GrapheneOS: Frequent Android auto-reboots block firmware exploits
GrapheneOS: Frequent Android auto-reboots block firmware exploits
48 comments
-
-
As long as "auto" doesn't mean "forced".
But knowing current trends, especially with Android, it likely will be.
-
-
Option to enable automatically rebooting the device when no profile has been unlocked for the configured time period to put the device fully at rest again, which is enabled by default at 18 hours. This can be configured at Settings > Security > Auto reboot.
https://grapheneos.org/features#auto-reboot
But it's a security measure to get it to BFU, where data is at rest and secure, in case your phone is out of your possession for an extended period of time (someone steals it, police take it, etc) so it becomes harder to exploit. I've set mine to 12. Some do 4 or even less. Feel free to turn it off.
-
-
I don't understand. So if I only lock my phone (turn the screen off) without rebooting it, it is not fully encrypted (considering that the device storage encryption is enabled)?
-
Something like that. I'm not familiar with the exact details, but there is an additional layer of encryption that applies before the first unlock after a reboot.
Parts of the OS have to be unencrypted for it to function properly.
-
-
Autoreboot is a thing on Samsung phones for quite a while, you can even choose the days of the week and the time for the reboot.
-
Not for a while, at least not on their flagships.
-
48 comments
I wish Graphene would choose a better phone than ugly-looking Pixels.
"pretty phones over privacy" is a wild take ngl
No no, I would prefer privacy. I even considered buying Pixel but I really didn't liked it's back camera design.
As far as I know they only accept Pixel devices because they are the only devices on the market that allow locking the bootloader after installation and also because of the Titan coprocessor which greatly increases system security
There's also a third reason, which is regular and timely firmware updates. One of the reasons why the GrapheneOS team rejected the Fairphone was due to the lack of proper firmware updates.
I remember I was not able to re-lock bootloader after custom rom installation, so you're probably right. Unfortunately there are not many phones left to install custom ROMs except Chinese ones :/
AFAIK on Xiaomi Mi A2 lite if I flash back the stock fastboot ROM (I had it do it once because I crippled the partition images (this phone is A/B partition device)) it locks your bootloader and you have to unlock it again. I don't know if this applyes to MIUI/Hyper OS phones too, because Mi A2 Lite uses near to stock Android.
Why would I want to lock the bootloader? I like having freedom 9f OS, I don't want to replace one OS I'm locked into with a different, albeit more privacy friendly one. Most laptops have unlocked bootloaders.
GrapheneOS didn't choose Pixels. They chose a set of requirements for current/future devices, which are standards met or exceeded by current Pixel devices. You want GrapheneOS on other phones? Those other phones have to meet the requirements. None currently do.
https://grapheneos.org/faq#future-devices
All phones look the same
Pretty much. No idea why you were down voted. They're so damn fragile that they need a case anyway.
So, screen with random (protective) case design. Yup, they all look the same
My problem is not their design but the fact they are Google phones, as I boycott Google. Also second hand Pixels are hard to acquire for a reasonable price..
So you shouldn't really be using any Android phone then...
Swappa.com is the place to go. You can find them new in the box there for less than the Google store or if you're willing to go used they're even cheaper. Plus you have PayPal protection as a buyer. I've bought and sold phones on there since like 2014 (I think I've bought 8-9 phones and sold roughly the same amount on there without any issues)
@gigachad @syd
GrapheneOS wird exklusiv für Google Pixel-Geräte entwickelt - andere Geräte werden nicht unterstützt. Hintergrund dieser Einschränkung sind die hohen Sicherheitsanforderungen von GrapheneOS. Die folgenden Anforderungen werden derzeit nur von Google Pixel Geräten vollständig erfüllt:
Guess that depends on what you mean by reasonable.
The 5 is $130 as refurb, with warranty, from walmart. It was $699 new.
If you want a newer phone, well, it's gonna cost more. Just like brand new phones.
If their price is still "high", that simply reflects their desireabilty, probably from a balance of features and performance by price.
They are not hard to acquire, and they only have an "unreasonable price" if they are recent models.
You won't have any trouble finding a second-hand Pixel 5.
I recently bought a Pixel 4a at 120€ / 131$
How does it seem I’m the only person w Samsung issues. I tried a number of galaxy phones on and off from 2010 to ~2018, and every time it’d be great out the box and then feel like a sluggish piece of shit by like 3-6months in. Only mildly helped by resetting the phone. Even when everyone was like “oh no, that use to be a problem, but this time it’s totally different” same old shit.
I’m not sure I could ever buy anything Samsung ever again.
Same.
What devices are better looking in your opinion?
I'm not phone expert but I like elegant designs of iPhone and Samsung Galaxy (not ultra).