It's good to have an option like that, even being a default, but there definitively need a switch to disable that if it is your own will.
It's not even necessarily that good enough against cops, because in a lot of shitty countries, even some pretending to be democratics, not disclosing or at least inputting your password might be a crime severely punished.
If I'm not wrong, there was a guy that had to stay years in jail until he would comply with the judge order to unlock his device.
Interestingly, it could also be seen the other way around; it's a potential way for Google to force deployments of system updates (potentially at the request of law enforcement). With an automatic reboot, then the update can automatically be applied without user action.
This makes no sense, Android already will reboot itself after receiving an update and being inactive for a while (generally while charging it will install the update in its secondary partition, do some verification checks and reboot if there is no user interaction).
This sounds vendor-specific and not general for Android. I've never had that happen on any device but Windows and I would be very upset if it did happen.
This is default on iOS and on many Android versions.
It's often configurable, but e.g. carrier policy or local vendors can enforce it.
To have updates automatically install overnight is the maximally desirable scenario - waiting for user approval usually result in open vulnerabilities, and if you interact with a prompt you are by definition using your device and it is therefore a much worse time than while you're asleep.
On Android, my experience has been that new major versions are often unstable / involve some risk of bricking / include feature regressions (dumbing down of multi-task in Android 13 if I remember well). Waiting for a few month before installing a major update, while not optimal for security, is necessary to make sure that the most critical bugs are fixed beforehand.
Regarding applications, today there's so many applications being always updated all the time that there's no way it's good for the flash memory to constantly rewrite it every day. Plus this often leads to random application restarts while they are updated automatically. (and non-OSS applications updates can result in unwanted changes such as more ads, random changes in UI...).
It's still possible to disable automated updates on Android and I am glad that they allow it.
Major version upgrades are a different type of upgrade altogether. They are optional while the previous major is still maintained.
Minor upgrades is what should always be automatic.
> Flash wear
No, it doesn't matter.
Total write endurance (i.e., the number of bytes written the device is designed to handle under some standard load) is usually a large multiple of the chip size itself - say, 200x-400x, so e.g. 100TB of writes for a 256GB setup. A particular workload is only really meaningful to flash wear if it is in the scale of several full storage rewrites during the lifetime of the device.
The exact write endurance depends on the exact configuration (specific chip selection, allocated reserve), but even microSD cards have wear levelling these days.
Your device is going to die or be retired with a certain flash write wear, but I find it extremely unlikely that your device will die of a flash write wear. The wear endurance is dependent on the specific flash setup.
A much larger cause of wear is app caches (e.g., streaming video continously overwriting a disk cache, browsing social media). If you take pictures, those might end up written multiple times as first the original is written, then the automatically processed version, then any edits you make, then if storage saving measures is enabled maybe its deleted and a compressed version is written, if you later open the app the original is downloaded and written again, ...
> They are optional while the previous major is still maintained.
I don't think there is such a choice on Pixel phones but I'd be happy to be proven wrong. When the next major update is available the phone just asks to update to it every few days (but won't do it without user consent). I don't think there's security updates on a given phone for old major versions when a new one is available (there likely are for older phones that don't get the major update however).
Thank you for your explanations on flash wear, makes sense. Taking a low value of 13TB endurance (64GB times 200), this is still 7GB per day for five years and I don't think app updates can consume that much.
On Android? It must be an app-specific issue because it's possible for apps to implement alarms so that they work before unlocking the device after a reboot, but I don't know the technical details behind it.
I've had that happen a few times and the alarms went off on time but they used the default alarm tune instead of the one I had selected, presumably that data was still encrypted.
Android actually have a special mode for apps that needs to work after a reboot (e.g.: while the FS encryption is still locked), and Alarms is one of the apps that uses this special mode. I don't remember how it is called though so sorry for the lack of sources, you will have to trust me on this one.
The amount of misinformation in this thread is huge though. I generally read every changelog for major Android updates and the amount of engineering going on is amazing. People just assumes that a few things doesn't work while they do.
Unless of course OP is using a custom alarm app this may be true, but then it is the app fault and not Android.
I haven't had that happen on iOS, but I have woken up in the night needing my flashlight just to find my phone applying a lengthy update. I have it set to download automatically and install manually now, I believe.
I haven't had any problems in at least 7+ years, but I work in coffee and I can remember at least two instances where an Apple update made half the staff late by turning off their alarms, myself included.
I like an amber booklite, it isn't as compact but the light is better for keeping in the sleep mode. We used those as our lights to help develop our child's sleep hygiene. Cupped our hands around the light part as we puttered around.
I do, in my nightstand. In the event of an emergency where we’re without power, I do not want to waste my phone’s battery power by using it as a flashlight.
Long Press power while pressing volume down works on all Android devices I've used to date.
And that's ignoring the fact that disconnecting power, waiting a few days and then reconnecting it will inevitably let you cold boot it, too (which this would be an equivalent to - as far as I understood it)
Your are absolutely correct. I mixed it up from playing with various Android versions in 2010-2016. The long press alone got the reboot, and the volume down + power booted into the bootloader. Hence my memory with both, as I always pressed both until the bootloader was available - but you are right, long press power is enough for hard off
They should really implement a dual user / dual password system to combat those countries.
If you enter password 1 it goes into your normal account, if you enter password 2 it goes into another user account with a burner environment where you can install a few token commonly used apps for plausible deniability.
The existence of password 2 should be optional and you should not be able to tell if the system has one or two passwords configured.
I dunno, my elderly and non-tech-savvy in-laws travelled to the US (from Canada) last week and wiped their phones of social media apps and stored messages before crossing the border based on media reports around the US CBP’s handling of border crossers’ devices, so I’d say an empty phone is pretty plausible for anyone in that situation.
You can either use: separate user accounts (needs context switching) or a new private space feature. Private space was introduced with Android 15 and can hide its existence (from the launcher).
> in a lot of shitty countries, even some pretending to be democratics, not disclosing or at least inputting your password might be a crime severely punished. If I'm not wrong, there was a guy that had to stay years in jail until he would comply with the judge order to unlock his device.
This sounds a lot like the Regulation of Investigatory Powers Act 2000 in the United Kingdom, where several people have been prosecuted and imprisoned for failing to provide encryption keys.
> imprisoned for failing to provide encryption keys
This scares me, because I have plenty of old devices I no longer know the passwords for. I don't think I'm alone - plenty of people forget passwords they don't use in years.
If the police came and searched my house, they could probably find some ancient laptop or phone from a decade ago, demand I unlock it, and then put me in prison forever when I cannot do do so.
Do SMART records contain enough information to prove that the laptop had not been used in years (assuming you had a suitably effective barrister to make use of this information)? RTC (clock) drift could also give a hint that the laptop had not been connected to a time server in a while.
Also (this may be of limited consolation) the officer who compels you to disclose the key must have some idea of what data it is protecting in order to satisfy RIPA 2000 s 51(5)(a):
> The matters to be taken into account in considering whether the requirement [for proportionality] of subsection (4)(b) is satisfied in the case of any direction shall include... the extent and nature of any protected information, in addition to the protected information in respect of which the disclosure requirement is imposed, to which the key is also a key
Wouldn't you be able to argue this in court for this rare case? With a phone that can be shown to be in use constantly it would be more difficult to prove you forgot
Yeah. We dealt with a case where a guy claimed to have forgotten his mobile phone pin.
But we voted to convict after I pointed out it was the phone he’d been using every day, for years, and was quite implausible, and convenient, to forget something like that right after being arrested and asked for it.
Possibly could have gone differently if they had said they changed their 15 letter password every two weeks, but really?
What if they changed their password right after being arrested, and then forgot? Immediately after changing your password does tend to be the time most people forget their passwords.
If you get changed with a RIPA password offence it’s almost certain going to Crown Court and an (expensive!) jury trial.
CPS won’t (as a matter of policy, and also can’t afford to waste time and money) spend time trying to prosecute a forgotten password for old laptop, unless it’s connected to some other serious, evidenced, allegations.
(I was on a jury in just this situation. Reasonable doubt is a high bar and prosecutors know this).
Probably a good time as any to replace it with something purpose-built anyway. A Raspberry Pi with a directional microphone and a custom app feeding said microphone data to a service like AudD or ACRCloud could readily do the trick without any of Android's extra baggage - though I do wonder how effective those services would be at detecting songs amid a bunch of background noise like Bop Spotter does via Shazam.
Phone cameras are better than anything else you can get in the same form factor. The very expensive patents behind image processing algorithms keep good cameras out of the hobbyist world.
Same for 5G modems. A $50 phone will give you gigabit 5G, but you'll pay $500 to get that in non-phone form factor, mostly because on patents on the 5G tech which are charged differently for phones vs dedicated modems.
Perhaps, but it's also inexpensive to (properly) use one or more 18650s with a Raspberry Pi if that's what one wants to do.
I think the main advantage to using phones for random stuff is availability: We here on HN probably have a decent selection of old phones to pick from, so it doesn't cost any money at all to give a new purpose to one.
Why so dismissive of how somebody wants to re-use an old phone that you would compare them to the absurd fictitious behavior in that comic? Would you rather they become e-waste? If it fits their needs then it fits their needs regardless of the use-case that was marketed.
It's a Google Play Services update, likely explicitly to be able to push it to all (Google-using) Android phones immediately, without waiting for OS updates. This will not be a "Guess I'll get it in a few years" update.
I generally like XKCD but dislike the message in this comic. If that's that guy's workflow, they don't have to actively support it, but he should be given the option to disable updates so he can continue to use his tools in the way he sees fit.
Yeah that's fair lol. But I guess in the context of this discussion, Google can push stuff onto your phone with Google Play whether you want it or not.
This is super annoying on newer iOS for device that I use purely for development. Before it was possible just keep iPhone unlocked indefenitely, but now it reboots and boom I have to use TouchID again.
This is again Apple being Apple making things harder without option to disable it even when development mode is on.
Problem is not user activity - it just needs PIN, TouchID or FaceID. Even if you logged to device via iPhone Mirroring it's still gonna reboot, get locked after 72 hours and for me personally it breaks iPhone Mirroring half of the time too.
One physical option to bypass it on iPhone SE is to actually physically activate PIN entry and then use Voice Control command to enter the pin since it works even before first unlock. Though this is basically compromises pin and device encryption. But it's cheap since there are plenty of $2 devices that can simulate touchscreen clicks.
I just want some easier option that works and not require agent 007 setup to just run a buld of my AI-generated crap via Xcode.
Unfortunately I use Advanced Data Protection on my Apple account so I kind a need that passcode. And moving to having completely different Apple account for development is PITA.
But I think connecting a device that can be used as authentication method without choosing a defense would negate the purpose of advanced data protection of your account and other devices.
Let's say I'm not super heavy Apple service user. For me Advanced Data Protection is defence against Apple itself and ability to keep little information I share via iCloud somewhat secret: mostly another backup of some photos and few other things.
It's not like I'm trying to defend against some state actors or whatver.
Hmm, yeah that seems wrong. I don't get reboots on devices I use frequently; I think it is only supposed to kick in when the device is not in use for a long time (it is meant to stop police who have a locked device they will try to brute force into).
Are you on latest iOS? Are you stilllocking / unlocking the phone once in 3 days at least?
7 days timeout on was introduced in iOS 18, but then decreased to 3 days. I dont use this device physically - it's just a phone that always connected to power and sit on top of mac mini for debugging and running some ios exclusive apps.
And I honestly dont do anything remotely interested to the police to worry about it. Yet it all just worked and now it doesnt.
My physical ios device test harness has no pin numbers/touch id activated for any of the connected phones. I noticed early on in testing that it would require physical access to reinput the pin code even when the device was already unlocked when I would restart an XCUI test.
If you're able to have fully unlocked devices at your test setup I'd suggest giving that a shot to see if it fixes your issue around device restart.
If I remember correctly, Apple actually picked up the feature after seeing it implemented in GrapheneOS. I think some people associated with Graphene were calling on Apple to add it for security reasons.
Fair point. It's a frustrating pattern that seems to repeat, and I think partially it stems from when other brands are too thick to understand why people are choosing the competitor.
Web browsers are an immediate example that comes to mind. When everyone started switching to Chrome, the other browsers fell all over themselves to strip down into minimalism, as though it was the sparse UI that was capturing users' hearts, as opposed to the rendering speed and compatibility. So then you had all these other fat, slow browsers that took away the only thing that was still distinguishing them from Chrome.
In this case though, I guess it's about money. Why put in an SD card slot when you can instead extort your customers for a cloud storage subscription or a lucrative upsale to the higher model with more storage?
Meanwhile as a customer nothing makes me more irate than "upgrading" to something that's worse because I can't replace the battery and the OS no longer gets updates.
The minimalistic UI was kind of the original headline feature, I have to note—it’s literally in the name that the browser was to be little more but chrome around the stuff the user actually cares about, that being the web page. It’s just that the other things turned out to be more important.
In December 2024 all UN member countries voted in favor of "UN Cybercrime Treaty" which binds signatories to adopt a legislation to force you to give cops your passwords and other credentials.
Eh, I see the language "urges" in there regarding putting it into force. It would still need to pass Congress etc. and my guess is that such a provision would face massive domestic pushback.
I can only second this. I have an old iPhone with a second sim-card, because I need it from time to time. And Apple introduced this auto-reboot a bit earlier, iirc last year. The problem is that after rebooting it also disconnects from wifi, so e.g. SMS/handoff synchronization stops working until you enter a passcode. This is very annoying because it was very convenient for me to receive calls/SMS to my main iPhone.
It’s a good and reasonable feature, especially if for some reason you are afraid of state or security agencies in a place where you live, or maybe during travel. It’s still questionable, because in some states you can indeed go to jail if you don’t unlock. Yet, I really want to be able to turn it off for use-cases like mine.
Apple doesn’t like supporting the use case of multiple phones for one person. They even encourage their employees to use their personal devices and accounts.
>It’s still questionable, because in some states you can indeed go to jail if you don’t unlock. Yet, I really want to be able to turn it off for use-cases like mine.
Even if the end result is the same, anything that forces authorities to use official power over informal power is a net win.
I don't get the difference. Today after 72 hours (3 days) my phone asks me for my password and won't accept biometrics. Also, this is a problem for all the people that use them as alarm clocks. I use Alarm Clock Xtreme for example.
(At least on iOS) shutting down the phone has something to do with wiping credentials/keys from RAM from where they can potentially be dumped. A just-booted phone is fully encrypted with no keys in memory.
> Also, this is a problem for all the people that use them as alarm clocks.
Yes. But quite honestly the right solution for that would be Apple providing an alarm clock API. The alarm clock application could call it with the next scheduled alarm’s time and the os would just wake up at that time and let the application do the sound / alarm thing.
Yeh, the quoted commentary is hyperbole. My homeland (the UK) has such a law. I do think that law isn't great. But my country isn't shitty, and it's certainly a democracy.
If we start being perfectionist, we pretend there's no difference between most nations in the rights their citizens have. And that's not even remotely true.
This isn’t unusual, the USA is a an exception; commonly the view is that electronically unlocking a phone or laptop is much like any other legal search, e.g. opening a garage or a locked room.
Stories about airport security and officers demanding access your phone is one of the reasons I will never come to the US.
An (Italian) friend of mine was stuck in Newark for 8 hours after he refused access to his phone, dragged in some room and questioned for hours along his wife while split from him own kids, even though he later gave them the password (he initially said no because he thought it was out of the line, he had nothing to hide).
He left livid for Italy 16 hours later despite being free to go on with his vacation.
The Italians do the same thing. If your name matches some name or you’ve travelled to some naughty place, you’ll get picked for this sort of thing.
That said, the last time I went to Italy the customs guy looked annoyed at being awake. He asked my son’s age (he is huge but too young to use the electronic gate), then shrugged and stamped my passport with all of his strength.
Don't spread misinformation. The difference is that in Italy it is not against the law to not hand out the password to your phone -- or anything else for that matter.
In the United States, you have a fundamental right to not testify against yourself, including providing a password. You can be compelled to provide a biometric. The UK has taken a different approach and my understanding is that you can be jailed for refusing to provide a password.
Most countries recognize very different limits at a customs boundary. Is this appropriate in an age where a tiny device gives you access to all of your "papers" in many cases? I don't think so, but international law doesn't recognize our concerns with respect to that.
> Most countries recognize very different limits at a customs boundary.
In the US I've heard that boundary (the "border") encompasses ~75% of everyone living inside. It's like "within X miles of a border" and includes rivers and airports as well as the entire coastline.
I'm not up to date on these rules and who's been caught out by them, but I have repeatedly heard the claim above.
That is also true in the US. Of course they can use it as a reason to deny you access to the country if you’re a noncitizen, but you don’t have to hand it over.
Is there any country in the world that has an explicit policy saying that non-citizens don’t need to provide phone passwords on entry? I’d consider a burner phone necessary to visit any country that doesn’t have such a policy.
For this use case there needs to be a reasonably quick way to erase/permanently lock a phone. Or maybe it needs to be something that is both 1. Less severe than that 2. Secure against personal inducements 3. More automatic.
So maybe something like a paired app with a friend/someone who is beyond the reach of the authorities, and if the phone isn't unlocked in a given definable period (or it can be triggered immediately), it then can't be unlocked without that person's active cooperation.
That's off the top of my head, so I'm sure there are optimizations.
This just gave me an idea: How about the phone accepting 2 password. One is the regular password and brings you into your regular account and then a dummy password that brings you into a dummy (but somewhat plausible, maybe user set up) account. That way you can still enter your normal account whenever you feel like it and if you are being pressured you just put in your "alternative password" and it just brings you to the dummy account.
But the problem is that when authority wants you to unlock your device, they kind of already know why, what they are expected to find but they would that as a more complete proof. But from external input they would expect some downloaded files or accounts (like social accounts you were connected with your phone a minute ago), some SMS they saw passing, some call logs, so connection to your known accounts...
A Veracrypt style hidden OS profile that is forensically invisible would be a better option - This would allow one to enter a password and give another "profile" or OS- that unlike current alternate profile stuff- would be solid against Cellebrite and GreyKey snooping into the device, and it'd be impossible to tell there was a hidden user/etc on it
There is always something that can be done. Like if phone is not actually powered on for x time set by the user it automatically factory resets all data. Or if phone is out of cell service for x time like as in a faraday bag in evidence then it resets itself. Or make it so that after a reboot it can only be opened if on a certain wifi hotspot or geolocation.
Ultimately I am not a security expert or know if any of those ideas would actually work but it seems like you could add a few steps making it harder. Maybe it can be locked out and you can set a specific apple store which would require your ID before they can send a release code allowing it to be unlocked.
All of that is probably way to complicated to be worth it for a typical user but I do think there can be a way if it was truly critical.
> because in a lot of shitty countries, even some pretending to be democratics, not disclosing or at least inputting your password might be a crime severely punished
What's your point? That because it isn't useful in every country, it's not worth making available to any countries?
It's not preventing you from providing your password.
You started by saying it's a good option to have, so I don't understand the point of your second paragraph.
>not disclosing or at least inputting your password might be a crime severely punished
And to your point, I believe it's now the case in the U.S. that you can be legally compelled to unlock a fingerprint lock, but not a pin for whatever reason.
Compiled unlock via biometrics is still somewhat contested. The general argument boils down to biometrics being something you can't really protect internally. A passcode that is only known inside of your gray matter can therefore can only be externalized via some sort of testimony. Being compelled to reveal a passcode violates your ride against compelled speech and self-inccrimination.
In US you are protected by 5th. But it seems like the question hasn't been addressed by the Supreme Court since currently the answer depends on your jurisdiction. Which inspired me to check: here in Pennsylvania, the court cannot compel you to unlock your device with the password.
But it has already been argued successfully that giving biometrics is analogous to giving blood, hair, fingerprints, standing in a lineup, providing a writing sample, or wearing certain clothes, all of which you can be compelled to do. To argue against being compelled to do or provide biometrics without using testimonial arguments would be going against a lot of case law and precedent.
There is a specific precedent where you being compelled into providing biometrics can be inadmissible, and that is where you are compelled to unlock the phone, since doing so, even with biometrics is akin to providing testimony that the phone is yours, you know how to unlock it, which finger to use, etc. (see United States v. Brown, No. 17-30191 [1]). But that doesn’t actually prevent them using your biometrics to unlock the phone, so its pretty niche.
This is a bizarre response. My comment was not a denial of legal history on biology-as-testimony, it was instead opening space for other legal or philosophical objections: autonomy, bodily integrity, possibly Fourth Amendment concerns about unreasonable searches.
But you're replying as if my comment was claiming courts haven’t treated biometrics like physical evidence. That's not what I was doing.
The reference to Brown here appears to be massively misleading: far from being niche, it complicates the biology != testimony in a way that cuts to the heart of the most common real-world application of biometric compulsion which is smartphone access; from chatgpt'ing about it it appears that it's not the only court to rule on this and it probably awaits a SCOTUS decision to resolve an existing split.
You didn't elucidate any of that, or actually make any argument, so I had no way of knowing what you were thinking. You said “being compelled to provide biometrics does not necessarily hinge on it being analogous to testimony” so I stated that there was a lot of established case law already on compelling individuals to provide analogous physical information/samples, which covers bodily autonomy, bodily integrity, and the 4th Amendment. The only contention as far as I know, is around the 5th Amendment, but if you had other information, I’d be interested to hear it.
The Supreme Court has declined multiple times to hear cases that would help settle the legal ambiguity. I don’t think United States v. Brown complicates things because the specifics on the case were not whether or not you can be compelled to provide biometrics, but whether being compelled to “unlock a device” and manipulating the device yourself constitutes protected testimony. [0] They even cited United States v. Payne [1] where the court upheld that forcibly taking your finger to unlock a phone did not violate the defendant’s Fifth Amendment rights, and at issue was only the wording of the order.
From my understanding, the current split about being compelled to provide passcodes, and to a much lesser extent biometrics, is the foregone conclusion exception stemming from the Fisher v. United States [2] case, where, as Justice White said “the existence and locations of the papers[were] a foregone conclusion and the [defendant’s physical act] adds little or nothing to the sum total of the Government’s information by conceding that he in fact has the papers… [And so] no constitutional rights [were] touched. The question [was] not of testimony but of surrender.”
This has been used in relation to court cases on biometrics and passcodes [3]. It appears that courts that rule that you can be compelled seem to look narrowly at the passcode itself i.e. the government knows you own the phone and knows you know how to unlock it, so it is a foregone conclusion to provide it. Courts that rule you cannot be compelled seem to look at the phones contents i.e. the government does not know what is on the phone so decrypting the data would be providing protected testimony, or a stricter interpretation that you cannot be compelled to disclose the contents of the mind.
I was thinking this would be the final death knell to using an (unrooted) Android phone as a cheap home server. But then again, not sure if that was even possible before with all the "battery protection" logic built into Android.
It's not even necessarily that good enough against cops, because in a lot of shitty countries, even some pretending to be democratics, not disclosing or at least inputting your password might be a crime severely punished. If I'm not wrong, there was a guy that had to stay years in jail until he would comply with the judge order to unlock his device.