GrapheneOS: Frequent Android auto-reboots block firmware exploits
GrapheneOS: Frequent Android auto-reboots block firmware exploits
I don't understand. So if I only lock my phone (turn the screen off) without rebooting it, it is not fully encrypted (considering that the device storage encryption is enabled)?
Something like that. I'm not familiar with the exact details, but there is an additional layer of encryption that applies before the first unlock after a reboot.
Parts of the OS have to be unencrypted for it to function properly.
Autoreboot is a thing on Samsung phones for quite a while, you can even choose the days of the week and the time for the reboot.
Not for a while, at least not on their flagships.
As long as "auto" doesn't mean "forced".
But knowing current trends, especially with Android, it likely will be.
This is just GrapheneOS, this isn't something you get in a big tech phone. Also this is if you were to not unlock your phone for this amount of time. Say your phone is confiscated, they have 18 hours (new default settings) to basically break into your phone otherwise it auto reboots from not successfully unlocking and goes back into that encrypted locked mode.
So as long as you're unlocking your phone once 18 hours, it won't reboot. 18 is just the default too, you can make it more it less, or disable it entirely. But it will never really affect a normal person.
Option to enable automatically rebooting the device when no profile has been unlocked for the configured time period to put the device fully at rest again, which is enabled by default at 18 hours. This can be configured at Settings > Security > Auto reboot.
https://grapheneos.org/features#auto-reboot
But it's a security measure to get it to BFU, where data is at rest and secure, in case your phone is out of your possession for an extended period of time (someone steals it, police take it, etc) so it becomes harder to exploit. I've set mine to 12. Some do 4 or even less. Feel free to turn it off.
I wish Graphene would choose a better phone than ugly-looking Pixels.
As far as I know they only accept Pixel devices because they are the only devices on the market that allow locking the bootloader after installation and also because of the Titan coprocessor which greatly increases system security
There's also a third reason, which is regular and timely firmware updates. One of the reasons why the GrapheneOS team rejected the Fairphone was due to the lack of proper firmware updates.
I remember I was not able to re-lock bootloader after custom rom installation, so you're probably right. Unfortunately there are not many phones left to install custom ROMs except Chinese ones :/
Why would I want to lock the bootloader? I like having freedom 9f OS, I don't want to replace one OS I'm locked into with a different, albeit more privacy friendly one. Most laptops have unlocked bootloaders.
because they are the only devices on the market that allow locking the bootloader after installation
AFAIK on Xiaomi Mi A2 lite if I flash back the stock fastboot ROM (I had it do it once because I crippled the partition images (this phone is A/B partition device)) it locks your bootloader and you have to unlock it again. I don't know if this applyes to MIUI/Hyper OS phones too, because Mi A2 Lite uses near to stock Android.
GrapheneOS didn't choose Pixels. They chose a set of requirements for current/future devices, which are standards met or exceeded by current Pixel devices. You want GrapheneOS on other phones? Those other phones have to meet the requirements. None currently do.
All phones look the same
Pretty much. No idea why you were down voted. They're so damn fragile that they need a case anyway.
So, screen with random (protective) case design. Yup, they all look the same
I'd choose a Samsung if it supported graphene, but it is what it is
How does it seem I’m the only person w Samsung issues. I tried a number of galaxy phones on and off from 2010 to ~2018, and every time it’d be great out the box and then feel like a sluggish piece of shit by like 3-6months in. Only mildly helped by resetting the phone. Even when everyone was like “oh no, that use to be a problem, but this time it’s totally different” same old shit.
I’m not sure I could ever buy anything Samsung ever again.
Same.
I'd love to see it available on the fairphone
Then contact Fairphone about these concerns: "Fairphone 4 doesn't provide proper privacy/security patches, which is the most bare minimum requirement for a device." Lots more detail here from GrapheneOS: https://www.reddit.com/r/GrapheneOS/comments/10b5x4n/comment/j67pbny/
My problem is not their design but the fact they are Google phones, as I boycott Google. Also second hand Pixels are hard to acquire for a reasonable price..
Permanently Deleted
Swappa.com is the place to go. You can find them new in the box there for less than the Google store or if you're willing to go used they're even cheaper. Plus you have PayPal protection as a buyer. I've bought and sold phones on there since like 2014 (I think I've bought 8-9 phones and sold roughly the same amount on there without any issues)
Guess that depends on what you mean by reasonable.
The 5 is $130 as refurb, with warranty, from walmart. It was $699 new.
If you want a newer phone, well, it's gonna cost more. Just like brand new phones.
If their price is still "high", that simply reflects their desireabilty, probably from a balance of features and performance by price.