Welcome to the droidymcdroidface-iest, Lemmyest (Lemmiest), test, bestest, phoniest, pluckiest, snarkiest, and spiciest Android community on Lemmy (Do not respond)! Here you can participate in amazing discussions and events relating to all things Android.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
1. All posts must be relevant to Android devices/operating system.
2. Posts cannot be illegal or NSFW material.
3. No spam, self promotion, or upvote farming. Sources engaging in these behavior will be added to the Blacklist.
4. Non-whitelisted bots will be banned.
5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.
6. Memes are not allowed to be posts, but are allowed in the comments.
7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.
8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.
Community Resources:
We are Android girls*,
In our Lemmy.world.
The back is plastic,
It's fantastic.
*Well, not just girls: people of all gender identities are welcomed here.
Our Partner Communities:
These changes are a good thing.
Requiring a pin means no one can use your fingerprint or your face to unlock your device.
An NSA agent recommended restarting your phone every week. This can potentially clear out malware that doesn't have permissions to start after a reboot.
It's more than that. After restart your phone goes into a more-secure Before First Unlock (BFU) state so it's much harder to penetrate.
Apple started doing this a few months ago and I guess Google is just catching up.
Thank you for the info.
I read up more on BFU and I didn't realize that encryption was a requirement for Android 10 and higher.
Very interesting.
What I read: Dakota State University DigForCE Lab: BFU and AFU Lock States
Yeah I learned about it from reading up on the Israeli hacking software called Pegasus. There were several devices that they could hack in AFU state but not in BFU state.
It would be great if it wasn't just in Play Services but in base Android so that every de-Googled system had it too. Still a good change.
Copying GrapheneOS security policy. It's a good move.
Yet another excuse to keep checking our phones.
What? You think Google cares to wait 3 days to make you check your phone? No if that was their objective you'd be checking earlier.
The point here is to keep encryption keys out of memory on a device you haven't used so that someone with physical access to your phone can't pull the keys.
Should have made it customizable rather than hard-coded 3 days.
I wonder if there's a technical argument to not doing this -- it's harder for attacks to potentially change the setting if it isn't a setting.