How to not be able to close or reboot phone when locked

HappyUser

i was wondering if theres a way or maybe a future update on GOS to be able to not close or reboot phone when its Locked... because i feel it makes it really easy for people to shut phones off with the current way it is

Phead

HappyUser

And to my knowledge this is by design. Rebooting the phone puts the data at rest making it very difficult to obtain said data. Please describe the use case you have in mind - why should it be more difficult to reboot/shut down the phone?

m4ri0g

Phead
the use case of theft. the phone is stolen first thing a thief would do is turn off the device. if that is made more difficult. it may help finding the device back

Phead

m4ri0g
I see. So, you are suggesting something along the lines of a PIN/password protected shut down? Without any data to back me up I believe it's a very narrow use case scenario and for some, maybe many, GrapheneOS users contradictionary to what they might be used to or want in that kind of scenario.

When the phone reboots (due to auto reboot timer or manually via power button) the data on your device is safely encrypted. For many users that's what's important - the data, not the device
Depending on your threat model, you may not want to trust your device after getting it back. It may have been tampered with.

Those are just my thoughts on this. Feel free to bring this up on the project's GitHub, however.

matchboxbananasynergy

m4ri0g So the thief can just carry a faraday bag and kill that scenario. Since phones already have this feature, a thief who would have tried to turn off the phone before and failed due to it is a lot more likely to just buy a $30 faraday bag to prevent it being tracked and just let its battery run out in there.

If your phone is stolen, you should forget about that phone. The important part is safeguarding the data on it, and preventing shut down or reboot is counter to that goal.

m4ri0g

Phead honestly i am not suggesting anything it just a possible use case why people may want to prevent a locked phone to be shutdown.
i do not know why OP would want this.

matchboxbananasynergy

HappyUser You're ignoring my comment at matchboxbananasynergy.

A petty thief who's come across this will eventually figure out a way to bypass it. A more advanced adversary will, too. It's security theater, not an actual security measure.

rustybird

AFAIK GrapheneOS can't implement this, because if you press the power button long enough it will bypass the OS.

HappyUser

im using graphene os with an MDM with the option to wipe the cell phone as long as the phone has a connexion to the internet if ever my phone falls into the wrong hards.
With the current way that it is it doesnt really come useful as the person could simply close phone off and waste such a valuable secutity feature of the service im paying for.

I also set my phone to auto reboot to every 4 hours so having the data at rest falls into the second line of defence.

My particular issue is that since i dont use any sim card and use a personal router for security reasons i wouldve maybe love to have an option for the phone to stay on so i can securely wipe it in the minutes after i lose my hands on it.

if ever that case would happen.

now with the current settings my threat model could simply turn phone off and try and hack into the phone via traditional ways (cellebrite or gray key) or other newer methods that havent been made public yet.

i just feel for users who are using grapheneOs under an MDM it makes it harder to actually use the services to wipe it as its unconnected to internet pretty quickly.

HappyUser

If ever they could implement an option for phones to not access anything while its locked it wouldve been an amazing feature. The phone will reboot automatically anyways afterwards so basically the data will always be at rest anyways.

rustybird

Also again, I don't think it's even possible for the OS to prevent the phone from rebooting if the power button is held down for about 30 seconds, because this behavior is baked into the firmware. (Once it's rebooting, a thief can then e.g. pause the boot process.)

I'm guessing this is both a safety mechanism against a buggy unresponsive OS and also a security mechanism so that the user can definitely get to the trusted bootloader UI from a running device if they want to see locked/unlocked status or the verified boot key hash. If there wasn't a way to bypass the OS and force a reboot, a malicious OS could just pretend to reboot/shutdown and show a fake bootloader UI.

Relevant (closed) issue: https://github.com/GrapheneOS/os-issue-tracker/issues/236

matchboxbananasynergy

rustybird This is correct, but I think it's important for people to understand why this is an anti-feature only meant to make them feel better and why, in my opinion, it would be a bad idea to provide it even if it could be done.

People should be hoping that someone who takes their phone shuts it down or reboots it ASAP. What are people hoping to achieve by preventing shut down? Tracking the phone down and taking it back from a thief? The phone is gone at that point - people should be thinking about how to protect their data after a situation like this.

matchboxbananasynergy

We won't be doing this for multiple reasons, so I'm marking this feature request thread as solved as it's not actionable.

phone-company

If my phone is stolen, it's certainly annoying, but I only lose €300 and buy a new one. For me, it's more important that my data is safe on this device. My phone reboots to BFU after 4 hours without unlocking the display and is then fully encrypted again. That's what I want. For everything else, maybe use a different OS?

m4ri0g

phone-company
to be honest. that is your opinion and is respectable.
i come from a latin american country where people go beyond their means to get a phone and well they would do anything to get back their investment.
perhaps in a developped country like yours 300 euros is nothing and data is more important which i agree but for some people in less developped countries a phone is a big purchase and seeing it stolen is a big hit.

de0u

m4ri0g perhaps in a developped country like yours 300 euros is nothing and data is more important which i agree but for some people in less developped countries a phone is a big purchase and seeing it stolen is a big hit.

I can definitely recall times and places where a loss of that size would have been a big issue. I hope your Pixel remains with you!

I think some people may, on the one hand, believe that Faraday bags are cheap enough these days that a determined thief could carry one and, on the other hand, that the likelihood of getting a phone back more or less safely is somewhat low. But maybe that's a misunderstanding on the part of outsiders? For phones that won't turn off without a password (e.g., Samsung), are there substantial recovery rates after thefts? Do 10% of those phones come back?

rellhom

de0u

wrapping the phone in a few layers of aluminum foil is a "faraday bag"

DeletedUser69

The question was already answered in the second post (by design) and later reiterated by first mod post.

You would take care of any hard earned property such as house, car etc., so why not reasonably look after your phone (if you consider it so important)?