[utrack]

It sounds great, but they could also block the settings' switches in the pull-down drawer first...

As far as I understand, this whole Find My/Remote Lock stuff will stop working when the thief pulls the bar down and activates the Airplane mode. Then all the data is one vulnerability away from being accessed.

This is the case on Google Pixel 8 Pro and it's been there for ages; I assume it's the same for other vendors.

[denysvitali]

Pixel 7 running Graphene OS: any sensitive toggle in the quick actions bar requires you to unlock the device before it can be activated.

I think the only quick action that doesn't require you to unlock the device is the flashlight.

Of course the thief can still forcibly shutdown the phone or open it and remove the battery.

[mrandish]

> or open it and remove the battery.

Having just changed out the battery on my trusty Note 20 Ultra yesterday, this made me smile as I imagined a thief evenly applying heat to the back edges of the phone, carefully prying the phone open with suction cups and a series of plastic picks, gently dislodging six fragile micro-connectors, removing 11 different nano-sized screws, removing the wireless charging antenna, peeling back layers of ribbon connectors, removing the speaker module, dripping solvent into the battery compartment and then waiting ten minutes for it to soften the battery glue so they can start prying the battery out.

Maybe somewhere during that painstakingly onerous process, they'll pause and ponder their life choices. I know I certainly did! :-).

[denysvitali]

Most smartphones I've opened recently take far less steps than that, but yes, a heatgun / suction cups and a screwdriver are still needed nowadays.

The magic combo still (thankfully / sadly) works though.

[gruez]

>As far as I understand, this whole Find My/Remote Lock stuff will stop working when the thief pulls the bar down and activates the Airplane mode. Then all the data is one vulnerability away from being accessed.

Finding that "one vulnerability" is going to be pretty hard. The device is still going to be locked, you're very limited in what your exploit has access to. The common EoP used for rooting/jailbreaks are going to be out, because you won't be able to run arbitrary code on the phone. True, there are occasionally exploits in the bootchain itself (eg. checkra1n for iOS), but you could be waiting years/decades for it. By then the phone would be useless, and any juicy credentials already rotated. Best case scenario, you get some nudes.

[utrack]

I mean, rubber-hose cryptoanalysis is still the easiest attack vector, but root exploit releases are frequent enough to be a valid concern :)

[U1F984]

I checked on my OnePlus 7 and indeed it's possible by default. There is a setting to disable access to the notification (/setting) drawer from the lock screen at least in Oxygen OS though.

[teamspirit]

Right. I just recently switched to iOS and was pleased to turn that on. It took a minute to remember why only sometimes I was able to access the settings pulldown until I finally realized I had to wait for face unlock to finish - I felt pretty silly when I remembered.

I'm surprised this isn't a feature on android yet.

[callalex]

This is also easily defeated by throwing the device into a foil bag until you are in a room with a faraday cage, or just a remote location without cellular service.