Looks like they have added tons of features for this. This one really caught my eyes.
"Theft Detection Lock is a powerful new feature that uses Google AI to sense if someone snatches your phone from your hand and tries to run, bike or drive away"
It sounds like a nice feature but in my experience such "auto-magic", always-on features can burn battery life. It's not necessarily much for each single feature but there are so many of them these days, they add up quickly.
The other downside is false positives or other occasional failure modes. Many such "auto-magic" features choose not to expose any granularity to the user, perhaps because they think it'll make it less "magic" or that a few entirely optional scaling settings in an "advanced" tab will hopelessly confuse users. Too often such "all or nothing" reliance on the infallibility of their magic 'do-the-right-thing' code forces me to entirely turn off what would otherwise have been a useful feature.
Fortunately the accelerometer is a very low-power service. There shouldn't be much magic required, simply a threshold for accelerometer activation similar to drop detection. This sort of protection can false-positive fairly safely - it is minimal extra burden to unlock your device if you accidentally drop it, for example.
Yeah, I've learned the smarter they try to make my device, car, etc. the more annoying it becomes in practice because of all the edge cases I seem to bump up against regularly.
Yeah, there's a growing cult-ish obsession in UX design that sees all customization, optionality and user choice as some kind of flaw in their perfect minimalist designs. Frankly, it's kind of bizarre. Our tech is powerful enough and our platforms flexible enough that every user should be able to "have it your way" (as Burger King liked to say).
What you're describing is the UI/UX design paradigm of prosumer tools like blender. Unfortunately, despite how important this class of software is, SV seems to have institutional blindness to how and why this kind of software is even built.
For example, we have the greatest opportunity in a generation for someone to build "photoshop for text" i.e. a proper GenAI based LLM tool with similar design choices. LMstudio is the only even close example of this, and they're not getting it in the way that blender does.
You dont notice them when they work as intended, but when something odd or annoying happens it leads quickly to disappointment.
For me its car's lane assistant, interfering with driving is big no for me. Asked my father to turn it off on their new mazda 3 too, 99% ok behavior is simply too low, even 99.9% would be.
Oh yes. This is a huge one for me. My wife bought a luxury car that's loaded with these new driving "assist" features and they're both annoying and extremely distracting to the driver. Worse, when they unexpectedly grab the wheel while I'm actively trying to steer, it's caused me to swerve while fighting to correct it. Fortunately no road incidents yet but these are clear safety issues. If it were a commercial aircraft instead of a car, pilots would be required to report them as incidents.
Of course, I always turn these stupid features off but, inexplicably, my wife likes them and keeps turning them back on. So when I happen to drive that car it continues to be a nasty surprise until I remember to turn it off. This also makes a separate UX failure even worse. Settings like seat position, enter/exit behavior, navigation and even entertainment options are stored and recalled in per-driver settings. These per driver settings can also be linked to each key fob. She has her fob and I have mine. Very nice - except these damn driver "assist" features are NOT stored in per-driver settings like they obviously should be!
Damn it, car UX designers - all user options should be stored per driver. It's a few KB for bit flags and single-byte values, it's not like we don't have the storage these days.
Lane assistance is fine, if it can be permanently disabled. But I've rented cars where it seemed to have been hard coded to default = ON for each trip. Every time I started the car, I had to go into the car config (great fun on a rental with a different GUI each time) and disable it before driving.
Otherwise, in city driving, it's like some paranoid front seat passenger grabs the wheel every 30 seconds.
Its a lawsuit waiting to happen. Yes it can be disabled on normal cars, but on rentals not consistently, they do sometimes lock down settings menus - driving with it around narrow Sicily roads was not pleasant at all, outright dangerous in few situations.
You don't need Big Brother Google accessing your sensor data, nor do you need AI for this. I've been using this app for years and it works great in locking the device if someone grabs my device. https://f-droid.org/en/packages/com.wesaphzt.privatelock/
If you're trying to call 911, or you're trying to video an assault... and someone tries to stop you, such as by jostling you or your phone... what's the likelihood that this Private Lock will get in the way of that?
I believe Android has an SOS feature where if you click the power button five times in quick succession, it can take a photo and send a very scary-looking SMS message to a relative or some other trusted contact. I don't know if it lets you set it to call 911 or take a video though.
You can do both of those things from the lockscreen of any android device I've used in the last decade. The linked app just seems to engage the normal android lockscreen.
Ideally no, not "Big Brother". But this is Google, and the burden of proof is on them to not collect data "to make our services better", etc.
Especially location data. If something like Find My Phone is activated, my immediate bias is to assume Google is taking advantage of this data collection to monitize my data without my consent.
That caught my eye too. For whatever reason I thought of how Ross Ulbricht, Silk Road founder, was arrested when FBI agents used a ruse to snatch his laptop from him before he could lock the screen.
The idea is that with features like this widespread, the probability of a theft leading to the thief repurposing the stolen device will be lower. Therefore, the incentives for thieves – the ones acting rationally within the paradigm of being a thief, at least – will be lower. Therefore, the number of thefts, generally, may go down. A few big ifs here, of course.
I've always felt that system lock was about preventing theft of the device data, not prevention of flipping the device itself. Like tons of other people, I have sensitive apps and data on my phone (banking, cloud services, etc), but unlike tons of people, I take great care to ensure logouts after I am done accessing said apps or data. Even so, a thief snatches my phone, I don't care what happens to the phone itself, so long as the data is safe.
The cost of your phone might be low or covered by insurance, while all your private information is much more valuable.
I never spend more than 200 euros on a phone and consider them disposable. If I lost my (locked) phone, I'd merely get my (identical) backup phone from home and continue as if nothing happened.
> If a common motion associated with theft is detected, your phone screen quickly locks – which helps keep thieves from easily accessing your data.
So it's probably a machine learning model that was trained on motion data of snatches, but it's likely not AI in the sense of LLMs.
But I wonder how many false positives this could yield. For example you are in a hurry and you snatch your phone from a table. How precicesly can this model decide with just motion data, if this was theft or not.
Personally, I would take the false positives. Way too much of my life is locked into securing this fragile black rectangle. Unlocked phone has access to basically everything. I personally do not do any finances on my phone, but all of the MFA works through it.
If I snatch a phone from the table (probably already locked?) or drop it, I will suck up the additional login.
I have long thought about the utility of a little locking-beacon. If phone suddenly gets out of range, should auto lock. If only Bluetooth were not so unreliable.
Worth noting Android (or at least Pixel) does have a feature like this, but it actually does the opposite: while a Bluetooth device is connected it keeps the phone unlocked. It would be way more useful in the reverse: that if a Bluetooth device disconnects, it should lock.
These are two different things, since I do not want my phone to have no lock screen just because my headphones are sitting near it, but if it is unlocked and suddenly my headphones disappear, that would be a useful precaution, even if it doesn't eliminate the risk on its own.
It's called Android Smart Lock and has been a thing since Android 5 (Lollipop). It also works (worked? Does it still exist) with 'trusted places' (GPS/WiFi), Voice/Face (before face id was a thing) and a mode were it kept the phone unlocked as long as you kept it on your body.
I remember that I used the last option many years ago, as that was really convenient and worked very well. Basically as long as the phone was in your hand or pocket it kept unlocked, but as soon as you laid it on a table it got locked.
But now that fingerprint unlock is a thing, I don't even mind unlocking my phone as it is one fluid motion and happens unconsciously.
If my phone gets nabbed, a motivated thief would do nefarious actions the minute they get out of site. So presumably just a few blocks away from a usual location.
How on earth do you even get training data for this? Recorded phone sensor outputs that are known for certain to be the result of validated, confirmed theft events can't possibly be that common. Are they paying people in Bangledesh a few bucks to be randomly assigned to group that either get robbed or tripped in the hope they throw the phone and labeling sensor data accordingly. When this type of motion recognition was first developed, they had labs and recorded people walking, doing jumping jacks, sitting and then standing, whatever, and labeled the patterns appropriately because they knew what was happening because it was happening in a lab.
Probably the acceleration vector. If the phone is rapidly moved a meter away from you, either it's being snatched or it's being thrown.
Edit: To clarify, I was thinking of horizontally, in the direction that corresponds to the top of the screen, as if you were bent over using the phone--probably holding the bottom-of-screen--and then someone grabbed the top-of-screen to pull it away.
A drop registers as no acceleration while in freefall, and then a sharp spike when it hits the ground. This was counter-intuitive to me when I first figured out how to display my phone's accelerometer readouts, but makes sense.
I think a lot of the false-positive cases where the screen gets locked are acceptable in context.
I mean, most people dropping their phone will be too glad/devastated that the device did/didn't escape harm to bother being annoyed that they have to unlock the screen again.
I would expect this to not make a difference if your phone was already locked. But I guess Google could only lock the device if it was upright before being grabbed.
I mean, worse case scenario, your phone just locks (I assume to the lockscreen, where you have to re-enter your pin). It doesn't seem like such a big problem?
There are free and open source apps for Android that automatically lock the device when the accelerometer detects rapid acceleration, which is a simple detection method. For example, Private Lock is on F-Droid:
:) So one way I immagine it does this is by listening in on your microphone to determine a distress signal. Up to you if you think this is cool. In general people should ask themselves do they really want a semi-intelligent program someone else trained "living" in their phone. Yikes. I tried to uninstall the neural network package on my Android but it is impossible since it is an actual system package. Why on earth it should be an Android system package is beyond me. Moreover this issue persists even if you use a de-Googled privacy and security focused distribution like GrapheneOS
Yes but that's only in your imagination, it's not how the feature works. The feature works based on motion detection trained on specific "theft patterns".
Because you trust how it is marketed. The android neural network package is system deep, meaning it could easily bypass all software permissions for hardware
> With this upgrade, if a thief forces a reset of the stolen device, they’re not able to set it up again without knowing your device or Google account credentials. This renders a stolen device unsellable, reducing incentives for phone theft.
Is this going to be a significant deterrent to mugging in practice, or are muggers still going to approach for your wallet, and take the phone in any case (to prevent calling, and to flip it for parts)? Is there data?
For muggers that want the phone not to be tied to a Google account, is a mugging going to turn in a more intense and lengthy encounter, while they make you deactivate your account on it? (And they're getting nervous about how long it's taking, and take it out on you.)
Personally, my first choice is not to be mugged. But, if/when I do get mugged again, my second choice is that it be a quick and smooth transaction, in which everyone remains calm, and I don't get physically hurt nor develop PTSD.
In my experience, they're lifted from people's hands while walking, taken out of back pockets, out of lockers, from the window sill at bars/restaurants, etc.
I guess that information will also be be useful, when weighing "X% less likely that your phone is taken when your wallet is taken from your gym locker" against "Y% more likely that a mugging turns into a maiming".
Nice, I didn't catch that one: Let's say that phone snatch&grab is just an easy entry point for people driven to bottom-end crime, and their current snatch&grab is suddenly no longer paying off, but the most immediate barrier to that can be gotten past, if only they step up to getting the phones in muggings.
>Is this going to be a significant deterrent to mugging in practice, or are muggers still going to approach for your wallet, and take the phone in any case (to prevent calling, and to flip it for parts)? Is there data?
It's a deterrent because instead of getting a working phone that you might be able to sell for $500+ second hand, you get a brick that's only usable for parts. It might not stop all muggings, but it does make it much less lucrative. Given how many countries are going cashless, a phone is basically the highest value item a person has on them, so being able to cut the value of that is certainly going to deter the marginal criminal.
>For muggers that want the phone not to be tied to a Google account, is a mugging going to turn in a more intense and lengthy encounter, while they make you deactivate your account on it?
Adding a 1-2 hour probably makes the "force you to unlock the phone" strategy from being viable.
>(And they're getting nervous about how long it's taking, and take it out on you.)
It might suck for the first few people who get mugged, but after the first few the thieves would realize it's not caused by the victim and there's nothing they can do about it. Granted, a person who decides to mug people probably isn't the most rational, but this strategy seems to be used elsewhere (eg. time delayed bank/narcotic safes).
Some people reported it here that their phones were stolen, and then were contacted by the thiefs to reveal the PIN. To prove they were serious, thiefs attached addresses and names of the victim relatives.
I know this wouldn't happen in USA or any serious country (because these people were prosecuted), but in 3rd world countries (where phone theft is super common) this will still be a problem.
I left my phone (iPhone) in an Uber in Mexico and the driver ignored my attempts to contact him to get it back. A few weeks later someone attempted to spear-fish me: I was sent a realistic-looking message pretending to be from Apple saying that my phone had been found and I needed to log in to iCloud to see its location. Of course, it linked to a fake iCloud page.
I left my phone (iPhone) in an Uber in Mexico and the driver called me immediately on my friend's phone after I put it into lost mode (with the annoying sound).
Upon pick-up, I gave him a hefty reward and we both went our merry ways.
I had my stolen in the US at a music festival and this happened to me.
I got texts from “Apple Support” at first then it graduated to a threat of some hitman from Miami who was going to kill me if I didn’t release the phone.
Of course, the whole time I just imagined some small lanky dude sitting in a basement wrote these texts trying to act tough and I just laughed.
It's worth keeping in mind the risk-reward payoff though. It's an ecosystem, exactly. They're not going to murder your family to unlock your phone like in some kind of Hollywood action blockbuster.
The catfishing/blackmail scam of getting you to send nudes to a stranger who then turns around and threatens to release them is a different matter as the added charge of "revenge porn" relative to the blackmail charge is not as significant as the added charge of "murder" in the phone theft scenario.
> Factory reset upgrade prevents a reset by a thief. For some criminals, the goal is to quickly reset your stolen device and resell it. We’re making it more difficult to do that with an upgrade to Android’s factory reset protection. With this upgrade, if a thief forces a reset of the stolen device, they’re not able to set it up again without knowing your device or Google account credentials. This renders a stolen device unsellable, reducing incentives for phone theft.
They've already done this for a while. It's called FRP (Factory Reset Protection). I'm pretty sure that even my Android phone from 2017 had this feature.
I don't know why they're touting it as a new feature.
FRP is a worthless pain in the ass. It's usually trivial to bypass, it just wastes time and makes resetting phones more annoying. (I've had to do it a few times, once on a used phone I bought, and a couple of times for family members who forgot their password.)
Factory reset should be exactly that; FRP needs to die in a fire.
It sounds like this new thing is going in the opposite direction.
It's definitely older than that. I remember implementing it at an old job. That device ran 4.4 and was later upgraded to 5. I know we had it in our 5 builds but I can't remember about the KitKat builds.
Frankly the only new feature I read on this announcement is the "auto-lock on sudden movement" which seems like a minor evolution of a feature they had 10 years ago that does the opposite (prevent auto-lock when the device is stationary).
I hope they will also add a feature that allows you to set a second pin code. That would be useful in case the thief forces you go give him your phone and unlock it e.g by having a gun pointed at you.
If that second pin code is entered the phone will go in anti-theft mode and e.g. hide specific apps, automatically erase it self or whatever you can think of.
Something related is part of Android 15 Beta 2 released today -- "Private space lets users create a separate space on their device where they can keep sensitive apps away from prying eyes, under an additional layer of authentication. The private space uses a separate user profile. When a user locks the private space, the profile is paused and any apps in the private space are no longer active. The user can choose to use the device lock or a separate lock factor for the private space.": https://developer.android.com/about/versions/15/features#pri... (there is a known bug related to it https://developer.android.com/about/versions/15/release-note... that will be fixed in a hotfix in next few days.)
At an old job, I was on a project at an international airport and was given one of those cards to get you through all the doors. Bypass security, get down to poke the planes, etc. Slide the card and key in a code to get through.
They gave us two codes: one to open the door, and another that opened the door and set off the silent alarm.
If someone pointed a weapon at me, I'd hand them my phone. There's nothing life-threateningly important on my phone. Whatever they do with it is better than death.
Unfortunately some people might try to do the math of losing their life savings vs. losing their life. Big downside of using a money system (eg: cryptocurrency) you can't reverse.
Automatically erase itself sounds good, but silent 911 call might be better than giving your attacker with a gun to your head a reason to pull the trigger.
This is the kind of opsec feature that looks good on paper but could sometimes get people killed - even people that didn't actually set up a second pin (how do you prove to the guy pointing a gun to your head that you didn't set up anything like that??)
Maybe someday they will bring back the ability to back up your phone, so that you can restore your data to a new device without having access to the old one.
It's not an exact copy of all the data. For example random downloaded files don't get backed up and restored unless you migrate from an old device[0]. It would be nice to be able to do a full device local backup and restore.
In my experience the backup is very limited and most app data is lost, specially annoying are banking apps that require you to go to a physical bank branch in order to re-pair your restored phone and restore full access to your bank account.
My main issue, at least here where I live, is that you can only have a single phone paired to your bank account. If anything happens to your phone, that's it, you are locked out of accessing your bank acc. You used to be able to access your bank account from a telephone call (sure, very arctic and insecure nowadays) or from the bank website without requiring the phone app to authenticate.
Had they provided a second form of access, independently of a single phone, I would be more than fine with it.
It's not just banking apps, it's almost every app that isn't a first-party Google product. You also lose all of your files, but those can at least be backed up manually by copying them over USB.
Even then, some apps "know better" and are not backed up. Signal is one of the bigger offenders on this front (despite there being options for E2E encrypted / on-site backup in iOS).
It sounds great, but they could also block the settings' switches in the pull-down drawer first...
As far as I understand, this whole Find My/Remote Lock stuff will stop working when the thief pulls the bar down and activates the Airplane mode. Then all the data is one vulnerability away from being accessed.
This is the case on Google Pixel 8 Pro and it's been there for ages; I assume it's the same for other vendors.
Having just changed out the battery on my trusty Note 20 Ultra yesterday, this made me smile as I imagined a thief evenly applying heat to the back edges of the phone, carefully prying the phone open with suction cups and a series of plastic picks, gently dislodging six fragile micro-connectors, removing 11 different nano-sized screws, removing the wireless charging antenna, peeling back layers of ribbon connectors, removing the speaker module, dripping solvent into the battery compartment and then waiting ten minutes for it to soften the battery glue so they can start prying the battery out.
Maybe somewhere during that painstakingly onerous process, they'll pause and ponder their life choices. I know I certainly did! :-).
>As far as I understand, this whole Find My/Remote Lock stuff will stop working when the thief pulls the bar down and activates the Airplane mode. Then all the data is one vulnerability away from being accessed.
Finding that "one vulnerability" is going to be pretty hard. The device is still going to be locked, you're very limited in what your exploit has access to. The common EoP used for rooting/jailbreaks are going to be out, because you won't be able to run arbitrary code on the phone. True, there are occasionally exploits in the bootchain itself (eg. checkra1n for iOS), but you could be waiting years/decades for it. By then the phone would be useless, and any juicy credentials already rotated. Best case scenario, you get some nudes.
I checked on my OnePlus 7 and indeed it's possible by default. There is a setting to disable access to the notification (/setting) drawer from the lock screen at least in Oxygen OS though.
Right. I just recently switched to iOS and was pleased to turn that on. It took a minute to remember why only sometimes I was able to access the settings pulldown until I finally realized I had to wait for face unlock to finish - I felt pretty silly when I remembered.
I'm surprised this isn't a feature on android yet.
This is also easily defeated by throwing the device into a foil bag until you are in a room with a faraday cage, or just a remote location without cellular service.
Hopefully the upgrades to factory reset protection actually work this time. There's a seemingly never-ending supply of ways to bypass Androids FRP by doing some weird incantation to break out of the inital setup wizard.
As an iOS user it’s a bit shocking to hear that Android hasn’t had a functional activation lock. iPhone has had that for almost 11 years. I suppose this is a case where Apple’s hardware and software integration is especially notable.
No an Android user, so I'm not sure what distinction you're making. On iOS there's not really a distinction between the two [1].
> Activation Lock is an Apple feature designed to prevent the unauthorized transfer or use of Apple devices. Built into Apple’s Find My system, it’s Apple’s implementation of factory reset protection, which manufacturers are legally required to include in order to sell smartphones in the US.
Given that it's been legally required since 2015 to sell smartphones, this must be something else.
> Factory reset upgrade prevents a reset by a thief. For some criminals, the goal is to quickly reset your stolen device and resell it. We’re making it more difficult to do that with an upgrade to Android’s factory reset protection. With this upgrade, if a thief forces a reset of the stolen device, they’re not able to set it up again without knowing your device or Google account credentials. This renders a stolen device unsellable, reducing incentives for phone theft.
> More steps for changing sensitive device settings to protect your data. Disabling Find My Device or extending screen timeout now requires your PIN, password or biometric authentication, adding an extra layer of security preventing criminals who got a hold of your device from keeping it unlocked or untrackable online.
> When enabled, our new enhanced authentication will require biometrics for accessing and changing critical Google account and device settings, like changing your PIN, disabling theft protection or accessing Passkeys, from an untrusted location.
AFAIK this has always been true for iOS, or true for as long as I can remember at least.
The rest is pretty neat & unique to Android though (e.g. a separate PIN-required space for certain apps like bank or health data, automatic protection on snatch, fast-lock using very low-overhead authentication mechanism).
Perhaps you are using "activation lock" to mean the carrier imposed requirement that some mobile phones are restricted to their network? On iOS, it seems like activation lock refers to exactly the feature that Android is touting finally works with new updates to FRP.
Android and ios boot mechanism are pretty identical: secure boot -> unlock modem -> unlock user area. There are some differences in where in the CPU this happes and how it is protected but Pixel phones are pretty close to iPhone even if we look at such details.
No I’m not. So if what you say is correct, why does this announcement have a section for “Factory Restore Protection” as a new feature if Android phones have already worked this way?
The “improvement” it describes involves taking it from being nonfunctional to functional. The original comment I responded to suggested that it was previously a client side validation that could be easily bypassed.
My primary concern with "anti-theft" features is that in a lot of cases they cause e-waste due to people forgetting their accounts/passwords, or giving away their devices without "properly" resetting it, often both at the same time, causing the receiver to not be able to use it at all.
The article says nothing about it but I hope people realize that there has to be a feature to securely wipe and reset the device.
You mean the Pinephone? I've used a Nexus 5 running Ubuntu Touch for about a year, and it was quite a pleasant experience, discounting unmaintained Canonical abandonware at every corner. I did have to write quite a few apps, but turns out Qt offers an excellent workflow. I'm actually thinking of returning to it, once I reverse-engineer Viber's protocol, so I won't drain my battery with Waydroid + GApps. Honestly, SSH with some Unix scripting gave me some of the most integrated experiences I had in computing.
I wish these sort of things expired. So many devices are guaranteed e-waste these days. Device lifetimes are exceedingly short. Since you're going to keep the servers running anyway, just let any 10+ or 15+ year old device that phones in to the mothership be reset and drop their account association.
> Factory reset upgrade prevents a reset by a thief. For some criminals, the goal is to quickly reset your stolen device and resell it. We’re making it more difficult to do that with an upgrade to Android’s factory reset protection. With this upgrade, if a thief forces a reset of the stolen device, they’re not able to set it up again without knowing your device or Google account credentials. This renders a stolen device unsellable, reducing incentives for phone theft.
A few years ago a non-technical friend factory reset their phone only to realize they hadn't actually logged into their Google account in years and didn't remember the password. They didn't have any spare phones to use and didn't want to go without one while they were recovering their account. It took me about five minutes to find a prepackaged exploit on Google and bypass the FRP. This wasn't some obscure model from a budget manufacturer either, it was a flagship Samsung (iirc) that was still receiving updates.
The optimism in Apple threads is interesting. The pessimism in Google threads is interesting. Everyone thinks google sucks and wants Google to do more. Fans/ads/astroturfing make Apple out to be an angel.
I don't like either, its just interesting to watch how each company has different customer personalities and perceptions.
I've noticed this as well. I think part of the problem is that most of the people here are Apple users, and that they subconsciously revert to their long ago Apple/Google flame wars.
Factory Reset Protection works great unless your OEM does something stupid like offer you a "non-Google" image for your device that you can flash to... then flash back to the "Google" image and the FRP block on the device gets erased.
I have seen this and managed to do it to our own device from that manufacturer :')
Big tech companies locking you out of your own stuff is an underrated threat vector.
I recently had a similar debacle with my Google account when I was travelling out of state and lost my phone. I needed to access my account quickly and fortunately knew my password and had added my partner's phone number as a 2fa method for exactly this kind of scenario.
Well when I went to log in Google took it upon themselves to disable that 2fa method, because it thought there were more secure options available. Except there weren't because I was far from home and all of my other devices!
I was pretty shocked that Google would change my security settings without any notice to me and confirmation on my part.
I've lost 2 different gmail accounts, apparently due to Google deciding to change or not respect my security settings. It's hard to say for sure. Meanwhile I still have a Hotmail email address. (This isn't me saying Microsoft couldn't cause similar issues, but I've at least been able to get things fixed through support in the past.)
I'm of the same mind that providers can be underrated risks, because it doesn't always cross people's minds that the provider could be that seemingly incompetent. It's certainly a potential situation to consider when dealing with companies that have poor support. And unfortunately, not all of them have great support or self-service tools like account recovery codes.
Lockdown mode is used to protect journalists or other people against malware like Pegasus. It doesn't get activated by being in an unusual location, it has to be manually activated in settings.
If you have FaceID enabled, it will require that to disable lockdown mode (and I already explained the loop about how lockdown mode disables biometric auth like Face ID). I can get into the phone with my pin just fine, but the phone is still locked down. When lockdown mode disables biometric auth, I couldn’t get into bank, brokerage or any app requiring that auth.
Maybe I’m just crazy because it seems like a ridiculous oversight.
> I can get into the phone with my pin just fine, but the phone is still locked down. When lockdown mode disables biometric auth, I couldn’t get into bank, brokerage or any app requiring that auth.
Never heard of this behavior, but it's not associated with the Apple feature called "Lockdown Mode", which does not constrain use of secure enclaves for Touch ID or Face ID authentication, https://support.apple.com/en-us/105120
no, it doesn't? It changes your publicly visible IP. Your GPS data still shows you in the original location. Your wifi localisation and 5g antennas would still be in the original location. It'd also be _trivially easy_ for the OS to know that the user is behind a VPN, given the only way to do so is through APIs dedicated to VPN use.
My iOS devices are in lockdown mode 99% of the time. To disable lockdown mode, go into Settings > Privacy > Lockdown Mode, it offers the option to "Turn Off and Restart", then asks for a passcode.
The behavior being described sounds a bit like malware. If it happens again, the best option is to Force Restart (VolUp, VolDown, hold side button until the device reboots), which cannot be intercepted by any apps which might be trying to simulate iOS system prompts.
It moves your IP address to an unusual location. I highly doubt that it changes your GPS coordinates, nearby wifi, cell towers, etc that can be used in location detection.
Oh yeah, like that time you guys locked me out of my phone after I reset it, lent it to a friend, who reset it when they returned it to me? And I called you dipshits to resolve the problem, and you refused to unlock it, despite having a fucking receipt showing I literally purchased the phone FROM GOOGLE?
These are good features, but I don't know if they help much against the "$5 wrench" vulnerability: https://xkcd.com/538/
There have been multiple thefts in Chicago where "Police said the gunmen forced one of the victims to reset his phone password while threatening him with a pistol. They made another victim log into their banking apps." (https://cwbchicago.com/2024/05/chicago-bucktown-robbery-spre...)
Hence why you should not have banking/brokerage apps on your phone (or their passwords in your iOS keychain), except maybe a checking account with a couple thousand dollars in it.
In Australia, transfers out of an account are limited to a certain amount ($2000 typically) unless you've pre arranged it with the bank. Also transfers to new accounts have some extra protections. I'd be surprised if this wasn't common practice globally
Not true. You can set a number of accounts to up this in the bank app, with nothing more than a sms code to protect you. $100k no issues. And never seen a $2k limit, maybe a $5k limit.
No, random people should not try to get into gun battles to protect their phone. If you're that worried about the rare chance of being forced to unlock your phone by criminals you can limit which financial apps you have on the phone.
Despite some popular fantasies, buying a handgun and shooting some targets (or live pigs?!?!) does not turn one into an action hero. That kind of escalation is likely to get the phone owner or another innocent person killed. It's a stupid risk, especially given that there are much better ways to protect your phone data.
Not cops, no metaphors here. Some security companies make the trainee shoot a pig in the head. Lots of people, no matter the training, just can't kill a living being.
I wasn't going the police = pigs angle, I was trying to be more absurdist regarding the potential uprising of animal-kind, particularly those that may have been killed, not for food or self defense, but for 'practice shooting of a living thing'.
"Theft Detection Lock is a powerful new feature that uses Google AI to sense if someone snatches your phone from your hand and tries to run, bike or drive away"