Feature #1988
openSafe mode is accidentally triggered too easily (Was "Safer" 'Safe Mode')
0%
Description
TL;DR¶
Safe Mode is triggered too easily.
Details¶
Safe Mode will delete all not-yet-synced data which is connected to an account. This is harmful if you are unable or don't want to be online (i.e. connected to the provider) all the time.
I was hit by this several times because I have used a calDAV / cardDAV server within a local VM which was only started from time to time to "backup" that data.
The (updated) Wiki [1] states:
That sounds hard, but imho it is not. Safe Mode is triggered quite too easy by accident. At least it happened for me several times:To boot into Safe Mode, press and hold down the
Volume Down
button during boot.
In fact it is enough to hold the button for approximately one second during the short vibration near the end of the boot sequence. It does not matter if the key was hold down all the time nor if other keys are pressed/held as well.
- Phone rebooted due of an SW crash and was placed in the "drawer" between driving and passenger seat of my car which is quite narrow. It seems some button had been pressed which led to -- tadaa -- Safe Mode purging my account data.
- My mobile fell into water, I got it out of it pretty fast. After some cleaning it seems to be dry. I tried to boot it, which works. Unfortunately some buttons were short circuited which led to -- tadaa -- Safe Mode purging my account data.
- Small kids, getting their bruteforce hands on some device, are a great opportunity to boot into Safe Mode as well, though it did not (yet) happen to me.
Anyway, imho it's just to easy to purge data. Even in case it had been synchronised, you would need to setup all accounts, restore a backup etc. Very annoying if you are on the road. Furthermore this can be done by any malicious person flying by.
I would suggest to add a patch which enforces another confirmation before purging user data or, alternatively, make it possible to restore these data afterwards.
I don't know how hard it is to implement such a patch but it guess it should be straight forward. But I can be wrong, for sure. Any comments?
[1] https://redmine.replicant.us/projects/replicant/wiki/SafeMode
Updated by Denis 'GNUtoo' Carikli almost 5 years ago
Implementation¶
A way that could work would be:- To add support for safe-mode in the recovery
- To make the recovery less prone to accidental mistakes
Malicious people flying by¶
Currently we don't know any way we could protect from malicious person flying by and not increase the damage done on users freedom by devices like smartphones and tablets other than the usual things like making backups, not leaving the device unattended to malicious people, etc.
For instance we're actively trying to get a fully free bootloader, and we have guides to recover devices at Exynos4Bootrom.
As for encryption, I'm not sure how it works: I would need to verify or ask other contributors if the TrustZone OS is not involved in any way, as it makes backup and recovery of the data way harder (plain LUKS with very long passphrases should work in most cases and still enable block level backup and recovery). But even then it doesn't protect at all against evil maid attacks.
Updated by doak complex almost 5 years ago
Yes, your are absolutely right: The point about malicious people is not valid.
If Safe Mode is added to recovery (which is quite a good idea, imho), it makes only sense if the usual shortcut is disabled, of course.
Updated by doak complex almost 5 years ago
- Subject changed from "Safer" _Safe Mode_ to "Safer" 'Safe Mode'
Updated by Denis 'GNUtoo' Carikli over 4 years ago
- Project changed from Documentation to Replicant
Updated by _I3^ RELATIVISM over 3 years ago
- Type of work Bug tracker editions added
Updated by Denis 'GNUtoo' Carikli over 3 years ago
- Subject changed from "Safer" 'Safe Mode' to Safe mode is accidentally triggered too easily (Was "Safer" 'Safe Mode')
Updated by Denis 'GNUtoo' Carikli over 3 years ago
- Target version set to Replicant 6.0
Updated by Denis 'GNUtoo' Carikli over 3 years ago
- Device Galaxy S 3 (I9300) added
Updated by Denis 'GNUtoo' Carikli over 3 years ago
- Type of work Build system integration, C programming added
- Type of work deleted (
Bug tracker editions)
The recovery is in C