Apple quietly introduced code into iOS 18.1 which reboots the device if it has not been unlocked for a period of time, reverting it to a state which improves the security of iPhones overall and is making it harder for police to break into the devices, according to multiple iPhone security experts.
On Thursday, 404 Media reported that law enforcement officials were freaking out that iPhones which had been stored for examination were mysteriously rebooting themselves. At the time the cause was unclear, with the officials only able to speculate why they were being locked out of the devices. Now a day later, the potential reason why is coming into view.
“Apple indeed added a feature called ‘inactivity reboot’ in iOS 18.1.,” Dr.-Ing. Jiska Classen, a research group leader at the Hasso Plattner Institute, tweeted after 404 Media published on Thursday along with screenshots that they presented as the relevant pieces of code.
Law enforcement shouldn’t be able to get into someone’s mobile phone without a warrant anyway. All this change does is frustrate attempts by police to evade going through the proper legal procedures and abridging the rights of the accused.
Yep! The police, being fascists, HATE this.
well it’s kind of a selling point. I’m just too used to using android, though.
Edit - there’s something for that too, cool!
You can enable lockdown mode. It forces the next unlock to ignore biometrics and require a pin, which police cannot force you to divulge without a warrant. Once enabled, you get a “lockdown mode” option in the menu when you hold down your power button.
If you haven’t done this and need the same ability IMMEDIATELY: reboot, or just shut down
Every first boot requires pin same as lockdown
Also: set a nonstandard finger in a weird way as your finger unlock if you wanna use that, then theyre likely to fail to get that to work should you not manage to lock it down beforehand
Finally: there are apps that let you use alternate codes/finger unlocks to wipe/encrypt/reboot the device instead, allowing you to pretend to cooperate with the cops up until they realize they got played
IANAL, but I’d be very careful about wiping the phone like that. Sounds a lot like destruction of evidence…
Gotta prove there was evidence on the phone in the first place, which would take forensic work to do and be not worth the work in the majority of cases
Plus it would annoy them, and that’s the real goal here
I imagine that would be one hell of a story to tell Bubba when they decide to lock you away for whatever false charges they can pin on you.
It’s not destruction of evidence though because without a warrant the information on the phone isn’t evidence, it’s just stuff on a phone. Stuff which is your stuff and you have every right to delete it whenever you want.
They would actually have to arrest you and acquire a warrant, try it to getting you to unlock the phone for it to be “evidence”.
The police would have a very hard time in court saying that there was evidence on the phone when they can’t produce any documentation to indicate they had any reason to believe this to be the case. Think about the exchange with the judge.
“Your honor this individual wiped their phone, thus destroying evidence”
“Very well, may I see the warrant?”
“Yeah… Er… Well about that…”
It doesn’t matter what the police may think you have done, if they don’t go via the process the case will be dismissed on a technicality. They hate doing that but they don’t really have a choice.
So many words to explain how you literally have no clue about how the law works.
Although lockdown mode is a good step and helps defend against biometric warrents, it does not wipe the encryption keys from RAM. This can only be achieved by using a secondary (non-default) user profile on GrapheneOS, and triggering the End session feature. This fully removes the cryptographic secrets from memory, and requires the PIN or password to unlock, which is enforced through the StrongBox and Weaver API of the Titan M2 secure element in Pixel devices.
You can use GrapheneOS, a security-focused version of Android which includes auto-reboot, timers that automatically turn off Wi-Fi and Bluetooth after you don’t use them for a certain period of time, a duress PIN/Password that wipes all the data from your device after it’s entered, as well as many other incredibly useful features.
It’s fully hardened from the ground up, including the Linux kernel, C library, memory allocator, SELinux policies, default firewall rules, and other vital system components.
graphene is ONLY for select Google pixel phones though. I wish this was made much clearer by the team and advocates.
its a real shame because pixels, although big in the USA are typically a minority of most android ecosystems elsewhere, and bootloader hijinks keep some perfectly capable phones from being easy to switch over to, even if they were supported.
Even on samsungs, which are much better for flashing than they used to be - my options on a year old flagship for a decent ROM are pathetic compared to the old days.
so I would really love to use graphene, and go back to an open source ROM without crap on it, but pixels are such a bottom tier phone for their price in a lot of places, as much as I really really want the project go gain traction for their transparency and objectives.
but pixels are such a bottom tier phone for their price in a lot of places
Not sure what you mean, you can get a used Pixel 6a for 120 EUR, which will continue to get updates for another 2.5 years. Show me another phone with such a great value proposition. There’s a website that calculates how much each Pixel would cost you monthly (it’s basically just price divided by update lifetime): https://pixel-pricing.netlify.app/
There are some really good deals, and I’d rather pay a little more for a phone that can actually be used privately, instead of buying some cheap Chinese, spyware-infested garbage that will fall apart after 2 years, and never gets any security updates.
Not sure what you mean, you can get a used Pixel 6a for 120 EUR, which will continue to get updates for another 2.5 years. Show me another phone with such a great value proposition. That’s exactly my point, outside of the EU and north america, you’re just very unlikely to find that scenario. I don’t want to doxx myself here, but the going rate for the phone you mentioned is at minimum 300 euro equivalent - comparable flagships significantly cheaper. I have nothing against Pixels specifically - before the re-brand, I had nearly every Google Nexus phone ever made, and they were all amazing. They’re just not acceptably priced in all markets for what they are, even used.
I’d argue however that there’s much more to android than either Pixels OR chinese spyware crap - Samsung, Sony, and LG aren’t always perfect, but often make very good products that if running a custom ROM, are every bit as secure as any pixel, while the hardware of pixels is generally a bit worse, but compensated for with better software optimisation. Buying into a false dichotomy that there is only one good android manufacturer puts us no further ahead than apple fanboys beholden to a largely good, but sometimes flawed ecosystem.
My ideal is that development can expand to other mainstream brands and OEMs, and that the interest in the graphene/ROM community picks up steam more broadly, rather than being siloed into pixels alone, and bound to the fate of google-specific hardware going forward.
I’m the only guy in my (small) friend group who still used pattern code instead of fingerprint so I take that to mean my phone is by default more difficult to break into than most. Giving my fingerprint to a giantic tech firm has always seemed like a bad idea so I never did. Though the fingerprint reader acts as a power button too so who knows if they’ve scanned it anyway.
Well, when you confiscate a piece of paper, even without a warrant to read it you can do that physically when it’s in your possession, and it’s part of the evidence or something, so everyone else can too, so why even fight for that detail.
They just pretended it’s fine with mobile computers.
I thought that “fruit of a poisonous tree” is a real principle, not just for books about Perry Mason. /s
So - yes. It’s just really hard to trust Apple.
To confiscate anything, unless it’s lying openly, you need a warrant.
If a cop sees an unlocked phone with evidence of a crime on it, that doesn’t need a warrant. If it’s locked and they only have the suspicion of evidence, they need a warrant. Same as with entering a building or drilling a safe.
Is analogy with people in (very quiet) places who don’t lock doors to their homes correct? Then it’s as if the door is not locked, a cop doesn’t have to ask permission (or warrant)?
No. Even if a house is unlocked, the fourth amendment guarantees “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures”.
What constitutes “unreasonable”, is of course, up to a judge.
If a cop can look in your window from the porch and see a meth lab, yeah, they’re going to come back with a warrant, mostly because they can’t just pick up the house and take it to evidence. If your phone is lying unlocked, and they see something obviously criminal on the screen, they’re going to take it right then and there.
That’s what I meant. Phones should be treated similarly to houses.
That argument sounds great until you consider that a piece of paper won’t contain almost the entirety of your personal information, web traffic, location history, communications. You may say you could find most of that pre computer era in someone’s house, but guess what you would need to get inside and find those pieces of paper…
It’s not an argument, just a thought.
They usually do have a warrant or it was seized lawfully.
This is about keeping them out even when it’s lawful.
Lawyer. Not true.
Example: An officer pulls someone over and suspects them of something arrestable. Then says “Do you want me to get your personal belongings from your car?”
Any person agreeing to this allows them to hold your phone as evidence indefinitely in the US now.
That’s all lawful.
They can search you and the area when arrested. They can search the car if they have probable cause that evidence will be in the vehicle
I said have a warrant or seized lawfully, not nust have a warrant.
Edit: I didn’t even write what I said I said correctly. Corrected it lol.
Seized or not, they can not force you to unlock your phone via pin without a warrant. They can only force you to use biometrics.
Right, but this is about them bypassing you entirely.
They don’t need your fingerprint or pass code if they can bypass it themselves. This feature protects you when they’ve seized it lawfully which can be for many reasons.
Or even if they’ve seized it unlawfully. Or if it’s been stolen by a regular thief, a cybercriminal, the mafia, or a cartel.
I’m not sure how much it would actually help for a regular thief.
This is about protecting it against more sophisticated attacks. But the rest probably have those means if wanted.
It is their job to find evidences, not my resposibility to provide them.
I’ve never said otherwise.
It’s their job to find a way to hack into the phone.
This feature makes that even harder.
Other people answered, but to your point, in some cases THEY CAN compel without a court order.
Biometrics don’t conform to certain laws, and it gets even more complicated if you’re entering the US through customs. They can practically hold you indefinitely if you don’t comply. Whether you have legal representation is sort of an after thought.
The police can engage in rubber-hose cryptanalysis. In many countries, it’s legal to keep a suspect in prison indefinitely until they comply with a warrant requiring them to divulge encryption keys. And that’s not to mention the countries where they’ll do more than keep you in a decently-clean cell with three meals a day to, ahem, encourage you to divulge the password.
That’s what you need distress codes for.
Destruction of evidence is a much different crime.
I would suspect it’d no longer be legal to hold them indefinitely and instead at best get the max prison sentence for that crime instead.
A us law website says that’s no more than 20y as the absolute max, and getting max would probably be hard if they don’t have anything else on you.
You’d have to weigh that against what’s on the device.
Also, even better if the distress code nukes the bad content, and then has a real 2nd profile that looks real, which makes it even harder to prove you used a distress code.
In most cases, destroying evidence will result in an adverse inference being drawn against the accused. It means that the court will assume that the evidence was incriminating which is why you destroyed it.
GrapheneOS also has this. Not sure stock android includes it.
It does not. I don’t have it on my Pixel 6. From other people’s comments, it sounds like Samsung and other OEMs have added their version, though.
calyxOS has it too.
That seals the deal for me on rooting my pixel. I’ve been hesitant about rooting ever since I bricked an extra galaxy s3 and nearly bricked my (main device) Verizon galaxy s5
GrapheneOS is the easiest ROM install bar none. Get the en browser (needs to be chrome-based) to the install url, hook the phone cable, and let it run. It’s super straightforward. It’s not rooting though, you don’t get root access by default.
Wow things sure changed about Android roms! I still remember how difficult it was to try to simply install a rom through Knox
samsung devices are still a different beast, they have their unique little everything and the standard tools don’t work there
It’s either root or having access to my bank accounts. 🙄
It does, labled “Auto Restart”, but only when “preformance issues detected” or time specified. Apple is quite late on this feature.
This is rebooting for a different reason. That auto reboot just kind assumes that the software on your phone sucks and it needs to reboot to stay running fast.
Graphene and now iOS auto reboot for security/privacy reasons.
The end result is the same though. First phone unlock is the one a bad actor can’t get through.
It’s not the same.
On an iPhone it’ll reboot after X hours of no use. That means it could go months without rebooting and the day after it’s in police hands it reboots.
The feature you’re talking about would need to be set to reboot every day at a specific time. Now you personally have to deal with that. Also until you unlock the phone as well there could be reduced functionality making it annoying.
Very different.
Not that hard to deal with honestly. Rebooting at night which I’m sleeping does not reduces any functionality, cuz I’m not using it. If someone needs to find me during the night he better call me cuz I won’t wake up by notification which is also suppressed by DND. Yeah it is not design for security but a solution better than none.
Furthermore, rebooting the device periodically is good for security, especially for non-persistent fileless malware.
on GrapheneOS it is labeled auto reboot and it specifically says “automatically reboot device if it hasn’t been unlocked in xxx hours” with a default of 18.
Samsung does too but I’ve not set it up as such. Instead, it automatically locks the device from biometric unlocks every 24 hours until you login with your pin again.
GrapheneOS been had this feature, don’t let apple tell you they invented it.
Great software features should be available to all hardware, regardless of OS.
For sure I’m just joking about apple’s habit of taking a feature that has been around for YEARS and claiming they “innovated” it, usually after they strip it down a little no less (like in this case where it appears to be a setting users can’t access, but Graphene lets you turn it on/off or adjust the time between lock and reset.)
IMHO, the novelty of the feature isn’t what makes this headline worthy. This is noteworthy because of the scale. iOS is over a quarter of phones on earth, and in English speaking countries and Japan, you’re looking at numbers that are often over 50%.
This will impact a LOT more investigations than Graphene, and I imagine Apple will be back in court fighting cops who want to remove privacy and security features. Hopefully this stuff stands up to the autocrats coming into power in the states.
Android in general has it, not just you.
All six GrapheneOS users should be proud that the developers of their phone software are genius inventors!
And most of them are in this thread.
Judging by the downvote count, I was off by 2x. My apologies to the community!
(For the record, I have nothing against GrapheneOS, but also no use for it)
deleted by creator
Gotcha. We’re almost twice as many.
I’m looking forward to joining the dozens with my nexto phone v
Thank you Apple, right side of history here, fuck fascist pigs
The way this article is framed sounds like bullshit to me. 18.1 was released less than 2 weeks ago. Any phone running this version of iOS would have had to already been in custody and somehow upgraded to this version, or otherwise brought into custody very recently—too recently for this to have already posed such a problem that law enforcement is “freaking out” and reporting it to the media.
The way this article is framed sounds like bullshit to me. 18.1 was released less than 2 weeks ago. Any phone running this version of iOS would have had to already been in custody and somehow upgraded to this version, or otherwise brought into custody very recently—too recently for this to have already posed such a problem that law enforcement is “freaking out” and reporting it to the media.
A non-insignificant amount of people have been running the public betas because of Apple intelligence, RCS / iMessage toys, UI customization, etc. For example, MixPanel reported about 2% of the iOS install base running 18.0 before 18.0’s launch. IMHO, that’s pretty crazy for a beta OS.
iOS has auto update for a while and iOS users update their devices more often than Android. 2 weeks is not a long time for adoption of new version for iOS.
On one hand, Fuck Da Police
On the other hand, Fuck Apple
Wouldn’t that disrupt the usage of a phone as a server?
You joke but people do that. I’ve seen people repurpose their old android phones to host small services on their home networks. I won’t comment on how reasonable it is because battery, but it’s a thing.
I really doubt an iOS update will affect people using android phones as servers.
It would affect me. I have an android virtual machine running on my iPhone.
could be a simple hot spot cell backup, like for reporting network outage, remoting in to certain devices, etc. essentially a secondary ISP to report on main isp and troubleshoot. especially if you have smart devices you could reboot remotely.
That’s it!! Now I will NEVER use an iPhone as a server. 😋
Interesting, tell me more please. I presume it requires loading a different OS image as standard iPhone/android OS images will pause apps and attempt to go into a deep sleep after a long enough period?
iPhone? Don’t these kill apps after a few minutes in background?
*seconds. KDE Connect dying the moment I turn off the iPad annoys me to this day.
A phone server that is disconnected from cellular is already broken anyways.
Meanwhile security-oriented Android forks: “You didn’t do that?”
Why does rebooting it improve the safety or security of the phone?
Most likely after rebooting but before unlocking the decryption key is not present in memory in plaintext.
Do two fucks make a right?
It wasn’t quite, I had to opt in.
If this is true, then it’s not a setting that users can access. At least not that I can find.
Does anybody know if LineageOS has an equivalent feature?
