• GeneralSolved

  • Preventing Unauthorized Shutdown/Restart on Lock Screen in GrapheneOS

Hi everyone, I've been using GrapheneOS for a while now, but I haven't found a good solution for one specific issue: locking the power menu (shutdown, restart, etc.). My goal is to prevent my phone from being powered off while it's locked. Right now, the phone can be turned off easily from the lock screen without even asking for the PIN.

I've tried an app that claims to disable the power menu, but it doesn't work well. The only drastic alternative I've come up with so far is using ADB with the following command to disable the power menu:
adb shell settings put global power_button_long_press 0

Does anyone have any other suggestions or alternatives for this issue?

    root123 useless. Your phone can always be powered off by hardware. Long pressing the power button will turn it off eventually. And that is not some secret information...

        I know there are different use cases and I respect yours, but I'm curious to know what you think you'll achieve if you find a way to block the shutdown.

          n3t_admin inutile. Il telefono può sempre essere spento dall'hardware. Premendo a lungo il pulsante di accensione alla fine lo si spegnerà. E questa non è un'informazione segreta...

          Using the following command can no longer turn it off I held the button down for a good 2 min but it only turns off the screen

              Oggyo That they cannot turn off my phone in case of loss or other necessity

                  root123 press all three buttons (power+vol up+vol down) together. That should do the trick.

                      root123
                      I see, but then what? What did you gain? I (personally) want my phone powered off rather than on, if in someone else's hands. I care about the data in the phone and this is one of the main reasons I use GrapheneOS.

                          root123 you don't turn it off with the power button either. You boot it into recovery, then shut it down via that menu. All with buttons. You can't bypass this. This is what I'm trying to tell you. You would have to physically destroy one of your buttons to prevent this.

                              I explain better I have a service that sends my location and in case of lost if they reboot it on next reboot it would send me location again instead case otherwise if they turn it off

                              n3t_admin I see so there is no way like there is for example in samsung that it asks you for the password if you turn it off or restart it

                                  Oggyo well because maybe I would be able to retrieve it in case I lost it.

                                    root123 the same is true for Samsung phones. It's just slightly different key combinations. Samsungs "enter code to shut down" is mere security theater aimed at tech illiterate people (like everything else they do for "security").
                                    The only half-viable option are those pesky "always on" bluetooth capabilities that make use of Apple's and Google's FindMy-networks, where the phone acts as a beacon, even when turned off. But then again - use a faraday bag and that's a non issue as well.

                                    There sadly is no real protection against theft. Just hold on tight and keep your phone close to you, everything else is a waste of time, probably.

                                        n3t_admin ok you convinced me so it could be implemented just by destroying the physical button

                                            root123 not just, you would also need to disable the shutdown menu. And even then - if a thief discovers they can't turn it off, it might just get disassembled at the next repair shop where the battery is physically disconnected. You are trying to achieve something that doesn't exist. There is no good anti-theft feature out there that covers common attack vectors used in this day and age. What you'll achieve more likely, is a destroyed phone or a destroyed OS (or both).

                                              root123

                                              there is no way like there is for example in samsung that it asks you for the password if you turn it off or restart it

                                              For security reasons, some grapheneos features are actually designed to do the opposite of what you want to achieve: Namely, to bring the device into the BFU (before first unlock) state if possible - e.g. with Auto reboot.

                                              I explain better I have a service that sends my location and in case of lost if they reboot it on next reboot it would send me location again instead case otherwise if they turn it off

                                              Even if I understand your approach, such a feature - even if implemented correctly- to me seems to only offer limited real value: A Faraday bag and waiting until the phone's battery dies (which shouldn't take too long on a modern phone) and shuts down the device without a password practically counteracts this feature.

                                              Talking about "implemented correctly" (I don't have a Samsung - so unfortunately I can't test it myself): Looking at this video it seems the feature doesn't prevent a shutdown.

                                              Out of curiosity: Would you like to say which service you want to use?

                                                root123 "My goal is to prevent my phone from being powered off while it's locked."

                                                Impossible, sorry. Hardware wise I can hold the power button, more so I could remove the battery (or wait for it to die) if I really want to.

                                                No security benefit from this either, you should want people to turn off your device.

                                                Once the device power cycles, the devices memory is cleared and it enters BFU.

                                                If someone steals your phone, assuming you don't know them, a GPS locator isn't going to help really. I could easily kill the phones battery, recharge it, enter recovery, and wipe it clean.

                                                Your data is more at risk if the power can't be cycled, this is why auto reboot exists

                                                  As others have said, it's not really possible to force this. Someone can remove the battery, smash the device or trigger it via the hardware buttons.

                                                  If they want to do none of the above, they can simply put the phone in a faraday bag so that you can't send a command to wipe it etc. until the battery runs out, at which point they can boot into recovery and factory reset etc.

                                                  If your phone gets lost/stolen, hoping to find it again by tracking etc. is a fool's errand, in my opinion.

                                                  What I would worry about, and what I would suggest that you also worry about is what's on the phone, and for that, you want the exact opposite to happen, meaning, you want your phone to reboot or be shut down as fast as possible in order for your data to be at rest. That's why we have the auto reboot feature.