How About an Auto Lockdown Feature

[deleted]

It would supply some of the benefits of autoreboot, except that apps can still send you notifications, and you can still receive calls without the sim being locked by reboot. What does the community think of this? I think it would be beneficial for many threat models.

treequell

[deleted] Lockdown mode disables biometric unlock. Of course there are threat models where that is useful, but it is hardly comparable to BFU after a reboot where user data is encrypted at rest. I see the increase in security of lockdown mode as being rather minimal.

[deleted] you can still receive calls without the sim being locked by reboot.

As far as I recall, you can still receive carrier-based calls BFU after a reboot. The stock dialler app should be able to use Direct Boot I believe.

de0u

[deleted] I think this is issue #14.

[deleted]

treequell But i have to disable SIM Pin which is unsafe, incase somebody steals my phone. If we used this feature and auto-reboot together, we could increase the time of autoreboot by a few hours which would be very convenient and have the phone still lock, preventing forcing the user to unlock it. And ofc the notifications and Signal calls.

[deleted]

de0u Thanks!

GrapheneOS

It's usually very easy to get a carrier to transfer a number to a new SIM without being the owner of the number. It can even be transferred to a different carrier. The standard security around this is very poor. This is one of many reasons carrier-based calls and texts should be avoided. You should make sure none of your accounts have phone-based recovery, which ideally means not providing them with a phone number in case they provide a recovery option. Similarly, avoid SMS-based 2FA. SMS-based 2FA is often worse than not having 2FA at all because it can often be downgraded to SMS 1FA via recovery through the phone number.

You can still use a SIM PIN with auto-reboot and it shouldn't impact usability much since you should mostly be using end-to-end encrypted call/messaging apps anyway.

[deleted]

GrapheneOS

My problem isnt' that i love legacy calls so much, but i rely on them because many people still use it to call me eg. Boss. Disabling the pin is still a bad idea so i cant do that, nor would i expect anyone to recommend that. But the biggest problem is that i cant be notified by any app this way, not just Dialer. My threat model includes potentially having to unlock my phone by forced biometrics, so it would be a huge qualty of life feature to have auto lockdown as well as autoreboot. That way i could increase the timer to 4-8hr instead of 1, and still be relatively safe from what im trying to avoid.