Project

General

Profile

Actions

Feature #1988

open

Safe mode is accidentally triggered too easily (Was "Safer" 'Safe Mode')

Added by doak complex almost 5 years ago. Updated over 3 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
01/19/2020
Due date:
% Done:

0%

Estimated time:
Resolution:
Device:
Galaxy S 3 (I9300)
Grant:
Type of work:
Build system integration, C programming

Description

TL;DR

Safe Mode is triggered too easily.

Details

Safe Mode will delete all not-yet-synced data which is connected to an account. This is harmful if you are unable or don't want to be online (i.e. connected to the provider) all the time.
I was hit by this several times because I have used a calDAV / cardDAV server within a local VM which was only started from time to time to "backup" that data.

The (updated) Wiki [1] states:

To boot into Safe Mode, press and hold down the Volume Down button during boot.
In fact it is enough to hold the button for approximately one second during the short vibration near the end of the boot sequence. It does not matter if the key was hold down all the time nor if other keys are pressed/held as well.

That sounds hard, but imho it is not. Safe Mode is triggered quite too easy by accident. At least it happened for me several times:
  1. Phone rebooted due of an SW crash and was placed in the "drawer" between driving and passenger seat of my car which is quite narrow. It seems some button had been pressed which led to -- tadaa -- Safe Mode purging my account data.
  2. My mobile fell into water, I got it out of it pretty fast. After some cleaning it seems to be dry. I tried to boot it, which works. Unfortunately some buttons were short circuited which led to -- tadaa -- Safe Mode purging my account data.
  3. Small kids, getting their bruteforce hands on some device, are a great opportunity to boot into Safe Mode as well, though it did not (yet) happen to me.

Anyway, imho it's just to easy to purge data. Even in case it had been synchronised, you would need to setup all accounts, restore a backup etc. Very annoying if you are on the road. Furthermore this can be done by any malicious person flying by.

I would suggest to add a patch which enforces another confirmation before purging user data or, alternatively, make it possible to restore these data afterwards.
I don't know how hard it is to implement such a patch but it guess it should be straight forward. But I can be wrong, for sure. Any comments?

[1] https://redmine.replicant.us/projects/replicant/wiki/SafeMode

Actions #1

Updated by Denis 'GNUtoo' Carikli almost 5 years ago

Implementation

A way that could work would be:
  • To add support for safe-mode in the recovery
  • To make the recovery less prone to accidental mistakes

Malicious people flying by

Currently we don't know any way we could protect from malicious person flying by and not increase the damage done on users freedom by devices like smartphones and tablets other than the usual things like making backups, not leaving the device unattended to malicious people, etc.

For instance we're actively trying to get a fully free bootloader, and we have guides to recover devices at Exynos4Bootrom.

As for encryption, I'm not sure how it works: I would need to verify or ask other contributors if the TrustZone OS is not involved in any way, as it makes backup and recovery of the data way harder (plain LUKS with very long passphrases should work in most cases and still enable block level backup and recovery). But even then it doesn't protect at all against evil maid attacks.

Actions #2

Updated by doak complex almost 5 years ago

Yes, your are absolutely right: The point about malicious people is not valid.

If Safe Mode is added to recovery (which is quite a good idea, imho), it makes only sense if the usual shortcut is disabled, of course.

Actions #3

Updated by doak complex almost 5 years ago

  • Subject changed from "Safer" _Safe Mode_ to "Safer" 'Safe Mode'
Actions #4

Updated by doak complex almost 5 years ago

  • Description updated (diff)
Actions #5

Updated by Denis 'GNUtoo' Carikli over 4 years ago

  • Project changed from Documentation to Replicant
Actions #6

Updated by doak complex about 4 years ago

  • Description updated (diff)
Actions #7

Updated by _I3^ RELATIVISM over 3 years ago

isnt this the same as #1986

Actions #8

Updated by _I3^ RELATIVISM over 3 years ago

  • Type of work Bug tracker editions added
Actions #9

Updated by Denis 'GNUtoo' Carikli over 3 years ago

  • Subject changed from "Safer" 'Safe Mode' to Safe mode is accidentally triggered too easily (Was "Safer" 'Safe Mode')
Actions #10

Updated by Denis 'GNUtoo' Carikli over 3 years ago

  • Target version set to Replicant 6.0
Actions #11

Updated by Denis 'GNUtoo' Carikli over 3 years ago

  • Device Galaxy S 3 (I9300) added
Actions #12

Updated by Denis 'GNUtoo' Carikli over 3 years ago

  • Type of work Build system integration, C programming added
  • Type of work deleted (Bug tracker editions)

The recovery is in C

Actions

Also available in: Atom PDF