Defer updates temporarily

someone1223

Hi, although it is very dangerous to not have fully up to date OS, sometimes it is not convenient to have system update installing automatically. One issue is the long time to optimise apps upon restarting, rendering the phone unusable for quite a time. It might be the case that there is something urgent to be done through the phone but the user is stuck on that step.

Because disabling auto updates is not safe, I suggest to add an option to defer updates temporarily. If an update is found, notify the user of the update with an option to defer up to X days. If user didn't respond, use a default value. User should obviously have the option to install now.

What do y'all think?

spiral

someone1223

It's been discussed here.

ve3jlg

someone1223 although it is very dangerous to not have fully up to date OS

This is incorrect.

The risk to a user of not installing particular updates depends on their phone usage.

Some users do not use cellular functions or even have a SIM installed. Why would vulnerabilities in cell functions be a concern to them and a need to immediately update?

Other users click on all kinds of links on unknown sites, without the protection that using Firefox and uBlockOrigin and a DNS which blocks malware sites provide. Others do not.

Some users take great care in choosing trustworthy software apps to install and keeping it updated. Others do not. Some users install hundreds of apps. Other users do not. Apps and browsers are almost always the vector for exploits, so user risk varies greatly.

I wouldn't image much risk at all to any GrapheneOS who does not connect their phone to the internet but never update, unless physical access to their phone by others seeking to spy on or harm them is a big risk.

Users are free to create different risks or not by their own use and the stated objective of the project, and have different threat models.

There is also a risk of installing updates, especially as GrapheneOS does not provide a "security updates only" update channel, but instead includes new features which may, and sometimes do, introduce new, exploitable vulnerabilites at the same time.

Blanket statements that out-of-date software is "very dangerous" are simply wrong.

treequell

Thank you for your message. Usually 'Optimizing apps' during reboot takes only one or two minutes for me, but I have noted also that it's taking significantly longer since updating to Android 14. Hopefully that's just a temporary thing.

Personally, I have "automatic reboot" disabled in Settings > System > System update for that reason. I let the system updater installer the update and then wait until I don't need to use my phone for a short while and manually reboot my device. Is that approach not sufficient for you too?

treequell

See https://twitter.com/GrapheneOS/status/1712875383790485601 for an update about AOT compilation on GrapheneOS.

spiral

treequell

Considering the info that's been tweeted here I think it's more prudent than ever to consider adding the ability to schedule a reboot time of the user's choosing.

Allowing the ability to schedule for instance a 3am reboot time can alleviate the burden of a long app-optimization process. It's tough to imagine a time period anywhere in the waking day where I can be without my main mobile device for 45 minutes, which is how long app-optimization is taking on my P7.

treequell

spiral Hi there, I appreciate your interest in this feature, but asking here probably isn't the best use of your time.

I'm a community moderator for GrapheneOS, and I don't play a role in the decisions of the development team. Development work is done on GitHub.

If you have a look at the issue tracker on GitHub, there is already an open feature request which includes what you're looking for: https://github.com/GrapheneOS/os-issue-tracker/issues/2153. It's also mentioned in a previous closed feature request: https://github.com/GrapheneOS/os-issue-tracker/issues/530.

When you have a feature request in the future, I suggest looking there on GitHub, rather than posting about it here.

spiral

treequell

I'm not formally making a feature request here. Rather, just probing to see if others think it'd a good idea or if it's even possible. But, of course I will keep this in mind, should I ever formally want to make a request.

huggy

Also updates are full of bugs as it seems from the latest one

GrouchyGrape

@spiral Mine took 10 minutes last time for 170 total apps. It's also not at all inconvenient for me to be without my phone for hours if needed. I can access all my critical messaging platforms from my computer (although I'm also happy to have an excuse to be without my phone).

All that being said, I think a scheduled reboot wouldn't be a bad feature. Have you looked for a third party solution? Could you not reboot once you're getting in bed or waking up?

spiral

GrouchyGrape

Waking up, rebooting, and being without my phone for 45 minutes is not an option.

Rebooting when going to bed is not an option either since I have a PIN set on my eSIM.

It's not as though havjng the ability to schedule the reboot will solve this for me entirely - I just think it's an option worth exploring.

Yes, perhaps there is a third-party option which will work, but I'll only want to reboot AFTER a gos update, not every night on a schedule.

We'll see if this long app-optimization thing even continues.