If the NSA[1], GrapheneOS[2], and Apple[3] all believe that rebooting your mobile phone regularly is something that protects your data, you might consider doing it more often. Shortcuts on iOS make this super easy to setup.
2. https://grapheneos.social/@GrapheneOS/112204443465440601
3. https://www.404media.co/apple-quietly-introduced-iphone-reboot-code-which-is-locking-out-cops/
@hdm the thing I don’t get is if the attacker has impermanent access chances are it wasn’t that hard for them to get, so getting it again doesn’t seem like there’s gonna be much to prevent them.
A lot of people used to say you need to rotate your passwords and it turns out that that was how she really not good advice .
Now I get rebooting a device can potentially kick an attacker out if they’re in user space or maybe even if they’re in kernel space. But if you’re actually really worried about a sophisticated attacker, chances are rebooting, the device may not kick them out and if it does kick them out, they’re still gonna be able to get back in by sending you the magic text message or whatever.
I wonder a lot about all these agencies that say you should do something, but then don’t provide any evidence as to why, or how effective it is.
At least the grapheneos reference is not about rebooting regularly, but about causing the phone to reboot (and thus lose all the secrets protected by the passphrase) when it's not unlocked for sufficiently long. That protects phones taken against the owner's wishes, insofar it gives the attacker a limited window in which they can try to get at these secrets.
