Feature #1988

"Safer" 'Safe Mode'

Added by doak complex 9 months ago. Updated 7 days ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:



Safe Mode is triggered too easily.


Safe Mode will delete all not-yet-synced data which is connected to an account. This is harmful if you are unable or don't want to be online (i.e. connected to the provider) all the time.
I was hit by this several times because I have used a calDAV / cardDAV server within a local VM which was only started from time to time to "backup" that data.

The (updated) Wiki [1] states:

To boot into Safe Mode, press and hold down the Volume Down button during boot.
In fact it is enough to hold the button for approximately one second during the short vibration near the end of the boot sequence. It does not matter if the key was hold down all the time nor if other keys are pressed/held as well.

That sounds hard, but imho it is not. Safe Mode is triggered quite too easy by accident. At least it happened for me several times:
  1. Phone rebooted due of an SW crash and was placed in the "drawer" between driving and passenger seat of my car which is quite narrow. It seems some button had been pressed which led to -- tadaa -- Safe Mode purging my account data.
  2. My mobile fell into water, I got it out of it pretty fast. After some cleaning it seems to be dry. I tried to boot it, which works. Unfortunately some buttons were short circuited which led to -- tadaa -- Safe Mode purging my account data.
  3. Small kids, getting their bruteforce hands on some device, are a great opportunity to boot into Safe Mode as well, though it did not (yet) happen to me.

Anyway, imho it's just to easy to purge data. Even in case it had been synchronised, you would need to setup all accounts, restore a backup etc. Very annoying if you are on the road. Furthermore this can be done by any malicious person flying by.

I would suggest to add a patch which enforces another confirmation before purging user data or, alternatively, make it possible to restore these data afterwards.
I don't know how hard it is to implement such a patch but it guess it should be straight forward. But I can be wrong, for sure. Any comments?



Updated by Denis 'GNUtoo' Carikli 9 months ago


A way that could work would be:
  • To add support for safe-mode in the recovery
  • To make the recovery less prone to accidental mistakes

Malicious people flying by

Currently we don't know any way we could protect from malicious person flying by and not increase the damage done on users freedom by devices like smartphones and tablets other than the usual things like making backups, not leaving the device unattended to malicious people, etc.

For instance we're actively trying to get a fully free bootloader, and we have guides to recover devices at Exynos4Bootrom.

As for encryption, I'm not sure how it works: I would need to verify or ask other contributors if the TrustZone OS is not involved in any way, as it makes backup and recovery of the data way harder (plain LUKS with very long passphrases should work in most cases and still enable block level backup and recovery). But even then it doesn't protect at all against evil maid attacks.


Updated by doak complex 9 months ago

Yes, your are absolutely right: The point about malicious people is not valid.

If Safe Mode is added to recovery (which is quite a good idea, imho), it makes only sense if the usual shortcut is disabled, of course.


Updated by doak complex 9 months ago

  • Subject changed from "Safer" _Safe Mode_ to "Safer" 'Safe Mode'

Updated by doak complex 9 months ago

  • Description updated (diff)

Updated by Denis 'GNUtoo' Carikli 6 months ago

  • Project changed from Documentation to Replicant

Updated by doak complex 7 days ago

  • Description updated (diff)

Also available in: Atom PDF