Say if someone has the phone and they are trying passwords to open the phone, and they don’t manage to get into the phone via brute force etc…

I’ve realised there is a setting on the OS for it to wipe the phone clean and start fresh after a certain amount of time. Will this work if they couldn’t get into the phone and they turn the phone off? Or does it work only when the phones been on for 8 hours that’s what I’ve set my reset time to.

Thanks you guys!

    I hope someone can correct me if I'm wrong, but I don't know of any feature like that in GrapheneOS.

    What I can tell you is that the auto-reboot feature is particularly handy in the situation you're describing. If they get the phone, this will give them less time to extract data when the latter isn't at rest (encryption keys are in memory). This is already something quite hard to achieve without substantial resources.

    Now, when the auto-reboot feature takes action, the data will be back at rest. Encryption keys aren't really retrievable, and since Titan M makes bruteforce very difficult (so it strengthens the lock method which remains the main derivation factor), it goes to say it will take an even greater amount of time and resources to get into the phone.

    I'd say most users should set auto-reboot to at last 24 hours. It's not a huge inconvenience that way and it can mitigate some attacks. Users with a particularly high threat model could consider setting it to a lower value.

      Wonderfall

      Thanks for the reply mate, sounds good

      So after 8 hours of the phone being off will it auto reboot or will it need to be switched on for 8 hours without the passwords getting entered then re-boot.

        MasterT If the phone is off, the data is already at rest. Auto-reboot is useful if, say, an adversary gets your phone and the profile you're using is active (for the Owner profile that just means "after first unlock"). They have 8 hours to figure out a way to exploit that (and that isn't easy by any means) before the phone reboots and all profiles go back to an encrypted at rest state (for the Owner profile that means "before first unlock").

        Wonderfall If I set auto-reboot on, won't it pose a problem if it reboots during night and I need to receive call or give an urgent call, as I will have to enter my psswd first to unlock the phone?

          MasterT There is a F-droid app to do just that, lock or/and wipe your phone when sthg you defined happens or you can trigger it with SMS.

          • [deleted]

          • Edited

          Arnauld Not if the app supports Direct Boot. And the stock Messaging app and Clock app support Direct Boot so you can get alarms and receive phone calls just fine.

          In the past when Android used legacy full disk encryption, yes that was an issue.

            [deleted] So, does it mean that if the phone reboots I still can phone (no emergency calls) and receive calls without having to enter my psswd first to unlock the phone?

              [deleted] Thank you, I will try tomorrow. I was afraid of turning auto-reboot on because of this...

              [deleted] So I tried, set up the phone to auto reboot after 8 hours. And it rebooted and I had to enter my psswd before making a call.