Apple quietly introduced code into iOS 18.1 which reboots the device if it has not been unlocked for a period of time, reverting it to a state which improves the security of iPhones overall and is making it harder for police to break into the devices, according to multiple iPhone security experts.
On Thursday, 404 Media reported that law enforcement officials were freaking out that iPhones which had been stored for examination were mysteriously rebooting themselves. At the time the cause was unclear, with the officials only able to speculate why they were being locked out of the devices. Now a day later, the potential reason why is coming into view.
“Apple indeed added a feature called ‘inactivity reboot’ in iOS 18.1.,” Dr.-Ing. Jiska Classen, a research group leader at the Hasso Plattner Institute, tweeted after 404 Media published on Thursday along with screenshots that they presented as the relevant pieces of code.
Does anybody know if LineageOS has an equivalent feature?
Law enforcement shouldn’t be able to get into someone’s mobile phone without a warrant anyway. All this change does is frustrate attempts by police to evade going through the proper legal procedures and abridging the rights of the accused.
Yep! The police, being fascists, HATE this.
well it’s kind of a selling point. I’m just too used to using android, though.
Edit - there’s something for that too, cool!
You can enable lockdown mode. It forces the next unlock to ignore biometrics and require a pin, which police cannot force you to divulge without a warrant. Once enabled, you get a “lockdown mode” option in the menu when you hold down your power button.
All current stock Samsung phones can do this too, BTW.
Well, when you confiscate a piece of paper, even without a warrant to read it you can do that physically when it’s in your possession, and it’s part of the evidence or something, so everyone else can too, so why even fight for that detail.
They just pretended it’s fine with mobile computers.
I thought that “fruit of a poisonous tree” is a real principle, not just for books about Perry Mason. /s
So - yes. It’s just really hard to trust Apple.
They usually do have a warrant or it was seized lawfully.
This is about keeping them out even when it’s lawful.
Lawyer. Not true.
Example: An officer pulls someone over and suspects them of something arrestable. Then says “Do you want me to get your personal belongings from your car?”
Any person agreeing to this allows them to hold your phone as evidence indefinitely in the US now.
That’s all lawful.
They can search you and the area when arrested. They can search the car if they have probable cause that evidence will be in the vehicle
I said have a warrant or seized lawfully, not nust have a warrant.
Edit: I didn’t even write what I said I said correctly. Corrected it lol.
Seized or not, they can not force you to unlock your phone via pin without a warrant. They can only force you to use biometrics.
Other people answered, but to your point, in some cases THEY CAN compel without a court order.
Biometrics don’t conform to certain laws, and it gets even more complicated if you’re entering the US through customs. They can practically hold you indefinitely if you don’t comply. Whether you have legal representation is sort of an after thought.
Right, but this is about them bypassing you entirely.
They don’t need your fingerprint or pass code if they can bypass it themselves. This feature protects you when they’ve seized it lawfully which can be for many reasons.
It is their job to find evidences, not my resposibility to provide them.
I’ve never said otherwise.
It’s their job to find a way to hack into the phone.
This feature makes that even harder.
The police can engage in rubber-hose cryptanalysis. In many countries, it’s legal to keep a suspect in prison indefinitely until they comply with a warrant requiring them to divulge encryption keys. And that’s not to mention the countries where they’ll do more than keep you in a decently-clean cell with three meals a day to, ahem, encourage you to divulge the password.
That’s what you need distress codes for.
Destruction of evidence is a much different crime.
I would suspect it’d no longer be legal to hold them indefinitely and instead at best get the max prison sentence for that crime instead.
A us law website says that’s no more than 20y as the absolute max, and getting max would probably be hard if they don’t have anything else on you.
You’d have to weigh that against what’s on the device.
Also, even better if the distress code nukes the bad content, and then has a real 2nd profile that looks real, which makes it even harder to prove you used a distress code.
In most cases, destroying evidence will result in an adverse inference being drawn against the accused. It means that the court will assume that the evidence was incriminating which is why you destroyed it.
The way this article is framed sounds like bullshit to me. 18.1 was released less than 2 weeks ago. Any phone running this version of iOS would have had to already been in custody and somehow upgraded to this version, or otherwise brought into custody very recently—too recently for this to have already posed such a problem that law enforcement is “freaking out” and reporting it to the media.
The way this article is framed sounds like bullshit to me. 18.1 was released less than 2 weeks ago. Any phone running this version of iOS would have had to already been in custody and somehow upgraded to this version, or otherwise brought into custody very recently—too recently for this to have already posed such a problem that law enforcement is “freaking out” and reporting it to the media.
A non-insignificant amount of people have been running the public betas because of Apple intelligence, RCS / iMessage toys, UI customization, etc. For example, MixPanel reported about 2% of the iOS install base running 18.0 before 18.0’s launch. IMHO, that’s pretty crazy for a beta OS.
iOS has auto update for a while and iOS users update their devices more often than Android. 2 weeks is not a long time for adoption of new version for iOS.
Thank you Apple, right side of history here, fuck fascist pigs
Wouldn’t that disrupt the usage of a phone as a server?
You joke but people do that. I’ve seen people repurpose their old android phones to host small services on their home networks. I won’t comment on how reasonable it is because battery, but it’s a thing.
Literally no difference between a low power SOC RaspberryPi or a fucking phone which is the same thing with a built-in display.
Except the price, which is much lower for the SBC, way much lower if one uses one of the lower end Orange Pi or Banana Pi SBCs.
Also you can put Linux on the SBCs (which always come unlocked) hence do way more with them as servers than if one has to use Android as the OS.
I mean, I can get it if people with the technical chops, love for technical challenges and an old and pretty much worthless Android phone, configure it as a server if only because “why not?!”, but it’s not exactly a great option considering that a 40 bucks SBC can do the same, only better, more easily and with far more possibilities (given that it will be running Linux rather than Android).
PS: Actually somebody below mention mobile network connection, which, thinking about it, would be a good reason to use an old Android phone as a server since it has built-in support for 3G (unless it’s quite old) whilst the SBC needs it add to it which might be a problem for the cheaper SBCs (just wondering about how I would get around to do it, I think you need to connect a USB dongle to it and it has to be something compatible with Armbian Linux)
When you consider the price of a used android (ie. Oneplus 6T for $80 on ebay) and compare it spec for spec with a raspberry pi, it’s actually a really good deal. Like you get:
- Built in backup power supply (battery)
- 8-core power-efficient CPU (SDM845)
- Embedded sensors (microphone, magnetometer, gyro)
The way I set mine up is to run the server directly on Android using Termux, having an app autostart Termux on boot, and making sure to disable battery optimizations on the app. And then I just had the phone always plugged into the outlet to maintain the battery (and of course android would just trickle charge / disable once full charged).
Of course this isn’t perfect because you still have much more variability in play (at the OS level) than an RPi (along with not having a standard environment like debian unless you use proot), but it overall is a very powerful setup that works quite well.
I don’t think the sensors really matter for a server but the rest makes some sense.
Still, 80 bucks will buy you quite literally a Mini-PC (a really crummy one, granted) which can run more server tasks because it has as much or more memory and storage and isn’t hindered by there being an Android OS layer there doing nothing useful, and which is absolutelly and 100% under your control because it boots into your OS of choice.
Half than that will buy you a crummy SBC which probably de facto has as much capability to run server tasks as that Oneplus (it’s weaker but doesn’t have Android there eating up resources) though in my experience those things tend to be a bit finicky.
I don’t think it’s actually worth it to spend $80 on an used phone to use as a server (unless you do need UPS-like features or built-in mobile nertwork access) since you quite literally have better options brand new for that money, but if you have one around it can make sense even if it’s a bit more work getting it going and is not fully under your control (unless we’re talking about something jailbroken where you can install Oxygen or Lineage on, so a Pixel would probably be a better choice).
That said, there is a certain technical elegance in the whole notion of repurposing an Android Phone to be a home server.
I really doubt an iOS update will affect people using android phones as servers.
It would affect me. I have an android virtual machine running on my iPhone.
could be a simple hot spot cell backup, like for reporting network outage, remoting in to certain devices, etc. essentially a secondary ISP to report on main isp and troubleshoot. especially if you have smart devices you could reboot remotely.
That’s it!! Now I will NEVER use an iPhone as a server. 😋
A phone server that is disconnected from cellular is already broken anyways.
On one hand, Fuck Da Police
On the other hand, Fuck Apple
Why does rebooting it improve the safety or security of the phone?
Most likely after rebooting but before unlocking the decryption key is not present in memory in plaintext.
It wasn’t quite, I had to opt in.
If this is true, then it’s not a setting that users can access. At least not that I can find.
