GrapheneOS
Is brute force possible in AFU? It seems there's no secure element throttling in AFU. I tried multiple failed password login and it still allows me to try.

      What's the Pixel titan throttling policy? like how many times of failed tries before first cooldown period? Is there a max number of failed tries?

        Upstate1618 follow this link and scroll down. You'll find a table with that info: https://grapheneos.org/faq#encryption

        Upstate1618 Is brute force possible in AFU? It seems there's no secure element throttling in AFU.

        No and there is. Maybe you tried with a short PIN? If I recall correctly, the guesses have to be over a certain length. Maybe 4 or more digits? Don't remember for sure.

            To try the throttling, you need to input a valid PIN (4 or more digits) and it needs to be a different PIN each time. It won't throttle if you keep inputting 1111, for example. This is a new change.

            The throttling thresholds seem to have also changed slightly, so we'll need to update the docs. You'll hit the first throttle after 10 failed attempted, if I recall correctly.

            9 days later

            Hi! Thanks for sharing this.
            Are they able to read and access the user data afu or bfu on standard Android on Google pixel with Titan M2, if they don't have the passcode? Or can they only extract the encrypted version of the user data? Can they also extract the data bfu?

            13 days later

            Guillaume Worth noting auto-reboot has no impact on what's listed in these tables but rather just whether the device stays in AFU. They never pointed out that GrapheneOS would get back to BFU in the table.

              According to media reports it seems that iPhone resets if it has no connection to mobile network for some time. Typically that is in a case when iPhone is stored in forensic bag.

              However, if that is true, there could be workaround for that. Police should just present the phones some fake network (without internet connectivity, no SMS and no calls), and iPhone will have access to network (however, there will be no further network connectivity), and will not reboot itself?

              We don't know if this would be a workaround, however GrapheneOS's option to autoreboot at specific time interval when screen is not unlocked, seems much better option.

                Matthai Last night I removed the case from my iPhone to clean it, and I turned it a little in all directions to put it back, he asked me for my password after putting it back, so I wonder if by turning my phone in all directions he must have believed that I had it stolen or something like that

                    Matthai According to media reports it seems that iPhone resets if it has no connection to mobile network for some time.

                    According to this report, it's just a timer:

                    The reboot timer is not reliant on charging or network functions, and is only tied to inactivity since the last unlock.

                    Edit: A timer would be simpler and more secure, so hopefully any report claiming network coverage is involved would be detailed and would report on experiments.

                      Guillaume no, it just tried to scan a face and failed twice. Completely normal for every FaceID enabled iPhone.

                        Matthai The police speculation and the news stories about it were wrong. There is nothing rebooting the devices automatically for iOS 18 and earlier. iOS 18.1 added an auto-reboot timer similar to the one we've used since June 2021. iOS 18.1 was released on October 28th. Their auto-reboot timer is 4 days. There's no way that most of the devices police are complaining about are on iOS 18.1 and clearly not all are since some of the info is about clearly older devices. They were also talking about them rebooting in batches, etc. despite being locked at different times. It is likely that what happened is a few newly obtained iOS 18.1 devices rebooted and then that triggered a bunch of speculation and inaccurate reports leadijng to the news stories.

                            We have a thread about iOS 18.1 integrating the auto-reboot feature we pioneered in GrapheneOS:

                            https://grapheneos.social/@GrapheneOS/113450097776800819

                            We proposed it for inclusion in Android in January 2024 but it has yet to happen and it's likely they weren't going to do it based on our proposal. They'll almost certainly add it now, but they could have just listened to us.

                            21 days later

                            Is Pixel 9 more secure against attacks like Cellebrite compared to Pixel 8? Of course both running GrapheneOS. I wonder if it's worth buying the Pixel 9, I'm only interested in the security against authoritarian states. Not better camera or whatever.

                            Thanks to everyone working for GrapheneOS!

                              Pixel 8 and Pixel 9 both have Memory Tagging Extension, because they are running Arm v9 CPUs.

                              Arm Memory Tagging Extension (MTE) was introduced in Arm v9, and is a hardware feature in CPUs designed to improve software security by detecting memory-related vulnerabilities.

                              MTE helps catch two common memory vulnerabilities - Use-After-Free vulnerabilities, when a program tries to use memory that has already been freed, and buffer overflow vulnerabilities, when a program writes more data than allocated to a memory block.

                              Memory safety has been a major source of security vulnerabilities for decades. Studies suggest that over 75 percent of vulnerabilities in Android are violations of memory safety.

                              So I guess if you buy Pixel 8 or 9, you will be pretty secure with GrapheneOS.

                              Hi GrapheneOS I've been on GOS for near two years, and by next week will have flashed my 200th Pixel with GOS for clients. And I am just so greatful for GOS, but also for how you guys share information such as above. Just wanted to say thank you to the team for all you do for we the people. "Privacy is Dead! Long Live Privacy!"

                              VAULT

                                vmpas Pixel 9 has some security improvements but not a large improvement over the Pixel 8. Pixel 8 and later is a massive improvement over the prior devices when using GrapheneOS due to hardware memory tagging. Pointer authentication codes (PAC) and branch target identification (BTI) are nice minor features. PAC could be much more heavily integrated but currently isn't and MTE is far more valuable. MTE is a far better long term approach if they increased the tag sizes. PAC is a short term approach and requires a lot of case-by-case integration to get much value out of it.