A silent update rolling out to virtually all Android devices will make your phone more secure, and all you have to do is not touch it for a few days. The new feature implements auto-restart of a locked device, which will make your personal data harder to extract. It’s coming as part of a Google Play Services update, though, so there’s nothing you can do to speed along the process
20 Comments
jfkimmes
This is a Google Play Services update. For GrapheneOS users without GApps wondering: A similar feature is already built-in:
https://grapheneos.org/features#auto-reboot
gumbojuice
It's not great news for my old phone used for wifi at our guesthouse (let's a few security cams and our smart lock get online)
imcritic
Isn't this stupid?
Why not flush something properly in the RAM instead to wipe the "cached" secrets?
A full restart feels like an overkill.
udev4096
They stole the idea from GrapheneOS and shipped a barely half-baked version with hardcoded time. GrapheneOS has configurable time for it since years
Beijinger
Pff. Windows does this since decades. No? I vaguely remember this nag screens after unauthorized updates.
booleandilemma
I just want software that will do nothing user-observable without me explicitly asking it to. No pop-ups, no suggestions, no automatic anything.
I don't know if it'll take a fancy buzzword or what. Unobtrusive software? Silent Software?
LinuxBender
Not bad. If I could make a feature request it would be something like, After 3 days of being idle:
– [ ] Reboot
– [ ] Power Off
– [X] WIPE triple opt-in
Maybe there is a custom phone OS for this that makes the phone act more ephemeral and network boot off my self hosted iPXE/immich server? A dumb smart phone so to speak. An ephemeral diskless phone.
Aeolun
Wait, why is this presented as a good thing?
Why would I want my phone to auto reboot without my intervention? Never mind that it’ll never make three days on a single charge even if I don’t touch it.
627467
I'm surprised this is something taken seriously only now by stock android. Isn't it known universally that AFU devices are insecure? What's the point of adding strict password policies, biometrics etc, if data from a stolen phone can be (relatively) trivially be exfiltrated unencrypted?
Samsung's have had some feature that lets you set days of the week for the phone to restart (IME during early morning hours) automatically. It's not perfect but it's something. iOS seems to have some unclear logic to either restart or re-request password (not biometrics).
This should be standard
jonathanstrange
Thanks, No. I'd like to opt out of this.
greatgib
It's good to have an option like that, even being a default, but there definitively need a switch to disable that if it is your own will.
It's not even necessarily that good enough against cops, because in a lot of shitty countries, even some pretending to be democratics, not disclosing or at least inputting your password might be a crime severely punished.
If I'm not wrong, there was a guy that had to stay years in jail until he would comply with the judge order to unlock his device.
amelius
Can't it run two OSes, so the booting becomes instantaneous? (Like swapping graphics buffers, but now with the entire OS)
fguerraz
How about instead of patching up our societies with technology we vote for the right people / laws for once?
wiseowise
> This actually caused some annoyance among law enforcement officials who believed they had suspects' phones stored in a readable state, only to find they were rebooting and becoming harder to access due to this feature.
Lmao.
> The early sluggishness of Android system updates prompted Google to begin moving parts of the OS to Google Play Services. This collection of background services and libraries can be updated by Google automatically in the background as long as your phone is certified for Google services (which almost all are). That's why the inactivity reboot will just show up on your phone in the coming weeks with no notification. There are definitely reasons to be wary of the control Google has over Android with elements like Play Services, but it does pay off when the company can enhance everyone's security without delay.
All the more reasons to move to AOSP forks.
graypegg
> …the new Play Services will limit that exposure to three days, even if it's plugged in.
This will be fun to track down after a long weekend in embedded devices once this android patch number is old enough to be baked into crappy payment terminals and mall kiosks.
Probably overall a good thing though.
rixed
« This actually caused some annoyance among law enforcement officials who believed they had suspects' phones stored in a readable state, only to find they were rebooting and becoming harder to access due to this feature. »
Wouldn't the phones run out of battery after a few days anyway?
Or do they keep them plugged in?
FeistySkink
How is this going to work with SIM cards that need a PIN? I'll be just unreachable until I notice the reboot?
cubefox
The Ars article seems to be inaccurate. Here is what the release notes say:
> Security & Privacy
> [Phone] Enables a future optional security feature, which will automatically restart your device if locked for 3 consecutive days.
So it only "enables" a "future" "optional" feature.
bobsmooth
I misread this as reformat and was concerned for a sec. This is a good idea.
vishnuharidas
I found that this saves a lot of battery. My old Motorola G5G is now sitting idle, and I had to charge it every 4-5 days. I found that if the phone is restarted and NOT unlocked, it will stay charged for more than 10 days. My best guess is that a screen unlock is required to start many of the OS-level services, which takes up all the battery.
If this is true, then the new update will save a lot of battery for those phones that are sitting idle.