#TL;WR:
Using "Picture-in-picture" to play videos while "Auto-rotate" is turned on can brick your phone until the battery dies.
That means you cannot:
- unlock your phone
- switch off your phone
- restart your phone
- reboot into safe mode
- make emergency calls
This bug is reproducible on my pixel 9a (on up-to-date software).
# Here's how to do it (don't do it):
(Before you do it, make sure your battery is <5% so that your battery dies qucikly. Additionally, add the "Torch" quick tile at the very top of your notification control panel to help the battery drain even faster, once bricked. But the quickest way is to turn on "auto-reboot within 10 minutes" feature in exploit-protection setting for testing purposes.)
Step 1: Download and install the popular open-source media player "mpvKt" (or one of its forks such as "mpv-android" and "mpvEx").
(Note that this bug does not exist inside the "mpvKt" app because it can be replicated inside chromium based browsers like "Brave" and "Vanadium" too (discussed later). Mpvkt needs no internet to play local videos, which is why I use it as an example.)
Step 2: Turn on "Auto-rotate".
Step 3: Clear all open apps (if any. Relevant in step 8 for simplicity and to eliminate any possible variables).
Step 4: Open the "mpvKt" app and hold your phone horizontally to trigger the phone into the horizontal mode automatically, thanks to "Auto-rotate".
(Make sure that the app UI has in fact rotated into a horizontal position. Stay in this horizontal mode and do not go into portrait mode moving forward.)
Step 5: Pick and play a regular video. The video will play in horizontal mode.
Step 6: Locate the "Picture-in-picture" button on the screen and press it.
A tiny mini-player will start playing your chosen video.
Step 7: Swipe up from the very bottom of the screen to trigger the "recent apps" showcase.
(Or press the "recent apps" button if you are using "button navigation" instead of "gesture navigation").
Step 8: Swipe the app off the screen. You are immediately back at the homescreen (because no other apps are open).
Step 9: Observe the notification bar at the top of the screen, if it has mysteriously vanished, it is a sign that the bug has been activated.
(at this point, the bug is reversible, but that's not important.)
Step 10: Press the power button once to lock you phone.
TA-DA! You have succesfully bricked your phone.
# What this means:
Your phone is now a brick.
Your screen has strangely split in two halves corrupting its normal functinality.
You cannot unlock your phone via pin or password. Fingerprint reader does not work. Power menu does not show up, meaning that you cannot shut down your phone, or restart you phone, or reboot into safe mode, or make emergency calls.
Although, you can still manage to pull down the notification control panel by swiping the top half of the screen from right to left exposing the topmost quick-tile settings.
# What now?
Let the battery drain out completely.
Turning the brightness to maximum and turning on "Torch" will aid you in this process.
Or you can wait for auto-reboot to do its job.
The next time your phone reboots, everything should be back to normal.
# Why does this happen? (my thoughts):
The "pip" mini-player strangely starts at the bottom left corner of your phone when using mpvKt in horizontal UI mode.
But, this mini-player starts at the bottom right corner of your phone when using mpvKt in portrait UI mode (as with most apps like VLC media player.)
This tells us that just like apps can have a portrait UI and a horizontal UI, the "Picture-in-picture" feature can have a portrait configuration and a (buggy) horizontal configuration.
Conclusion: The horizontal configuration of "Picture-in-picture" is buggy and bricks your phone.
#How to replicate the bug in Vanadium Browser:
Step 1: Disable javascript.
(This will make it so that online videos play in the built-in video player which has the "Pip" button).
Step 2: Go into horizontal UI mode.
Step 3: Play any video. (Most websites don't play videos without javascript, so I suggest you use "archive .org" to play any video of your choosing).
The video should begin playing in the built-in video player.
Step 4: Click on the three vertical dots inside the video player, and press "picture-in-picture" button.
A mini-player should begin playing at the bottom left corner of your phone.
Step 5: Kill the app (by swiping it off the "recent apps" screen).
Step 6: Lock the phone (by pressing the power button once).
DONE!
# Parting thoughts:
It's weird how in this case, it is a good thing that we have not innovated batteries that last like a month on a single charge. If we did have such super-batteries, one would have needed to go to the repiar shop than let it discharge.
I wonder whether a malicious app with horizontal UI can exploit this bug like so: User opens the malicious app ---> The app plays a video in pip mode by itself ---> Kills itself ---> The user presses power button in confusion and bricks their phone...?
I don't know if it's just my phone, so I am posting this here to see if anybody else can confirm that it's not just me. So, feel free to correct me, comment, and ask for clarification.
:)