email protected] 18 points 4 days ago

GrapheneOS has had this feature. Unlocking after a reboot is only possible with PIN. Also the RAM is wiped. This increases security and lowers the risk of attackers gaining access. Be it physically or not.

[–] [email protected] 6 points 4 days ago (1 children)

It's more like security theater if the phone doesn't have the latest OS and doesn't have the necessary hardware to block cellbrite in the BFU state

[–] [email protected] 2 points 4 days ago

What hardware do android phones not have making them vulnerable to cellbrite?

[–] [email protected] 4 points 4 days ago (1 children)

I dump memory more often than you would think. It's usually not obfuscated or encrypted in any meaningful way even though it is fairly trivial to do so.

It's good practice to scour through any bloatware installed on windows laptops. Since bloatware is generally written by the lowest bidder, you can find all kinds of keys and phone-home urls (sometimes with all the parameters) and other weird things. Just fire up a decent hex editor and search for strings in the dump file. You don't need to know jack about reverse engineering either.

[–] [email protected] 2 points 3 days ago (1 children)

I am often working as reverse engineer professionally and I also feel that mindset is half the battle--a willingness to see everything as data and to look inside to see what is there. Like digital spelunking.

[–] [email protected] 2 points 3 days ago (1 children)

That, 200%!

When I started in computers, years ago, I transitioned from QuickBasic directly into assembly. Ever since then, I can kinda "read the Matrix" (Blond, Brunette, Redhead....) and forget about how confusing a raw binary or how a mess of a dmp looks to someone else. (To me, I really just see patterns and nothing massively complicated.)

"It's just data." - You would be surprised how fuzzy that statement is for some people. It's almost exactly like telling someone who doesn't speak any English that "the sky is blue". It's totally cool though! Learning about the internals of any computer is really just a very long chain of "aha moments" as many concepts aren't intuitive.

[–] [email protected] 1 points 3 days ago (1 children)

I get to spend a surprising amount of time reading and writing assembly. I consider myself so lucky to be able to do this, and it's true that after enough time you start seeing through it. The human mind is excellent at finding and seeing patterns. Code is no exception. It's just another kind of data. Even the different compilers have their own flavor after a while.

Curious to me that you began in Basic; my experience is that people continue to see their first language in other languages for some time, and the best reverse engineers I've met usually start with something unusual. My hypothesis is that when you start in a weird place, it brings all others closer together so that they appear not so different from each other. The distance between the top of the mountain of code and the deepest valley of flat data doesn't seem so great if you start with, say, Lisp and you never considered that lists weren't both code and data.

I come from Matlab, and to this day I can't see memory as anything but matrices.

[–] [email protected] 2 points 3 days ago

I taught myself QuickBasic as it was the only thing I knew that was related to copying C64 BASIC out of magazines. (QBasic was packaged with DOS 3.11 I think and I was able to get a full copy of QuickBasic somehow. That was about +30 years ago? Dunno. I was about 12 at the time.) I didn't know what other languages were out there besides TurboPascal. I did learn simple Pascal, but that was a short chapter.

I actually met someone else in the area that was learning to code, and of course, we wanted to write a game. The only way to code for a mouse at the time was to write an INT33 handler, so it kicked off our interest in asm. (I still use asm for MCU stuff on occasion, but it's limited.) I quickly diverged into writing some really nifty.. eh.. "boot sector code" so that kicked off my career in security.

And yeah, it's the same phenomenon for me: I just think in terms of bits and bytes getting shifted around and I still refuse to believe in "magic". (Slight jab at Rust coders there, but in good fun.)

Fast forward to today, I train "kids" fresh out of college as part of my job now. The first thing I do is start giving them weird tasks that require they actually understand how something like an fopen() actually works.

(Funny story. I refused to "show my work" in math class for simple f(x) problems as I viewed it as unoptimized code. Lulz. I was such an autistic dork.)