Google Promises a Rescue Patch For Android 14's 'Ransomware' Bug (arstechnica.com) 33
Google says it'll issue a system update to fix a major storage bug in Android 14 that has caused some users to be locked out of their devices. Ars Technica reports: Apparently one more round of news reports was enough to get the gears moving at Google. Over the weekend the Issue tracker bug has been kicked up from a mid-level "P2" priority to "P0," the highest priority on the issue tracker. The bug has been assigned to someone now, and Googlers have jumped into the thread to make official statements that Google is looking into the matter. Here's the big post from Google on the bug tracker [...]. The highlights here are that Google says the bug affects devices with multiple Android users, not multiple Google accounts or (something we thought originally) users with work profiles. Setting up multiple users means going to the system settings, then "Multiple users," then "Allow multiple users," and you can add a user other than the default one. If you do this, you'll have a user switcher at the bottom of the quick settings. Multiple users all have separate data, separate apps, and separate Google accounts. Child users are probably the most popular reason to use this feature since you can lock kids out of things, like purchasing apps.
Shipping a Google Play system update as a quick Band-Aid is an interesting solution, but as Google's post suggests, this doesn't mean the problem is fixed. Play system updates (these are alternatively called Project Mainline or APEX modules) allow Google to update core system components via the Play Store, but they are really not meant for critical fixes. The big problem is that the Play system updates don't aggressively apply themselves or even let you know they have been downloaded. They just passively, silently wait for a reboot to happen so they can apply. For Pixel users, it feels like the horse has already left the barn anyway -- like most Pixel phones have automatically applied the nearly 13-day-old update by now. Users can force Play system updates to happen themselves by going to the system settings, then "Security & Privacy," then "System & updates," then "Google Play system update." If you have an update, you'll be prompted to reboot the phone. Also note that this differs from the usual OS update checker location, which is in system settings, then "System," then "System update." The system update screen will happily tell you "Your system is up to date" even if you have a pending Google Play system update. It would be great to have a single location for OS updates, Google Play System/Mainline updates, and app updates, but they are scattered everywhere and give conflicting "up to date" messages.
Shipping a Google Play system update as a quick Band-Aid is an interesting solution, but as Google's post suggests, this doesn't mean the problem is fixed. Play system updates (these are alternatively called Project Mainline or APEX modules) allow Google to update core system components via the Play Store, but they are really not meant for critical fixes. The big problem is that the Play system updates don't aggressively apply themselves or even let you know they have been downloaded. They just passively, silently wait for a reboot to happen so they can apply. For Pixel users, it feels like the horse has already left the barn anyway -- like most Pixel phones have automatically applied the nearly 13-day-old update by now. Users can force Play system updates to happen themselves by going to the system settings, then "Security & Privacy," then "System & updates," then "Google Play system update." If you have an update, you'll be prompted to reboot the phone. Also note that this differs from the usual OS update checker location, which is in system settings, then "System," then "System update." The system update screen will happily tell you "Your system is up to date" even if you have a pending Google Play system update. It would be great to have a single location for OS updates, Google Play System/Mainline updates, and app updates, but they are scattered everywhere and give conflicting "up to date" messages.
And on Hallowe'en, too! (Score:2)
Locked out of your cell phone by a software glitch. Now isn't that a plot device looking for a good horror movie to snuggle into!
Re: (Score:3)
Its probably a valid horror plot for Gen Z. "OMG!! I can't post pouting pics on InstaTok! *scream*"
Re: (Score:2)
Vague Google Update (Score:5, Interesting)
It looks like Google has known about this since 10/16 but did not halt the A14 rollout until bad press came in and their support has been telling people that dataloss is their only option until just now.
> the issue was not triggered by Android 14 alone, but rather by an unexpected interaction between the September Google Play system update and Android 14
"but we're not saying what the Play update did"
> A certain kernel change was necessary for this issue to occur, and only these devices received that change as part of the Android 14 update
"We know what the kernel change is, but we we're not gonna tell you, even on a dev bug tracker."
The previously posted errors suggested filesystem corruption. Did f2fs get selinux labels or something?
Lemme shout out the boys at LineageOS for being the open and transparent AOSP downstream. It may lag a little bit but there's none of this nonsense.
One guy on the tracker is a physician saying he's lost critical patient notes and with a little more detail somebody could probably rescue his data. He's even offered a bounty.
Could've been worse, I just can't imagine how (Score:5, Insightful)
Like the song is saying "I've fought tougher men, but I really can't remember when".
They botched this completely:
- they sat on it for like almost 2 weeks (from what we know) without doing anything at all
- then after it hit the news they sat on it more basically the whole weekend without an answer until Monday
- now they're claiming they knew and working on it for a long time but it isn't making it any better because people were still having their phones bricked and told by the support to reset to factory settings and even have them RMAed
- all the updates are tangled mess, including the one they supposedly pushed, check this (copy paste from what the developer says in the thread):
There is no way to tell that you got the right update because they named it the same?! And no, with all their distributed infrastructure and segmentation by regions and having many different devices involved, you can never tell a specific update will come for sure in an hour, a day, or sometimes even a week.
This issue is compounded by all the "strategic" decisions related to Android:
- there is no decent backup possible, no matter what. Sure, you can save what's in the shared storage, that includes most importantly the regular pictures and videos, plus whenever some app is throwing you a bone and saves some data there (as almost all don't), but that's about it. You'll still have to reconfigure a mountain of things both in the core of the OS and in tens of applications for weeks if not months after you reset or replace a phone. That is even after you enable absolutely all possible backup settings, buy 200GBs or 1-2TBs or whatever plan from Google, you're doing anything you can - still you literally HAVE NO PERMISSIONS TO SAVE YOUR OWN SETTINGS for mostly everything.
- there is no alternative way to boot the system without wiping everything, that is YOU have no keys to secure boot your own device, and there is no way to get them (that includes if you want to prepare in advance)
- you don't have the keys for the encrypted storage, and there is no way to save a recovery key (that includes if you want to prepare in advance).
All (3) points above are precisely what makes this kind of problems a real problem instead of a simple "boot something else, fsck/chmod/etc., done" or "wipe, trigger a restore, done" - 2 minutes of manual work and possibly 10-15 of waiting (more if you splurged for something with more storage, but still you're done in probably less time than it would take to report the bug).
When you get to point fingers and say: "look, LOOK AT HOW WINDOWS IS DOING IT, THAT IS RESPECTING YOUR FREEDOM" you know there's something extremely weird with the world.
Re:Could've been worse, I just can't imagine how (Score:4, Interesting)
iPhone: restore from this morning's cloud backup. Wait a while for download and restore process. iPhone reboots. All is well. On my phone whole thing is about 40 minutes which isn't bad for a complete wipe and restore with no data loss.
I've owned 2 androids. Won't ever go back. I don't understand why they're so popular. The high end models cost the same or more than an iPhone and you get this kind of thing going on with one of the worst customer service companies on the net. What's the value exchange for bad tech and no privacy?
Re:Could've been worse, I just can't imagine how (Score:4, Interesting)
iPhone: restore from this morning's cloud backup. Wait a while for download and restore process. iPhone reboots. All is well. On my phone whole thing is about 40 minutes which isn't bad for a complete wipe and restore with no data loss.
I've owned 2 androids. Won't ever go back. I don't understand why they're so popular. The high end models cost the same or more than an iPhone and you get this kind of thing going on with one of the worst customer service companies on the net. What's the value exchange for bad tech and no privacy?
I get lectured pretty routinely in the office by the resident Android evangelists for still using an iPhone even though I gave up on the rest of Apple's ecosystem a few years back. They continually tell me that I'm missing out on flexibility (that I don't need or care about), the ability to easily root the phone (that I don't need or care about) and the safe knowledge that it's all running on open source (which means dick when it comes to problems like described here). My last iPhone got dropped off a balcony, smashed to pieces. About twenty minutes after I had my new one I was back up and running, and about another ten and all my apps and settings were back.
I do thank Slashdot for the talking point the next time they start lecturing me about my heathenistic iPhone.
Re: (Score:2)
If you'd be using stock android (which you apparently would, not caring about rooting...), I absolutely agree.
Myself, I'm a libre nutcase, hoping to someday run postmarketOS, currently jumping between a google-free LineageOS and PureOS. You can't do that with an iPhone.
It's worth the hassle to me, Your Mileage Does Vary.
Re: (Score:3)
If you'd be using stock android (which you apparently would, not caring about rooting...), I absolutely agree.
Myself, I'm a libre nutcase, hoping to someday run postmarketOS, currently jumping between a google-free LineageOS and PureOS. You can't do that with an iPhone. It's worth the hassle to me, Your Mileage Does Vary.
I may have been right there with you in a different age, when I had more time. Now? If my phone doesn't just work when I want it to? It's gone.
Re: (Score:1)
I'm in the same boat with you. My phone better god damned well work when I need it with no glitches and stupid shit requiring me to be an iPhone expert. I don't need to root it or have flexibility and so on. I just need a smart phone that works consistently, has email, a browser and some simple games for the plane. Oh and Waze. I can't find the other side of the room without Waze these days :-)
Re: (Score:2)
Please don't take this as flamebait or tongue in cheek, it's genuine interest in your personal approach to things/items.
I do realize I'm changing the discussion direction...
> If my phone doesn't just work when I want it to? It's gone.
What is the cut-off item (and why) where you start investigating what's wrong? (either by yourself or getting a repairman)
Washing machine, dish washer, car, furnace?
In addition to libre, I also want my items/devices to last and be repairable.
ie going a week without hot water
Re: (Score:2)
I have limited time, so my approach with most things other than phones, which have become intertwined with my work life to the point I can barely go a day without one during the week, is to try and repair it myself, if I can't get it in a day or two, see if it's possible/affordable to have someone look at it. If not? Replaced. I won't do the endless waiting game with necessary items. And most of my hobbies are me building and rebuilding things from the ground up, so that's all on me.
But phones can piss righ
Re: (Score:2)
This is just the new Mac vs Windows of the late 90s and early 2000s for the next generation. Platform zealots try to justify their own choices by bothering the shit out of people that made a different choice regardless of the other people's different valuation of the variables involved.
If you give no shits about the additional customization, or have no reason to root your device, then those variables are null, and the value calculation comes out very different. And "running on open source" has proven to b
Re:Could've been worse, I just can't imagine how (Score:4, Insightful)
At the end of the day, pick the device that you enjoy using and go with it. And tell everyone else that made a different decision that you hope they love the shit out of that purchase, just like you will yours.
I'll just reply to say I can't imagine loving a digital device at this point. It's a tool, and the only tools I've ever actually loved were guitars. Other tools are just "good" or "not good."
Re: (Score:2)
Oh, I totally agree. The next time some company puts out a phone that I "love" will be the first. Literally every single phone I've had has flaws that I have to put up with in some way, and my purchase decision usually boils down to what product has the least deficiencies I'm willing to put up with.
I sure wish phone manufacturers would stop chasing features and just rethink the 10 shittiest things about their current product.
Re: (Score:2)
iPhone: restore from this morning's cloud backup. Wait a while for download and restore process. iPhone reboots. All is well.
Good for convenience I grant you, but you're relying on Apple and a solid internet connection each time. And you're giving up your privacy by allowing Apple to sift through everything in your backup, which they will use however they please. If my windows machine gets destroyed, I can be up and running (files & settings) within a couple of hours from personal backups, zero reliance on Microsoft, zero reliance on network connectivity, zero access to the data to anyone but myself. Why can't phones just
Re: (Score:2)
Nope, you can do everything locally, even with a Windows PC: https://support.apple.com/en-g... [apple.com]
From that backup you can even get access to the files you otherwise you can't access on your phone, most notably for example WhatsApp's chat database. You can't access these files in any way on a stock Android. I said before that it's really weird when Windows is more open than Android, but even the iPhone is too. Note: not more convenient, but you really have access to more of YOUR data!
Re: (Score:2)
In theory my backups are encrypted but tbh, I don't care if Apple can see the data. They _probably_ aren't looking even if they can. They're a hardware company. They're not making money selling ads or user data.
Google otoh would kill anyone to have full unlimited access to everyone's data. They might even do something crazy like create a mobile phone to get it... oh wait!
TWRP nandroid backup (Score:1)
The walled-garden approach has not worked well here. Instead of having a fully functional backup you can restore in minutes, you don't.
If you elect to
- enable developer mode
- enable OEM unlock
- actually OEM unlock (wipes all data!!!)
- install another recovery (e.g. TWRP or its forks)
- install some other OS (e.g. LineageOS)
Then after all those steps including complete loss of data on the OEM unlock, ONLY THEN
can you take a complete backup that you can restore as needed.
Note, however, that said backup sits i
dm-crypt (Score:1)
I can't wait to see how Google recreates the Slot 0 key. The ramifications of however they fix this... will be worth its weight in cryptography gold.
(and not in the good way).
Re: (Score:2)
You think G doesn't have every key on every droid in a data center somewhere and a way to read or replace it at will?
Re: (Score:2)
If they implemented it in any kind of remotely secure way, they would not. For example, at least on Apple devices using their "secure enclave" half the key is burned into the security processor at manufacture time, and the way the processor works is that it receives a request for authentication for a thing, it then activates the hardware used for getting the user credentials (camera, fingerprint, etc.) and then returns to the requesting app with an "authorized" or "not authorized" response. There is no wa
Re: (Score:2)
It isn't about documentation. It is about trust. Do you trust Google to do it right?
Even if they provide detailed documentation of a great mechanism to store keys, how do we know they actually did that and there's no back doors or copies or other mechanisms? Do you trust them?
I don't. They have a horrific privacy/trust track record. Ymmv.
A good reminder about priorities (Score:4, Insightful)
Uh, updates are already in one location (Score:2)
Re: (Score:3)
That isn't "one location", it is one MORE location.
Android 14 Beta ... wish I hadn't installed it (Score:1)
I've got a Pixel 7 and decided to opt into the Android 14 BETA program.
My phone is running the latest Android 14 BETA and it appears that some things are clearly broken.
The phone loses Internet connection over cellular FAR more often than it did while running the release version of Android 13.
Re: (Score:2)
Can't you wipe and and install v13 then?
Re: (Score:1)
I can, but then I have to put back all my data. Don't want to mess with it. I'm hoping the issue is fixed soon.
Re: (Score:2)
No back ups to restore?!??!
Re: (Score:1)
Well good point! Probably have the important stuff stored in the cloud using Google backups.
If the problem isn't fixed soon, I will resort to reinstalling Android 13.